License

Privacy Policy

Last Updated: 18/09/24

Introduction

Positive Carbon ("we", "us", or "our") is committed to protecting the privacy of our clients, users, and visitors ("you" or "your"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website www.positivecarbon.org (the "Website"), use our app (the "App"), or engage with us through commercial relationships.

By accessing or using our Website and App, or by engaging with us, you agree to the terms of this Privacy Policy.

Data Controller and Contact Information

Positive Carbon
60 Baggot Lane
Dublin 4
D04 HK27
Ireland

Email: info@positivecarbon.org
Phone: (+3531) 567 2084
Data Protection Officer (DPO): Mark Kirwan - mark@positivecarbon.org

Scope of This Privacy Policy

This Privacy Policy applies to:

Personal data collected through our Website.
Personal data collected through our App, which is accessible exclusively through existing commercial relationships.
Personal data collected offline in the context of our commercial engagements.
All jurisdictions in which we operate, including but not limited to the European Economic Area (EEA), California, Canada, South Africa, and Brazil.

Personal Data We Collect

We may collect and process the following categories of personal data:

1. Personal Data You Provide Directly

A. Website and App Usage

Contact Information: Name, email address, phone number, postal address.
Account Information: Usernames, passwords, and other security-related information for authentication and access.
Commercial Information: Records of products or services purchased, obtained, or considered.
Communication Data: Information you provide when you contact us via email, phone, or through our contact forms.

B. Commercial Relationships

Business Information: Company name, job title, business address, and other professional details.
Financial Information: Billing address, payment method details (Note: We do not store full credit/debit card numbers).

2. Personal Data Collected Automatically

Usage Data: Information about how you access and use the Website and App, such as pages viewed, time spent, navigation paths, and search terms.
Technical Data: IP address, browser type and version, device type, operating system, time zone setting, and network identifiers.
Cookies and Similar Technologies: Data collected through cookies, pixel tags, and other tracking technologies (see the "Cookies and Similar Technologies" section below).

3. Personal Data from Third Parties

Analytics Providers: Data from Google Analytics and Mixpanel regarding your interaction with our Website and App.
Service Providers: Information from Webflow (our Website host) and other third-party services that assist us.
Publicly Available Sources: Information from public databases and social media platforms.

How We Use Your Personal Data

We use your personal data for the following purposes:

1. Service Delivery and Operations

Website and App Functionality: To operate, maintain, and provide you with access to our Website and App.
Account Management: To manage user accounts, authenticate users, and provide customer support.
Service Provision: To fulfil contractual obligations arising from commercial relationships.

2. Communication and Marketing

Customer Support: To respond to your inquiries, requests, or feedback.
Promotional Communications: To send you newsletters, updates, and marketing communications, subject to your communication preferences.
Surveys and Feedback: To conduct surveys and gather feedback to improve our services.

3. Analytics and Improvements

Performance Analysis: To monitor and analyse usage and trends to improve user experience.
Research and Development: To develop new features, products, or services.

4. Legal and Compliance

Regulatory Compliance: To comply with legal obligations under applicable laws and regulations.
Enforcement: To enforce our terms and conditions, protect our rights, privacy, safety, or property, and that of our clients and others.

Legal Basis for Processing

We process your personal data based on the following legal grounds, as applicable under relevant data protection laws:

Under GDPR (EEA Residents)

Consent: When you have provided explicit consent for specific purposes.
Contractual Necessity: Processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
Legal Obligation: Compliance with legal obligations.
Legitimate Interests: Processing is necessary for our legitimate interests, such as improving our services, provided your interests and fundamental rights do not override those interests.

Under CCPA (California Residents)

We collect and use personal information as defined under the California Consumer Privacy Act (CCPA). Please refer to the "Your Rights" section for more details.

Under PIPEDA (Canadian Residents)

We collect, use, and disclose personal information with your knowledge and consent, except where otherwise permitted or required by law.

Under POPI (South African Residents)

We process personal information in a lawful and reasonable manner that does not infringe your privacy.

Under LGPD (Brazilian Residents)

We process personal data based on legal bases such as consent, contractual necessity, compliance with legal obligations, and legitimate interests.

Cookies and Similar Technologies

We use cookies and similar tracking technologies to collect and use personal data about you. This helps us provide you with a good experience when you use our Website and App.

Types of Cookies We Use

Essential Cookies: Necessary for the operation of our Website and App.
Performance Cookies: Collect information about how you use our Website and App.
Functionality Cookies: Remember choices you make to improve your experience.
Targeting Cookies: Collect information about your browsing habits to make advertising relevant to you.

Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality and features of our Website and App.

Third-Party Services

We utilise third-party services to enhance our Website and App:

1. Google Analytics

Purpose: To analyse Website and App usage and improve performance.
Data Collected: Usage data, IP addresses, device information.
Privacy Policy: Google Privacy Policy
Opt-Out: Google Analytics Opt-Out

2. Mixpanel

Purpose: To track user engagement and interactions within the App.
Data Collected: Usage patterns, event tracking.
Privacy Policy: Mixpanel Privacy Policy
Opt-Out: Mixpanel Opt-Out

3. Webflow

Purpose: Website hosting and content management.
Data Collected: Technical data related to Website performance.
Privacy Policy: Webflow Privacy Policy

4. Other Service Providers

We may engage additional third-party service providers for payment processing, email communication, and other services. These providers are obligated to protect your personal data and use it only for the purposes specified by us.

How We Share Your Personal Data

We may share your personal data in the following circumstances:

1. With Service Providers

We share personal data with third-party service providers who perform services on our behalf, such as:

IT and System Administration: Providers who assist with Website and App hosting, maintenance, and security.
Payment Processors: To process payments related to our services.
Marketing Partners: To facilitate marketing campaigns and communications.

