logo greenscope
Solutions
solution for companies
Private Markets

Manage and leverage your ESG data all along your investment cycle

solution for investors
Banks & Insurers

Assess your impact, ensure regulatory compliance, and fulfill your advisory duty to clients

solution for banks and insurers
Portfolio Companies

Simplify your reporting duties and maximize your future exit

Icone partner
Become partner

Provide your clients with a cutting-edge ESG reporting solution, simplify your tasks and unlocks new service & revenue opportunities

Features
ESG Data Solution

Centralize and manage your ESG data at one place, visualize your progress and generate reports

Carbon Assessment

Measure your carbon footprint across all scopes and implement a decarbonization plan

CSRD

Conduct a double materiality assessment, perform gap analysis, collect relevant data, and generate compliant reports

Impact Analysis & Compliance

Assess all environmental impacts to define informed actions and minimize risks: Biodiversity, Taxonomy, SFDR…

ESG expert
Icone Greescope
ESG Expertise

Rely on our team of experts to deploy your projects

Icon data
Data integration

Connect your systems and gather data from any source

Resources
Company
About Greenscope

Who we are, our commitments, careers, and more

Our Partners
Soon

Explore our diverse partner ecosystem

Icon lock
Security

Secure, reliable, and resilient platform

Request a demo

Privacy Policy

1. Purpose and Scope

Greenscope is a company providing a Software-as-a-Service (SaaS) ESG reporting platform primarily designed for financial institutions, with the objective of enabling its clients and prospects to measure, monitor, and improve their extra-financial and sustainability performance.

In the course of its activities, Greenscope processes information relating to identified or identifiable natural persons (the “Personal Data”), as defined under applicable data protection laws, in particular Regulation (EU) 2016/679 (the “GDPR”).

The purpose of this Data Management & Privacy Policy (the “Policy”) is to explain, in a transparent and accessible manner, how Greenscope collects, uses, stores, shares, and protects Personal Data in the context of:

  • browsing and interacting with the Greenscope website; and
  • pre-contractual and marketing interactions with prospects.

This Policy applies exclusively to Personal Data processing activities for which Greenscope acts as a Data Controller.

This Policy does not apply to Personal Data processed by Greenscope on behalf of its customers in the context of the use of the Greenscope SaaS platform, where Greenscope acts as a Data Processor within the meaning of the GDPR. Such processing activities are governed by separate contractual documentation, including applicable data processing agreements entered into between Greenscope and its customers.

2. Definitions

For the purposes of this Policy:

  • Personal Data means any information relating to an identified or identifiable natural person within the meaning of Article 4(1) of the GDPR.
  • Prospect means any natural person who expresses an interest in the Greenscope Services by interacting with the Greenscope website, without creating a customer account.
  • Website Visitor means any natural person browsing the Greenscope website without expressing interest in the Greenscope Services.
  • Greenscope Services means the services provided through the Greenscope SaaS platform and any ad hoc professional services delivered by Greenscope.
  • Data Controller means the entity that determines the purposes and means of the processing of Personal Data.
  • Data Processor means the entity that processes Personal Data on behalf of a Data Controller.

3. Data Controller Identification

The services described in this Policy are provided by Greenscope, a company registered with the French National Register of Companies (Registre National des Entreprises – RNE) under number 910 993 179 (SIREN).

  • Registered office: 50 route de la Vieille Chapelle, 24380 Creyssensac-et-Pissot, France
  • Operational offices: 14 rue Maublanc, 75015 Paris, France

Within the scope of this Policy, Greenscope acts as the Data Controller for Personal Data collected directly or indirectly via its website.

4. Sources of Personal Data

Greenscope collects Personal Data from several sources, depending on how you interact with the Greenscope website.

a. Personal Data provided directly by you

Greenscope processes Personal Data that you voluntarily communicate when interacting with the Greenscope website, in particular when you:

  • submit a request for a demonstration of the Greenscope Services;
  • subscribe to newsletters or other marketing communications;
  • download resources, reports, white papers, or other content made available by Greenscope.

In this context, the Personal Data collected may include professional identification and contact information, such as first name, last name, professional email address, company name, job title, and, where applicable, phone number.

Such data is collected via online forms and processed through customer relationship management and marketing automation tools, notably HubSpot.

b. Personal Data collected indirectly

Greenscope also collects certain Personal Data automatically when you browse the Greenscope website. This data is collected through cookies and similar tracking technologies implemented by Greenscope or its partners and may include:

  • technical identifiers such as IP address;
  • information relating to your browser, device type, and operating system;
  • navigation data, including pages visited, duration of visits, and referral sources.

This data is primarily used for audience measurement, website performance analysis, and, where applicable, targeted advertising, in accordance with your cookie preferences.

