1. WHO WE ARE
Emitwise.com (the Website) is operated by Newco Emitwise Limited (CN: 12290905; ROA: Runway East London Bridge, 20 St Thomas St, London SE1 9RS) (Emitwise, we, us, our). Our services, offered by our Website, help businesses monitor and manage their carbon footprint (the Services). There is a small amount of personal data that we process as a result of your use of our Services. We may also process some personal data as we promote and improve our Services. We are the ‘controller’ of this data for the purposes of the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This policy explains how we process personal data (the Policy).
If you have any questions about personal data processing by Emitwise please use the get in touch section of our Website.
2. SCOPE & ACKNOWLEDGEMENT
This Policy applies to any personal data you submit to us via the Website or that you generate whilst browsing the Website or through other direct channels (‘directly obtained information’) and also to any other information about you that comes our way during our business development efforts (‘indirectly obtained information’).
By submitting personal data to us, you acknowledge that you have read this Policy and that we expect you to help us maintain your information accurately and up-to-date. We endeavour to bring this Policy to your attention every time we obtain information directly from you. In all other circumstances, we will bring this Policy to your attention the first time we reach out to you.
We would not ask you for any information related to your health, religious/political/philosophical beliefs or racial background or any other sensitive matters, so please do not submit such information to us.
3. PROCESSING ACTIVITIES
We process the following personal data:For the following purposes:On the following legal ground(s):Indirectly obtained information: any publicly available information relating to you, such as your name, job title, contact details, etc. (1) Business development and marketing;(1): This is necessary for the purposes of the legitimate interests we pursue, namely our pursuit of new business opportunities (Article 6(1)(f) GDPR). Directly obtained information: any information you submit to us via the Website, including your (user)name, password, contact details, job title, and any other information you decide to submit via web forms or any other means. (1) Delivering the Services available via our Website; (2) responding to enquires from current or prospective customers; (3) publishing testimonials; (4) direct marketing. (1): If you wish to use our Services request we would need your details to deliver them (Article 6(1)(b) GDPR). (2): If you wish to make an enquiry with respect to our Services, then we would need your details to process your request (Article 6(1)(b) GDPR). (3): If you are pleased with our Services and you would like to share your satisfaction, then we would be delighted to receive a recommendation from you that we can publish on the Website. For that, we would need your permission (Article 6(1)(a) GDPR). (4): If you decide to opt-in to receive direct marketing from us, then we would generally seek your permission (Article 6(1)(a) GDPR) unless we are exempt from doing so. Any information you generate whilst you browse the Website or whilst you read our direct marketing materials: this information is generated with the help of cookies and similar technologies and may include: browser type and version; operating system; the website from which you reach our website; sub-websites; date and time of access to our site; your IP address; your ISP and other similar data. (1) The correct and efficient delivery of Website content; (2) ensuring the viability of information technology systems and Website technology; (3) analysis of the Website and any direct marketing material’s performance and engagement; (4) optimisation of the Website content including its advertisement on search engines; (5) delivery (via third parties) of targeted advertising tailored to your interests. (1) to (2): Such technologies are considered ‘essential’ and we process the information derived from them in pursuit of our legitimate interests (Article 6(1)(f) GDPR), namely, ensuring the efficient, functional and safe delivery of the Website and any direct marketing material. (3) to (5): For such processing we need to have your permission (Article 6(1)(a)GDPR). Please, exercise your choice with respect to ‘non-essential’ cookies via the cookies pop-up on the Website. For the technical details of the cookies in use, please see the section on cookies and similar technologies below.
4. PERSONAL DATA SHARING
We may share your personal data with the following recipients:For the following purposes:On the following legal grounds:Suppliers We may disclose your personal data to our suppliers who help us provide the Services and run our business. Our suppliers may process your personal data on our behalf solely in accordance with our instructions and pursuant to a written contract. For example, we use suppliers for web hosting, secure cloud storage, analytics, email delivery, fonts and other services. This is either: (1): Necessary for us to be able to provide our Services (Article 6(1)(b) GDPR); or (2): necessary for the purposes of the legitimate interests that we pursue (Article 6(1)(f) GDPR), namely our pursuit of improving our Services by monitoring their use; or (3): when none of the above applies, we will seek your permission in order to use a certain supplier with respect to your personal data 6(1)(a)GDPR). AdvisorsWe may disclose your personal data to our professional advisors that are usually regulated by a competent authority (solicitors, accountants, etc.) where that proves necessary. This is necessary for the purposes of the legitimate interests that we pursue (Article 6(1)(f) GDPR), namely the proper administration of our business. AuthoritiesWe may disclose your personal data to the court service or regulators or law enforcement agencies in connection with proceedings or investigations where we are compelled to do so. We would do this if we need to comply with a legal obligation (Article 6(1)(f) GDPR) or when in pursuit of our legitimate interests (Article 6(1)(f) GDPR), namely the protection of our business. Corporate restructuringIf we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets. If Emitwise or substantially all of its assets are acquired by a third party, personal information about our customers will be one of the transferred assets. This is necessary for the purposes of the legitimate interests that we pursue (Article 6(1)(f) GDPR), namely the proper administration of our business.
