Last updated: 13 October 2021
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed, shared and used by us, and how you can exercise your privacy rights. Please read the following carefully to understand our views and practices regarding your personal data.This policy applies to personal information collected by GreenCode Limited; a company incorporated inEngland & Wales (registered no. 13573431) and whose registered office is Lion House, Rowcroft, Stroud, GL5 7BY.In these terms and conditions “GreenCodeLimited”, “we”, “our” or “us” means GreenCode Limited, and “you” or “your”means you, our customer.What do GreenCode do?
GreenCode provide sustainability audit services which test compliance against the GreenCode standards (the “Services”). How we collect your information and why
Information that you provide voluntarily
· We collect your personal information when you contract with us, receive any of the Services, use our website under the domain name greencode.world
), or when you request information from us.
· The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.
· Should you register to receive the Services, you might be asked to provide certain personal information. This may include your name and email address amongst other personal details that might be useful to us when considering which of our products and services might suit you.Information that we obtain from third party sources
· We may collect our personal information from third party sources, but only where we have checked that these third parties either have your consent, are otherwise legally permitted or required to disclose your personal information to us.
· We may also collect information about you that is publicly available from public sources such as business directories.Information that we collect automatically
· When you visit our Website we may collect certain information automatically from your device.In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws.
· Your information will enable us to supply Services to you and to give you access to all parts of the Website. It will enable us to manage our business and our relationship with you, including administering the Services, contacting you where necessary concerning your use of the Services, the Website, and handling any complaints or queries you may have. We will also use and analyse the information we collect so that we can administer, support, improve and develop our business.
· We may use your information to contact you for your views on the Services, to notify you occasionally about important changes or developments to the Services or theWebsite, or to tell you about new products or services supplied by GreenCodeLimited or third parties that we think may be of interest to you. If you would rather not receive future marketing e-mails from us please let us know by emailing us at DataProtection@GreenBritainGroup.com
.Disclosure of your information
· The information you provide to us will be held on our systems and may be accessed by or transferred to any entity in our corporate group, including any entity that acquires us or that we may acquire. This may include staff working outside the UK and third parties some of whom are located outside the European EconomicArea. Such third parties process information, fulfil orders and provide support services on our behalf.
· We may also transfer or disclose your personal information to our service providers including audit service providers, professional advisers and to such other parties as we consider necessary for the administration of the Services, the Website, and related business.
· Countries outside the UK and the European Economic Area do not always have such strong data protection laws and so we limit when and how we transfer data to them. If we do transfer data we will always take steps to ensure that your information is used by third parties in accordance with this policy and that we comply with applicable legal requirements to ensure adequate protection for your information. When we collect your personal information we may process it in any other countries. When transferring personal data we do so using contractual clauses which have been approved by the European Commission as adequately protecting the rights of data subjects or through other mechanisms that adequately ensure that your data protection rights are upheld.
· Sometimes the law requires us to disclose your information. We will respond to request where our compliance is required by law or, we receive a request from a public authority or law enforcement agency, there is a threat to the safety of you or any other person or we suspect you of committing fraud.
· We may transfer your personal data as a part of a corporate reorganisation, business sale, or other merger activity, but in those circumstances any recipient will be obliged by law to comply with this policy.
· We will only otherwise disclose any of the information you provide to us when permitted todo so by applicable law or with your consent.Legal basis for processing personal information
· Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
· However, we will normally collect personal information from you only where we need the personal information to perform a contract with you, where we have your consent to do so, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.
· If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the time we collect your information, and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
· Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
· If you have any questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact our GroupData Protection Officer DataProtection@GreenBritainGroup.com
· If you use the Services or the Website our legal grounds for processing your personal information are summarised below:Legal basis for processing:
ContractPurposes of processing:
Delivery of services. Customer service. Complaints handling. Contact you in connection with the Services (including through the use of electronic communication, e-mail, SMS or telephone). Legal basis for processing:
Legitimate interestsPurposes of processing:
Marketing of our products and services. You have the right to object. Assist with statistical analysis to assess and improve our Services and our website. Verify your identity when you make enquiries by phone, email or letter.Legal basis for processing:
Legal obligationPurposes of processing:
Responding to requests by law enforcement authorities for access to your personal information. Protecting our businesses and other customers from fraudulent activities. Tracing and recovering debts and assessing claims. The detection and prevention of theft, fraud, money laundering. Legal basis for processing:
ConsentPurposes of processing:
Sending you updates by email when you subscribe to our mailing list.
· If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact our Data Protection Officer at DataProtection@GreenBritainGroup.com
· We employ security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. Protection of the registration details and any debit or credit card information you give to us is a major priority. We have implemented a security policy that guards against unauthorised access. Data on our secure pages is encrypted using SSL technology.
· Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential.
· All your private data will be encrypted at all times whilst in transit over theInternet. SSL is special software that automatically encrypts any data sent by you on our secure pages. Our server then reads the data using a private key.This means that your data, be it debit or credit card information or any other personal details, is turned into code that can only be decoded with the private key or password. All pages on the site that require you to enter personal or sensitive information are secure. Your browser will indicate that the page is secure by displaying a padlock or key in the status bar at the bottom of the window. If your browser is suitably configured, you will receive a warning message when you first access any secure page on the site. This is simply information to advise you that the site is protecting your data.
· Unfortunately, the transmission of information via the internet is not completely secure.Although GreenCode Limited will do its best to protect your personal data, it cannot guarantee the security of any personal data that you disclose online.You accept the inherent security implications of using the Internet and we will not be responsible for any breach of security unless we have been be in breach of applicable laws and then only to the limits set out in the terms and conditions for the Website.
· We will retain your information for as long as you continue to use the Services and fora period of 6 years (or as long as the law requires) after your account has closed. We may decide it is necessary to retain your information for the purpose of resolving disputes or payment issues, or because it is still useful to us to analyse your use of the Services.
· If you have requested information about the Services we provide, for example a quotation, we will retain your information for a period of up to 12 months from the provision of the information requested, after which your personal data will be deleted, providing that there is no ongoing legitimate reason for us to retain it.
· Where we are relying on your consent as the lawful basis for processing your data and you withdraw that consent, we will stop processing your personal data and delete it in accordance with our retention policy.
· When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.Access to information and exercising your rights
· You are entitled to access, correct or update of your personal information, you can do so at any time by contacting us using the contact details provided under the“Contact” heading below.
· In addition, in certain circumstances you can object to processing of your personal information, request deletion of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “Contact” heading below.
· You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “Contact” heading below.
· Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.Complaints
· You have the right to complain about our collection and use of your personal information. In the first instance you should contact our Data Protection Officer by emailing DataProtection@GreenBritainGroup.com.
· In the event that you are unhappy with the Data Protection Officer’s response you may raise your concerns with the Information Commissioners Office at https://ico.org.uk/concerns/
· You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.Contact
All comments, queries and requests relating to our use of your information are welcomed, using the following details:
The Data Protection Officer
For EEA based Nationals, please contact our European Representative. Details are as follows:
Instant EU GDPR Representative Ltd
Contact Email: firstname.lastname@example.org
EU Dublin Address:
INSTANT EU GDPR REPRESENTATIVE LTD, 69 Esker Woods Drive,Lucan Co. Dublin, Ireland