RECI – Rsustain EcoCapital Index
Platform Login ↗

Privacy Policy

Last Updated: January 2026

This Privacy Policy explains how we collect, use, share, and protect information when you use our platform. This platform is a decision-support diagnostic service for organisational readiness. It is not a credit rating service, an ESG rating service, or investment/financial advice.

1. Data Controller

The platform is operated by Resilient Sustainance Limited, registered in England & Wales (Company No. 16530947) (“we”, “us”, “our”). We act as the data controller for information submitted through the platform. Where we process personal data on behalf of a client organisation (for example, employee contact details), we may act as a processor under a contractual arrangement, depending on the use-case.

2. What We Collect

We collect information that you submit directly and information generated by your use of the platform, including:

  • Account administrator details: name, business email, business phone, login metadata (e.g., login timestamps).
  • Organisation profile: legal entity name, country of domicile, sector/industry classification, scope selection (group/site/project), company size band.
  • Legal identifiers (as applicable): company registration numbers, VAT/GST/Tax identifiers, trade licence numbers, and similar official identifiers submitted for verification and integrity checks.
  • Diagnostic inputs: questionnaire responses, evidence declarations, and scoring outputs generated from submitted inputs.
  • Technical data: IP address, device/browser type, pages visited, and security logs used to protect accounts and prevent misuse.

We may restrict registration using certain free webmail domains to improve data integrity and reduce abuse. This is a platform policy and may change over time.

3. How We Use Your Information

We use your information to:

  • create and manage your account and authenticate access;
  • verify access eligibility and administer approval workflows;
  • deliver diagnostics, compute pillar scores, and generate outcome summaries;
  • maintain audit trails, detect anomalies, and prevent fraud or unauthorised use;
  • provide support and respond to queries;
  • improve platform performance, usability, and security.

4. Lawful Bases (UK GDPR)

Where UK GDPR applies, we process personal data on one or more of the following lawful bases:

  • Contract: to provide the platform services you request.
  • Legitimate interests: to secure our platform, prevent abuse, and improve services (balanced against your rights).
  • Legal obligation: where we must comply with applicable laws or respond to lawful requests.
  • Consent: where specifically requested (for example, optional communications). You may withdraw consent at any time.

5. Sharing & Disclosure

We do not sell personal data. We may share information:

  • Within our organisation with authorised staff and administrators for verification, support, and platform operations, subject to access controls.
  • With service providers (e.g., hosting, email delivery, security tooling) acting under appropriate contractual safeguards.
  • For legal reasons if required by law, regulation, or lawful request, or to protect rights, safety, and security.

6. International Access & Transfers

To support international clients, information may be accessed by authorised administrators located outside the UK (including regional operations). Where personal data is transferred internationally, we implement appropriate safeguards consistent with UK GDPR requirements (such as contractual protections and access controls), and we limit access to what is necessary for operations and support.

7. Security

We apply administrative, technical, and organisational measures designed to protect information against unauthorised access, alteration, disclosure, or destruction. This includes access gating, role-based permissions, and audit logging. No system is 100% secure; please use a strong password and protect your credentials.

8. Data Retention

We retain information only for as long as needed for the purposes described above, including to maintain diagnostic history and audit trails, unless a longer retention period is required or permitted by law. Retention periods may vary depending on account status and contractual requirements.

9. Your Rights

Subject to applicable law, you may have rights to:

  • request access to personal data we hold about you;
  • request correction of inaccurate or incomplete data;
  • request deletion (where applicable);
  • object to or restrict certain processing;
  • request portability of certain data;
  • withdraw consent (where processing is based on consent).

To exercise rights, please contact us using the details in Section 12.

10. Cookies

We use essential cookies necessary for login sessions and secure platform functionality. We may also use limited analytics cookies to improve performance. Where required, we will provide appropriate cookie notices and options.

11. Updates to This Policy

We may update this Privacy Policy from time to time. The “Last Updated” date at the top indicates when changes were last made. Material changes will be communicated through the platform where appropriate.

12. Contact

For privacy enquiries, data requests, or security concerns, please contact us via the platform support channel or your account administrator pathway.

Operator: Resilient Sustainance Limited (England & Wales, No. 16530947)
Subject: Privacy Request – Platform