TERMS OF SERVICE – ESGgen
Updated: January 30, 2023
These Terms of Service set out the terms and conditions upon which ESGgen provides ESGgen Service via the Website.
“Account” means the Customer’s account accessible via the Website at https://client.esggen.com/;
“Agreement” means the agreement between the Customer and ESGgen for the provision of the ESGgen Service comprising these Terms of Service and ESGgen Service Plan;
“Commencement Date” means the date on which the Customer completes the Sign Up Process and agrees to these Terms of Service;
“Confidential Information” means information which is identified as confidential or proprietary by either party or by the nature of which is clearly confidential or proprietary;
“Customer” means the person or organisation identified as the customer in the Sign Up Process;
“Customer Data” means any information, reports, statements or any other content or data uploaded by the Customer, or transferred, to the ESGgen Service from the Customer’s systems;
“Discount Code” means a code that can be used during the Sign Up Process to obtain a discount to the Service Fees when purchasing access to the ESGgen Service;
“ESGgen” means ESGgen Limited a company incorporated in England and Wales with company number 13408145 and with its registered office at 7-9 The Avenue, Eastbourne, East Sussex BN21 3YA;
“ESGgen Service” means ESGgen’s Atmosphere, Atmosphere Pro, Assure, Analyse and / or Audit service (or any combination thereof) as identified in the ESGgen Service Plan and as described on the Website from time to time;
“ESGgen Service Plan” means the plan which identifies the Service Fees, Service Term and the ESGgen Service purchased by the Customer during the Sign Up Process or via the Account on renewing or upgrading access to the ESGgen Service;
“ESG Statements” has the meaning set out in clause 6.1;
“Malware” means anything or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by rearranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience (including all viruses, worms, trojan horses, spyware, logic bombs and similar files, scripts, agents, things or devices);
“Prepayment Voucher” means a voucher that can be used by the Customer to purchase access to the ESGgen Service during the Sign Up Process;
“Sign Up Process” means the process by which the Customer signs up to use the ESGgen Service via the Website and, which amongst other things, identifies the Customer and the applicable ESGgen Service Plan;
“Service Fees” means the price payable by the Customer for the ESGgen Service as set out in the applicable ESGgen Service Plan;
“Service Term” means the time period the Customer is permitted to access the ESGgen Service as purchased and detailed in the ESGgen Service Plan;
“Terms of Service” means these terms and conditions of service;
“User” means any person authorised by the Customer’s ESG Service owner to access the ESGgen Service on behalf of the Customer; and
“Website” means https://www.esggen.com/ or any other website notified to the Customer by ESGgen from time to time.
2. ESGGEN SERVICE
2.1. ESGgen shall provide the ESGgen Service in accordance with ESGgen Service Plan on and subject to the terms of this Agreement.
3.1 The Agreement shall start on the Commencement Date and shall continue for the Service Term unless terminated in accordance with clause 14. Following expiry of the Service Term, the Agreement will automatically terminate, and the Customer will no longer be able to access the ESGgen Service.
4. ACCESS TO THE ESGGEN SERVICE
4.1 To access and use the ESGgen Service, the Customer must complete the Sign Up Process and create an Account.
4.2. ESGgen grants the Customer a limited, non-exclusive, non-transferable, personal and non-sub-licensable licence to permit Users to use the ESGgen Service as permitted by the functionality of such ESGgen Service.
4.3. The Customer acknowledges that any activities that occur under its Account including the activities of Users are the responsibility of the Customer.
4.4. ESGgen may disable any login, at any time and at ESGgen’s sole discretion, if the Customer’s Account has been, or may have been, compromised or misused.
4.5. The Customer shall ensure that only authorised Users access the Account and links to the ESG Service are not shared with any unauthorised person.
4.6. If the Customer has any concerns about the Account or thinks the Account may have been misused, please contact ESGgen at email@example.com.
4.7. The Customer must take reasonable precautions to prevent any unauthorised access to, or use of, the ESGgen Service and, in the event of any such unauthorised access or use, promptly notify ESGgen.
