Our Privacy Policy

Data Privacy Statement

This data privacy statement applies for the use of the website zerocarboncompanies.com hereinafter referred to as “website”. For websites of other providers which are referenced via links, for example, the data privacy notices and statements therein apply.

Data privacy is extremely important to UK Zero Carbon Solutions Limited. The collection and processing of your personal data takes place in compliance with the applicable legal data protection provisions, in particular the General Data Protection Regulation (GDPR). We collect and process your business data in order to be able to offer you this website. This statement describes how and for what purpose your business data is collected and used, and what options you have in connection with your data.

By using this website, you agree to the collection, use and transfer of your data in accordance with this data privacy statement. If you want to object to the collection, processing or use of your data by us in accordance with this data privacy statement, overall or for individual measures, you can direct your objection to the controller.

1 Controller

The controller responsible for the collection, processing and use of your personal data within the meaning of the GDPR is:

UK Zero Carbon Solutions Limited.
103 Bradley House, Radcliffe Moor Road, Bolton, Lancs BL2 6RT
Email: office@zerocarboncompanies.com

Managing directors: Marc Wynn and Matthew Bradshaw

1.1 General

Types of data processed:

  • Contact details (e.g. email and telephone numbers)

  • Content data (e.g. text input, photographs and videos)

  • Use data (e.g. websites visited, interest in content, times of access)

  • Metadata/communication data (e.g. device information and IP addresses)

 

Categories of data subjects

Visitors and users of the website. We hereinafter also refer to the data subjects collectively as “users”.

Purpose of the processing

  • Provision of the website, its functions and content

  • Response to contact queries and communication with users

  • Purchasing of products and services

  • Security measures

  • Reach measurement/marketing

Terms used

“business data” is all information that relates to an identified or identifiable natural person (hereinafter referred to as “data subject”). A natural person is considered identifiable if they can be identified, directly or indirectly, particularly via allocation to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie), or one or more specific features that express the physical, physiological, genetic, psychological, economic, cultural, or social identity of this natural person.

“Processing” is any process or any such sequence of processes that takes place with or without the aid of automated procedures and is related to business data. This term is broad and includes practically all use of data.

The “controller” is the natural or legal person, authority, organisation, or other body that decides on the purpose and means of the processing of business data, alone or together with others.

Business-related processing

Within the framework of our online platforms (zerocarboncompanies.com, carbonsolution.co.uk), we process the following information of our customers for the provision and performance of our services:

  • First and second name, email address, telephone number

  • Purchase of services, e.g. CO2 calculation, address and contact details

  • Payment details, e.g. credit card details, PayPal account, payment history

  • Contract data, e.g. subject matter of the contract

 

We also process the following information about our customers, interested parties, and business partners, for the purpose of invitation and participation in our events :

  • Registration details, e.g. first and second name, email address, telephone number

 

Hosting

The hosting services we use are for the provision of the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services that we use to operate this website.

We or our hosting service providers hereby process inventory data, contact data, content data, contract data, use data, metadata, and communication data, of customers, interested parties, and visitors to this website, on the basis of our legitimate interest in the efficient and secure provision of this website in accordance with Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of order processing contracts).

2. General use of this website

2.1 Access data

Zero Carbon Companies  collects information about you when you use this website. We automatically collect information about your use behaviour and your interaction with us, and we log data on your computer or mobile device. We collect, store and use data about all access to our website (so-called server log files). The access data includes the name and URL of the accessed file, the data and time of access, the data quantity transferred, notification of successful access (HTTP response code), browser type and browser version, operating system, referrer URL (i.e. the previously visited site), IP address and the requesting providers.

