Privacy & Cookies
Privacy Notice
The European Sustainable Development Organisation (ESDO) website, based in Ireland.
1. Introduction
This privacy notice is maintained by the European Sustainable Development Organisation (ESDO). It sets out how and why we use your personal data – both on this website, and offline.
If you work for ESDO, you should refer to the Privacy Notice contained in your consultancy agreements with ESDO, and if you have applied for a job, you should refer to the tables below that explain how your data is used and for how long.
If your personal data is processed by ESDO because you are a participant in one of our research projects, you should refer to the privacy notice made available by us or by our client or partner prior to the research being undertaken. If you do not have a copy of the relevant privacy notice in relation to the research project you are involved in, please contact us at info@esdo.io.
If your personal data is processed by ESDO in the context of using one of our products (including but not limited to Predictiv, Networky, Tig or Promptable), you should refer to the privacy notice made available by us on the relevant product’s app or website. In most cases, this would have been made available to you at the point of signing up to use the product.
This notice does not create any contractual rights or obligations. We may change this privacy notice from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on the website or by contacting you directly.
European Sustainable Development Organisation is the controller of, and responsible for, most personal data collected by ESDO, including on this website. However, if you interact with another ESDO linked entity, that entity will be responsible for your personal data, and local data protection laws in that country will apply.
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights in relation to your personal data, please contact the DPO:
By email: DPO@esdo.io.
2. When do we collect information from you?
We may collect information about you if you:
- commission ESDO to undertake research or other work for your organisation or company, or communicate with us about prospective or ongoing work;
- work for one of our partners (or a prospective partner) on a project that is helping us to deliver and/or evaluate a research intervention;
- use our website;
- sign up for events organised by us;
- subscribe to our newsletter;
- contact us with any form of complaint or enquiry or in response to a request for feedback or a survey;
- consent to take part in an interview or focus group as part of a research project we are undertaking on our own behalf or on behalf of a client or partner;
- purchase products or services from us;
- work for or are one of our suppliers, or work for a prospective supplier; or
- visit our offices.
3. What kind of information do we collect from you?
This will depend on the context in which we interact with you:
- a) When you scope working with ESDO/commission ESDO to undertake research for you/act as a supplier to ESDO/work for a partner involved in a ESDO research project:
| Category | Description |
|
Client Data Partner Data Supplier Data |
ESDO is primarily engaged by government departments/corporate entities and as such those instructors are not data subjects.
Also, ESDO generally contracts with corporate entities as suppliers to ESDO and with partner organisations (rather than with individuals).
However, as part of such engagements or as part of business development with prospective clients, personal information may be provided to us (e.g. personal information relating to officers of clients, prospective clients, partners or suppliers) which may include the following:
|
- b) When you use our website, subscribe to our newsletter or contact us with complaints, enquiries or feedback
| Category | Description |
|
Website User Data Subscriber Data |
|
- c) Visiting our offices or attending an ESDO event
| Category | Description |
|
Visitor Data Event Data |
For the purposes of this description, ESDO premises includes any premises hired or rented by ESDO for whatever period of time
|
- d) Purchasing products and services from us
| Category | Description |
| Payment Data |
|
- e) When you are participating in projects, interviews or focus groups in relation to a research project we are undertaking
| Category | Description |
| Research Participant Data |
|
Except as identified above in the context of collecting dietary requirements and responses to interviews, we do not routinely collect any special categories of personal data (special category data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data), or information about criminal convictions and offences for any of the activities covered by this privacy notice.