4.8. The Customer recognises that ESGgen is always innovating and finding ways to improve the ESGgen Service with new features and services. Therefore, the Customer agrees that the ESGgen Service may change from time to time, and no warranty, representation or other commitment is given in relation to the continuity of any functionality of any of the ESGgen Service.
5. CUSTOMER’S OBLIGATIONS
5.1. ESGgen may monitor the Customer’s use of the ESGgen Service to ensure quality, improve the ESGgen Service, and verify the Customer’s compliance with the Agreement.
5.2 The Customer:
5.2.1. acknowledges that the use of, and results (including the ESG Statements) obtained from the ESGgen Service including the accuracy and completeness are dependent on the accuracy, completeness and quality of the Customer Data uploaded or transferred to the ESGgen Service;
5.2.2.shall provide to ESGgen with access to all information necessary for ESGgen to provide the ESGgen Service or as otherwise reasonably requested by ESGgen;
5.2.3. must comply with all applicable laws and regulations with respect to its use of the ESGgen Service and its activities under the Agreement;
5.2.4. must use and ensure its Users use the ESGgen Service in accordance with the terms of the Agreement and shall be responsible for any actions and omissions in connection with the use of the ESGgen Service by any Users;
5.2.5. must obtain and shall maintain all necessary licences, consents, and permissions necessary for ESGgen to perform its obligations to the Customer under the terms of the Agreement;
5.2.6. is solely responsible for any integration and configuration of its network, applications and systems required to access and use the ESGgen Service;
5.2.7. is solely responsible for procuring and maintaining its network connections and telecommunications links from its systems in order to access and use the ESGgen Service;
5.2.8. must not modify another website so as to falsely imply that it is associated with the ESGgen Service, or ESGgen or its affiliates.
5.2.9. must not carry out any penetration testing or automated or manual vulnerability scans (or similar security testing) in relation to any of the ESGgen Service without first having obtained the prior written authorisation of ESGgen; and
5.2.10. must not use the ESGgen Service: (a) to access, store, distribute or transmit or prepare for distribution or transmission any Malware; (b) to access, store, distribute or transmit or prepare for distribution or transmission any material that is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive; (c) in a manner that is illegal or causes damage or injury to any person or property; (d) to infringe any copyright, database right or trademark of any person; (e) to transmit, send prepare for transmission or prepare for sending any unsolicited or unauthorised advertising or promotional material or any other form of similar solicitation (‘spam’); or (f) to interfere with or attempt to interfere with or compromise the ESGgen Service’ integrity or security.
5.3. The Customer agrees that failure to comply with this clause 5 constitutes a material breach of the Agreement, and may result in the immediate, temporary or permanent withdrawal of any rights to use the ESGgen Service as reasonably necessary to mitigate any damage or loss caused by the breach.
5.4. The Customer acknowledges that it is responsible for all Customer Data distributed or transmitted under its Account (including by its Users).
6. AUDIT ACKNOWLEDGEMENT
6.1. The Customer acknowledges that the ESGgen Service is provided in connection with Customer’s ESG statements for the relevant year and in the opinion the Customer the ESG statements produced by the ESGgen Service (“ESG Statements”) are presented fairly, in all material respects, and give true and fair view in accordance with International Standard on Assurance Engagements (ISAE) 3000 Revised.
6.2. The Customer acknowledges that to the best of its knowledge and belief:
6.2.1. ESG Statements conform to ISAE 3000; and
6.2.2. any significant assumptions used by the Customer in making accounting estimates contained in the Customer Data, including those measured at fair value, are reasonable;
6.3. The Customer has uploaded or transferred to the ESGgen Service all Customer Data required to prepare the ESG Statements including all known instances of non-compliance or suspected non-compliance with laws and regulations relevant to the preparation of the ESG Statements.
6.4. The Customer acknowledges that certain aspects relevant to the preparation of the ESG Statements may be excluded or not covered in the ESG Statements if the Customer has not provided the relevant Customer Data.
7. IMPORTANT NOTE ON INTELLECTUAL PROPERTY RIGHTS
7.1. To the extent protectable, all intellectual property rights in, the Website and all content contained therein (including but not limited to the screen displays, the content, the text, graphics, functionality and look and feel of the website), and any other content or work products generated by ESGgen in the course of providing the Website, except for any Customer Data belongs to ESGgen or its licensors.
