Privacy Policy

1. What data we collect

We collect and process personal data to provide our services, enhance user experience, ensure legal compliance, and support our marketing goals. We only collect information that is necessary, relevant, and proportionate for these purposes.

1.1 Categories of personal data

We may collect and process the following categories of personal data:

• Identity and contact information: Full name, email address, telephone number, job title or professional role, company or organisation name, postal or billing address.
• Technical and usage data: IP address and geolocation, browser type and version, operating system and device type, access times and duration of visits, referring URLs and clickstream data, language preferences, log files and system activity. This data is typically collected through cookies, web beacons, and analytics tools, subject to your cookie preferences.
• Communications and interaction data: Messages sent via contact forms, emails, chats, and correspondence with our team, responses to surveys or feedback forms, support requests and inquiry logs.
• Marketing and preference data: Newsletter and event sign-up details, marketing preferences and opt-in/opt-out status, participation in campaigns, promotions, or programs, click-through and engagement data from emails or ads.
• Payment and transaction data: Invoicing and billing details (where applicable), payment method and status (eg, confirmation of payment), purchases, purchase history for carbon credits or services. Note: We do not store credit card or sensitive payment data directly on our servers.

1.2 Special category data

We do not intentionally collect or process special categories of personal data (as defined in Article 9 of the GDPR), such as data relating to health, ethnicity, religious beliefs, or political opinions. If such data is inadvertently shared with us, it will be securely deleted unless legally required to retain it. We do not knowingly collect data from children under 16.

1.3. Data from third parties

We may also collect personal data from third-party sources, including:

• Public databases (eg, company registers)
• Marketing or analytics service providers
• Social media platforms (if you engage with our content or pages)
• Business partners or referrals (eg, when collaborating on joint initiatives)

This data is handled in accordance with GDPR requirements and is only used for legitimate business purposes.

2. How we collect your data

We collect personal data through multiple channels, always in accordance with the principles of transparency, fairness, and data minimisation under the GDPR. We only collect data that is relevant, proportionate, and necessary for the purposes outlined in this Policy. Data may be obtained in the following ways:

2.1 Data you provide directly

We collect personal data when you voluntarily provide it to us through:

• Website forms, such as contact forms, newsletter subscriptions, event registrations, or survey submissions.
• Email or telephone communications, including inquiries, support requests, or business correspondence.
• Account registration or platform use, such as signing up for a customer portal or sustainability reporting tool.
• Transactions, including purchases of carbon credits, donations, or service subscriptions.

2.2 Data collected automatically

When you interact with our website, platforms, or emails, we may automatically collect certain data through the use of cookies and similar tracking technologies. This includes:

• Device type and operating system
• Browser type and settings
• IP address and approximate geolocation
• Referring URLs
• Session duration and pages viewed
• Clickstream data and navigation behaviour

This data helps us improve our digital experience, monitor website performance, and personalise content, subject to your cookie preferences. 

2.3 Data from third parties

We may receive personal data from third-party sources where appropriate and legally permitted, including:

• Analytics and marketing service providers, such as Google Analytics or LinkedIn Insights
• Payment processors (eg, confirmation of payment or refund status)
• Event or campaign partners, when you have consented to data sharing
• Publicly available databases, such as company registries or social media profiles
• Lead generation platforms, where you have opted in to be contacted

All such data is processed in accordance with GDPR requirements and used only for specified, legitimate business purposes.

2.4 Cookies and tracking technologies

We use cookies, pixels, and similar technologies to collect data about your browsing behaviour and interaction with our content. These technologies are used to:

• Maintain essential site functionality
• Understand how users interact with our services
• Measure the performance of campaigns
• Deliver tailored advertising (with your consent)

You can manage your cookie preferences at any time via our Cookie Settings page.

3. How we use your data

We process personal data in accordance with the principles of lawfulness, fairness, and transparency, as outlined in the GDPR. We only use your data for clearly defined and legitimate purposes, and we ensure that the data we collect is relevant, limited to what is necessary, and used appropriately. For more information on how your data is used for marketing purposes, please visit Google’s Privacy Terms.

3.1 Purposes of processing

We may use your personal data for the following purposes:

• Service provision and contractual fulfilment: To provide products or services requested by you, including the purchase or retirement of carbon credits. To manage user registrations, account access, and service communications. To process payments, issue invoices, and manage financial transactions.
• Customer support and relationship management: To respond to inquiries, requests for information, or customer support tickets. To communicate changes to our services, policies, or terms. To maintain accurate and up-to-date records of your interactions with us.
• Marketing and communications: To send newsletters, updates, or promotional materials like personalised ads (only with your consent). To manage your marketing preferences and ensure communications are relevant. To invite you to participate in events, surveys, or sustainability campaigns.
• Website analytics and performance monitoring: To improve our website, digital services, and user experience. To monitor usage patterns and understand user preferences using cookies or similar technologies. To measure the performance of content, campaigns, or features.
• Sustainability reporting and impact tracking: To support and report on nature-based carbon offsetting activities, including the issuance and tracking of carbon credits. To compile anonymised or aggregated data for reporting on environmental impact and ESG metrics.
• Legal and regulatory compliance: To comply with our legal obligations under applicable laws, including tax, accounting, and corporate reporting. To respond to lawful requests from regulatory or enforcement bodies.
• Security and fraud prevention: To detect, investigate, and prevent fraud, cyber threats, or other security incidents. To ensure the integrity and security of our digital platforms and systems.

