i-Prove ESG Privacy Policy 


Effective Date: [1/12/2024] 

Last Updated: [1/12/2024] 

At i-Prove ESG, we prioritise the protection and confidentiality of your personal and business data. This Privacy Policy explains how we collect, use, process, and safeguard your data, ensuring compliance with the UK General Data Protection Regulation (GDPR) and other applicable privacy laws. By using i-Prove ESG, you agree to the practices outlined below. 

If you have questions or concerns about this policy, please contact us at [support@i-prove.org]. 

1. Data Controller Information 

1.1. Who We Are 

The data controller responsible for your personal data is: 
i-Prove ESG Ltd 
38 Crookston Road, 
London 
England 
SE9 1YB 

2. Data We Collect 

2.1. Categories of Data 

We collect the following categories of personal and business data: 

a. User-Provided Data 

This includes any information you provide directly to us, such as: 

  • Account details: Name, email address, phone number, and job title. 
  • Business information: Organisation name, company registration details, and location. 
  • ESG data uploads: Documents, reports, surveys, and other ESG-related content inputted into the platform. 

b. Automatically Collected Data 

When you interact with the platform, we collect: 

  • Usage Data: Pages viewed, features accessed, and session times. 
  • Device Data: IP address, browser type, operating system, and geographic location. 
  • Cookies: Tracking data to enhance user experience and analyse platform performance (see Section 8). 

c. Data from Third Parties 

We may receive additional data from: 

  • Account administrators who manage user permissions for your organisation. 
  • External integrations, such as Single Sign-On (SSO) services or ESG frameworks. 

2.2. Special Category Data 

i-Prove ESG does not intentionally collect sensitive data (e.g., health information, race, or political opinions). If such data is inadvertently uploaded, users are responsible for ensuring its appropriateness. 

3. Legal Basis for Data Processing 

We process your data under the following legal grounds: 

3.1 Contractual Necessity 

We process your data to: 

  • Register and maintain your account. 
  • Provide services outlined in our agreement with you or your organisation. 
  • Support the functionality of the platform (e.g., generating ESG insights and reports). 

3.2 Legitimate Interests 

We process data for: 

  • Enhancing user experience and platform functionality. 
  • Preventing fraud and ensuring secure access to the platform. 
  • Conducting analytics and research to improve services. 

3.3 Consent 

Your explicit consent is required for: 

  • Collecting cookies and tracking data. 
  • Sending promotional or marketing communications. 
  • Sharing data with third parties for non-contractual purposes. 

3.4 Legal Obligations 

We process your data as required by law, including responding to lawful requests from public authorities. 

4. How We Use Your Data 

We use your data to: 

4.1 Provide Core Services 

  • Deliver platform features such as ESG reporting, analysis, and benchmarking. 
  • Generate insights and recommendations using AI-driven tools. 

4.2 Personalise Your Experience 

  • Customise dashboards and reports based on your preferences. 
  • Tailor recommendations to match your organisation's ESG goals. 

4.3 Ensure Platform Security 

  • Authenticate user accounts and manage access permissions. 
  • Monitor activities to detect and prevent fraudulent or unauthorised use. 

4.4 Improve Platform Functionality 

  • Analyse user behaviour to identify trends and improve usability. 
  • Test and roll out new features based on user feedback and analytics. 

4.5 Communication 

  • Respond to support inquiries or feedback. 
  • Send important updates about platform changes, security issues, or policy updates. 
 

5. Sharing Your Data 

We do not sell or rent your personal data. We share your data only under specific conditions: 

5.1 Service Providers 

With trusted third-party providers for: 

  • Cloud hosting and data storage (e.g., AWS, Microsoft Azure). 
  • Customer support and communication tools (e.g., email services). 
  • Analytics and performance monitoring (e.g., Google Analytics). 

5.2 Regulatory Compliance 

We disclose data when required by law, such as to comply with court orders or legal investigations. 

5.3 Business Transfers 

In the event of a merger, acquisition, or sale, your data may be transferred to the new entity. You will be notified in such cases. 

5.4 Aggregated Data 

We may share anonymised data for benchmarking, research, or reporting purposes. This data does not identify you or your organisation. 

6. Data Security 

We implement stringent measures to protect your data: 

  • Encryption: All data is encrypted in transit (e.g., TLS/SSL) and at rest. 
  • Access Control: We restrict access to your data to authorised personnel only, based on the principle of least privilege. 
  • Monitoring: Real-time monitoring detects and prevents unauthorised access or breaches. 
  • Incident Response: In the event of a breach, affected users will be notified within 72 hours, as required by GDPR. 

7. Your Data Rights 

Under GDPR, you have the right to: 

  • Access: Request a copy of your data in a structured, electronic format. 
  • Rectification: Correct inaccurate or incomplete data. 
  • Erasure: Request deletion of your data, subject to legal retention requirements. 
  • Restriction: Restrict processing under certain conditions. 
  • Objection: Object to processing based on legitimate interests. 
  • Portability: Transfer your data to another service provider where technically feasible. 

Contact us at support@i-prove.org to exercise these rights. 

8. Cookies and Tracking 

We use cookies to: 
Track user activity on the platform. 
Improve website performance and usability. 
Store user preferences for a seamless experience. 

Cookie Types 
  • Essential Cookies: Required for core functionality. 
  • Analytical Cookies: Collect anonymised data for usage analysis. 
  • Marketing Cookies: Used for personalised communications. 
  • You can manage your cookie preferences through your browser or our cookie management tool. 

For more details check the Cookies Policy.

9. Data Retention 

We retain your data only as long as necessary to: 

  • Fulfill service obligations. 
  • Comply with legal requirements. 
  • Resolve disputes and enforce agreements. 
  • Upon account closure, data is anonymised or securely deleted, unless retention is required by law. 

10. Updates to This Policy 

We may update this policy periodically to reflect legal or operational changes. Material updates will be communicated via email or platform notifications. 

11. Contact Information 

For other privacy-related inquiries: 

Email: support@i-prove.org