7.2. ESGgen’s name, the terms “ESGgen”, and all related names, logos, product and service names, designs and slogans are trademarks of ESGgen or its affiliates or licensors. All other trademarks, service marks, company names or logos are the property of their respective holders. Any use by the Customer of these marks, names and logos may constitute an infringement of the holders’ rights. ESGgen does not warrant that the ESGgen Service and/or the Website do not infringe any intellectual property rights of third parties.
7.3. Subject always to the Customer’s compliance with the Agreement, ESGgen hereby grants the Customer a limited, non-exclusive, non-transferable license to use and display the ESGgen’s name and logo (a) as part of its use of the ESG Statements in the course of carrying out its business and (b) in the Customer’s place of business and its website and marketing material to provide notice that ESGgen has provided or provides the ESGgen Service to the Customer.
8. CUSTOMER DATA
8.1. All intellectual property rights in Customer Data shall remain vested in the Customer or its licensors, as relevant and ESGgen will only use it to provide the ESGgen Service in accordance with clause 8.2.
8.2. The Customer grants ESGgen a licence to access, download and use the Customer Data for the purposes of providing the ESGgen Service to the Customer in accordance with the Agreement, producing anonymised or anonymised and aggregated statistical reports and research and for developing and improving the ESGgen Service. Otherwise, ESGgen claims no rights in the Customer Data.
8.3. The Customer shall maintain a backup of Customer Data and ESGgen shall not be responsible or liable for the deletion, correction, alteration, destruction, damage, loss, disclosure or failure to store any Customer Data.
9.1. ESGgen may use the Customer’s name, logo and related trademarks in any of ESGgen’s publicity or marketing materials (whether in printed or electronic form) for the purpose of highlighting that the Customer uses the ESGgen Service and alongside any testimonials that the Customer has agreed to give.
9.2. The Customer may request ESGgen to stop using the Customer’s name, logo and related trademarks at any time by contacting ESGgen in writing at firstname.lastname@example.org.
10. DATA PROTECTION
10.1. If any of the Customer Data contains personal data, the parties will process such personal data in accordance with the Data Processing Schedule.
10.2. For the purposes of the Agreement, “personal data” and “process” shall have the meanings as set out in the Data Processing Schedule.
11. CONFIDENTIAL INFORMATION
11.1. Each party may be given access to Confidential Information from the other party in order to perform its obligations under the Agreement. A party’s Confidential Information shall not be deemed to include information that:
11.1.1. is or becomes publicly known other than through any act or omission of the receiving party;
11.1.2. was in the other party’s lawful possession before the disclosure;
11.1.3. is lawfully disclosed to the receiving party by a third party without restriction on disclosure;
11.1.4 is independently developed by the receiving party, which independent development can be shown by written evidence; or
11.1.5. is required to be disclosed by law, by any court of competent jurisdiction or by any regulatory or administrative body.
11.2. Each party shall hold the other’s Confidential Information in confidence and, unless required by law, not make the other’s Confidential Information available for use for any purpose other than as needed to perform the terms of the Agreement.
11.3. Each party shall take all reasonable steps to ensure that the other’s Confidential Information to which it has access is not disclosed or distributed by it or its employees or agents in violation of the terms of the Agreement.
11.4. Each party shall take a back-up of its own Confidential Information and shall not be responsible to the other for any loss, destruction, alteration or disclosure of Confidential Information.
12. PRICE AND PAYMENT
12.1. The Customer will pay the Service Fees less any valid Pre-payment Voucher or Discount Code on purchasing access to the ESGgen Service either via the Sign Up Process or via their Account if renewing or upgrading access to the ESGgen Service.
12.2. The Customer may use any valid Pre-payment Voucher or Discount Code during the Sign Up Process and the Service Fees will be reduced by an amount equal to the Service Voucher or Discount Code save that ESGgen may reject any Pre-payment Voucher or Discount Code if it is not valid or ESGgen is unable to verify that the Customer is authorised to use it in which case the Service Fees will be due in full.