4. How do we use the information we collect?
Your personal information will be used for the purposes listed in the table below. We will only use your personal data where we have a lawful basis for doing so. The basis we rely upon will impact which rights you have in relation to your personal information (see section below for more details):
| Purpose | Lawful Basis | Category of personal data |
| Do business with our prospective clients, clients, suppliers and partners (as well as prospective clients, suppliers and partners) |
Legitimate interest in contacting our clients, prospective clients, partners and suppliers, and retaining records of our contacts
Compliance with a legal obligation To perform our obligations in accordance with any contract that we may have a client, partner or supplier |
Client Data Supplier Data Partner Data |
| Send our newsletter and promote our products and services via direct marketing | Consent | Subscriber Data |
| To recruit partners to work with us on projects |
Consent Legitimate interest in contacting potential partners to meet recruitment requirements for projects (provided the partners are likely to have a mutual interest in the potential outcomes of the project) |
Partner Data |
| Request feedback and conduct surveys and other project outputs/research/analytics |
Consent Legitimate interests in understanding how to improve our products and services |
Website User Data Subscriber Data Client Data Partner Data Supplier Data Visitor Data Event Data |
| Arrange events and interact with clients and contacts at events | Legitimate interest in generating interest in our services and products |
Subscriber Data Event Data Client Data |
| Resolve queries and complaints |
Legitimate interest in resolving a query or complaint raised by or involving a data subject Compliance with a legal obligation |
Subscriber Data Website User Data Client Data Partner Data Supplier Data Visitor Data Event Data |
| Provide you with access to all parts of our site, personalise your experience on our website, and ultimately improve the functionality of the website for the benefit of all users | Legitimate interest in providing an enhanced, user friendly website by understanding how our website is used | Website User Data |
| Protect the security of our website and detect and prevent dangerous or unlawful use | Legitimate interest in safeguarding ESDO’s intellectual property and assets, and in protecting the security of users and their information | Website User Data |
| Protect the security of our offices, staff and guests by identifying visitors |
Legitimate interest in safeguarding ESDO’s assets and personnel Compliance with a legal obligation (health and safety) |
Visitor Data Event Data |
| To process your order for a product, including taking your payment and arranging delivery | To perform our obligations in accordance with a contract |
Payment Data Website User Data |
| To prevent or detect fraud and money laundering including fraudulent payments and fraudulent use of our services |
Compliance with a legal obligation (fraud and anti-money laundering compliance) Legitimate interest in safeguarding ESDO’s assets and employees |
Payment Data Client Data Partner Data Supplier Data Website User Data |
| Establish, defend or enforce legal claims or regulatory investigations | Legitimate interest in protecting the commercial and legal interests of ESDO |
Client Data Partner Data Supplier Data Website User Data Payment Data Subscriber Data Visitor Data Event Data |
| Conducting project work or research |
Consent Legitimate interests in undertaking robust research with social impact Where we collect special category as part of research participants’ responses to interviews and we have relied on consent as the lawful basis, we will also seek explicit consent as a condition of processing. Where we have relied on legitimate interests as the lawful basis, our condition for processing special category data will be that it is necessary for scientific research purposes. |
Research Participant Data |
Where we rely upon a “legitimate interest” as our legal basis, we will ensure that our interest is not outweighed by any impact on your rights and freedoms, by using your information in a way which is proportionate and respects your privacy.
Please make sure that any personal data you provide is accurate and up to date, and let us know about any changes in the information which you have provided as soon as possible.
Marketing choices
If you have previously signed up to receive our newsletter or other promotional communications from us but you don’t want to receive any more communications, please click the unsubscribe link on any email from us. Alternatively, you can also email us at info@esdo.io at any time.
5. Who else may have access to your information?
We may disclose your information with third parties for the purposes described below:
- with other companies in our group, in order to utilise personnel or shared IT services based in other ESDO offices, for any of the purposes described in this notice;
- with third party service providers. These third parties have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These include our marketing automation platform (MailChimp, whose privacy policy can be found here), our IT service providers (including Google), our Customer Relationship Management system (Hubspot, whose privacy policy can be found here) and other third parties who help manage our IT and back office systems;
- with our regulators, which may include the Data Protection Inspectorate, and with courts and law enforcement to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
- with a potential or actual third party purchaser of our business or assets if, in the future, we sell or transfer some or all of our business or assets to a third party, or invite investment in our company.
Comments and other information which you post on the website or our social media pages will be displayed publicly and to other users. Please be careful when disclosing personal information which may identify you or anyone else. We are not responsible for the protection or security of information which you disclose in public areas.
6. International Transfers
The global presence of ESDO means that your personal data may be transferred outside of the European Economic Area (“EEA”) – where data protection laws may not be equivalent – for any of the purposes described in this notice. Whenever we make restricted international transfers of personal data, we take steps to ensure that your personal data receives an adequate level of protection (by putting in place appropriate safeguards, such as contractual clauses), or to ensure that we are able to rely on an appropriate derogation under data protection laws. You have a right to request access to any safeguard which we use to transfer your personal information outside of the UK and the EEA (although we may need to redact data transfer agreements for reasons of commercial confidentiality).