5. TRANSFERS OF PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (‘EEA‘)
The very nature of Internet communications means that at least some of the personal data processed by us and the parties we share it with will be processed outside the European Economic Area (EEA) which is an area composed of countries offering a high standard of personal data protection under the GDPR and which imposes certain restrictions on outbound transfers to most non-EEA territories. Our primary customer database is physically located in the EU but many of our suppliers have offices or headquarters located outside the EEA. Data transfers to these suppliers comply with data protection law on the basis of their EU-US Privacy Shield self-certification. Please contact us if you would wish to have further details of the specific safeguards applied to the export of your personal data outside the EEA (where applicable).
6. YOUR RIGHTS UNDER EUROPEAN DATA PROTECTION LAW
We are committed to fulfilling the statutory data protection rights of our customers. If you send us a request regarding your rights under data protection law, we will respond within one month from the day of receipt and, where possible, address your request within such time. Where necessary, this period may be extended by up to a further two months in complex cases.Please use the get in touch section of our Website to exercise the following rights in respect of the personal data about you that we process:
to be informed;to access;to rectification;to erasure;to restrict processing;to object to profiling;to data portability;to complain to the Information Commissioner’s Office; to withdraw consent.
Detailed information on the full content of your rights (and the conditions that apply) is provided by the United Kingdom’s Information Commissioner’s Office and is available on their website: https://ico.org.uk/your-data-matters/.
Whenever we use our legitimate interests (Article 6(1)(f) GDPR) as justification for the processing of your personal data, we apply a three-stage test to ensure that our interests are not overridden by your interests and rights under data protection law.
We do not engage in profiling which is capable of producing legal or other significant effects on you.
[We do not apply machine learning or artificial intelligence in the course of processing or as a type of processing of your personal data.]
If you wish to receive our Services then please note that you are contractually required to submit to us certain data that may be personal. We need this information so that we know who our customers are. We also need it to provide customer support and to process payments (where applicable).
7. INFORMATION SECURITY
No data transmission over the Internet can be absolutely guaranteed to be secure from intrusion. Nevertheless, we maintain physical, electronic and procedural safeguards to protect personal data in accordance with data protection legislation requirements. All Customer Data, including usernames, passwords, contact details and company emissions information is stored in the EEA on the systems of our supplier, MongoDB Atlas. MongoDB maintains a comprehensive Information Security Program with effective administrative, technical, and physical safeguards capable of identifying, detecting, protecting against, responding to, and recovering from security incidents. MongoDB’s Information Security Program is aligned with the NIST Cyber Security Framework (NIST). The Program is certified against ISO 27001:2013, SOC 2 Type II, and Payment Card Industry Data Security Standard v.3.2.1.
8. DATA RETENTION PERIOD
We shall retain your personal data until you request us to no longer hold it unless we required to keep it by law. If your personal data becomes irrelevant for the purpose for which it was originally collected then we will securely dispose of it. As a general rule, we delete data about users who have not used our Services for more than 2 years. In all other cases, to determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which I process personal data and whether I can achieve those purposes through other means, and the applicable legal requirements.
Please note that the foregoing does not apply to any personal data that has been irreversibly anonymised, meaning data rendered anonymous in such a manner that you are no longer identifiable from such data. Under the applicable law, such data is not deemed ‘personal’ and may be retained indefinitely.
9. COOKIES AND SIMILAR TRACKING TECHNOLOGIES
Some cookies and similar technologies, particularly those that track users’ browsing behaviour across the web are perceived by data protection regulators as privacy-intrusive. We are, therefore, presenting the below information to our Website visitors and direct marketing material recipients in order to explain why and how we use this technology.
In addition to the controls provided on our Website via the pop-up, you can choose to block cookies by activating the settings on your browser that allow you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access parts of the Website. Your browser settings also allow you to delete all cookies stored on your device whenever you wish.
The UK Information Commissioner’s Office provides the following guidance on controlling cookies:
· The European Interactive Digital Advertising Alliance website Your Online Choices allows you to install opt-out cookies across different advertising networks.
· Some browsers include a feature known as ‘Do Not Track’ or DNT. This allows you to indicate a preference that websites should not track you. However, whilst DNT is available in many browsers, websites are not required to recognise its request, so it may not always work. You can get help on how to use DNT in Microsoft Edge, Microsoft Internet Explorer, Mozilla Firefox, Google Chrome and Opera.
· For more information on how private browsing works as well as its limitations, visit the support pages for your browser: Microsoft Edge, Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Safari (IOS (mobile) and desktop) and Opera.
If you are concerned about online tracking then we can recommend you to:
If you have any questions about the cookies or similar technologies in use on our Website or in any direct marketing material, please use the get in touch section of our Website.
We reserve the right to amend this Policy from time to time. Any changes we make in the future will be published on our Website and it is your responsibility to consult the Website regularly in order to acquaint yourself with such changes.
DATE OF LAST AMENDMENT
11 October 2020