Data Protection

Basic information on Data Protection
Responsible ESG Financial and Investment Services S.L.
Online Service Delivery
Purpose Web User Man agement
Commercial communications related to our services
Legitimation Express consent and legitimate interest
Recipients No data is transferred to third parties, unless legally required
Access, rectify and delete the data, as well as
Rights as other rights, as explained in the
additional information
At ESG FIS we work to offer you the best possible experience through our products and services. In some cases, it is necessary to gather information to achieve this. We care about your privacy and believe we need to be transparent about it.
Therefore, and for the purposes of the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (hereinafter, "GDPR") on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and LAW 34/2002,  of 11 July, on Information Society Services and Electronic Commerce (hereinafter, "LSSI"), ESG Financial and Investment Services S.L. (hereinafter, "ESG FIS") informs the user that, as the data controller, it will incorporate the personal data provided by users into an automated file.
Our commitment begins by explaining the following:
Your data is collected so that the user experience improves, taking into account your interests and needs.
We are transparent about the data we collect about you and the reason we do so.
Our intention is to offer you the best experience possible. Therefore, when we are going to use your personal information we will always do so in compliance with the regulations, and where necessary, we will ask for your consent.
We understand that your data belongs to you. Therefore, if you decide not to authorise us to process them, you can ask us to stop processing them.
Our priority is to ensure your security and process your data in accordance with European regulations.
If you would like more information about the processing of your data, please refer to the different sections of the privacy policy below:
Who is responsible for the processing of your personal data?
Identidad: ESG Financial and Investment Services S.L.
Registered office: Calle Impresores 20N. 28660, Boadilla del Monte (Madrid). Spain
C.I.F. nº: B75499350
Email: info@esgfis.com
ESG FIS has appointed a Data Protection Officer or internal contact person within its organisation. If you wish to make an enquiry regarding the processing of your personal data, you can contact them by email info@esgfis.com
What personal data do we collect?
The personal data that the user may provide:
Name, address and date of birth.
Phone number and email address.
Location.
Information regarding payments and returns.
IP address, date and time you accessed our services, internet browser you use, and data about your device's operating system.
Any other information or data you choose to share with us.
In some cases, it is mandatory to complete the registration form to access and enjoy certain services offered on the website; Likewise, not providing the personal data requested or not accepting this data protection policy means that it is impossible to subscribe, register or participate in any of the promotions in which personal data is requested.
Why and for what purpose do we process your data?
At ESG FIS we process the information provided to us by interested parties for the following purposes:
Manage orders or contract any of our services, either online or in physical stores.
Manage the sending of the information requested from us.
To carry out commercial actions and to carry out the maintenance and management of the relationship with the user, as well as the management of the services offered through the website and information tasks, being able to carry out automatic assessments, obtaining profiles and segmentation tasks of customers in order to personalise the treatment according to their characteristics and needs and improve the customer's online experience.
Develop and manage contests, sweepstakes, or other promotional activities that may be organized.
In some cases, it will be necessary to provide information to the Authorities or third parties for audit purposes, as well as to handle personal data from invoices, contracts and documents to respond to complaints from customers or Public Administrations
We inform you that the personal data obtained as a result of your registration as a user will be part of the Register of Processing Activities and Operations (RAT), which will be updated periodically in accordance with the provisions of the GDPR.
What is the legitimacy for the processing of your data?
The processing of your data may be based on the following legal bases:
Consent of the interested party for the contracting of services and products, for contact forms, requests for information or registration in e-newsletters.
Legitimate interest in the processing of our customers' data in direct marketing actions and express consent of the interested party for everything related to automatic evaluations and profiling.
Compliance with legal obligations for fraud prevention, communication with public authorities and third-party complaints.
How long do we keep your data?
The processing of data for the purposes described will be maintained for the time necessary to comply with the purpose of its collection (for example, for the duration of the commercial relationship), as well as for compliance with the legal obligations arising from the processing of the data.
To whom is your data communicated?
In some cases, only when necessary, ESG FIS will provide user data to third parties. However, the data will never be sold to third parties. External service providers (e.g. payment providers or delivery companies) with whom ESG FIS works may use the data to provide the relevant services, however, they will not use such information for their own purposes or for transfer to third parties.
ESG FIS seeks to ensure the security of personal data when it is sent outside the company and ensures that third-party service providers respect confidentiality and have appropriate measures in place to protect personal data. Such third parties have an obligation to ensure that the information is processed in accordance with data privacy regulations.
In some cases, the law may require that personal data be disclosed to public bodies or other parties, only what is strictly necessary for compliance with such legal obligations will be disclosed.
