- Who we are
- Data collection
- Data retention
- Data location
- Data sharing
- Data security
- Your rights
- Changes to this policy
Who we are
The company behind Emizio is Emizio Limited. Our registered company number is 13911340, and our registered office is at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ. Our VAT number is 422 3242 42.
For ease of reference we will further refer to ourselves using “we'', "us","our" or "Emizio ”. “You”, “your” or “yours” means the organisation using the Services.
You can reach us at email@example.com.
Personal Data will be collected if you email us or fill in a form on our website. We use this data for responding to enquiries for the purposes of support, business development, marketing and/or recruitment.
Personal Data will be collected if you use our Services. The nature of our Services is that we require aggregated data about your business activities so that we can assess the carbon emissions associated with them. This data can be in the form of answers to questions, uploaded records or data extracted with permission from your systems. We are not interested in data about the historical activity of individuals, but some data shared may contain names, job titles, email addresses, and other personally identifying information.
We do not collect Special Category data (explained on the ICO’s website here) as part of our Services. We do not process protected health information, electronic health records or personal health records.
When you visit our website or use our services we may record details such as IP address and browser type in order to optimise your experience.
We retain your personal data as long as we are providing services to you. Once you stop using our services we may keep the data to comply with any legal, accounting, or reporting requirements. Our default retention period is two years. We take into account data sensitivity and risk of harm and may delete the data sooner.
We store data primarily in AWS data centres in the UK and the European Economic Area (EEA). Amazon provides advanced security features and maintains multiple certifications, including SOC 1, SOC 2, SOC 3 and ISO27001. In addition all data is encrypted both in transit and at rest.
Some of our service providers are based outside of the UK and EEA, so some data may therefore be transferred out of the UK and EEA. We transfer the minimum data required to fulfil the processing, applying appropriate and reasonable safeguards. Data transfers to these providers comply with data protection law on the basis of their EU-US Privacy Shield self-certification.
We will never sell your personal data to another party.
We may disclose your personal data to our suppliers who help us provide the Services and run our business. Our suppliers may process your personal data on our behalf solely in accordance with our instructions and pursuant to a written contract.
To support our public website, marketing and comms we use the following third party processors:
- Google (communication apps, data storage)
- Slack (communication apps)
- Webflow (website host)
- Linear (project management)
- Hubspot (customer relationship management)
We will share your data in the following exceptional circumstances:
- If we are under a legal obligation to share data with the authorities or if we have to share data to comply with an enforceable government request, we will share this data with government authorities
We maintain organisational, technical and administrative measures designed to protect Personal Data covered by this Policy against unauthorised access, destruction, loss, alteration or misuse.
We use Vanta (https://www.vanta.com/) to support our security procedures. More specific policies around access control, data management, security, and internal procedures are available on request to users of our emissions management services.
Depending on your location and subject to applicable law, you may have the following rights
- Right to request a copy of the Personal Data we hold about you (commonly known as a “data subject access request”).
- Right to request that Emizio edit or delete your Personal Data.
- Right to restrict processing
- Right to data portability
- Right to object to processing
If you feel we have failed to respond correctly to a request for information, you have the right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/) or with the relevant authority in your country of work or residence.
If you have any further privacy concerns or if you want to exercise your rights, you can contact us via email at firstname.lastname@example.org
Changes to this policy