CarbonZE Privacy Notice
CarbonZE provides the CarbonZE carbon management platform for quantifying CO2 emissions on the website www.carbonze.com as part of a Software-as-a-Service (SaaS). This Privacy Notice (“Notice”) applies to the personal information that carbonze collects through www.carbonze.com “Website”)), applications, products, and services owned or controlled by Carbonze. In this Notice, personal information means information that (either in isolation or in combination with other information) enables you to be directly or indirectly identified (“Personal Information”).
This Notice aims to inform you about how we collect, use, disclose and store Personal Information when you:
- Interact or use our Website, including when you download materials from our resources page or request a demo.
- Provide your Personal Information necessary to administer our services and manage our relationship with you in any manner (collectively the “Services”) e.g. set up an account or collect your Personal Information to process an invoice for accounting purposes.
Personal Information carbonze collects
From Website: We may collect Personal Information that you choose to send to us or provide to us, for example, on our “Request a Demo” (or similar) online form. If you contact us through the Website, we will keep a record of our correspondence.
From the Services: We receive and store the Personal Information you provide directly to us. For example, when setting up new users at app.carbonze.com, we collect Personal Information, such as name or e-mail address. New user can be added by admin accounts or carbonze admin. We may collect and store media, documents, or other information you provide to us. We collect commercial information, such as records of the purchased Services or information related to requests for demos. Our customers will typically act as data controllers for any Personal Information related to them or Personal Information that third parties upload in our systems, products, and applications in connection with the provision of our Services. Carbonze will typically act as a data processor in accordance with applicable Service and/or data processing agreements (“Agreement/s”). Further information, including specific obligations of the data controller and processor, can be found in the Agreements.
Personal Information automatically collected
When you use the Website:
When you use the Services: Internet or other electronic network activity information may also be collected when you use the Services:
– we keep track of user activity in relation to the types of Services our customers and their users use, the configuration of their computers, and performance metrics related to their use of the Services.
- Log information – we log information about our customers and their users when they use one of our Services, including their IP addresses.
- Information collected by cookies and other similar technologies – we use various technologies to collect information, including saving cookies to users’ computers.
- Customer feedback – While using the Services, you may be asked to provide feedback (e.g., in the software directly or after receiving help from our support team). Providing this feedback is entirely optional. For further information please visit our Cookie Notice.
How and on what grounds do we use your Personal Information?
We will use the Personal Information we collect through our Website:
- To administer our Website and for internal operations, including troubleshooting, data analysis, testing, statistical and survey purposes.
- To improve our Website to ensure that content is presented most effectively for you and your device.
- For trend monitoring, marketing, and advertising.
- For purposes made clear to you at the time you submit your Personal Information, for example, to fulfill your request for a demo, to provide you with access to one of our webinars or whitepapers, or to provide you with information you have requested about our Services.
- As part of our efforts to keep our Website secure.
Our use of your Personal Information may be based on our legitimate interests to ensure network, information security, and business performance improvement. Our direct marketing purposes are based on your consent (for example when you request a demo, contact us directly, provide us your business card, agree to receive communications after an Event, and similar circumstances). We may also rely on our legitimate interests to improve business and marketing practices or contact you to offer similar Services or products that you may have bought from us, requested a demo, or negotiated with us.
We may use the Personal Information we collect from our customers and their users in connection with the Services we provide for a range of reasons, including to:
- Set up a user account.Provide, operate and maintain the Services.
- Process and complete transactions, and send related information, including transaction confirmations and invoices.
- Manage our customers’ use of the Services, respond to inquiries and comments, and provide customer service and support.
- Send customers technical alerts, updates, security notifications, and administrative communications.
- Investigate and prevent fraudulent activities, unauthorised access to the Services, and other illegal activities.
- For any other purposes about which we notify customers and users.
We use your Personal Information in this context based on the Agreement that we have in place with you or our legitimate interests, generally, either for security purposes or business practice improvement (e.g., the prevention and investigation of fraudulent activities).
Provision of Personal Information in these instances may be necessary to enable our proper execution of the Agreement. Failure to provide Personal Information may cause some services to become unavailable. Personal Information will be deleted based on the terms of the Agreement that we have in place with you.
How do we share and disclose Personal Information to third parties?
We share and disclose information, including Personal Information, about our customers in the following limited circumstances:
Vendors, consultants, and other service providers:
We may share your Personal Information with third-party vendors, consultants, and other service providers we employ to perform tasks on our behalf. These companies include (for example) our payment processing providers, website analytics companies (e.g., Google Analytics), online activities, product feedback or help desk software providers (e.g., HubSpot), CRM service providers (e.g., HubSpot), email service providers (e.g., Gmail) and others. If carbonze receives your Personal Information in the United States and subsequently transfers that information to a third party agent or service provider for processing, carbonze remains responsible for ensuring that such third party agent or service provider processes your Personal Information to the standard required by the applicable privacy laws, including the GDPR. These transfers will typically be based on our legitimate interests or agreed upon in the Agreement. For further information please see International data transfers section below.
