Privacy Notice

Effective as of Jul 23, 2024

INTRODUCTION

The Social Carbon Foundation (“SCF”, “we”, “us”, or “our”) is committed to respecting and protecting your privacy. This Privacy Notice (“Notice”) outlines how we comply with applicable Data Protection Regulations, including the General Data Protection Regulation 2016/679 (“GDPR”), and describes our practices regarding the collection, use, and disclosure of your Personal Data.

This Notice informs about the processing of your Personal Data (which means any information relating to an identified or identifiable natural person) that we collect from you (“user”, “you”, “your”) or that you provide to us on the SCF website https://socialcarbon.org, to all associated sub-domains, online services and on the websites listed below:

https://socialcarbon.org,

https://portal.socialcarbon.org collectively the “Website

By visiting the Website, you are accepting the practices described in this Notice. If you do not agree with any of the terms and conditions contained herein, please discontinue use of the Website immediately.

By visiting or interacting with the Website, you acknowledge your responsibility to manage your account credentials securely and to promptly notify SCF of any unauthorized access or suspected security breaches in relation to your account.

 

1. WHAT PERSONAL DATA DO WE COLLECT?

We want you to understand the type of information we collect. In this Notice, “Personal Data” means any information relating to an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier.

We do not collect or process sensitive data as defined by GDPR.

1.1. Personal Data provided by you

We gather Personal Data from you when you interact with us or use our online services, such as subscribing to newsletters, registering for events, applying for jobs, making donations, or purchasing carbon credits. This information is collected with your knowledge and consent and stored in our various SCF databases and mailing lists. The Personal Data we collect includes:

  • Contact Information: Name, surname, gender, nationality, address, postal code, country, email address, telephone number, social network details, job title, and company/organization name.

  • Payment and Financial Information: Details necessary to fulfill orders or process purchases, such as debit or credit card information (cardholder name, card number, expiration date) or other payment forms. This information is handled by us or our payment processing providers in compliance with applicable laws, regulations, and security standards like PCI DSS.

  • Market Research & Consumer Feedback: Information you voluntarily share about your experience using our products and services.

  • Other Submitted Materials: For career opportunities, this includes your CV, references, motivation for applying, job title, availability date, desired salary, LinkedIn account, and eligibility to work in targeted countries.

1.2. Personal Data collected automatically

We and our third-party partners automatically collect information when you navigate and interact with our Website or newsletters. This includes details such as your browser type and operating system, the web pages you view, the links you click, your device address (IP), the time and date of access, your language preferences, the length of time you spend on our Website, the referring URL or webpage that led you to our Website, and the information or keywords you search for on the Website.

This data is collected using automated technologies such as cookies, web beacons, and third-party tracking for analytics and advertising purposes.

We also use analytics and tools to prevent spam and mitigate security risks associated with abusive automated software. You can manage your preferences regarding cookies and other trackers by accessing the preference center on our Website.

Visit our Cookie policy for more information on the types of cookies and other trackers we use on our Website.

You have the right to object to the use of such technologies for further details please see Article 7.1.

1.3. Third-party sources

We have third-party sources and our Website has links to websites or social media platforms, such as (without limitation) Facebook, X, Instagram, Youtube, Linkedin and Tiktok, that collect information about you when you visit them.

SCF does not control the processing of Personal Data by these third parties, and we encourage you to review the privacy notices of these third parties for more information.

 

1.4. Minors

Our Website is designed for general audiences. We do not knowingly collect or solicit Personal Data from individuals under the age of 18. If you are under 18, please do not register on our Website or submit any Personal Data. If we become aware that we have inadvertently collected Personal Data from a child under 18, we will promptly delete it. If you believe a child under 18 has provided us with Personal Data, please contact us at operations@socialcarbon.org. You must be at least 18 years old and able to enter into legally binding agreements to use our Website.

1.5. User Responsibility for Account Security

You are responsible for maintaining the confidentiality of your account credentials, including passwords and other sensitive login details. SCF recommends that users choose strong, unique passwords and protect their accounts from unauthorized access. SCF cannot be held liable for any loss or unauthorized access arising from your failure to manage account credentials securely.

 

2. WHY ARE WE USING AND PROCESSING PERSONAL DATA?

We are using and processing your Personal Data to:

  • provide and manage our Website and Services;

  • manage and administer our relationship with you;

  • process donations and manage donor relations;

  • improve our Website and Services;

  • improve our communication and marketing;

  • ensure legal and regulatory obligations;

  • ensure the security of our Website and Services and prevent payment fraud;

  • inform you about our activities, events, and updates;

  • improve our analytics and reporting.

