ADDESG.COM PRIVACY POLICY

INTRODUCTION

A. LEGAL FRAMEWORK
This Privacy Policy ("Policy") governs the collection, processing, storage, and protection of personal and non-personal information by AddESG.com...

B. REGULATORY COMPLIANCE
This Policy is constructed to comply with:

• GDPR
• CCPA
• PIPEDA
• APP
• OECD Privacy Guidelines
• International data protection best practices

1. INFORMATION COLLECTION

1.1 Personal Information Categories

• Identification Data: Full name, company name, contact information
• Contact Information: Email, phone numbers
• Financial Data: Collected by Stripe via PayHip
• Technical Data: IP, device ID, cookies, session data, etc.
• Professional Data: ESG interest, industry, size, qualifications

1.2 Information Collection Methods

• User submissions, tracking tech, support, transactions, cookies, etc.

1.3 Sensitive Information

We do NOT intentionally collect sensitive categories such as racial origin, religion, biometric, or health data.

2. PURPOSE OF DATA PROCESSING

2.1 Primary Purposes

• Facilitate digital product purchases
• Provide customer support
• Manage user accounts
• Process payments
• Deliver purchased templates
• Communicate product updates

2.2 Secondary Purposes

• Website performance optimization
• User experience improvement
• Fraud prevention
• Compliance with legal obligations
• Marketing communications (with consent)
• Product development research

3. DATA STORAGE AND RETENTION

3.1 Storage Locations

• Secure cloud infrastructure
• Geographically distributed data centers
• Encrypted database systems

3.2 Retention Periods

• Transactional data: 7 years
• User account data: Active account lifetime + 2 years
• Communication logs: 3 years
• Technical logs: 1 year

3.3 Data Deletion

Users may request data deletion at any time. Minimal data may be retained to comply with legal requirements.

4. DATA PROTECTION MECHANISMS

4.1 Technical Safeguards

• 256-bit SSL encryption
• Multi-factor authentication
• Security audits and assessments
• Secure transmission protocols

4.2 Organizational Safeguards

• Access control policies
• Employee training and NDAs
• Routine compliance reviews

5. USER RIGHTS

• Access: Obtain your personal data
• Correction: Update or supplement your data
• Deletion: Request erasure (with limitations)
• Portability: Export your data in a readable format
• Restriction: Limit how data is processed

6. THIRD-PARTY DATA SHARING

6.1 Authorized Third Parties

• Payment processors
• Cloud storage providers
• Customer support services
• Analytics providers
• Legal authorities

6.2 Sharing Principles

• Minimum necessary data shared
• Strict contractual data safeguards
• No sale of personal data

7. INTERNATIONAL DATA TRANSFERS

Data may be transferred internationally using secure protocols and legal safeguards such as standard contractual clauses.

8. COOKIES AND TRACKING

8.1 Cookie Types

• Necessary cookies
• Performance cookies
• Functional cookies
• Marketing cookies

8.2 Cookie Management

Users can manage preferences and withdraw consent anytime. A cookie banner and policy provide full details.

9. MARKETING COMMUNICATIONS

• Emails may include product updates and offers
• Opt-in required for marketing emails
• Users can unsubscribe anytime

10. CHILDREN'S PRIVACY

Our services are not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors.

11. UPDATES TO PRIVACY POLICY

We may periodically update this Policy. Users will be notified of significant changes. Continued use implies acceptance of updates.

12. PRIVACY CONTACT

Email: privacy@AddESG.com
You may also contact our Data Protection Officer via this address.

13. GOVERNING JURISDICTION

Primary jurisdiction: England and Wales
Applicable data protection laws and dispute resolution mechanisms apply.

Effective Date & Last Updated

Effective Date: May 2025
Last Updated: May 2025