3.2 Lawful basis for processing

We rely on one or more of the following legal bases under Article 6 of the GDPR to lawfully process your data:

• Consent – where you have explicitly agreed to the use of your data for a specified purpose.
• Contractual necessity – when processing is required to enter into or fulfil a contract with you.
• Legal obligation – where processing is required for compliance with applicable laws.
• Legitimate interests – where processing supports our operational, security, or sustainability objectives and does not override your data protection rights.

4. Use of cookies

We use cookies and similar tracking technologies on our website to ensure proper functionality, enhance user experience, and support our marketing goals in a manner compliant with the GDPR and applicable ePrivacy legislation.

4.1 What are cookies?

Cookies are small text files stored on your browser or device when you visit a website. They allow websites to recognise your device, remember preferences, and collect information about your interactions and usage behaviour. Some cookies are essential for site functionality, while others support analytics, personalisation, or advertising.

4.2 Types of cookies we use

We classify the cookies used on our website into the following categories:

• Essential (strictly necessary) cookies: These cookies are required for core website functions such as page navigation, secure access, and form submissions. They do not require user consent and cannot be disabled via our cookie settings tool.
• Analytics and performance cookies: These cookies collect aggregated and anonymous data on how visitors use our website, including which pages are visited and how users interact with content. This helps us improve site performance and functionality. These cookies are only used with your explicit consent.
• Functionality cookies: Functionality cookies allow our website to remember your preferences, such as language selection or region. They enhance usability and personalise your experience. These are optional and subject to your consent.
• Marketing and advertising cookies: These cookies are set through our site by advertising partners. They help deliver relevant ads on other platforms and track the effectiveness of marketing campaigns. These cookies do not store personal information directly but rely on unique identifiers. They are used only with your prior consent.

4.3 How we obtain your consent

Upon your first visit to our website, you will be presented with a cookie consent banner that allows you to:

• Accept all cookies
• Reject non-essential cookies
• Customise your preferences by category

You can update or withdraw your consent at any time via our Cookie Settings page. We store proof of your consent in accordance with GDPR requirements and retain consent logs for audit purposes.

4.4 Managing and disabling cookies

You can manage your cookie preferences through our banner or your browser settings. Most browsers allow you to refuse or delete cookies at any time. However, disabling some cookies may affect the functionality of certain parts of the website.

For more information on how to control cookies via your browser, visit: https://www.allaboutcookies.org

4.5 Third-party cookies

Some cookies on our site may be set by third-party services integrated into our website (eg, Google Analytics, LinkedIn, or Meta Pixel). These providers have their own privacy and cookie policies, which we encourage you to review.

5. Sharing your data

We are committed to protecting your personal information and ensuring transparency in how it is used. We only share your data where it is necessary for the functioning of our services and always in compliance with the GDPR.

We may share your data with the following categories of recipients:

• Trusted service providers: We work with carefully selected partners who assist us in delivering our services. This includes providers of cloud hosting, data analytics, customer relationship management platforms, and similar technical infrastructure.
• Advertising and marketing platforms: Your personal data will only be shared with advertising networks or marketing platforms if you have explicitly given us your consent to do so. This may be used to personalise your experience or deliver targeted communications like personalised ads.
• Legal and regulatory authorities: Where required by law, we may disclose your personal information to public authorities or other third parties in response to legal obligations or enforceable requests.

We will never sell your personal data to any third party.

When sharing your data, we ensure that adequate safeguards are in place to protect your privacy. These include contractual agreements requiring that your data is only processed in accordance with our instructions and the applicable data protection laws.

If your data is transferred outside the European Economic Area (EEA), we ensure that such transfers are covered by appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission.

We maintain strict internal policies to govern data access, and we limit data processing to what is necessary and proportionate.

6. Data retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, regulatory, contractual, or reporting requirements.

We determine the appropriate retention period for each category of personal data based on the following criteria:

• The nature and sensitivity of the personal data
• The purpose for which it was collected, and whether we can achieve those purposes through other means
• The applicable legal obligations, including statutory retention periods
• The potential risk of harm from unauthorised use or disclosure

Where we rely on your consent to process your data, we will retain your information only for as long as your consent remains valid, or until you withdraw it.

Once the applicable retention period expires, we will securely delete or anonymise your data, unless continued retention is required to comply with a legal obligation or to establish, exercise, or defend legal claims.

In some cases, we may retain aggregated or de-identified data for analytical and research purposes. This data does not identify any individual and is not considered personal data under the GDPR.

7. Your rights under GDPR

As a data subject under the GDPR, you have several rights regarding your personal data. We are committed to ensuring that your rights are upheld and that your personal information is handled transparently and securely.

You have the following rights:

• Right of access: You have the right to request access to the personal data we hold about you and to receive information on how we process it.
• Right to rectification: You can request that we correct or complete inaccurate or incomplete personal data without undue delay.
• Right to erasure (‘right to be forgotten’): You may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent (where applicable).
• Right to restrict processing: You can ask us to restrict the processing of your personal data in certain circumstances, for example, while we verify its accuracy or consider an objection you have raised.
• Right to data portability: Where processing is based on consent or a contract, and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
• Right to object: You may object to the processing of your personal data where we rely on legitimate interests as the legal basis. We will stop processing unless we can demonstrate compelling legitimate grounds that override your rights.
• Right to withdraw consent: Where we rely on your consent to process your personal data, you may withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
• Right to lodge a complaint: If you believe your data protection rights have been infringed, you have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or where the alleged infringement occurred.

To exercise any of your rights, please contact us using the details provided in this privacy policy. We aim to respond to all requests within one month, as required under GDPR.

8. Changes to this policy

We may update this Policy from time to time. The latest version will always be posted on our website.