Villanova ESG treats personal data, business inquiries and regulatory-risk information as controlled information assets.

This Privacy Policy explains how Villanova ESG may collect, use, store and protect personal data submitted through this website, email communications, corporate inquiries, newsletter forms, contact requests and advisory-related interactions. The policy is designed around data minimization, purpose limitation, confidentiality, access control and responsible handling of information.

Policy Scope

Website visitors, contacts, corporate inquiries and advisory communications.

Data Standard

Collect only what is necessary for legitimate business, communication and advisory purposes.

Legal Alignment

Structured with reference to LGPD principles and EU data-protection expectations.

Contact

contact@villanovaesg.com

1. Purpose of This Privacy Policy

This Privacy Policy describes how Villanova ESG may process personal data in connection with its website, publications, contact channels, corporate inquiries and advisory-related communications.

The purpose is to provide transparency on the categories of data processed, the reasons for processing, the possible recipients of information, the security logic applied and the rights available to data subjects under applicable data-protection laws.

This page does not replace a formal data-processing agreement, engagement letter, confidentiality agreement or jurisdiction-specific legal notice where one is required for a specific advisory engagement.

Privacy Control Principle

Personal data should be collected for a clear purpose, protected by appropriate controls and retained only for legitimate business or legal reasons.

2. Data We May Collect

Villanova ESG may collect personal data and business-contact information voluntarily provided by users or generated through website interaction.

Categories may include:

name, corporate role, company name and professional contact details;
email address, phone number or other contact information submitted by the user;
information included in contact forms, advisory inquiries, meeting requests or email communications;
newsletter or publication subscription preferences, where applicable;
website interaction data, such as pages visited, approximate technical logs, browser type, device information or cookie-related data where enabled;
business context voluntarily provided in connection with regulatory-risk, supply-chain, compliance or ESG-related inquiries.

3. Sensitive and Confidential Information

Users should not submit sensitive personal data, privileged legal information, trade secrets, regulated confidential documents, employee records, supplier files, client contracts or highly sensitive corporate information through public website forms unless a formal confidentiality and engagement framework has been agreed.

If deeper analysis is required, Villanova ESG may request information through a controlled professional process appropriate to the scope of work, confidentiality requirements and applicable laws.

Data Governance Formula

Responsible Processing = Purpose Clarity × Data Minimization × Access Control × Retention Discipline × Security Governance

This policy is designed to reduce unnecessary data exposure by limiting collection to information that supports communication, business evaluation, advisory preparation, compliance management or legitimate institutional operations.

4. How We Use Personal Data

Villanova ESG may use personal data for legitimate business and communication purposes, including:

responding to inquiries, contact requests or meeting requests;
evaluating whether a regulatory-risk, supply-chain or advisory matter is within the firm’s scope;
sending requested information, publications, briefings or updates;
managing professional communications with prospective or existing clients;
improving the website, content structure, user experience and institutional communication;
maintaining internal records of business interactions;
complying with legal, regulatory, contractual or security obligations where applicable.

5. Legal Bases for Processing

Depending on the jurisdiction and the specific context, processing may rely on one or more legal bases, including consent, performance of pre-contractual or contractual steps, legitimate interests, compliance with legal obligations or protection of rights in administrative, judicial or regulatory contexts.

Where consent is required, users may have the right to withdraw consent, subject to legal, contractual or operational limitations.

Where legitimate interest is used, Villanova ESG seeks to balance business necessity with privacy rights, proportionality and data minimization.

Privacy Governance Map

Purpose Limitation

Data is processed for defined communication, advisory, compliance, security or business-administration purposes.

Data Minimization

Only information relevant to the stated purpose should be submitted, requested or retained.

Access Control

Access to personal data and inquiry information should be limited to authorized persons with a legitimate need to know.

Retention Discipline

Data should be retained only for the period necessary to serve the relevant purpose or comply with applicable obligations.

Security Measures

Reasonable administrative, technical and organizational safeguards should be used to reduce unauthorized access or misuse.

Rights Management

Requests related to data access, correction, deletion or processing information should be handled according to applicable law.

6. Sharing of Personal Data

Villanova ESG does not sell personal data.

Personal data may be shared only where appropriate and necessary, including with:

service providers supporting website hosting, analytics, communications, cybersecurity or business operations;
professional advisors, legal counsel, auditors or technical specialists where required for a legitimate business or advisory purpose;
authorities, courts or regulators where disclosure is legally required;
third parties involved in a specific engagement, only where authorized, necessary and governed by appropriate safeguards.

7. International Data Transfers

Because Villanova ESG operates in cross-border advisory contexts, personal data or business-contact information may be processed or accessed from different jurisdictions where lawful and necessary for communication, operational support or advisory preparation.

Where international transfers occur, Villanova ESG seeks to apply appropriate safeguards consistent with applicable data-protection laws and the sensitivity of the information involved.

8. Cookies and Website Technologies

This website may use cookies or similar technologies to support basic functionality, security, analytics, content performance or user experience.

Users may be able to manage cookie preferences through browser settings or website consent tools where available. Some website functions may not operate correctly if certain cookies are disabled.

Additional details may be provided in the Cookie Policy.

9. Data Retention

Personal data is retained only for as long as necessary to fulfil the purpose for which it was collected, respond to inquiries, maintain business records, comply with legal obligations, resolve disputes or protect legitimate rights.

Retention periods may vary depending on the nature of the interaction, the legal basis for processing, the sensitivity of the data and the existence of contractual or regulatory obligations.

10. Data Security

Villanova ESG seeks to apply reasonable technical, administrative and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration or disclosure.

No digital system is completely risk-free. Users should avoid sending sensitive, confidential or privileged information through open website forms unless a secure and appropriate process has been agreed.

Control Principle

Privacy protection is strongest when data collection is limited, access is controlled and sensitive information is not submitted before the proper professional framework exists.

11. Data Subject Rights

Depending on applicable law, data subjects may have rights related to their personal data, including the right to request access, correction, deletion, portability, information about processing, limitation, objection or withdrawal of consent.

Requests should be sent to contact@villanovaesg.com. Villanova ESG may request information necessary to verify identity and process the request securely.

Some requests may be limited by legal, contractual, security, evidentiary or legitimate business reasons.

12. Children’s Data

This website and its advisory services are intended for corporate, institutional and professional audiences. Villanova ESG does not knowingly target or solicit personal data from children.

13. Third-Party Links

This website may contain links to official regulatory sources, institutional materials or third-party websites. Villanova ESG is not responsible for the privacy practices, content, security or policies of external websites.

Users should review the privacy policies of third-party websites before submitting personal data to them.

14. Updates to This Policy

Villanova ESG may update this Privacy Policy periodically to reflect legal, operational, technical or business changes.

When material changes are made, the updated version may be published on this page with a revised effective date.

15. Contact for Privacy Matters

Questions, requests or concerns related to this Privacy Policy or personal-data processing may be sent to:

Email: contact@villanovaesg.com

Regulatory Source Trail

This Privacy Policy is aligned with official data-protection frameworks and institutional references:

Privacy Contact · Controlled Communication

Do not submit sensitive or privileged information through open contact channels before a formal engagement framework is established.

For privacy questions, personal-data requests or data-handling concerns, contact Villanova ESG through the official channel below.

Privacy inquiries: contact@villanovaesg.com.