5. Characteristics of Personal Data Processing

Processing purpose

Data subjects

Personal Data processed

Legal basis

Retention period

Management of demo requests

Prospects

Professional and contact data (name, company, email, phone number)

Legitimate interest

3 years from last contact or end of contractual relationship

Download of resources

Prospects

Professional and contact data (name, company, email, job title)

Legitimate interest

3 years from last contact

Commercial prospecting

Prospects

Professional and contact data (name, company, email, job title)

Consent

Until unsubscribe or 3 years from last contact

Newsletter management

Prospects

Contact data (name, email)

Consent

Until unsubscribe or 3 years from last interaction

Audience measurement and advertising cookies

Website Visitors, Prospects

IP address, browser and navigation data

Legitimate interest / Consent

25 months (analytics); 6 months (advertising cookies)

At the end of the applicable retention periods, Personal Data may be archived for evidentiary purposes only, in accordance with applicable legal obligations, with restricted access.

6. Sharing of Personal Data

Greenscope processes Personal Data internally for the purposes described in this Policy. However, in order to operate the Greenscope website, provide its services, and comply with legal obligations, Personal Data may be shared with the following categories of recipients, on a strictly need-to-know basis:

a. Trusted service providers

Greenscope works with carefully selected service providers acting as data processors, including:

  • Hosting and technical infrastructure providers: Greenscope uses Vercel for website hosting and deployment. In this context, certain technical data may be processed and transferred outside the European Union, in particular to the United States. Such transfers are governed by appropriate safeguards in accordance with Chapter V of the GDPR, including the EU–U.S. Data Privacy Framework and the use of Standard Contractual Clauses.
  • Communication and marketing providers: Greenscope uses HubSpot for customer relationship management, lead management, and marketing communications. HubSpot data is hosted within the European Union (Germany). Greenscope has confirmed that Personal Data processed via HubSpot is not used to train artificial intelligence models.
  • Cookie management providers: Greenscope relies on Axeptio to manage cookies and collect user consent preferences.

These service providers are contractually bound to process Personal Data solely on Greenscope’s documented instructions and to implement appropriate technical and organisational measures to ensure the confidentiality, integrity, and availability of Personal Data.

b. Internal teams

Personal Data may be accessed by authorised members of Greenscope’s internal teams, in particular marketing and technical teams established in France, solely where necessary for the performance of their duties.

c. Public authorities and third parties in specific circumstances

Greenscope may be required to disclose Personal Data to administrative or judicial authorities where such disclosure is required by law or necessary to defend its rights. In the event of a merger, acquisition, or transfer of assets, Personal Data may also be disclosed to a potential acquirer, subject to appropriate safeguards.

7. Cookie Management

Greenscope uses cookies and similar technologies on its website to ensure its proper functioning, improve user experience, measure audience, and, where applicable, deliver targeted advertising.

Greenscope relies on a trusted third-party provider, Axeptio, to manage cookies and collect user consent in compliance with applicable data protection regulations. When you first visit the Greenscope website, a cookie banner allows you to accept, refuse, or customise the use of cookies.

Axeptio automatically records consent proofs whenever visitors interact with the cookie banner. These consent proofs are stored in an anonymous manner and include:

  • the user-agent, allowing identification of the browser and device type;
  • the list of authorised third-party cookies;
  • the type of consent given (full acceptance, partial acceptance, or refusal).

Consent proofs do not contain directly identifiable Personal Data. Due to their anonymous nature, they cannot be directly retrieved by individual users. However, visitors may review or modify their cookie preferences at any time by interacting again with the cookie banner or through their browser settings.

The retention periods applicable to cookies depend on their category. Audience measurement cookies are retained for a maximum period of 25 months. Advertising cookies are retained for a maximum period of 6 months from the date of consent, in accordance with Axeptio’s configuration.

8. Data Subject Rights

In accordance with applicable data protection regulations, in particular the GDPR, you have the following rights with respect to your Personal Data: right of access, right to rectification, right to erasure, right to restriction of processing, right to object, right to data portability, right to withdraw your consent at any time, and the right to define instructions regarding the processing of your Personal Data after your death, in accordance with French law.

You also have the right to lodge a complaint with a supervisory authority. In France, the competent authority is the Commission Nationale de l’Informatique et des Libertés (CNIL).

Greenscope undertakes to respond to requests relating to the exercise of data subject rights within a period of one (1) month from receipt of the request. This period may be extended by two (2) additional months where necessary, in accordance with Article 12 of the GDPR.

Requests may be addressed to:

  • Email: dpo@greenscope.io
  • Post: Data Protection Contact, Greenscope, 14 rue Maublanc, 75015 Paris, France

9. Changes to this Policy

Greenscope may amend this Policy from time to time to ensure its ongoing compliance with applicable laws and regulations. In the event of material changes, Greenscope will inform data subjects prior to such changes becoming effective.

Last update: 2026/02/27