As noted above, we may share your data with one of our group companies. As of the date of last review of this notice, the group of companies comprise:
- European Sustainable Development Organisation – (Ireland)
In relation to companies outside of the UK and EEA, we have put in place standard contractual clauses (as laid down in the European Commission Decision 2010/87/EU of 5 February 2010 or as updated from time to time) to ensure an adequate level of protection for your personal data.
Some of our data processors may transfer personal data outside of the UK or EEA and, as stated above, we will always ensure there are appropriate safeguards in place so that such transfers are lawful. For example, MailChimp’s and Hubspot’s servers are located in the United States so personal data will be transferred to the United States. MailChimp and Hubspot have both certified to the EU-U.S. Privacy Shield Framework.
If you are concerned about us sharing your personal data with MailChimp, please do not sign up to receive information from us.
7. Security
We take appropriate steps to protect your personal information and follow procedures designed to minimise unauthorised access, alteration, loss or disclosure of your information. Measures we take include placing confidentiality requirements on our staff members and service providers; limiting access to personal information and destroying personal information which is no longer required.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Any downloadable documents, files or media made available on this website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available, users are advised to verify their authenticity using third party anti-virus software or similar applications. You should also exercise caution when sharing personal data or confidential information on any website, and should use up-to-date web browsers and anti-virus software.
8. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. When it is no longer necessary to retain your personal data, it will be deleted.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
9. Your legal rights
Subject to certain exemptions, and in some cases dependent upon our lawful basis (see “How do we use the information we collect?” above), you have certain rights in relation to your personal data:
- Request access to your personal data: this enables you to find out how and why we are using your personal data, and to receive a copy of the personal data we hold about you to check we are lawfully processing it.
- Request correction of your personal data: this enables you to have any incomplete or inaccurate data we hold about you corrected.
- Request erasure of your personal data: this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
- Object to processing of your personal data: you can object where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
- Request restriction of processing your personal data: this enables you to ask us to suspend the processing of your personal data if you contest its accuracy; our processing is unlawful (but you do not want your data erased); your personal data is no longer needed for the original purposes but is needed for legal claims; or you have objected to processing which is based on legitimate interest grounds.
- Data portability: Where the processing takes place on the basis of your consent or contract, and is carried out by automated means, you have the right to request that we provide your personal data to you or to another controller (where technically feasible) in a machine-readable format. Based on our use or personal data and the lawful bases relied on, this right is unlikely to be relevant.
- Right to withdraw consent to the processing of your personal data: This applies where we have relied on consent to process personal data. Please note that withdrawal of consent will not affect the lawfulness of any processing carried out before withdrawing your consent.
You also have the right to make a complaint at any time to the Data Protection Commission (DPC), the Irish supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the DPC so please contact us in the first instance.
If you wish to exercise any of the rights set out above, please contact the Data Protection Officer with your specific request by email to: info@esdo.io.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded or excessive (which may include repetitive requests). Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
10. Company details
European Sustainable Development Organisation registered in Ireland.
As a result, ESDO conducts a risk-based assessment of all suppliers and this will require the provision of certain basic information and documents from all suppliers identified as the preferred supplier for a procurement.
This assessment may mean some suppliers need to undergo enhanced due diligence checks. Where enhanced due diligence is required, ESDO will support preferred suppliers to complete these checks prior to contract award.
Cookies
Cookie Settings
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Cookies used
- OptanonConsent
- OptanonAlertBoxClosed
| Categories | Cookies (Lifespan) |
| geolocation.onetrust.com |
|
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
Cookies used
- _gid
- _ga
- _gat_UA-131012546-1
Functional Cookies
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
| Categories | Cookies (Lifespan) |
| vimeo.com |
|
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
| Categories | Cookies (Lifespan) |
| youtube.com |
|
| m.youtube.com |
|
| doubleclick.net |
|
| google.com |
|
© European Sustainable Development Organisation, Ireland