12.3. ESGgen does not collect or store any of the Customer’s payment information. Payment of the Service Fees is managed by ESGgen’s third party payment provider partners and will be subject to their terms.
12.4. All amounts and fees stated or referred to in the Agreement are exclusive of value added tax (“VAT”) or any other applicable taxes, levies or duties imposed by taxing authorities (where applicable) unless otherwise expressly stated, which shall be paid at the same time as payment of the Fees.
13. SERVICE LEVELS AND SUPPORT
13.1. ESGgen will use commercially reasonable endeavours to provide the ESGgen Service and technical support in accordance with good industry practice and support will be provide remotely by email or web chat.
13.2. The Customer acknowledges that elements of the ESGgen Service are dependent on the Internet and access to various third party services.
13.3. The Customer agrees that ESGgen is not responsible for the non-availability or interruption to the ESGgen Service caused by any such non-availability of the Internet or any such third party services.
14. SUSPENSION AND TERMINATION
14.1. ESGgen may terminate the Agreement by notice with immediate effect, or such notice as ESGgen may elect to give, if the Customer:
14.1.1. is in breach of applicable law and/or the Agreement; or
14.1.2. infringes ESGgen’s intellectual property rights in the ESGgen Service.
14.2. Either party may terminate the Agreement at any time on written notice to the other if the other:
14.2.1. is in material or persistent breach of any of the terms of the Agreement and either that breach is incapable of remedy, or the other party fails to remedy that breach within 30 days after receiving written notice requiring it to remedy that breach; or
14.2.2. is unable to pay its debts (within the meaning of section 123 of the Insolvency Act 1986), or becomes insolvent, or is subject to an order or a resolution for its liquidation, administration, winding-up or dissolution (otherwise than for the purposes of a solvent amalgamation or reconstruction), or has an administrative or other receiver, manager, trustee, liquidator, administrator or similar officer appointed over all or any substantial part of its assets, or enters into or proposes any composition or arrangement with its creditors generally, or is subject to any analogous event or proceeding in any applicable jurisdiction.
14.3. On termination of the Agreement for any reason all licences granted under the Agreement shall immediately terminate and the Customer’s right to access and use the ESGgen Service will end.
14.4. Upon termination of the Agreement, the Customer may request that any Customer Data is deleted. If the Customer fails to make such a request, Customer Data will be subject to deletion in accordance with ESGgen’s data deletion protocols and ESGgen shall not be held responsible for the deletion of such Customer Data.
14.5. The accrued rights of the parties as at termination, or the continuation after termination of any provision expressly stated to survive or implicitly surviving termination shall not be affected or prejudiced.
15.1. ESGgen warrants and undertakes that that:
15.1.1. it has and will maintain all necessary licences, consents, and permissions necessary for the performance of its obligations under the Agreement; and
15.1.2. it will comply with all applicable laws and regulations with respect to its obligations under the Agreement.
15.2. ESGgen undertakes that the ESGgen Service will be performed with reasonable skill and care in accordance with good industry practice.
15.3. Save as set out in the Agreement, the ESGgen Service is provided on an “AS IS” and “AS AVAILABLE” basis and ESGgen gives no representations, warranties, conditions or other terms of any kind in respect of the ESGgen Service, whether express or implied, including, but not limited to, warranties of satisfactory quality, merchantability fitness for a particular purpose or non-infringement.
15.4. Except as expressly and specifically provided for in the Agreement:
15.4.1. the Customer assumes sole responsibility for any results obtained from the use of the ESGgen Service and for any decisions or actions taken arising from such use and it relies on the results obtained from the ESGgen Service at its own risk;
15.4.2. all representations, warranties, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by law, excluded from the Agreement; and
15.4.3. ESGgen will not be responsible for any interruptions, delays, failures or non-availability affecting the ESGgen Service or the performance of the ESGgen Service which are caused by third party services or errors or bugs in software, hardware or the internet on which ESGgen relies to provide the ESGgen Service and the Customer acknowledges that ESGgen does not control such third party services and that such errors and bugs are inherent in the use of such software, hardware and the Internet
16. ESGGEN’S LIABILITY
16.1. Subject to clause 16.2, ESGgen will not be liable for losses that result from ESGgen’s failure to comply with the Agreement, in tort (including negligence) or otherwise for the following categories of loss or damage: loss of income or revenue; loss of business; loss of profits; loss of anticipated savings; loss of data; waste of management or office time; or any indirect, consequential or special damages, costs or expenses.