We use these log files, without making a match to you personally or otherwise creating profiles, for statistical analysis for the purpose of the operation, security, and optimisation of our website, but also for the anonymous recording of the number of visitors on our website (traffic) and the extent and type of use of our website and services. Based on this information, we can analyse the data traffic, search for and rectify errors, and improve our services. We reserve the right to subsequently check the log files if there are specific reasons for a legitimate suspicion of unlawful use. We store IP addresses for a limited time in the log files, if this is necessary for security purposes, for the provision of the services, or for the invoicing of a service, e.g. if you use our CO2 calculation offer. We also store IP addresses if we have specific suspicion of a criminal offence in connection with the use of our website. As part of your account, we also store the date of your last visit (e.g. when registering, logging in, clicking on links etc.)

2.2 Contact via email and web form

If you contact us (e.g. via the contact form or email), we will store your details for the processing of the query, and in case there are follow-up questions. We will only store and use other personal data if you agree to us doing so, or if this is legally permitted without specific consent.

2.3 Online presence in social media

We maintain an online presence in social networks and platforms in order to communicate with customers, interested parties and users active therein, and inform them about our services. When accessing the respective networks and platforms, the terms and conditions of business and data processing guidelines of their respective operators apply.

Unless otherwise stated within our data privacy statement, we process the data of the users if they communicate with us within the social networks and platforms, e.g. by posting comments on our online presences or sending us messages.

2.4 Newsletter

Delivery service providers

Registration for the newsletter and the sending of the newsletter takes place via delivery service provider “Active Campaign”, a newsletter sending platform 1 North Dearborn Street, 5th floor

Chicago, IL 60602 USA. The data privacy provisions of the delivery service provider can be seen here. Active Campaign offers a guarantee that the European data protection level is maintained. The delivery service provider is used on the basis of our legitimate interests in accordance with -Art. 6(1)(f) GDPR and an order processing contract in accordance with Art. 28(3)(1) GDPR.

The delivery service provider can use the data of the recipients in a pseudonymised form, in other words without matching it to a user, to optimise or improve its own services, e.g. for the technical optimisation of the distribution and the presentation of the newsletter, or for statistical purposes. However, the delivery service provider does not use the data of our newsletter recipients to write to them itself or pass the data on to third parties.

Success measurement

The newsletters contain a so-called “web beacon”, in other words a pixel-sized file that, upon the opening of the newsletter, is accessed by our server or, if we use a delivery service provider, its server. During this access, technical information such as information about the browser and your system, as well as your IP address and the time of access, is collected initially.

This information is used for the technical improvement of the services by means of technical data, or the target groups and their reading behaviour by means of their access locations (which can be identified using the IP address) or the access times. The statistical surveys also include the ascertainment of whether the newsletters are opened, when they are opened, and what links are clicked on. This information may be matched with the individual newsletter recipients for technical reasons, but it is neither our aim nor that of the delivery service provider, if used, to monitor individual users. Instead, the analyses enable us to recognise the reading habits of our users and adapt our content to them, or to send different content in accordance with the interests of our users.

2.5 Content delivery networks (CDNs)

A content delivery network enables the loading time of common web content (e.g. script libraries, components and fonts) to be shortened, because the data is transferred by quick, local or less-utilised servers. Your IP address, inter alia, is thereby sent to the operator of the respective CDN.

2.6 Legal basis and storage duration

The legal basis of the data processing in accordance with the above figures is Art. 6(1)(f) GDPR. Our interest in the data processing is, in particular, the ensuring of the operation and security of the website, the examination of the type and manner of use by visitors of the website, and the simplification of the use of the website. 

Unless stated specifically, we only store personal data for as long as this is necessary to achieve the intended purposes.

2.7 Your rights as a data subject in the data processing

In accordance with the applicable laws, you have different rights regarding your personal data. If you would like to exercise these rights, please send your request via email or post, clearly identifying yourself personally, to the website operator (see Figure 1). As a data subject, you have the following rights:

2.8 Right to access

You have the right at any time to receive confirmation from us about whether we process personal data concerning you. If this is the case, you have the right to obtain free information from us about the personal data about you that is stored, as well as a copy of this data. You also have the right to know the following: 

  • the purpose of the processing;

  • the categories of personal data that is processed;

  • the recipients or categories of recipients to which the personal data has been or is yet to be disclosed, particularly for recipients in third countries or at international organisations;

  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;

  • existence of a right to rectification or erasure of the personal data concerning you;

  • right to restriction of the processing by the controller;

  • right to object to this processing;

  • right to lodge a complaint with a supervisory authority;

  • if the personal data is not collected from you, all available information about the origin of the data;

  • the existence of an automated decision-making process including profiling in accordance with Art. 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, and the scope and intended effects of such processing for you.

