Received an LkSG questionnaire from your buyer? Start here →
ESG Stress Free

Privacy Policy

Last updated: April 2025

1. Who We Are

ESG Stress Free ("we", "us", "our") is the data controller for personal data collected through the ESG Stress Free platform. We are registered with the Information Commissioner's Office (ICO) under registration number [ICO REGISTRATION NUMBER].

If you have any questions about how we handle your personal data, please contact us at: [email protected]

2. Legal Bases for Processing

We process personal data on the following legal bases under the UK GDPR:

  • Consent — where you have given us clear consent to process your data for a specific purpose.
  • Contract — where processing is necessary to perform a contract with you, or to take steps at your request before entering into a contract.
  • Legal obligation — where processing is necessary to comply with a legal obligation.
  • Legitimate interests — where processing is necessary for our legitimate interests, provided those interests are not overridden by your rights and interests.

3. What Data We Collect and Why

Account and dashboard: When you register and use the dashboard, we process your name, email address, company name, and compliance data (assessments, supplier information, documents, emissions data). Legal basis: contract. Retention: duration of the subscription plus 3 years for records with financial or legal relevance.

Contact form and enquiries: Name, email address, and company name. Legal basis: contract or consent. Retention: 3 years from last contact.

Supplier questionnaires: Compliance data you submit in response to questionnaires, which is shared with the requesting company. Legal basis: contract. Retention: 5 years from submission.

Server logs: Anonymised IP address, browser type, operating system, referrer URL, date and time. Legal basis: legitimate interests (security and platform performance). Retention: 30 days.

Cookies: Technically necessary cookies and optional analytics cookies. See our Cookie Policy for details.

4. Sharing Your Data

We share your personal data only where necessary to perform our contract with you, where you have given consent, where we are under a legal obligation to do so, or where our legitimate interests require it. We have data processing agreements in place with all third-party processors. We do not sell your data.

5. International Transfers

Where data is transferred outside the United Kingdom, we ensure an adequate level of protection through appropriate safeguards, including the UK International Data Transfer Agreement (IDTA) or transfers to countries with UK adequacy decisions.

6. Your Rights

Under the UK GDPR and the Data Protection Act 2018, you have the following rights:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may ask us to correct inaccurate or incomplete data.
  • Right to erasure: You may ask us to delete your data where there is no compelling reason for us to continue processing it.
  • Right to restriction: You may ask us to restrict processing of your data in certain circumstances.
  • Right to data portability: You may request your data in a structured, machine-readable format.
  • Right to object: You may object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at: [email protected]

You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO), at ico.org.uk.

7. Data Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or misuse. All data transmission is encrypted via HTTPS/TLS. Database access is restricted to authorised personnel only.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices or legal requirements. We will notify you of material changes by email. The current version is always available on this page.