16.2. Nothing in the Agreement excludes or limits ESGgen’s liability for death or personal injury caused by ESGgen’s negligence or for fraud or fraudulent misrepresentation.
16.3. ESGgen’s total liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise arising in connection with the performance or contemplated performance of the Agreement shall in all circumstances be limited to the Service Fees paid by the Customer in the 12 months prior to the event giving rise to the claim.
17. WRITTEN COMMUNICATIONS
17.1. Applicable laws may require that some of the information or communications ESGgen sends to the Customer should be in writing. When using the ESGgen Service, the Customer accepts that communication with ESGgen will be mainly electronic.
17.2. ESGgen will contact the Customer by e-mail or provide the Customer with information by posting notices on the ESGgen Service.
17.3. For contractual purposes, the Customer agrees to this electronic means of communication and the Customer acknowledges that all contracts, notices, information and other communications that ESGgen provides to the Customer electronically comply with any legal requirement that such communications be in writing.
18.1. All notices given by the Customer to ESGgen must be given to email@example.com. ESGgen may give notice to the Customer by posting on the ESGgen Service, at the email or postal address the Customer provides to ESGgen, or in any other way ESGgen deems appropriate.
18.2. Notice will be deemed received and properly served immediately when posted on the ESGgen Service or 24 hours after an e-mail is sent or 3 days after the date of posting of any letter. In proving the service of any notice, it will be sufficient to prove, in the case of a letter, that such letter was properly addressed, stamped and placed in the post and, in the case of an e-mail that such e-mail was sent to the specified e-mail address of the addressee.
19. TRANSFER OF RIGHTS AND OBLIGATIONS
The Customer may not transfer, assign, charge or otherwise deal in the Agreement, or any of the Customer’s rights or obligations arising under the Agreement, without ESGgen’s prior written consent.
20. EVENTS OUTSIDE ESGGEN’S CONTROL
No party shall be liable to the other for any delay or non-performance of its obligations under the Agreement arising from any cause beyond its control including, without limitation, any of the following: telecommunications failure, pandemic, internet failure, act of God, governmental act, war, fire, flood, explosion or civil commotion. For the avoidance of doubt, nothing in this clause 20 shall excuse the Customer from any payment obligations under the Agreement.
No forbearance or delay by either party in enforcing its rights shall prejudice or restrict the rights of that party, and no waiver of any such rights or of any breach of any contractual terms shall be deemed to be a waiver of any other right or of any later breach.
If any provision of the Agreement is judged to be illegal or unenforceable, the continuation in full force and effect of the remainder of the provisions shall not be prejudiced.
No variation of this agreement shall be effective unless it is in writing and signed by the parties (or their authorised representatives).
24. ENTIRE AGREEMENT
The Agreement constitutes the entire agreement between the parties relating to the provision of the ESGgen Service and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter.
25. THIRD PARTY RIGHTS
A person who is not party to the Agreement shall not have any rights under or in connection with them under the Contracts (Rights of Third Parties) Act 1999.
26. LAW AND JURISDICTION
The Agreement shall be governed by and construed in accordance with English law and each party hereby submits to the exclusive jurisdiction of the English courts.
SCHEDULE: DATA PROCESSING SCHEDULE
1.1. This Schedule forms part of the Terms of Service between ESGgen and the Customer for the provision of the ESGgen Service and sets out the terms upon which ESGgen will process personal data on the Customer’s behalf when providing the ESGgen Service and acting as a data processor.