 

If personal data is sent to a third country or an international organisation, you have the right to be informed about the suitable guarantees in accordance with Art. 46 GDPR in connection with the transfer.

 

2.9 Right to rectification

You have the right to request that we immediately rectify incorrect personal data concerning you. In consideration of the purposes, you have the right to request the completion of incomplete personal data – including by means of a supplementary declaration.

3.0 Right to erasure (“right to be forgotten”)

You have the right to request that we immediately delete the personal data concerning you, and we are obliged to immediately erase personal data if one of the following reasons applies:

  • the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;

  • you withdraw your consent on which the processing is based in accordance with Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing;

  • you object to the processing in accordance with Art. 21(1) GDPR and there are no overriding legitimate reasons for the processing (e.g. statutory retention periods), or you object to the processing in accordance with Art. 21(2) GDPR;

  • the personal data was unlawfully processed;

  • the erasure of the personal data is necessary for the fulfilment of a legal obligation in accordance with Union law or the law of the member states to which we are subject;

  • the personal data was collected in relation to offered information society services in accordance with Art. 8(1) GDPR.

 

If we have made personal data public and are obliged to erase it, we will take suitable measures, including measures of a technical nature, in consideration of the available technology and the implementation costs, in order to inform the controller responsible for the data processing, which processes the personal data, that you have requested that it erase all links to this personal data, and copies or replications of this personal data.

3.1 Right to restriction of processing

You have the right to request that we restrict the processing if one of the following prerequisites exists:

  • the correctness of the personal data is disputed by you, namely for a duration that enables us to examine the correctness of the personal data;

  • the processing is unlawful and you refuse the erasure of the personal data, instead requesting the restriction of the use of the personal data;

  • the personal data is no longer required for the purposes of the processing, but you require the data for the assertion, exercise, or defence of legal claims;

  • you have objected to the processing in accordance with Art. 21(1) GDPR and it is not yet certain whether the legitimate interests of our company override yours.

 

3.2 Right to data portability

You have the right to receive the personal data concerning you that you have provided to us, in a structured, common, and machine-readable format. You also have the right to transfer this data to another controller without being obstructed by us, provided that

  • the processing is based on consent in accordance with Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, or on a contract in accordance with Art. 6(1)(b) GDPR; and

  • the processing takes place with the aid of an automated process.

When exercising your right to data portability in accordance with (1), you have the right to arrange for the personal data to be directly transferred from us to another controller, provided that this is technically feasible.

 

3.3 Right to object

You have the right, for reasons resulting from your particular situation, to object at any time to the processing of the personal data concerning you that takes place on the basis of Art. 6(1)(e) or (f) GDPR; this also applies for profiling based on these provisions. We will no longer process the personal data unless we can prove compelling reasons for the processing that are worth protecting and override your interests, rights, and freedoms, or the processing is for the assertion, exercise, or defence of legal claims.

If personal data is processed by us in order to conduct direct advertising, you have the right at any time to object to the processing of the personal data concerning you for the purpose of such advertising; this also applies for the profiling, if it is related to such direct advertising.

You have the right, for reasons resulting from your particular situation, to object to the processing of personal data concerning you that takes place for scientific or historical research purposes, or for statistical purposes, in accordance with Art. 9(1) GDPR, unless the processing is necessary for the achievement of a task in the public interest.

3.4 Automated decision-making including profiling

You have the right not to be subjected to a decision based solely on automated processing – including profiling – that has a legal effect on you or impairs you significantly in a similar manner.

