Privacy Policy

I. Name and Address of the Responsible

The responsible within the meaning of the General Data Protection Regulation (“GDPR“), the UK Data Protection Act 2018 (the “DPA”), and other applicable data protection laws and regulations (collectively hereinafter the “Data Laws” is

Arabesque S-Ray GmbH, UK Branch

Director: Dr. Daniel Klier

Fifth Floor, Jamestown Wharf

32 Jamestown Road

London NW1 7BY

United Kingdom

Phone: +44 20 3946 3731

E-mail: s-ray@arabesque.com

Companies House (England and Wales), Company number FC035689.

Arabesque S-Ray GmbH, UK Branch is the UK branch of

Arabesque S-Ray GmbH

Director (Geschäftsführer): Dr. Daniel Klier

Zeppelinallee 15

60325 Frankfurt am Main

Germany

Phone: +49 69 2474 77611

E-mail: s-ray@arabesque.com

Commercial register (Handelsregister): local court (Amtsgericht) Frankfurt am Main, HRB 113087

Arabesque S-Ray GmbH, UK Branch, is hereinafter referred to as “S-Ray”, “we”, “us” or “our”.

II. General Information on Data Processing

1. The Scope of Personal Data Processing

We process personal data of our users to the extent necessary to enter into and fulfill the agreement concluded between S-Ray and every single user or the entity a user represents, and in certain cases to verify the identity of a user before entering into an agreement. We collect cookies on a voluntary basis (consent) to understand how users use the website and what content they look at the most.

2. Legal Basis for the Processing of Personal Data

To use ESG Book, you will need to enter into an agreement with us, either for yourself, or for the entity you represent when using ESG Book. The legal basis for the processing of your personal data is the contractual relationship we have with you or the entity you represent (see e.g. Article 6 (1) (b) GDPR or similar provisions in other Data Laws), including any pre-contractual measures to conclude the agreement. Where the identification process serves to prevent abusive behaviours, including in particular the creation of fake-accounts for companies, the legal basis is our legtimiate business interest as set out e.g. in Article 6 (1) (f) GDPR or similar provisions in other Data Laws.

The collection of cookies is based on consent as set out e.g. in Article 6 (1) (a) GDPR or similar provisions in other Data Laws.

3. Data Deletion and Storage Period

Your personal data will be deleted or blocked from processing as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by any Data Laws. The data will also be blocked or deleted if a storage period prescribed by the aforementioned provisions expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.

III. Registration for ESG Book, Logins to ESG Book

1. Description and scope of data processing

The use of our website requires that you register and subsequently login to the website using your login credentials. For a simple access with limited functionalities (refer to our Terms and Conditions), we only ask for a valid e-mail-adress and a password. If you want to join our website on behalf of an entity, we will also ask for the full name and country of registration of the entity, your position at the entity, and potentially a link to your profile on a professional career network or other evidence of your belonging to the entity you claim to represent. The following data is also stored at the time of registration: (1) The date and time of registration. (2) The version of ESG Book Terms and Conditions you accepted. During later logins, we will store the date and time you accepted a modified version of the ESG Book Terms and Conditions and the version of those.

2. Legal Basis for the Processing of Data

The registration serves the purpose of pre-contractual measures for and the conclusion of a contract to which the user is a party. Subsequent Logins serve the performance of the contract. In both cases, the legal basis for the processing of the personal data is Article 6 (1) lit. b GDPR or similar provisions of other Data Laws. To the extent the registration and subsequent logins help in avoiding abusive behaviour on the website or fraudulent login attempts, the legal basis for the processing of the personal data is Article 6 (1) lit. f GDPR or similar provisions of other Data Laws.

3. Purpose of the Data Processing

The registration of the user is necessary for the implementation of pre-contractual measures and for the fulfilment of a contract with the user. As a pre-contractual measure, the processing of data allows to ensure that a user connecting via a given e-mail-address is actually in control of that e-mail-address. The user can subsequently be identified by that address, and this in turn allows to verify that the person accepted the required Terms and Conditions as applicable from time to time. Where a person wishes to use and subsequently uses the website on behalf of an entity, the personal data collected allows to verify to a sufficient degree that the person belongs to that entity and may act on the company’s behalf.

The storage of any personal data in this context is necessary for at least as long as the contractual relationship is ongoing, so that the contractual party can be identified and potentially legal steps taken against it or S-Ray can defend against claims that the person was not acting on behalf of a certain company.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Where the registration process is abandoned before completion or does not lead to the conclusion of a contract because the person in question does not accept the Terms and Conditions to conclude a contract with the user, the personal data collected so far will be deleted within a few days.

Where the registration is successful and therefore a contract concluded, the personal data collected will be stored as long as the contract is ongoing, and may be stored for period of up four years afterwards to allow S-Ray to defend against potential legal claims.