2.1. In this Schedule, save where the context requires otherwise, the following words and expressions have the following meaning:
“Business Day” means a day other than a Saturday, Sunday or bank or public holiday in England;
“Data Subject Request” means a request made by a data subject to exercise any rights of data subjects under Data Protection Laws relating to the Personal Data;
“Data Protection Laws” means any applicable law relating to the protection of personal data and privacy in force from time to time, including (i) the General Data Protection Regulation ((EU) 2016/679) (“GDPR”); (ii) the Data Protection Act 2018; (iii) the retained EU law version of GDPR (as defined under the section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018) (“UK GDPR”) and (iii) the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended; in each case together with all laws implementing, replacing or supplementing the same and any other applicable data protection or privacy laws;
“Personal Data” means the personal data described in Annex 1 (Data Processing Information) and any other personal data processed by ESGgen on behalf of the Customer pursuant to or in connection with the Agreement;
“Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed by the Processor or any Sub-processor;
“Sub-processor” means any data processor (including any affiliate of ESGgen) appointed by ESGgen to process Personal Data on behalf of the Customer; and
“Supervisory Authority” means any regulatory authority responsible for the enforcement of Data Protection Laws.
2.2. Terms such as “controller”, “data protection impact assessment”, “data subject”, “process/processing” and “processor” shall have the same meaning ascribed to them in Data Protection Laws.
2.3. Any other terms which appear as defined in this Schedule shall have the meaning given to them in the Terms of Service.
3. PROCESSING OF THE PERSONAL DATA
3.1. Each party acknowledges and agrees that for the purposes of the Agreement and Data Protection Laws, the Customer shall be the controller and ESGgen the processor in respect of the Personal Data.
3.2. Each party confirms that in the performance of the Agreement it will comply with Data Protection Laws.
3.3. ESGgen shall only process the types of Personal Data relating to the categories of data subjects for the specific purposes in each case as set out in Annex 1 (Data Processing Information) to this Schedule and shall not process the Personal Data other than in accordance with the Customer’s documented instructions (whether in the Agreement or otherwise) unless processing is required by applicable law to which ESGgen is subject, in which case ESGgen shall, to the extent permitted by such law, inform the Customer of that legal requirement before processing that Personal Data.
3.4. ESGgen shall inform the Customer if, in its opinion, an instruction it receives from the Customer pursuant to the Agreement infringes the GDPR.
4. CUSTOMER WARRANTY
4.1 The Customer warrants that it has all necessary rights to provide the Personal Data to ESGgen for the processing to be performed in relation to the ESGgen Service.
5. SUPPLIER PERSONNEL
5.1. ESGgen shall treat all Personal Data as confidential and shall use reasonable efforts to inform all its relevant employees, contractors and/or any Sub-processors engaged in processing the Personal Data of the confidential nature of such Personal Data.
5.2. ESGgen shall take reasonable steps to ensure the reliability of any employee, contractor and/or any Sub-processor who may have access to the Personal Data, ensuring in each case that access is limited to those persons or parties who need to access the relevant Personal Data, as necessary for the purposes set out in paragraph 3.3 in the context of that person’s or party’s duties to ESGgen.
5.3. ESGgen shall ensure that all such persons or parties involved in the processing of Personal Data are subject to confidentiality undertakings or are under an appropriate statutory obligation of confidentiality.
6.1. ESGgen shall implement appropriate technical and organisational measures to ensure a level of security of the Personal Data appropriate to the risks that are presented by the processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed, and shall take all measures required pursuant to Article 32 GDPR.
7.1. The Customer hereby grants its general authorisation to the appointment of Sub-processors by ESGgen under the Agreement.
7.2. If ESGgen seeks to replace any existing Sub-processor and/or appoint any new Sub-processor, ESGgen will provide the Customer with 30 days’ prior notice of the proposed change in Sub-processor(s) and the Customer shall have the right to object to such change within 14 days after its receipt of such notice.
7.3. The Customer’s sole remedy if it does not agree to the replacement or appointment of a Sub-processor shall be to terminate the Agreement.
7.4. With respect to each Sub-processor, ESGgen shall:
7.4.1. enter into a written contract with the Sub-processor which shall contain terms materially the same as those set out in this Schedule;
7.4.2. remain liable to the Customer for any failure by the Sub-processor to fulfil its obligations in relation to the processing of any Personal Data.
7.5. An overview of the Sub-processors ESGgen relies upon as at the Commencement Date (and which shall be deemed to be approved by the Customer), including their functions and locations, is available at [INSERT URL].
