Privacy Policy

Last updated: 12 March 2026

1. Who We Are

ESG:ONE ("we", "us", "our") is the data controller responsible for your personal data. We are registered in England and Wales.

2. What Data We Collect

We collect personal data that you voluntarily provide to us, including:

  • Contact information: name, email address, company name, phone number
  • Inquiry details: messages submitted via our contact form or callback widget
  • Usage data: pages visited, time on site, referral source (collected via Google Analytics)
  • Technical data: IP address, browser type, device type

3. How We Use Your Data

We use your personal data for the following purposes:

  • To respond to your enquiries and provide information about our products and services
  • To arrange and conduct product demonstrations
  • To return callback requests
  • To improve our website and understand how visitors use it
  • To comply with legal obligations

We process your data under the following lawful bases (GDPR Article 6):

  • Consent: when you submit a form or accept cookies
  • Legitimate interest: to improve our services and respond to enquiries
  • Legal obligation: where required by applicable law

4. Data Sharing

We do not sell, rent or trade your personal data. We may share data with:

  • Service providers: hosting (Microsoft Azure), analytics (Google Analytics), email delivery services — all bound by data processing agreements
  • Legal authorities: if required by law, regulation or court order

We do not transfer personal data outside the UK/EEA unless adequate safeguards are in place (e.g. Standard Contractual Clauses).

5. Data Security

We take appropriate technical and organisational measures to protect your data, including:

  • Encryption of data at rest and in transit (TLS 1.2+)
  • Access controls and authentication
  • Regular security reviews
  • Hosting on ISO 27001-certified infrastructure (Microsoft Azure)

6. Data Retention

  • Contact form submissions: retained for up to 12 months, then deleted
  • Callback requests: phone numbers are deleted within 30 days of the callback being completed
  • Analytics data: retained for 14 months (Google Analytics default)

7. Cookies

We use cookies and similar technologies to:

  • Remember your cookie consent preference
  • Analyse website traffic (Google Analytics)

You can manage cookies through your browser settings or our cookie consent banner. Non-essential cookies are only set if you accept them.

8. Your Rights

Under GDPR and the UK Data Protection Act 2018, you have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Erase your data ("right to be forgotten")
  • Restrict processing of your data
  • Port your data to another provider
  • Object to processing based on legitimate interest
  • Withdraw consent at any time

To exercise any of these rights, contact us at info@esg-one.co. We will respond within 30 days.

9. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

10. Changes to This Policy

We may update this policy from time to time. The "last updated" date at the top of this page indicates when changes were last made. We encourage you to review this page periodically.

We use cookies to enhance your experience. By continuing to visit this site you agree to our use of cookies. Learn more