Privacy Policy

1. Introduction

ExecutESG Oy ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our ExecutESG OS platform ("Service"). As a Finnish B2B SaaS company, we process personal data in accordance with the European Union's General Data Protection Regulation (GDPR).

2. Data We Collect

We may collect information about you in a variety of ways. The information we may collect includes:

• Personal Identification Information: Name, email address, job title, and company name when you register for an account, subscribe to our newsletter, or request a demo.
• Usage Data: Information about how you interact with our website and platform, including IP addresses, browser types, and navigation paths.
• B2B Service Data: Data processed on behalf of our clients acting as Data Controllers during the performance of the Double Materiality Assessment and other services.

3. Legal Basis for Processing

Under the GDPR, we process your personal data based on the following legal grounds:

• Contractual Necessity: To provide you with our services, manage your account, and perform our obligations under our Terms of Service.
• Legitimate Interests: To improve our platform, conduct analytics, and send you relevant B2B marketing communications (which you can opt out of at any time).
• Consent: When you have explicitly agreed to the processing of your data for specific purposes, such as non-essential cookies.

4. How We Use Your Information

We use the collected information to:

• Provide, operate, and maintain the ExecutESG OS platform.
• Process transactions and send related information, including invoices.
• Respond to customer service requests and offer technical support.
• Analyze usage trends to improve user experience.
• Communicate with you regarding updates, security alerts, and new features.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share information with trusted third-party service providers (e.g., cloud hosting, analytics tools) strictly bound by Data Processing Agreements (DPAs) to assist us in operating our business. We may also disclose data if required by law or to respond to valid legal requests from public authorities.

6. Data Security and Retention

We implement industry-standard technical and organizational security measures to protect your data against unauthorized access, alteration, or destruction. We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by legal and regulatory obligations.

7. Your Data Protection Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have the following rights regarding your personal data:

• The right to access, update, or delete the information we have on you.
• The right of rectification if your information is inaccurate.
• The right to object to or restrict our processing of your personal data.
• The right to data portability (receiving a copy of your data in a structured format).
• The right to withdraw consent at any time where we relied on your consent.

To exercise any of these rights, please contact us at [email protected]. You also have the right to complain to the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu) if you believe our processing violates GDPR.

8. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: