+61 02 8600 8000 | legal@ecg-advisory.com.au | Sydney · Singapore · Mumbai · Jakarta · Nairobi
Mentored by WSSH Australia
Home/ Privacy Policy

Privacy Policy

ECG | ESG Consulting Group is committed to protecting your privacy and ensuring the security of your personal information. This policy explains how we collect, use, disclose, and safeguard your data when you interact with our website, services, and platforms.

1. Information We Collect

1.1 Personal Information You Provide

When you interact with ECG, we may collect personal information including but not limited to:

  • Contact Information: Name, email address, phone number, postal address, company name, job title
  • Account Information: Username, password, preferences, and communication settings for our EIP platform or client portals
  • Inquiry Information: Details you provide through our contact forms, email correspondence, or phone calls
  • Employment Information: CV, cover letter, professional references, and work history when you apply for positions at ECG
  • Payment Information: Billing details, including credit card information or bank account details (processed through secure third-party payment processors)

1.2 Information Automatically Collected

When you visit our website or use our digital platforms, we automatically collect certain information:

  • Usage Data: Pages visited, time spent, links clicked, and navigation patterns
  • Device Information: IP address, browser type, operating system, device identifiers
  • Location Data: Approximate geographic location derived from your IP address
  • Cookies and Tracking Technologies: See our Cookie Policy for details

1.3 Information from Third Parties

We may receive information about you from third parties, including:

  • Business partners and referral sources
  • Publicly available databases and regulatory authorities
  • Social media platforms when you interact with our content

2. How We Use Your Information

ECG uses your personal information for the following purposes:

  • Service Delivery: To provide ESG advisory, compliance, infrastructure, technology, and training services as requested
  • Communication: To respond to inquiries, provide updates, and send important notices regarding our services
  • Marketing: To send newsletters, event invitations, and promotional materials (you may opt out at any time)
  • Platform Operation: To operate, maintain, and improve our EIP platform and client portals
  • Compliance: To comply with legal obligations, regulatory requirements, and enforce our terms of service
  • Recruitment: To evaluate job applications and communicate with candidates
  • Analytics: To analyse website usage, improve user experience, and optimise our digital presence

3. Legal Basis for Processing (GDPR)

For individuals in the European Economic Area (EEA), ECG processes your personal information under the following legal bases:

  • Contractual Necessity: Processing necessary to perform a contract with you or to take steps at your request before entering into a contract
  • Legitimate Interests: Processing necessary for our legitimate business interests, provided they do not override your rights and freedoms
  • Legal Obligation: Processing necessary to comply with legal or regulatory obligations
  • Consent: Processing based on your explicit consent (marketing communications, cookie preferences)
📧 Privacy Inquiries

For privacy-related questions or to exercise your data rights, contact our Data Protection Officer:

dpo@ecg-advisory.com.au

4. Information Sharing and Disclosure

ECG does not sell your personal information to third parties. We may share your information in the following circumstances:

  • Service Providers: We engage trusted third-party vendors to perform services on our behalf (e.g., cloud hosting, payment processing, email delivery, analytics). These providers are contractually obligated to protect your data.
  • Professional Advisors: We may share information with our legal, accounting, and consulting advisors as necessary to protect our legitimate business interests.
  • Legal Compliance: We may disclose information when required by law, court order, or regulatory authority (e.g., SEBI, GPCB, CPCB, tax authorities).
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity.
  • With Your Consent: We may share information for any other purpose where we have obtained your explicit consent.

5. Data Security

ECG implements industry-standard security measures to protect your personal information:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Regular security assessments and vulnerability scanning
  • Role-based access controls and multi-factor authentication for internal systems
  • Staff training on data protection and privacy best practices
  • Incident response protocols for data breaches (notification within 72 hours where legally required)

6. Data Retention

ECG retains your personal information only as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. Retention periods vary by data type:

  • Client Data: Retained for the duration of our engagement plus 7 years following termination (for legal and regulatory compliance)
  • Prospect Data: Retained for 2 years after last contact unless consent is withdrawn
  • Job Applicant Data: Retained for 2 years after application submission unless otherwise agreed
  • Marketing Data: Retained until you unsubscribe or request deletion

7. Your Rights (GDPR, CCPA, and Other Jurisdictions)

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Right to Access: Request a copy of the personal information we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete information
  • Right to Erasure: Request deletion of your personal information (subject to legal retention obligations)
  • Right to Restrict Processing: Request limitation of how we use your information
  • Right to Data Portability: Request transfer of your data to another controller in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests, including direct marketing
  • Right to Withdraw Consent: Withdraw previously given consent at any time (does not affect prior processing)
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise any of these rights, please contact our Data Protection Officer at dpo@ecg-advisory.com.au. We will respond within 30 days.

🌍 Jurisdiction-Specific Rights
🇪🇺 GDPR (EEA)
Access, rectification, erasure, restriction, portability, objection
🇺🇸 CCPA (California)
Right to know, delete, opt-out of sale (we do not sell data)
🇮🇳 India (DPDP Act)
Right to confirmation, access, correction, erasure, grievance redressal
🔐 Data Protection Officer

Email: dpo@ecg-advisory.com.au

Address: 400 George Street, Sydney NSW 2000, Australia

Response Time: 30 days

8. International Data Transfers

ECG operates globally with offices in Australia, Singapore, India, Indonesia, and Kenya. Your personal information may be transferred to and processed in these countries. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with all third-party service providers
  • Adequacy decisions where applicable (e.g., UK, Japan, South Korea)

9. Children's Privacy

ECG's services are directed to businesses and professionals, not individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us, and we will delete it promptly.

10. Changes to This Privacy Policy

ECG may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. We will notify you of material changes by:

  • Posting a notice on our website
  • Sending an email to registered users
  • Updating the "Last Updated" date at the top of this policy

We encourage you to review this policy periodically.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

ECG | ESG Consulting Group
400 George Street, Sydney NSW 2000, Australia
Data Protection Officer: dpo@ecg-advisory.com.au
Phone: +61 02 8600 8000

Have Privacy Questions?

Our Data Protection Officer is available to address any questions or concerns about your personal information and privacy rights.