funded by

gefördert durch

funded by

Terms and Conditions

ESG Innovations GmbH & Co. KG hereby informs you about the processing of personal data for which ESG Innovations GmbH & Co. KG is the controller within the meaning of the EU General Data Protection Regulation (“GDPR”). Wherever the terms “we,” “us,” “our,” or similar references are used in the following text, they refer exclusively to ESG Innovations GmbH & Co. KG as the controller within the meaning of the GDPR. In addition to contacting us by post, you can also reach us at any time via email at imprint@esg-innovations.com. ESG Innovations GmbH & Co. KG, Willi-Brehm-Straße 6, 63500 Seligenstadt.

The following information on typical processing of personal data has been structured according to categories of data subjects. In addition, we may also process data that concerns only specific groups—in such cases, the respective data subjects will be informed separately about the relevant processing of their personal data. Wherever the term “data” is used in the following text, it serves simplification purposes and refers exclusively to personal data within the meaning of the GDPR.

I. Visitors to the Website

1. Server Log Data (“Log Files”)

Each time you access our website, we automatically collect information from the accessing computer system that your browser transmits to our website server. This data is stored and processed on our server.

1.1. The data processed in this way are log data that are technically required when accessing the website via the Hypertext Transfer Protocol (Secure): this includes the IP address, browser type and version, operating system used, the accessed page, the previously visited page, and the date and time of access. Such data may also be generated on servers of service providers, e.g., when retrieving and using third-party content.

1.2. By processing the above log data, we ensure the functionality of the website. The data are processed for the purpose of providing the content you access on the website and for optimizing and securing our website and IT systems, particularly to defend against targeted attacks such as server overload (“denial of service” attacks) and other system damage, as well as for troubleshooting, enabling and simplifying searches on the website, and managing cookies.

1.3. The legal basis for processing is Article 6(1)(f) GDPR; our legitimate interest lies in operating an online presence and communicating with our partners. When using media content and functions, the legal basis is Article 6(1)(b) GDPR (contract).

1.4. Recipients of personal data include IT service providers engaged under data processing agreements. We also use service providers for technical services, particularly for the provision, maintenance, and servicing of IT systems.

1.5. IP addresses are anonymized after no more than 24 hours. Pseudonymized usage data are deleted after six months.

1.6. Without providing personal data such as the IP address, use of our website is technically not possible.

2. Cookies

We use cookies on our website. Cookies are small text files containing information that may be stored on the user’s device via the browser when visiting a website. Cookies often contain characteristic strings that allow unique identification of the browser when the website is revisited.

2.1. The purpose of our cookies is to make the use of the website easier and to tailor it to your specific needs.

2.2. The use of cookies can be managed via our cookie management function. This function uses “consent cookies” to store your consents, possible withdrawals, and objections regarding cookie use. Log data as described in section 1 and your cookie preferences are processed for this purpose. The legal basis is Article 6(1)(f) GDPR; our legitimate interest is the simple and reliable management of cookies. Recipients also include IT service providers engaged under data processing agreements.

2.3. Cookies that are technically necessary cannot be deactivated via this function. However, you can generally disable cookies in your browser at any time. Please note that some website functions may not work properly if cookies are disabled.

3. Content Provided by Users

We collect personal data when you provide, upload, or otherwise make it publicly available while using our services, e.g., creating and sharing videos or interviews, completing questionnaires, participating in surveys, or presenting your CV or company history. Providing personal data is voluntary. However, without it, the ability to use certain features such as networking and exchange with third parties may be limited.

3.1. Video Interviews

3.1.1. We process your data for producing, publishing, and making video interviews publicly available.

3.1.2. Participation is voluntary. Required data include: name, image, address data, email address, company name, role, timestamps, and technical metadata. Additional content is voluntary.

3.1.3. Legal basis: Article 6(1)(b) GDPR (contract), Article 6(1)(a) GDPR (consent), and Article 6(1)(f) GDPR (legitimate interest in appropriate presentation of content).

3.1.4. We use processors under Article 28 GDPR. Service providers include Typeform SL, SENDINBLUE (Brevo), and Moovly NV (EU-based). Data transfers to third countries follow Articles 44–47 GDPR. Use of Zapier Inc., Dropbox Inc., and Vimeo.com Inc. involves transfer to the USA based on your consent (Article 49(1)(a) GDPR). The USA does not provide an equivalent level of data protection. EU Standard Contractual Clauses are in place.

3.1.5. Data are deleted no later than three years after deletion of the video, unless legal retention obligations apply (up to ten years).

3.2. Questionnaires and Surveys

3.2.1. Data are processed for conducting surveys/interviews, evaluating results, and publishing them.

3.2.2. Participation is voluntary. Required data include: name, address, email, company, role, timestamps, and technical metadata. Additional data are voluntary.

3.2.3. Legal basis: Article 6(1)(b), (a), and (f) GDPR.

3.2.4. Service providers include Typeform SL, SENDINBLUE (Brevo), and Zapier Inc. (USA transfer based on consent).

3.2.5. Data deletion: three years after video deletion; survey data one year after contract end unless retention obligations apply.

4. Third-Party Video Files

Videos embedded on our site are hosted by Vimeo.com Inc. Accessing such content transmits your browser data (including IP address) to Vimeo, even without an account. If logged in, data may be linked to your account. To prevent this, log out before accessing videos.

Processing is carried out solely by Vimeo:
Vimeo.com Inc., 555 West 18th Street, New York, NY 10011, USA.

Further information:
https://vimeo.com/privacy

II. Newsletter Recipients

If you subscribe to our newsletter, you receive information about our company, services, and partners.

1. Purpose: sending newsletters
2. Data: name, email, log data, pseudonymized identifiers
3. Legal basis: Article 6(1)(a) GDPR
4. Data provided by you; analysis data via browser
5. Processors include The Rocket Science Group LLC (Mailchimp); US transfer based on consent
6. Data deleted upon unsubscribe
7. Data required to receive newsletters; withdrawal possible anytime

III. Customers

1. Purpose: contract execution, support, credit checks, updates
2. Data: name, address, email, IP, timestamps, payment confirmations
3. Legal basis: Article 6(1)(b), (c), (f) GDPR
4. Recipients: banks, payment providers, legal entities, IT service providers
5. Storage: 10 years after contract end
6. Data required by law and contract

IV. Communication Partners

1. Purpose: communication and contract preparation
2. Data: name, contact details, communication content, timestamps
3. Legal basis: Article 6(1)(b), (c), (f) GDPR
4. Data may be shared with partners, authorities, service providers
5. Storage: 10 years after relationship ends
6. Data required for communication

V. Rights of Data Subjects
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction
  • Right to object (especially for direct marketing/profiling)
  • Right to object based on personal circumstances
  • Right to data portability
  • Right to withdraw consent
  • Right to lodge complaints with supervisory authorities

No automated decision-making is used.

VI. Languages

This privacy notice is available in German and English. In case of doubt, the German version prevails.

VII. Children’s Online Privacy Protection Act (COPPA)

We do not knowingly collect personal data from children under 13 without parental consent. Parents are encouraged to educate children about online data risks and ensure consent before sharing personal data.