SCF respects your ownership of user-generated content. By submitting content to our website, you grant SCF a non-exclusive, worldwide license to use, display, reproduce, and distribute your content as necessary for SCF’s services, in line with our mission and Terms and Conditions. This license does not affect your ownership of the content, and you retain full rights to remove your content or end this license upon termination of your use of our services.

2.1. Purpose of Personal Data we collect directly from you via our Website

We use Personal Data mainly for the following purposes:

a)     for purposes made clear to you at the time you submit your Personal Data through these situations:

·        when you support us with a donation, we will manage your orders, send you administrative information or ask for post customer testimonials;

·        when you sign-up to our newsletter, we will send you SCF information, or marketing and promotional communications;

·        when you sign up for technical updates, we will send you the relevant information and offer support;

·        when you wish to attend SCF events such as webinars, training sessions, workshops, physical events, roundtables, we will manage your participation or send you administrative information, marketing and promotional communications, or request user feedback to improve the user experience or inquire post customer testimonials;

·        when you complete a helpdesk contact form, we will respond to enquiries and offer support;

·        when you complete a branding contact form, we will respond to enquiries and offer support;

·        when you complete a survey, enquiry or provide feedback, we will respond to enquiries, improve user experience and ask for post customer testimonials;

·        when you complete a VVB review;

·        when you sign-up to become an NGO supporter;

·        when you apply for a job, we will manage and process your job application in line with our recruitment obligations – for example, we may process data to obtain references, or to conduct criminal and background checks.

b)     SCF will retain and evaluate information about your recent visits to our Website and how you move around different sections of our Website for analytics purposes to understand how people use our Website so that we can make it more intuitive.

c)     SCF will retain and evaluate your feedback to improve the user experience and make your journey smoother, to help us improve our services and better meet your needs.

 

2.2. Purpose of Personal Data collected automatically

The automatically collected Personal Data is primarily used to identify, monitor, and prevent potential cases of abuse and fraud. Additionally, this data is used for various purposes, including data analysis, generating statistical information about Website and Service usage and traffic, conducting audits, developing new Services, enhancing and improving the Website, identifying usage trends, evaluating the effectiveness of our promotional campaigns, and operating and expanding our activities. Some of this information may be shared with or used by our vendors and their technologies and tools.

The statistical information is aggregated so that it does not identify any specific user. Log files are maintained to ensure the functionality and security of the website and server infrastructure.

 

2.3. Purpose of Personal Data received from other sources

We may receive Personal Data about you from third parties acting on your behalf or from our partners who work with us.

 

2.4. Purpose of Personal Data from Payment processing

For services requiring payment, you may need to provide credit card details or other payment information, which will be used solely for processing payments. We use third-party payment processors ("Payment Processors") to securely handle your payment information.

Payment Processors adhere to the latest security standards set by the PCI Security Standards Council. We only share payment data with the Payment Processors as necessary to process payments, issue refunds, and address payment-related queries and complaints.

The Payment Processors' use of your Personal Data is governed by their respective privacy policies, which may offer different levels of privacy protection compared to this notice. We encourage you to review their privacy policies.

 

3. WHAT IF YOU DON’T WANT TO PROVIDE PERSONAL DATA?

The provision of Personal Data on our Website is optional. If you choose not to provide Personal Data you can still browse and use our Website but you will not be able to carry out certain actions such as (without limitation) purchasing items, registering for a newsletter or applying for a job.

4. DO WE SHARE YOUR PERSONAL DATA?

4.1. SCF do not sell your Personal Data or disclose Personal Data we collect about you, except as described in this Notice or as disclosed to you at the time of data collection.

4.2. SCF operates globally and will share your Personal Data with the following parties in each case always in accordance with applicable data protection laws, including obtaining your consent where required under law:

  • SCF headquarter in London, our affiliates, our subsidiaries, other entities within SCF;

  • our trusted donors;

  • our partners, our NGO supporters, our approved vendors;

  • our contracted companies' partners, our sub-processors;

  • our service providers: these are external companies that we use to help us run our activities. For example, we engage support providers to provide (a) general office support including printing, document production and management, archiving, and translation services; (b) accounting, finance and billing support; (c) IT functions including systems management and security, data storage, analytics, business applications, voice mail and system replication for business continuity/disaster recovery purposes; (d) marketing service providers; (e) payment service providers and (f) conflict checking, risk management and quality reviews.