5. Possibility of Objection and Deletion

A request for deletion or an objection to storage are possible by sending an e-mail to contact@esgbook.com. All personal data stored in the course of contacting us will be deleted in this case.

If the personal data is required to perform a contract or to carry out pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

IV. E-mail Contact

1. Description and Extent of Data Processing

It is possible to contact us via the e-mail address provided on the website. In this case, the user’s personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

2. The Legal Basis for the Processing

The legal basis for the processing of data transmitted by sending an e-mail is Article 6 (1) lit. f GDPR or similar provisions of other Data Laws. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Article 6 (1) lit. b GDPR or similar provisions of other Data Laws.

3. Purpose of the Processing

The processing of the personal data only serves to conclude or perform the contact and is also necessary for that.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

5. Possibility of Objection and Deletion

If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.  A request for deletion or an objection to storage are possible by sending an e-mail to contact@esgbook.com.

If the personal data is required to fulfil a contract or to carry out pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

V. Use of Cookies

1. Description and Extent of Data Processing

Our website uses cookies that are stored in your browser and perform two functions: (1) they recognize when you are returning to the website and recognize whether you are logged in, and (2) they keep track of which sections of the website you find most interesting and useful or possibly have difficulties with.

2. The Legal Basis for the Processing

The legal basis for the processing of the cookies referred to is your consent as set out in Article 6 (1) lit. a GDPR or similar provisions of other Data Laws. Your consent is expressed (or denied) in the cookie banner that will show up on your first accessing of the website and as often as needed to ensure we have your consent.

3. Purpose of the Processing

The processing of the personal data only serves to improve your user experience, either immediately by avoiding the constant need to login, or over time, as your usage of the website helps us understand what is relevant or where the website needs improving.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

5. Possibility of Objection and Deletion

Cookies are stored on the user’s computer and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically.

VI. Rights of the Data Subject under the GDPR

If your personal data is processed, you are a “data subject” within the meaning of the GDPR and you have the following rights vis-à-vis the controller under the GDPR (and under similar provisions of other Data Laws):

1. Right of access

You may request confirmation from the controller as to whether personal data concerning you is being processed by us. If there is such processing, you may request information from the controller about the following: (1) the purposes for which the personal data are processed; (2) the categories of personal data which are processed; (3) the recipients or categories of recipients which have or will receive your personal data; (4) the envisaged duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage period; (5) the existence of a right to rectification or deletion of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing; (6) the existence of a right to lodge a complaint with a supervisory authority; (7) any available information on the origin of the data if the personal data are not collected from the data subject;

You have the right to request information on whether personal data concerning you are transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.

2. Right to correction

You have a right to have your personal data corrected and/or completed by the the data controller if the personal data processed concerning you  is inaccurate or incomplete. The controller must carry out the rectification without undue delay.

3. Right to Restriction of Processing

You may request the restriction of the processing of your personal data under the following conditions:

  • if you contest the accuracy of the personal data concerning you for a period of time which enables the controller to verify the accuracy of the to verify the accuracy of the personal data;
  • the processing is unlawful and you object to the deletion of the personal data and request the restriction of the use of the personal data instead;
  • the controller no longer needs the personal data for the purposes of processing, but you need it for the assertion, exercise or defence of legal claims.

4. Right to Deletion

a) Obligation to delete

You may request the controller to delete your personal data without undue delay and the controller is obliged to erase such data without undue delay if one of the following reasons applies: (1) Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed; (2) You withdraw your consent on which the processing was based pursuant to Art. 6 (1) a GDPR or similar provisions of other Data Laws and there is no other legal basis for the processing; (3) Your personal data has been processed unlawfully; (4) The deletion of your personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

b) Information to Third Parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR or similar provisions in other Data Laws, the controller shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers who process the personal data that you, as the data subject, have requested them to erase all links to, or copies or replications of, that personal data.

c) Exceptions

The right to deletion does not exist insofar as processing is necessary (1) for the exercise of the right to freedom of expression and information; (2) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject; (3) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) of the GDPR or similar provisions in other Data Laws, insofar as the right referred to in Section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or (5) for the establishment, exercise or defence of legal claims.

5. Right of Information

If you have exercised the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients, to whom the personal data relating to you has been disclosed, of the erasure or restriction of processing to all recipients to whom the personal data relating to you has been disclosed, unless this proves impossible or involves a disproportionate effort. associated with it.

You have the right to be informed by the controller about these recipients. to be informed about these recipients.

6. Right to Data Portability

You have the right to obtain the personal data concerning you have provided to the controller in a structured form and in a commonly used and machine-readable format.

7. Right of Objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data that is carried out on the basis of Article 6(1) (f) GDPR or similar provisions in other Data Laws. The controller shall no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

Join ESG Book

Contact us to learn more about ESG Book and to Register

    Personal Details:


    (Please sign-up with your organization e-mail address, access with a public e-mail address is limited and delayed)

    LinkedIn Details:

    Or