Privacy Policy

Last updated: August 2023


  • Introduction
  • Who we are
  • Data collection
  • Data retention
  • Data location
  • Data sharing
  • Data security
  • Cookies
  • Your rights
  • Changes to this policy


This Privacy Policy (“Policy”) describes the “Personal Data” that we collect, how we use it, how we share it, your rights and choices, and how you can contact us about our privacy practices. For the purposes of the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 we are the data controller of this personal data. This policy applies to our public website at and also to our SaaS emissions management Services.

Who we are

The company behind Emizio is Emizio Limited. Our registered company number is 13911340, and our registered office is at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ. Our VAT number is  422 3242 42.

For ease of reference we will further refer to ourselves using “we'', "us","our" or "Emizio ”. “You”, “your” or “yours” means the organisation using the Services.

You can reach us at

Data collection

Personal Data will be collected if you email us or fill in a form on our website. We use this data for responding to enquiries for the purposes of support, business development, marketing and/or recruitment.

Personal Data will be collected if you use our Services. The nature of our Services is that we require aggregated data about your business activities so that we can assess the carbon emissions associated with them. This data can be in the form of answers to questions, uploaded records or data extracted with permission from your systems. We are not interested in data about the historical activity of individuals, but some data shared may contain names, job titles, email addresses, and other personally identifying information. 

We do not collect Special Category data (explained on the ICO’s website here) as part of our Services. We do not process protected health information, electronic health records or personal health records.

When you visit our website or use our services we may record details such as IP address and browser type in order to optimise your experience.

Data retention

We retain your personal data as long as we are providing services to you. Once you stop using our services we may keep the data to comply with any legal, accounting, or reporting requirements. Our default retention period is two years. We take into account data sensitivity and risk of harm and may delete the data sooner.

Data location

We store data primarily in AWS data centres in the UK and the European Economic Area (EEA).  Amazon provides advanced security features and maintains multiple certifications, including SOC 1, SOC 2, SOC 3 and ISO27001. In addition all data is encrypted both in transit and at rest.

Some of our service providers are based outside of the UK and EEA, so some data may therefore be transferred out of the UK and EEA. We transfer the minimum data required to fulfil the processing, applying appropriate and reasonable safeguards. Data transfers to these providers comply with data protection law on the basis of their EU-US Privacy Shield self-certification. 

Data sharing

We will never sell your personal data to another party.

We may disclose your personal data to our suppliers who help us provide the Services and run our business. Our suppliers may process your personal data on our behalf solely in accordance with our instructions and pursuant to a written contract.

To support our public website, marketing and comms we use the following third party processors:

  • Google (communication apps, data storage) 

  • Slack (communication apps) 

  • Webflow (website host) 

  • Linear (project management) 

  • Hubspot (customer relationship management) 

A list of third party processors supporting our emissions management services is available on request to users of our services. We have entered into a data processing agreement with each of these external data processors which obliges them to only process your personal data based on our instructions and in compliance with this Privacy Policy.

We will share your data in the following exceptional circumstances:

  • If we are under a legal obligation to share data with the authorities or if we have to share data to comply with an enforceable government request, we will share this data with government authorities 
  • If another company decides to buy Emizio, we will transfer your data to that company. That company will then take over all obligations under this Privacy Policy.

Data security

We maintain organisational, technical and administrative measures designed to protect Personal Data covered by this Policy against unauthorised access, destruction, loss, alteration or misuse.

We use Vanta ( to support our security procedures. More specific policies around access control, data management, security, and internal procedures are available on request to users of our emissions management services.


Emizio uses cookies to ensure that our Site and Services function properly, understand how visitors use and engage with our Site, analyse and improve Services. Please see our cookie policy for further details.

Your rights

Depending on your location and subject to applicable law, you may have the following rights

  • Right to request a copy of the Personal Data we hold about you (commonly known as a “data subject access request”).
  • Right to request that Emizio edit or delete your Personal Data.
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

If you feel we have failed to respond correctly to a request for information, you have the right to lodge a complaint about us to the UK Information Commissioner’s Office ( or with the relevant authority in your country of work or residence.

If you have any further privacy concerns or if you want to exercise your rights, you can contact us via email at

Changes to this policy

We may change this Privacy Policy from time to time. We will post any Privacy Policy changes on this page and, if the changes are significant, we will provide a more prominent notification.