3.5 Right to withdraw consent given under data protection law

You have the right at any time to withdraw consent to the processing of personal data.

3.6 Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, particularly in the member state of your place of residence, your place of work, or the location of the suspected violation, if you believe that the processing of the personal data concerning you is unlawful.

4 Data security

We endeavour to protect your personal data within the framework of the applicable data protection laws and technical possibilities.

Your personal data is sent by us in an encrypted manner. This applies for your orders and the customer login. We use the SSL (Secure Sockets Layer) coding system, but we would like to point out that the transfer of data via the internet (e.g. communication via email) may involve security flaws. Flawless protection of data against access by third parties is not possible.

For the protection of your data, we take technical and organisational security measures, which we repeatedly adjust to keep up with technology.

In addition, we do not guarantee that our website is available at specific times; disruptions, interruptions or failures cannot be excluded. The servers used by us are regularly and carefully backed up.

4.1 Forwarding of data to third parties, no data transfer to non-EU/EEA countries

We generally only use your personal data within our company.

If and to the extent that we involve third parties as part of the performance of contracts, they will only receive this personal data to the extent to which the transfer is necessary for the according service.

In the case that we outsource certain parts of the data processing (“order processing”), we contractually oblige our order processors to only use personal data in accordance with the requirements of the data protection laws and guarantee the protection of the rights of the data subject.

The transfer of data to places or people outside the EU and outside the cases named in this statement does not take place and is not planned. 

4.2 Collection of personal data during the use of Zero Carbon Companies products

You can usually access our webpages without entering any personal details about yourself. If you register for our personalised databases or purchase products from Zero Carbon Companies , you will be asked for personal information, such as your name, email address, payment method, and credit card number. All data and information about your identity will be stored on the servers of Zero Carbon Companies  and the corresponding contracting partners; however, this will only take place if you provide us with this information explicitly. This will take place in a manner recognisable to you and only with your explicit consent.

We generally do not pass your personal data on to unauthorised third parties. We reserve the right to pass data on to authorised partners that are bound to a data privacy and confidentiality agreement by Zero Carbon Companies .

As soon as you contact us, we will receive and store certain information. We use so-called cookies and Flash cookies, inter alia, and receive certain information as soon as your web browser opens the Zero Carbon Companies  website or advertisement in other content that is provided by or on behalf of Zero Carbon Companies  on other websites. Cookies and Flash cookies are text files that are sent to your computer via the web browser or other programmes. Our system hereby has the opportunity to recognise your browser and offer you various services. The use of cookies therefore supports the process of your purchase on our site, as you can use the shopping cart function and store it.

If you would like to prevent further cookies from being accepted by your browser, be notified when you receive new cookies, or deactivate all cookies, see the help function in the menu bar of your web browser. You can deactivate or delete similar functions such as Flash cookies that are used by browser add-ons, by either changing the settings of the browser add-on or following the deactivation instructions on the website of the respective creator.

However, essential functions cannot be used on the Zero Carbon Companies  website without cookies, so we advise leaving the cookie function activated. For example, you cannot place any products in the shopping cart or use other functions that make registration necessary. However, it is recommended that you log out of the Zero Carbon Companies  website again after each registered visit, particularly if you are using the computer with multiple people.

5 Data Protection Officer

Should you have any questions about our data privacy or this data privacy statement, or if you want to exercise your rights, please contact our Data Protection Officer at

office@zerocarboncompanies.com

or write to UK Zero Carbon Solutions Limited. (for contact details, see Point 1 and the legal notice).

6 Changes to the data privacy statement

UK Zero Carbon Solutions Limited. reserves the right to change the data privacy statement in order to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies with regard to the data processing statements. If user consent is necessary or parts of the data privacy statement contain rules for the contractual relationship with the users, the changes will only take place with the consent of the user.

Users are asked to inform themselves regularly about the content of the data privacy statement. You can save and print this data privacy statement at any time.

(Version: July 2022)