Logo
LoginRequest Demo

Resources

Privacy Policy

Effective Date: April 1, 2026

MYSO ESG HOLDING OÜ

Registry Code: [INSERT]

Registered Address: [INSERT ADDRESS, Estonia]

1. Introduction

MYSO ESG™ IP OÜ ("MYSO ESG™", "we", "us", or "our") is an Estonian company providing a structured ESG capability platform for corporations through digital learning services (the "Services").

We are committed to protecting your personal data and processing it in accordance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation – "GDPR")
  • The Estonian Personal Data Protection Act
  • Other applicable EU data protection laws

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platform, website, or services.

By using our Services, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller and Contact Information

Data Controller: MYSO ESG HOLDING OÜ [Insert Address] Registry Code: [Insert] Estonia

Email: support@myso360.com

MYSO ESG™ acts as:

  • Data Controller when you engage directly with us
  • Data Processor when we provide services to enterprise clients and process user data on their behalf

3. What Personal Data We Collect

3.1 Information You Provide

When creating an account or using our Services, we may collect:

  • Full name
  • Email address
  • Job title
  • Company name
  • Phone number (optional)
  • Billing details
  • Payment information (processed securely via third-party payment providers)

3.2 Automatically Collected Information

When you access our platform, we may collect:

  • IP address
  • Browser type
  • Device type
  • Operating system
  • Language settings
  • Login activity
  • Course participation and progress
  • Date and time of access

3.3 Marketing & Communication Data

If you request a demo, newsletter subscription, enterprise inquiry, or sales information, we may collect:

  • Name
  • Email
  • Company
  • Inquiry details

Marketing communications are sent only with appropriate legal basis (consent or legitimate interest in B2B contexts).

4. Legal Basis for Processing (Article 6 GDPR)

We process personal data based on:

  • Contractual necessity (account creation, service delivery)
  • Legitimate interest (service improvement, security, B2B communication)
  • Legal obligation (accounting, compliance)
  • Consent (newsletter, optional marketing cookies)

You may withdraw consent at any time.

5. Purpose of Processing

We process personal data to:

  • Provide Sustainability and ESG training and digital learning services
  • Manage user accounts
  • Track course progress and certification
  • Process payments
  • Provide customer support
  • Maintain platform security
  • Improve platform functionality
  • Conduct analytics
  • Comply with regulatory obligations
  • Prevent fraud and misuse

We do not sell personal data.

6. Cookies & Tracking Technologies

MYSO ESG uses cookies and similar technologies to:

  • Enable platform functionality
  • Authenticate users
  • Ensure security
  • Analyze usage patterns
  • Improve user experience
  • Deliver marketing communications (where consent is provided)

Types of Cookies Used

Cookie TypeDescription
Essential CookiesRequired for platform operation and authentication.
Performance CookiesUsed to analyze platform performance and user behavior.
Marketing CookiesUsed only with user consent.

Users can manage cookie preferences via the cookie banner or browser settings.

7. Data Sharing & Sub-Processors

We may share personal data with trusted third parties strictly for service provision, including:

  • Cloud hosting providers
  • Payment processors
  • CRM systems
  • Email communication providers
  • Analytics providers
  • Accounting providers
  • IT service providers

All third parties are subject to Data Processing Agreements (DPAs) and confidentiality obligations.

We do not sell or commercially trade personal data.

8. International Data Transfers

If personal data is transferred outside the European Economic Area (EEA), we ensure compliance through:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Other lawful safeguards under GDPR Chapter V

9. Data Retention

We retain personal data only as long as necessary for:

  • Active contractual engagement
  • Legal compliance (e.g., accounting obligations)
  • Legitimate business purposes

Inactive accounts may be anonymized or deleted after a defined retention period.

Marketing data is retained until consent is withdrawn.

10. Security Measures

We implement appropriate technical and organizational measures including:

  • Encrypted HTTPS communication
  • Secure cloud hosting
  • Role-based access controls
  • Secure password protocols
  • Monitoring and logging systems
  • Confidentiality agreements
  • Controlled access to personal data

In the event of a data breach, we will notify relevant authorities and affected individuals in accordance with GDPR requirements.

11. Corporate Client Processing

When MYSO ESG provides Services to enterprise clients:

  • The corporate client acts as Data Controller
  • MYSO ESG acts as Data Processor
  • A Data Processing Agreement governs processing

User data is processed solely for service delivery purposes.

12. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent
  • Lodge a complaint with the Estonian Data Protection Inspectorate

To exercise your rights, contact: support@myso360.com

13. Automated Decision-Making

MYSO ESG does not conduct automated decision-making that produces legal or similarly significant effects.

14. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for their privacy practices.

15. Changes to This Policy

We may update this Privacy Policy from time to time.

Material changes will be communicated via:

  • Platform notification
  • Email (where appropriate)

The latest version will always be available on our website.

16. Governing Law & Jurisdiction

This Privacy Policy is governed by the laws of the Republic of Estonia and applicable European Union legislation.

Disputes shall be subject to the jurisdiction of Estonian courts.

17. Contact Information

MYSO ESG HOLDING OÜ [Insert Address] Registry Code: [Insert] Estonia

Email: support@mysoesg.com