top of page

Privacy Policy

This is a translation from original Data Protection Policy in German language. For all legal purposes original German version should be used.

 

Effective date: March 31, 2026

Caribou ESG Toolbox ("we", "us", or "our") operates the website https://www.caribou-esgtoolbox.com (the "Service").

 

We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our ESG toolbox services.

1. Controller / Data Controller

The data controller responsible for your personal data is:

Caribou ESG Toolbox UG haftungsbeschränkt

Robert-Bosch-Straße 7

64293, Darmstadt, Germany

Contact:

Email: info@caribou-esgtoolbox.com

2. What data do we collect?

 

We may collect the following categories of personal data:

  • Contact data: Name, email address, company name, and message when you fill out a contact form, request a demo, or subscribe to our newsletter.

  • Usage data: IP address, browser type, device information, pages visited, and time spent on the site (via cookies or analytics tools).

  • ESG tool data: Any information you voluntarily enter into our toolbox (e.g., company ESG metrics, reports generated) — we process this only to provide the requested service.

  • Other: Any other information you actively provide to us.

 

We do not collect sensitive personal data (special categories under GDPR) unless you explicitly provide it and consent.

3. Legal basis for processing

 

We process your personal data based on:

  • Your consent (Art. 6(1)(a) GDPR) — e.g., for marketing emails or certain cookies.

  • Performance of a contract (Art. 6(1)(b) GDPR) — when you use our ESG tools or request services.

  • Legitimate interests (Art. 6(1)(f) GDPR) — e.g., to improve our website, ensure security, or analyze usage.

  • Legal obligations (Art. 6(1)(c) GDPR) — where required by law.

4. How do we use your data?

 

We use the collected data to:

  • Provide and maintain the Caribou ESG Toolbox

  • Respond to your inquiries and requests

  • Send newsletters or updates (only with your consent)

  • Analyze website usage and improve our services

  • Comply with legal obligations

5. Cookies and tracking technologies

 

Our website uses cookies and similar technologies to ensure functionality, analyze usage, and improve your experience. You can manage your preferences at any time via our cookie banner.

 

Types of cookies we use

  • Essential cookies: These are strictly necessary for the website to function. They enable core features such as navigation and access to secure areas. These cookies do not require your consent under Art. 6(1)(f) GDPR, as they serve our legitimate interest in providing a technically functional service.

  • Analytics cookies: We use analytics tools (including those provided by Wix and Google Analytics) to understand how visitors interact with our website. These cookies collect aggregated, anonymized data on pages visited, time spent, and navigation paths. They are only placed with your explicit consent pursuant to Art. 6(1)(a) GDPR.

  • Functional cookies: These cookies remember your preferences (e.g., language or region settings) to enhance your experience. They are set only upon your consent.

 

Cookie consent and management

When you first visit our website, you will be presented with a cookie banner allowing you to accept or decline non-essential cookies. You may withdraw or modify your consent at any time by accessing the cookie settings panel available in the footer of our website. You may also configure your browser to block or delete cookies at any time. Please note that disabling certain cookies may affect the functionality of parts of our website.

6. Sharing your data

 

We may share your personal data with:

  • Service providers (e.g., hosting providers like Wix, email service providers, analytics tools) who process data on our behalf and are bound by data processing agreements.

  • Legal authorities, if required by law.

We do not sell your personal data to third parties.

7. International data transfers

 

If we transfer data outside the EU/EEA (e.g., to processors in the US), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

8. Data retention

 

We retain your personal data only as long as necessary for the purposes described or as required by law. Contact or marketing data is typically kept for up to 10 years after the last interaction, unless you request deletion earlier.

9. Your rights (GDPR rights)

Under GDPR you have the following rights:

  • Right to access, rectify, or erase your data

  • Right to restrict or object to processing

  • Right to data portability

  • Right to withdraw consent at any time

  • Right to lodge a complaint with a supervisory authority (in Germany: Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit or your local authority)

To exercise these rights, contact us at the email address above.

10. Automated decision-making and profiling

In the course of providing the Caribou ESG Toolbox, our platform may perform automated processing of the ESG data you input in order to generate scores, benchmarks, materiality assessments, or other analytical outputs. Where such processing constitutes automated decision-making within the meaning of Art. 22 GDPR — that is, where decisions are made solely by automated means without meaningful human involvement and produce legal or similarly significant effects — you have the following rights:

 

  • The right not to be subject to a decision based solely on automated processing if it produces legal or similarly significant effects concerning you.

  • The right to obtain human review of any such automated decision.

  • The right to express your point of view and to contest the decision.

 

In practice, the ESG outputs generated by our toolbox are analytical aids intended to support human decision-making by your organization and do not themselves constitute binding decisions with legal or similarly significant effects on individuals. Nonetheless, we are committed to transparency about how automated processing works within our platform.

If you have questions about any specific automated processing or wish to request human review of a particular output, please contact us at privacy@caribou-esgtoolbox.com.

11. Security

 

We implement reasonable technical and organizational measures to protect your personal data against unauthorized access, loss, or alteration.

12. Hosting

We host our website with Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel ("Wix"). When you visit our website, Wix analyzes user behavior, visitor sources, visitor regions, and visitor numbers. Wix stores cookies on your browser that are required for the display of the website and to ensure security (essential cookies). Data collected via Wix may be stored on servers worldwide, including in the United States.

The use of Wix is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the reliable presentation of our website. Where consent has been obtained, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR. This consent can be revoked at any time. For further details, please refer to Wix's privacy policy: https://www.wix.com/about/privacy.

We have concluded a Data Processing Agreement (DPA) with Wix. Data transfers to the US and other third countries are based on the Standard Contractual Clauses of the EU Commission pursuant to Art. 46 GDPR. Details can be found at: https://www.wix.com/about/privacy-dpa-users.

We note that in third countries such as the United States, a level of data protection comparable to that within the EU cannot be guaranteed. In particular, US companies may be required to disclose personal data to security authorities without you being able to take effective legal action against this. It cannot be excluded that US authorities may process, evaluate, and permanently store data located on US servers for surveillance purposes. We have no influence over such processing activities.

13. Server log files

Our hosting provider automatically collects and stores information in server log files that your browser transmits to us automatically. This includes: browser type and version, operating system, referrer URL, hostname of the accessing device, time of the server request, and IP address.

This data is not merged with other data sources. Collection is based on Art. 6(1)(f) GDPR — we have a legitimate interest in the technically sound display and optimization of our website.

14. Changes to this Privacy Policy

 

We may update this Privacy Policy from time to time. The new version will be posted on this page with an updated effective date.

 

15. Contact us

 

If you have any questions about this Privacy Policy, please contact us at info@caribou-esgtoolbox.co

bottom of page