2. For Legal Reasons

Compliance with Laws: When disclosure is necessary to comply with legal obligations, regulations, or legal processes.
Protect Rights and Safety: To protect the rights, property, or safety of Positive Carbon, our clients, or others.

3. Business Transfers

Corporate Transactions: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.

Data Security

We have implemented appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

Security Measures Include:

Encryption: Data encryption in transit and at rest where applicable.
Access Controls: Limiting access to personal data to authorised personnel.
Regular Testing: Assessing and evaluating the effectiveness of technical and organisational measures for ensuring data security.

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including:

Legal Obligations: To comply with legal, accounting, or reporting requirements.
Dispute Resolution: To resolve disputes and enforce our agreements.
Business Needs: To maintain accurate business and financial records.

Retention Periods

Contact Information: Retained for the duration of our commercial relationship and for a period thereafter as required by applicable laws.
Usage Data: Retained for a shorter period, unless required for security, legal obligations, or dispute resolution.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Under GDPR (EEA Residents)

Access: Request access to your personal data.
Rectification: Request correction of inaccurate data.
Erasure: Request deletion of your personal data ("right to be forgotten").
Restriction: Request restriction of processing your personal data.
Data Portability: Receive your personal data in a structured, commonly used format.
Object: Object to processing of your personal data.
Withdraw Consent: Withdraw consent at any time where processing is based on consent.

Under CCPA (California Residents)

Right to Know: Request disclosure of categories and specific pieces of personal information collected.
Right to Delete: Request deletion of personal information.
Right to Opt-Out: Opt-out of the sale of personal information.
Non-Discrimination: Not to receive discriminatory treatment for exercising your privacy rights.

Under PIPEDA (Canadian Residents)

Access and Correction: Request access to and correction of your personal information.
Withdraw Consent: Withdraw consent to the collection, use, or disclosure of personal information.

Under POPI (South African Residents)

Access: Request access to your personal information.
Correction and Deletion: Request correction or deletion of personal information.
Objection: Object to the processing of personal information.
Complain: Lodge a complaint with the Information Regulator.

Under LGPD (Brazilian Residents)

Confirmation and Access: Confirm the existence of processing and access personal data.
Correction: Request correction of incomplete or outdated data.
Anonymization, Blocking, or Deletion: Request anonymization or deletion of unnecessary data.
Data Portability: Receive data in a structured format.
Information: Obtain information about public and private entities with which we share data.
Withdraw Consent: Withdraw consent at any time.

Exercising Your Rights

To exercise your rights, please contact us at:

Email: info@positivecarbon.org
Address: 60 Baggot Lane, Dublin 4, D04 HK27, Ireland

We will respond to your request within the time frame required by applicable laws.

Verification of Identity

For security purposes, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data.

Right to Lodge a Complaint

If you believe that we have infringed your rights, you have the right to lodge a complaint with:

EEA: Your local data protection authority.
California: California Attorney General's Office.
Canada: Office of the Privacy Commissioner of Canada.
South Africa: Information Regulator.
Brazil: National Data Protection Authority (ANPD).

Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.

Provision of Personal Data

Providing personal data is voluntary. However, if you choose not to provide certain data, we may not be able to:

Enter into a commercial relationship with you.
Provide access to certain features of our Website or App.
Respond to your inquiries or fulfill your requests.

Third-Party Links

Our Website and App may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.

We do not control these third-party websites and are not responsible for their privacy statements. We encourage you to read the privacy policies of every website you visit.

Children's Privacy

Our Website and App are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.

Notification of Changes

Posting Updates: We will post any changes on this page with an updated "Last Updated" date.
Material Changes: If we make material changes, we will notify you via email or through a notice on our Website or App.

Your continued use of our Website, App, or services after such modifications will constitute your acknowledgment of the modified Privacy Policy and agreement to abide and be bound by it.

Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our practices, please contact us at:

Email: info@positivecarbon.org
Phone: (+3531) 567 2084
Address: 60 Baggot Lane, Dublin 4, D04 HK27, Ireland

Data Protection Officer

If you wish to contact our Data Protection Officer (DPO), please reach out to:

DPO Name: Mark Kirwan
Email: mark@positivecarbon.org
Phone: (+3531) 567 2084

Additional Notices

For California Residents (CCPA Notice)

Under the CCPA, California residents have specific rights regarding their personal information.

Categories of Personal Information Collected

We have collected the following categories of personal information from consumers within the last twelve (12) months:

Identifiers: (e.g., name, email address).
Commercial Information: (e.g., records of services purchased).
Professional or Employment-Related Information.

Sale of Personal Information

We do not sell personal information as defined under the CCPA.

For Canadian Residents (PIPEDA Notice)

Your personal information may be transferred outside of Canada for processing and storage. In such cases, your information may be accessible to law enforcement and national security authorities in those jurisdictions.

For South African Residents (POPI Notice)

We process personal information in accordance with the Protection of Personal Information Act (POPI). You have the right to withdraw consent and object to the processing of your personal information.

For Brazilian Residents (LGPD Notice)

We process personal data in compliance with the General Data Protection Law (LGPD). You may exercise your rights through the contact information provided in this Privacy Policy.

Data Breach Notification

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority within the time frame required by applicable laws.

Governing Law

This Privacy Policy and any disputes related to it shall be governed by the laws of Ireland, without regard to its conflict of law provisions.

Language

This Privacy Policy may be translated into other languages for your convenience. In the event of any inconsistency or discrepancy between the English version and any other language version, the English version shall prevail.

Conclusion

Your privacy is important to us. We are committed to safeguarding your personal data and ensuring transparency about how we collect, use, and share information about you.

Thank you for trusting Positive Carbon.