Accept co2okies

Accept co2okies?

We use cookies to help make using our website and tracking & offsetting your business’ carbon footprint as simple as ‘Accept!’ Here’s our cookie policy

Accept
Decline

EU Privacy Policy

Last Updated: May 2, 2022

Contents
1. Personal Data We collect
1.1. Information you give us:
1.2. Information we collect about you:
1.3. Information we receive from other sources:
1.4. Information about other people:
2. General Use and Legal Basis
2.1. Automated Decision-Making and Profiling
3. Disclosure of Your Personal Data
4. Where We Store Your Personal Data and How We Protect it
5. Your Rights
6. International Transfers of Personal Data
7. How Long We Keep Your Personal Data
8. Changes to our Privacy Policy
9. Contact Details

CarbonPay Limited (referred to and trading as “CarbonPay“, or “we” or “our” in this policy) is committed to respecting the privacy of individuals, including its clients. CarbonPay is a company registered in England under company number 12934414, and whose registered office is at Suite 1, 3rd Floor, 11-12 St James Square, Floor 9, London, SW1Y 4LB, United Kingdom. CarbonPay is a service providing individuals with a solution to offset their carbon emissions at retailers that accept Visa. CarbonPay owns and operates this site: https://carbonpay.io. CarbonPay collects your personal data as explained below, when you access our site and you create your user account for becoming a user and then using the CarbonPay card.

This Privacy Policy (“Policy“), together with our website terms and conditions and any other documents referred to in it, sets out the basis on which CarbonPay processes such personal data. Please read the following carefully to understand our views and practices regarding how we handle personal data. For the purposes of applicable data protection law (in particular, the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR) and the Data Protection Act 2018, CarbonPay is the “data controller” of your personal data.

Personal Data We collect

We may collect and process the following personal data:

Information you give us:

In order to set up your account with us and for us to perform our contract with us, we may process the following personal data which you provide to us:

  • Identity data – including first name, last name, role in organisation (in case of corporate applications) and date of birth.
  • Contact data – including address, e-mail address and phone number.
  • Financial data – including payment method, debit and credit card information.
  • Profile data – including your account password, preferences, feedback and survey responses.

Information we collect about you:

With regard to each of your visits to our site we may collect the following information:

  • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
  • information about your visit; products, services or issues you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the site. This information is collected by using cookies and similar technologies. Please see our cookie policy below for further details.

Information we receive from other sources:

We may also receive information about you when our payment service provider settles a payment on your behalf and /or from your bank in the event there is a failed payment.

Information about other people:

If you provide information to us about any person other than yourself, such as your relatives, next of kin, your advisers or your suppliers, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.

We do not currently collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

General Use and Legal Basis

We use your personal data:

  1. To measure the adequate performance of our contract with you, for:
    1. Managing such contractual relationship between you and us;
    2. Enabling you to access and use our site, and
    3. Enabling you to use the CarbonPay card.
  2. Where this is necessary for purposes which are in our legitimate interests (or those of a third party). These interests are:
    1. Facilitating the creation, securing, and maintaining, of your account on our network; and
    2. Improving the quality of experience when you interact with our services.
  3. For purposes which are required by law, including:
    1. Responding to requests by government or law enforcement authorities conducting an investigation.

Automated Decision-Making and Profiling

If you submit an application to us to use our services, we may use automated processes to process your application without our staff being involved in that processing. Those automated processes are used to help us better understand your financial circumstances and behaviour so that we can make informed decisions about:

  • whether we are able to approve your application and provide our services to you; and
  • if we are able to provide our services to you, the credit limit per transaction that we are able to offer you.

To make these decisions, we will use third parties and will use the information returned to us by the third parties, plus additional information such as banned lists. This may therefore result in us being unable to approve your application and provide our services to you. It may also affect the credit limit per transaction that we are able to offer you.

We will continue to carry out checks during the lifetime of your account with us. This may result in us changing your credit limit per transaction. We will tell you if this happens.

If you have any concerns about the outcome of any decision made about you using automated processes, you can contact us, and we will review the decision. Please see the ‘Your Rights’ section of this Policy for further details.

Disclosure of Your Personal Data

We may share your personal data with our subsidiaries and/or affiliates and also with trusted third parties including:

  • Modulr Finance and Modulr FS Limited, for the purposes of performance of the contract we enter into with you and for the purposes of issuing the CarbonPay.
  • Certain APIs to provide you with an improved customer journey including Plaid, Euler Hermes, Messagebird, Sendgrid and Loqate.
  • Platform.sh, for the purpose of provision of cloud data hosting services.
  • Third party card processing and merchant acquiring companies that will process your debit card payments for us, including Adyen.
  • Visa Partnerships, for the purpose of facilitating partnerships of CarbonPay with certain brands in order to monitor spending and to provide subsequent offers to customers.
  • Analytics and search engine providers that assist us in the improvement and optimisation of our site.
  • Euler Hermes for the purposes of appointing debt collection companies where you fail to make a payment despite several notifications to you.

We do not provide your information for marketing purposes or to marketing companies.

Moreover, we may disclose your personal data to third parties:

  • If we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  • If CarbonPay, its business, or its assets are acquired by a third party, in which case personal data held by it about its users, suppliers, or customers will be one of the transferred assets; and
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions and other agreements; or if we reasonably consider this necessary; or to protect the rights, property, or safety of CarbonPay, our users, our customers, or others.

Where We Store Your Personal Data and How We Protect it

We take reasonable steps to protect your personal data from loss or destruction. Where you have a username or password (or other identification information) which enables you to access certain services or parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our site; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.

Your Rights

You have various rights with respect to our use of your personal data:

    • Access: You have the right to request a copy of the personal data that we hold about you. Please note that there are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information. You are entitled to see the personal data held about you. If you wish to do this, please contact us using the contact details provided below.
    • Accuracy: We aim to keep your personal data accurate, current, and complete. We encourage you to contact us using the contact details provided below to let us know if any of your personal data is not accurate or changes during your relationship with us, so that we can keep your personal data up-to-date. You can also review and correct/ update some of your personal data by logging-in to your account on our site.
    • Objecting: In certain circumstances, you also have the right to object to processing of your personal data and to ask us to block, erase and restrict your personal data. If you would like us to stop using your personal data, please contact us using the contact details provided below.
    • Porting: You have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format.
    • Erasure: You have the right to erase your personal data when the personal data are no longer necessary for the purposes for which they were collected, or when, among other cases, your personal data have been unlawfully processed.
    • Review of Automated Decision-Making: You have the right to request a manual review of any decision made based solely on automated processing of your personal data (i.e. where no human has yet reviewed the criteria or outcome for the decision) in circumstances where the decision has a legal or similarly significant effect on you. 
    • Complaints: If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority or to seek a remedy through the courts. The relevant supervisory authority in the United Kingdom is the Information Commissioner’s Office (ICO).

The ICO’s address:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

You are not required to pay any charge for exercising your rights. You can exercise any of the above mentioned rights by emailing us at: [email protected].

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

International Transfers of Personal Data

We do not transfer your personal data outside of the European Economic Area.

How Long We Keep Your Personal Data

We will retain your personal data, whether or not your account is active, for as long as we believe it necessary or desirable to fulfil our business purposes or to comply with applicable law, audit requirements, regulatory requests or orders from competent courts.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Changes to our Privacy Policy

Any changes we make to our Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Policy.

Contact Details

Questions, comments and requests regarding this Policy are welcomed and should be addressed to [email protected].