The personal data obtained may also be shared with other companies in the group.
Where is your data stored?
Data is generally stored within the EU. We will ensure that data sent to third parties outside the EU offers a sufficient level of protection, either because they have Binding Corporate Rules (BCRs) or because they have adhered to the Privacy Shield.
What rights do you have and how can you exercise them?
You can direct your communications and exercise your rights by requesting the following email: info@esgfis.com.
Under the GDPR, you can request:
Right of access: You can request information about the personal data we hold about you.
Right to rectification: you can communicate any changes to your personal data. Right to erasure and to be forgotten: you can request deletion after blocking your personal data.
Right to restriction of processing: this means the restriction of the processing of personal data. Right to object: you can withdraw your consent to the processing of the data, opposing the continuation of the processing.
Right to portability: in some cases, you can request a copy of personal data in a structured, commonly used and machine-readable format for transmission to another controller. Right not to be subject to individualised decisions: You can request that decisions not be made that are based solely on automated processing, including profiling, that produces legal effects or significantly affects the data subject.
In some cases, the request may be refused if you request that data necessary for compliance with legal obligations be deleted.
In addition, if you have a complaint about the processing of your data, you can lodge a complaint with the data protection authority.
Who is responsible for the accuracy and veracity of the data provided?
The user is solely responsible for the veracity and correctness of the data included, exonerating ESG FIS from any liability in this regard. Users guarantee and are responsible, in any case, for the accuracy, validity and authenticity of the personal data provided, and undertake to keep them duly updated. The user agrees to provide complete and correct information in the registration or subscription form. ESG FIS reserves the right to terminate the contracted services that have been entered into with users, in the event that the data provided is false, incomplete, inaccurate or not updated.
ESG FIS is not responsible for the veracity of information that is not of its own elaboration and for which another source is indicated, so it does not assume any responsibility for hypothetical damages that may arise from the use of said information.
ESG FIS reserves the right to update, modify or delete the information contained in its web pages, and may even limit or deny access to such information. ESG FIS is exonerated from liability for any damage or harm that the user may suffer as a result of errors, defects or omissions in the information provided by ESG FIS provided that it comes from sources other than the same.
Likewise, the user certifies that they are over 14 years of age and that they have the necessary legal capacity to provide consent regarding the processing of their personal data.
How do we process the personal data of minors?
In principle, our services are not specifically aimed at minors. However, in the event that any of them is addressed to minors under fourteen years of age, in accordance with article 8 of the GDPR and article 7 of LO3/2018, of 5 December (LOPDGDD), ESG FIS will require the valid, free, unequivocal, specific and informed consent of their legal guardians to process the personal data of minors. In this case, the ID card or other form of identification of the person giving consent will be required.
In the case of persons over fourteen years of age, the data may be processed with the consent of the user, except in those cases in which the Law requires the assistance of the holders of parental authority or guardianship.
What security measures do we apply to protect your personal data?
ESG FIS has adopted the legally required levels of security for the protection of Personal Data, and seeks to install any other means and additional technical measures at its disposal to prevent the loss, misuse, alteration, unauthorized access and theft of the Personal Data provided to ESG FIS.
ESG FIS is not responsible for hypothetical damages that may arise from interferences, omissions, interruptions, computer viruses, telephone breakdowns or disconnections in the operational functioning of this electronic system, caused by causes beyond ESG FIS's control; delays or blockages in the use of this electronic system caused by deficiencies or overloads of telephone lines or overloads in the Data Processing Center, in the Internet system or in other electronic systems, as well as damages that may be caused by third parties through illegitimate interference beyond the control of ESG FIS. However, the user must be aware that Internet security measures are not impregnable.
Links to Other Websites
Links to other websites may https://www.esgfis.com/ be available on the website. By clicking on one of these links and accessing an external website, the visit will be subject to the privacy policy of said website, and ESG FIS will not be held responsible for its privacy policy.
How do we use cookies?
The ESG FIS website uses cookies in order to optimise and personalise your browsing on it. Cookies are physical information files that are stored on the user's own terminal, the information collected through cookies serves to facilitate the user's navigation through the portal and optimize the browsing experience. The data collected through cookies may be shared with the creators of the cookies, but in no case will the information obtained by them be associated with personal data or data that can identify the user.
However, if the user does not want cookies to be installed on their hard drive, they have the option of configuring the browser in such a way as to prevent the installation of these files. For more information, please see our Cookie Policy.
Can the privacy policy be changed?
This privacy policy may change. We recommend that you review the privacy policy from time to time.