Privacy Policy

    How we collect, use, and protect your personal information

    Last updated: 25 October 2025

    Quick Summary

    We collect your contact and business information to provide carbon consultancy services. We protect your data with appropriate security measures, only share it with trusted service providers, and never sell it to third parties. You have full control over your data and can request access, correction, or deletion at any time.

    Contents

    1. Information We Collect2. Legal Basis for Processing3. How We Use Your Information4. Data Retention5. Information Sharing6. Third-Party Services7. Client Confidentiality8. Data Security9. International Data Transfers10. Your Rights11. Cookies & Tracking12. Marketing Communications13. Automated Decision-Making14. Children's Privacy15. Changes to This Policy16. Contact Us

    1. Information We Collect

    When you use our services or contact us, we may collect the following types of information:

    Personal Information

    • Contact information (name, email address, phone number, job title)
    • Company information (company name, size, industry, location)
    • Service preferences and specific requirements
    • Communication records and correspondence
    • Professional qualifications and experience (for partnership enquiries)

    Business Information

    • Carbon footprint and emissions data
    • Energy consumption and sustainability metrics
    • Supply chain information relevant to carbon assessment
    • Financial information for carbon accounting (when provided)
    • Operational data necessary for compliance reporting

    Technical Information

    • IP address and geolocation data (used to identify visiting organizations for B2B lead generation, not individual users)
    • Browser type, version, and device information
    • Website usage patterns and page interactions
    • Referral sources and search terms

    2. Legal Basis for Processing

    Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

    • Consent: When you provide explicit consent for marketing communications or specific services
    • Contract: To perform our consultancy services and fulfil contractual obligations
    • Legitimate Interest: To operate our business, improve services, and provide customer support
    • Legal Obligation: To comply with accounting, tax, and regulatory requirements

    3. How We Use Your Information

    We use your information for the following purposes:

    • Provide carbon consultancy services and support
    • Conduct carbon footprint assessments and compliance reporting
    • Respond to your enquiries and provide customer service
    • Identify business visitors to our website for B2B lead generation and sales outreach purposes
    • Send you relevant information about our services (with consent)
    • Improve our website, services, and customer experience
    • Comply with legal, regulatory, and professional obligations
    • Maintain business records and financial accounts
    • Protect against fraud and ensure website security

    4. Data Retention

    We retain your personal data for the following periods:

    • General enquiries: 2 years from last contact
    • Client project data: 7 years (for tax and professional indemnity purposes)
    • Marketing contacts: Until you unsubscribe or 3 years of inactivity
    • Website analytics: 26 months (Google Analytics default)
    • Financial records: 7 years (HMRC requirement)
    • Legal compliance data: As required by applicable regulations

    5. Information Sharing

    We do not sell, trade, or otherwise transfer your personal information to outside parties except as described below:

    • Service Providers: Trusted third parties who assist in operating our business (see section 6)
    • Professional Partners: With your consent, for collaborative projects or referrals
    • Legal Requirements: When required by law, regulation, or court order
    • Business Transfer: In the event of a merger, acquisition, or sale of assets
    • Protection of Rights: To protect our rights, property, or safety, or that of others

    6. Third-Party Services

    We use the following trusted third-party services that may have access to your data:

    Website & Analytics

    • • Google Analytics (usage statistics)
    • • RB2B (B2B visitor identification - identifies companies via IP analysis, not individual users)
    • • Supabase (database hosting)
    • • Vercel/Netlify (website hosting)

    Communications

    • • Resend (email delivery)
    • • WhatsApp Business (customer support)
    • • Google Workspace (business email)

    7. Client Confidentiality

    As a professional consultancy, we maintain strict confidentiality standards:

    • All client data is treated as commercially sensitive and confidential
    • Carbon footprint data and business metrics are protected with enhanced security
    • We sign non-disclosure agreements where required
    • Project data is segregated and access-controlled on a need-to-know basis
    • Anonymous data may be used for industry benchmarking (with explicit consent)

    8. Data Security

    We implement comprehensive security measures to protect your personal information:

    • Encryption in transit (SSL/TLS) and at rest (AES-256)
    • Multi-factor authentication for all business accounts
    • Regular security audits and penetration testing
    • Staff training on data protection and security protocols
    • Secure backup systems with geographic redundancy
    • Network firewalls and intrusion detection systems
    • Regular software updates and patch management

    9. International Data Transfers

    Some of our service providers may be located outside the UK/EEA. When transferring data internationally, we ensure:

    • Transfers are to countries with adequate data protection (adequacy decisions)
    • Standard Contractual Clauses (SCCs) are in place where required
    • Service providers maintain equivalent data protection standards
    • Your rights remain protected regardless of data location

    10. Your Rights

    Under GDPR, you have the following rights regarding your personal data:

    Access & Correction

    • • Request access to your personal data
    • • Correct inaccurate information
    • • Receive a copy of your data

    Control & Deletion

    • • Delete your personal data ("right to be forgotten")
    • • Object to processing of your data
    • • Restrict processing in certain circumstances

    Portability & Consent

    • • Data portability (receive in structured format)
    • • Withdraw consent at any time
    • • Opt-out of marketing communications

    Complaints

    • • Lodge a complaint with the ICO
    • • Seek judicial remedy
    • • Contact our Data Protection Officer

    To exercise any of these rights, please contact us using the details below. We will respond within 30 days of receiving your request.

    11. Cookies & Tracking

    Our website uses cookies and similar technologies:

    Essential Cookies

    Required for website functionality, form submissions, and security. Cannot be disabled.

    Analytics Cookies

    Google Analytics and RB2B for website analytics and B2B visitor identification. RB2B uses cookies and IP address analysis to identify the company/organization visiting our website (not individual personal data) for business development purposes. These tools help us understand usage patterns and improve user experience. Requires your consent.

    Marketing Cookies

    Track website visits from marketing campaigns. Help us measure campaign effectiveness.

    12. Marketing Communications

    We may send you marketing communications if:

    • You have provided explicit consent
    • You are an existing client and the communication relates to similar services
    • You have requested information about our services

    You can unsubscribe at any time by clicking the unsubscribe link in any email, replying "STOP" to text messages, or contacting us directly.

    13. Automated Decision-Making

    We do not use automated decision-making or profiling that would have legal or significant effects on you. All consultancy recommendations and decisions involve human oversight and professional judgement.

    14. Children's Privacy

    Our services are not directed at children under 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us and we will delete it immediately.

    15. Changes to This Policy

    We may update this privacy policy periodically to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on this page with a new "Last updated" date. For material changes, we may also notify you by email if we have your contact information.

    16. Contact Us

    If you have any questions about this privacy policy, wish to exercise your data protection rights, or have concerns about our data practices, please contact us:

    General Enquiries:

    Email: [email protected]

    WhatsApp: +44 7356 256763

    Data Protection Officer:

    Email: [email protected]

    Address: 128 City Road, London, EC1V 2NX

    Information Commissioner's Office (ICO)

    If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with the UK's supervisory authority:

    Website: ico.org.uk
    Phone: 0303 123 1113
    Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

    Cookie Consent

    We use cookies to understand how visitors use our site and improve your experience. By accepting, you consent to our use of analytics cookies as described in our Privacy Policy.