  • the people you have named as references in your application, should they be of interest to SCF; your name, surname and the details of your resume on which we wish to receive feedback;

  • third parties for compliance, anti-fraud, and security purposes, including where required to do so by applicable law or legal process, as evidence in litigation in which we are involved or where we believe disclosure is necessary to protect the individuals’ personal safety and vital interests of individuals, to enforce our terms and conditions, protect SCF from harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity;

We require those parties to only process Personal Data in accordance with our instructions and as necessary to perform services on our behalf or in compliance with applicable law. We also require them to safeguard the security and confidentiality of Personal Data by implementing appropriate technical and organizational security measures.

 

4.3. SCF may disclose your Personal Data if required by law or in response to lawful requests by public authorities to meet national security or law enforcement requirements. We ensure such disclosures are made in compliance with applicable legal standards. This may occur (i) to comply with legal obligations or lawful requests from authorities, or (ii) in the good faith belief that such disclosure is necessary to adhere to legal requirements, comply with legal processes served on us, or protect and defend our legitimate interests according to applicable laws.

 

5. WHAT ABOUT INTERNATIONAL DATA TRANSFER OF YOUR PERSONAL DATA?

The Website is controlled and operated by SCF from England, United Kingdom. Personal Data may be transferred to and stored at destinations outside the United Kingdom and the European Union. It may also be stored and processed by staff, agents, service providers, or contractors operating outside the United Kingdom and the European Union on behalf of SCF.

When we transfer Personal Data outside the United Kingdom and the European Union, SCF ensures it is protected consistently with our standards in the United Kingdom and the European Union. We ensure a legal basis for such transfers and provide adequate protection of your Personal Data as required by applicable law. This may include using standard contractual clauses approved by the European Commission or relevant authorities (where required) and implementing other appropriate technical and organisational information security measures. SCF may transfer your Personal Data to countries including but not limited to:

  • United Kingdom

  • EEA

  • USA

  • Canada

  • India

  • Australia

From a geographical point of view, SCF favors whenever possible processors and hosting facilities located in the United Kingdom and the European Union.

 

6. HOW LONG DO WE STORE YOUR PERSONAL DATA?

We do not store your Personal Data longer than necessary and only for as long as is necessary to fulfil the purposes set out above. Retention periods may vary depending on the categories of Personal Data categories and the processing activities.

To determine the appropriate retention period for your Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether those purposes can be achieved by other means, and the applicable legal requirements:

  • where you have given your consent, until you withdraw it;

  • where we have entered into an agreement with you, for the duration of that agreement plus any applicable local statute of limitations;

  • where we have a legitimate interest in using your Personal Data, for a limited period of time appropriate to ensure a fair processing of your Personal Data or until you object to our use of your Personal Data, unless we have compelling legitimate grounds for the continued processing which override your interest in objecting or for the establishment, exercise or defence of legal claims;

  • where we are required to comply with a legal obligation, the retention period will be determined in accordance with the applicable law;

  • where your Personal Data is required to for the establishment, exercise or defence of against legal claims, we will retain your Personal Data until the end of the relevant retention period or until the claims in question have been settled.

At the end of the retention period, your Personal Data will be deleted or anonymised using processes and methods that comply with data protection standards.

Please note that once the retention period is over, and except in the case of our archives, Personal Data may be deleted or anonymised, and as such, out of scope from data protection regulation and from this Notice.

 

7. WHAT ARE YOUR RIGHTS?

7.1. Every user is entitled to the following:

  • right to access: you have the right to access information about your Personal Data stored by us commonly known as “data subject access request” (DSAR). This enables you to receive a copy of the Personal Data we hold about you;

  • right to rectification: you have the right to request that SCF correct any information you believe is inaccurate. You also have the right to request SCF to complete the information you believe is incomplete;

  • right to erasure: you have the right to ask us to erase your Personal Data under certain conditions;

  • right to restriction of processing: you have the right to request that the processing of your Personal Data be restricted under certain conditions;

  • right to data portability: you have the right to request that SCF transfer the data we have collected to another organization or directly to you, under certain conditions;

  • right to object to processing: you have the right to object to the processing of your information if the processing is carried out on a legal basis other than your consent;

  • right to withdraw your consent at any time if the processing of your Personal Data is based on your consent;

  • right not to be subject to any automated decision making and profiling;

  • right to lodge a complaint to the supervisory authority.

