Privacy Policy

ESG Institute Pte Ltd is a Singapore-registered B Corp. This policy explains how we collect, use, and protect your personal data in accordance with the Personal Data Protection Act 2012 (PDPA) of Singapore.

When we say "we," "us," or "our," we mean ESG Institute Pte Ltd. When we say "you," we mean anyone who visits our websites, registers for our programmes, or interacts with our services.

Our websites include the-esg-institute.com, clearsight.global, and joanneflinn.com.

We collect personal data only when you provide it to us or when it is necessary to deliver the services you have requested.

When you submit a contact form or register for ClearSight Live, we collect your name, email address, and organisation. We use this to respond to your enquiry, send you session details, and follow up on your request.

When you download a resource (such as a guide or scorecard), we collect your name and email address. We use this to deliver the resource and, with your consent, to send you related content.

When you subscribe to our Substack, your data is collected and managed by Substack Inc. under their own privacy policy. We receive your email address and any name you provide. We use this to send you our fortnightly publication.

When you purchase a programme or assessment, we collect the information necessary to process your registration and payment. Payment processing is handled by third-party providers who operate under their own privacy and security policies. We do not store credit card or payment details on our systems.

When you participate in a programme, we may collect additional information relevant to delivering the service. Assessment data and company-specific findings are confidential and are not shared outside the programme without your consent.

When you visit our website, we use Google Analytics to understand how visitors use the site. This collects anonymised data such as pages visited, time on site, and general location. Google Analytics does not identify you personally. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

We use the following services to operate our business. Each has its own privacy policy governing your data.

• Google Analytics — website analytics
• Zoom — ClearSight Live sessions and meetings
• Scheduling and operational tools
• Stripe or equivalent — payment processing
• Substack — our newsletter

We do not sell, rent, or trade your personal data to any third party. We share your data with third-party services only as described above and only to the extent necessary to deliver the services you have requested.

We implement reasonable security measures to protect your personal data from unauthorised access, loss, or misuse. These include secure hosting, encrypted connections (HTTPS), and limited access to personal data within our team.

No method of transmission or storage is completely secure. We take reasonable precautions but cannot guarantee absolute security.

We retain your personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. When your data is no longer needed, we securely delete or anonymise it.

If you subscribe to our communications and later unsubscribe, we will remove your contact details from our active mailing lists. Some records may be retained for legal or accounting purposes.

Under the PDPA, you have the right to:

• Access your personal data that we hold, and request a copy of it.
• Correct any personal data that is inaccurate or incomplete.
• Withdraw consent for us to collect, use, or disclose your personal data. Please note that withdrawing consent may affect our ability to provide certain services to you.

To exercise any of these rights, contact us via the contact form. We will respond within 30 days.

Our website uses cookies to support analytics and improve your experience. Cookies are small files stored on your device. You can control cookies through your browser settings. Disabling cookies may affect the functionality of some parts of our website.

If you have registered your Singapore telephone number with the Do Not Call Registry, we will not send you marketing messages to that number unless you have separately consented to receive them from us.

Our services are designed for business professionals. We do not knowingly collect personal data from anyone under the age of 18.

We may update this policy from time to time. Changes will be posted on this page with an updated date. We encourage you to review this policy periodically.

If you have questions about this policy or wish to exercise your data rights, please use the contact page.