8. DATA SUBJECT RIGHTS
8.1. ESGgen shall without undue delay notify the Customer if it receives a request from any governmental or regulatory body or law enforcement agency related to disclosure of the Personal Data unless prohibited by law or a legally binding order of such body or agency.
8.2. ESGgen shall, without undue delay, refer all Data Subject Requests it receives to the Customer.
8.3. In the event that the Customer cannot fulfil any Data Subject Request itself, ESGgen shall co-operate as reasonably requested by the Customer to enable the Customer to comply with any such request including:
8.3.1. the provision of all information reasonably requested by Customer within any reasonable timescale specified by Customer in each case, including full details and copies of the complaint, communication or request and any Personal Data it holds in relation to a data subject;
8.3.2. implementing any additional technical and organisational measures as may be reasonably required by Customer to allow Customer to respond effectively to relevant complaints, communications or requests.
9. INCIDENT MANAGEMENT
9.1. In the case of a Personal Data Breach, ESGgen shall not later than 48 hours after having become aware of it notify the Personal Data Breach to the Customer providing the Customer with reasonable information which allows the Customer to meet any obligations to report a Personal Data Breach under Data Protection Laws.
9.2. ESGgen shall co-operate with Customer and take such reasonable steps requested by Customer to assist in the investigation, mitigation and remediation of each Personal Data Breach.
9.3. In the event that the Personal Data Breach is caused by the Customer’s acts or omissions, Customer shall reimburse ESGgen’s reasonable costs and expenses incurred in complying with this paragraph 9.
10. DATA PROTECTION IMPACT ASSESSMENT AND PRIOR CONSULTATION
10.1. ESGgen shall, at the Customer’s request, provide reasonable assistance to the Customer with any data protection impact assessments which are required under applicable Data Protection Laws and with any prior consultations to any Supervisory Authority of the Customer or any of its affiliates which are required under Data Protection Laws, in each case in relation to processing of Personal Data by ESGgen on behalf of the Customer and taking into account the nature of the processing and information available to ESGgen.
11. DELETION OR RETURN OF CUSTOMER PERSONAL DATA
11.1. On cessation of processing of Personal Data by ESGgen, or termination of the Agreement, ESGgen shall permit Customer (at its option) to:
11.1.1. extract a complete copy of all Personal Data by secure file transfer and securely wipe all other copies of the Personal Data processed by ESGgen or any Sub-processor unless required to retain such data in order to comply with applicable laws; or
11.1.2request ESGgen to delete the Personal Data (and procure that any Sub-processor does the same) unless required to retain such data in order to comply with applicable laws.
11.2. If the Customer fails to exercise its rights under paragraphs 11.1.1 and 11.1.2 above, ESGgen shall delete the Personal Data (and procure that any Sub-processor does the same) within a reasonable period following the termination of the Agreement, unless required to retain such data in order to comply with applicable laws.
12. AUDIT RIGHTS
12.1. ESGgen shall make available to the Customer on request all information reasonably necessary to demonstrate compliance with this Schedule and Data Protection Laws and allow for and contribute to audits in accordance with ESGgen’s or its Sub-processors polices in place from time to time.
12.2. Prior to conducting any audit pursuant to paragraph 12.1, the Customer must submit an audit request to ESGgen and the Customer and ESGgen must agree the start date, scope and duration of and security and confidentiality controls applicable to any such audit.
12.3. ESGgen may (acting reasonably) object to the appointment by the Customer of an independent auditor to carry out an audit pursuant to paragraph 12.1 and, where this is the case, the Customer shall be required to appoint another auditor or conduct the audit itself.
12.4. In the event that the Customer requires more than one (1) audit in any twelve (12) month period, Customer shall reimburse ESGgen’s reasonable costs and expenses incurred in complying with any audits over and above such one (1) audit in any twelve (12) month period.
ANNEX 1: DATA PROCESSING INFORMATION
Subject matter and purposes of the processing of Personal Data
Processing for the purposes of:
Nature of processing
Use and hosting to provide the ESGgen Service
Duration of the processing
7 years for auditing and compliance
Type of personal data
Personal data including:
Categories of data subjects
Employees or contractors of the Customer and its business partners