 

7.2. Consumers residing in California have additional rights regarding their Personal Data under the California Consumer Privacy Act ("CCPA"). If you are a California resident, this section applies to you. In addition to the rights outlined in this Notice, California residents who provide Personal Data as defined by the CCPA for personal, family, or household use are entitled to request and receive information from us once per calendar year about the categories and specific pieces of Personal Data we have collected and disclosed.

California residents also have the right to request the deletion of their Personal Data or to opt out of its sale, which may include selling, disclosing, or transferring Personal Data to another organization or third party for monetary or other valuable consideration. To exercise these rights, simply contact us. We will not discriminate against you for exercising your rights under the CCPA.

 

8. HOW TO EXERCISE YOUR RIGHTS?

If you have any questions about the information, we may hold about you or if you wish to exercise your rights, you may use the following data subject request form to submit your request: DSAR

We may request specific information from you to confirm your identity or to process your request.

All requests will be processed within one month of receipt. This period may be extended by an additional two months if the request is complex or if we receive numerous requests. If an extension is necessary, we will notify you within one month of receiving your request, explaining the delay and providing an estimated completion time.

Depending on the scope of the request and as permitted by applicable law, we may charge reasonable fees to cover the costs incurred in processing the request.

We may deny access to your Personal Data in limited circumstances, in accordance with applicable laws and regulations. In such cases, we will explain our reasons for the denial, subject to legal restrictions.

If you have any questions, concerns, or complaints regarding this Notice, please contact us using the details below:

 

Social Carbon Foundation address:

128 City Road, London, United Kingdom, EC1V 2NX

 

Data Protection Office email: dpo@socialcarbon.org

If you feel unsatisfied with our handling of Personal Data, you have the right to lodge a complaint with your supervisory authority.

SCF will not discriminate against you for exercising your privacy rights.

 

9. WHAT ABOUT COOKIES/SIMILAR TECHNOLOGIES, LOG FILES AND WEB BEACONS

9.1. Cookies/Similar Technologies

Please see our Cookie Policy to learn how you can manage your cookie settings and for detailed information about the cookies we use and the purposes for which we use them.

 

9.2. Log Files

We collect information in the form of log files that record Website activity and compile statistics about your browsing habits. These records are automatically generated, and help us troubleshoot problems, improve performance and maintain the security of our Website.

 

9.3. Web Beacons

Web beacons (also known as “web bugs”) are small strings of code that deliver a graphic image on a web page or in an email for the purpose of transferring data back to us. The information collected via web beacons includes information such as your IP address, as well as information about how you respond to an email campaign (e.g. at what time the email was opened, what links you clicked on in the email, etc.). We may use web beacons on our Website or in emails we send to you. We use web beacon information for a variety of purposes, including but not limited to, site traffic reporting, unique visitor counts, advertising, email auditing and reporting, and personalisation.

 

10. INFORMATION SECURITY

We store the information you provide on secure computer servers within a controlled environment, designed to protect against unauthorized access, use, or disclosure. We implement reasonable administrative, technical, and physical safeguards to prevent unauthorized access, use, modification, and disclosure of your Personal Data. However, please note that no data transmission over the Internet or wireless network can be completely guaranteed.

SCF employs appropriate precautions and technical measures to guard against the loss, misuse, unauthorized access, disclosure, alteration, or destruction of your Personal Data, following internationally recognized standards.

Despite our efforts to protect your Personal Data, you acknowledge that:

  • there are security and privacy limitations of the Internet which are beyond our control;

  • the security, integrity, and privacy of any and all information and data exchanged between you and the Website and Services cannot be guaranteed; and

  • any such information and data may be viewed or tampered with in transit by a third party, despite best efforts.

As the security of Personal Data depends in part on the security of the device you use to communicate with us and the security you use to protect your credentials, please take appropriate measures to protect this information.

11.CHANGES AND AMENDMENTS

We reserve the right to update this Notice or its terms regarding the Website at any time at our discretion. Any changes will be reflected by updating the date at the end of this page. Additionally, we may notify you of changes using other methods, such as through the contact information you have provided.

The updated Notice will take effect immediately upon being posted unless otherwise stated. Your continued use of the Website and Services after the effective date of the revised Notice will be considered as your acceptance of these changes. However, we will not use your Personal Data in a way that is significantly different from how it was used when it was initially collected, without your consent.