We may choose to buy or sell assets and may share and/or transfer customer information, including Personal Information, in connection with the evaluation of and entry into such transactions and based on our legitimate interests. Also, if we or our assets are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information may be one of the assets transferred to or acquired by a third party.
Protection of carbonze and others:
We reserve the right to access, read, preserve, and disclose any Personal Information as necessary to i) comply with a law or a court order, ii) enforce or apply our Agreements with you and other agreements, or iii) protect the rights, property, or safety of carbonze, our employees, our users, or others.
Disclosures for national security or law enforcement:
Under certain circumstances, we may be required to disclose your Personal Information in response to valid requests by public authorities, including to meet national security or law enforcement requirements, based on our legitimate interests or legal obligations.
For how long do we store your Personal Information?
We store your Personal Information for different time periods depending on the category of Personal Information. Some information may be deleted automatically based on specific schedules, such as marketing information. Other information e.g. account information, may be retained for a longer period of time based on the Agreement you have with us. Finally, we may further retain information for business practices based on our legitimate interests or legal purposes, such as network improvement, fraud prevention, record-keeping, or enforcing our legal rights.
Personal Information security
We use appropriate technical, organisational, and administrative security measures to protect any Personal Information we store from loss, misuse, and unauthorised access, disclosure, alteration, and destruction.
No company or service can guarantee complete security. Unauthorised entry or use, hardware or software failure, and other factors may compromise the security of user’s Personal Information at any time. Among other practices, your account is protected by a password for your privacy and security. You must prevent unauthorised access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
Your privacy rights
What choices do I have?
You can always opt not to disclose information to us, but keep in mind that some information may be needed to register with us or take advantage of some features of our Services or products.
Cookies are text files containing small amounts of information that can be downloaded to your device when you visit our Websites. You can accept or reject cookies for our Website/s through the Cookie Preference Center, accessible by clicking the “Customise Settings” button located on the Website. You can also do so by adjusting your web browser controls. Please visit our Cookie Notice for more information about our use of the cookies.
You can opt-out of receiving certain promotional or marketing communications from us at any time by using the unsubscribe link in the email communications we send, or by filling out this request form. Please note that if you have an account with us and you opt out of receiving promotional and marketing related communications from us, we may continue to send you non-promotional communications, e.g. service-related emails.
How can I exercise my data subject rights?
If you would like to access, review, update, rectify, and delete any Personal Information we hold about you, or exercise any other data subject right available to you under the EU General Data Protection Regulation (GDPR), you can fill out this request form. Our privacy team will examine your request and respond to you as quickly as possible. Please note that we may still use any aggregated and de-identified Personal Information that does not identify any individual and may also retain and use your Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our Agreements.
We remind you that you have a right to lodge a complaint with a supervisory authority should you feel unsatisfied with our treatment of your Personal Information.
International data transfers
Personal Information you submit on our Websites or through the Services may be sent to the United States and processed by us there or in other countries, or stored and processed on our service providers’ cloud servers. We will always protect your Personal Information in accordance with this Notice wherever it is processed. All carbonze Services are hosted in Amazon AWS’ data centers.
Information for users in the European Economic Area (“EEA”) or in the United Kingdom (“UK”)
carbonze may transfer Personal Information from the EEA or the UK to the United States, including Personal Information we receive from individuals residing in the EEA or the UK who visit our Websites and/or who may use our Services or otherwise interact with us. Please note that the term Personal Information used in this Notice is equivalent to the term “personal data” under applicable European and UK data protection laws for individuals located in the EEA or the UK. When carbonze engages in such transfers of Personal Information, it relies on i) Adequacy Decisions as adopted by European Commission on the basis of Article 45 of Regulation (EU) 2016/679 (GDPR), or ii) Standard Contractual Clauses issued by the European Commission. The European Commission has determined that the Standard Contractual Clauses provide sufficient safeguards to protect personal data transferred outside the EU or EEA. For more information, please visit https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en. carbonze continually monitors the circumstances surrounding such transfers in order to ensure that these maintain, in practice, a level of protection that is essentially equivalent to the one guaranteed by the GDPR.
We do not knowingly collect or solicit Personal Information from anyone under the age of 16. If you are under 16, please do not attempt to register for the Services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child under age 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us their Personal Information, please contact us at firstname.lastname@example.org
For your convenience, hyperlinks may be posted on the Websites that link to other websites (the “Linked Sites”). We are not responsible for, and this Notice does not apply to, the privacy practices of any Linked Sites or of any companies that we do not own or control. Linked Sites may collect information in addition to that which we collect on the Websites. We do not endorse any of these Linked Sites, the services or products described or offered on such Linked Sites, or any of the content contained on the Linked Sites. We encourage you to seek out and read each Linked Site's privacy notice to understand how the Personal Information about you is used and protected.
Changes to this Notice
We are constantly trying to improve our Websites and Services, so we may need to change this Notice from time to time. We will alert you about material changes by, for example, placing a notice on our Website and/or by sending you an email (if you have registered your email with us) when we are required to do so by applicable law. You can see when this Notice was last updated by checking the date at the top of this page. You are responsible for periodically reviewing this Notice.
Controller’s Contact Information
If you have questions, requests, or concerns regarding your privacy and rights, please let us know how we can help.