Last Updated: May 2, 2022
CarbonPay Limited (referred to and trading as “CarbonPay“, or “we” or “our” in this policy) is committed to respecting the privacy of individuals, including its clients. CarbonPay is a company registered in England under company number 12934414, and whose registered office is at Suite 1, 3rd Floor, 11-12 St James Square, Floor 9, London, SW1Y 4LB, United Kingdom. CarbonPay is a service providing individuals with a solution to offset their carbon emissions at retailers that accept Visa. CarbonPay owns and operates this site: https://carbonpay.io. CarbonPay collects your personal data as explained below, when you access our site and you create your user account for becoming a user and then using the CarbonPay card.
Personal Data We collect
We may collect and process the following personal data:
Information you give us:
In order to set up your account with us and for us to perform our contract with us, we may process the following personal data which you provide to us:
- Identity data – including first name, last name, role in organisation (in case of corporate applications) and date of birth.
- Contact data – including address, e-mail address and phone number.
- Financial data – including payment method, debit and credit card information.
- Profile data – including your account password, preferences, feedback and survey responses.
Information we collect about you:
With regard to each of your visits to our site we may collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
Information we receive from other sources:
We may also receive information about you when our payment service provider settles a payment on your behalf and /or from your bank in the event there is a failed payment.
Information about other people:
If you provide information to us about any person other than yourself, such as your relatives, next of kin, your advisers or your suppliers, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.
We do not currently collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
General Use and Legal Basis
We use your personal data:
- To measure the adequate performance of our contract with you, for:
- Managing such contractual relationship between you and us;
- Enabling you to access and use our site, and
- Enabling you to use the CarbonPay card.
- Where this is necessary for purposes which are in our legitimate interests (or those of a third party). These interests are:
- Facilitating the creation, securing, and maintaining, of your account on our network; and
- Improving the quality of experience when you interact with our services.
- For purposes which are required by law, including:
- Responding to requests by government or law enforcement authorities conducting an investigation.
Automated Decision-Making and Profiling
We do not use solely automated decision making or profiling.
Disclosure of Your Personal Data
We may share your personal data with our subsidiaries and/or affiliates and also with trusted third parties including:
- Modulr Finance and Modulr FS Limited, for the purposes of performance of the contract we enter into with you and for the purposes of issuing the CarbonPay card.
- Certain APIs to provide you with an improved customer journey including Plaid, Euler Hermes, Messagebird, Sendgrid and Loqate.
- Platform.sh, for the purpose of provision of cloud data hosting services.
- Third party card processing and merchant acquiring companies that will process your debit card payments for us, including Adyen.
- Visa Partnerships, for the purpose of facilitating partnerships of CarbonPay with certain brands in order to monitor spending and to provide subsequent offers to customers.
- Analytics and search engine providers that assist us in the improvement and optimisation of our site.
- Euler Hermes for the purposes of appointing debt collection companies where you fail to make a payment despite several notifications to you.
We do not provide your information for marketing purposes or to marketing companies.
Moreover, we may disclose your personal data to third parties:
- If we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- If CarbonPay, its business, or its assets are acquired by a third party, in which case personal data held by it about its users, suppliers, or customers will be one of the transferred assets; and
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions and other agreements; or if we reasonably consider this necessary; or to protect the rights, property, or safety of CarbonPay, our users, our customers, or others.
Where We Store Your Personal Data and How We Protect it
We take reasonable steps to protect your personal data from loss or destruction. Where you have a username or password (or other identification information) which enables you to access certain services or parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our site; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
You have various rights with respect to our use of your personal data:
- Access: You have the right to request a copy of the personal data that we hold about you. Please note that there are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information. You are entitled to see the personal data held about you. If you wish to do this, please contact us using the contact details provided below.
- Accuracy: We aim to keep your personal data accurate, current, and complete. We encourage you to contact us using the contact details provided below to let us know if any of your personal data is not accurate or changes during your relationship with us, so that we can keep your personal data up-to-date. You can also review and correct/ update some of your personal data by logging-in to your account on our site.
- Objecting: In certain circumstances, you also have the right to object to processing of your personal data and to ask us to block, erase and restrict your personal data. If you would like us to stop using your personal data, please contact us using the contact details provided below.
- Porting: You have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format.
- Erasure: You have the right to erase your personal data when the personal data are no longer necessary for the purposes for which they were collected, or when, among other cases, your personal data have been unlawfully processed.
- Review of Automated Decision-Making: You have the right to request a manual review of any decision made based solely on automated processing of your personal data (i.e. where no human has yet reviewed the criteria or outcome for the decision) in circumstances where the decision has a legal or similarly significant effect on you.
- Complaints: If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority or to seek a remedy through the courts. The relevant supervisory authority in the United Kingdom is the Information Commissioner’s Office (ICO).
The ICO’s address:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
You are not required to pay any charge for exercising your rights. You can exercise any of the above mentioned rights by emailing us at: firstname.lastname@example.org.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
International Transfers of Personal Data
We do not transfer your personal data outside of the European Economic Area.
How Long We Keep Your Personal Data
We will retain your personal data, whether or not your account is active, for as long as we believe it necessary or desirable to fulfil our business purposes or to comply with applicable law, audit requirements, regulatory requests or orders from competent courts.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Any changes we make to our Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Policy.
Questions, comments and requests regarding this Policy are welcomed and should be addressed to email@example.com.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
We use necessary cookies that are required for the operation of our website and application, for example cookies that enable you to log into secure areas or make use of e-billing services.
Our purpose in collecting this information is to better understand how CarbonPay’s visitors use our website and to identify any usability problems, so that we may make the necessary improvements to enhance our visitors’ experience in the future. When we collect this information, your identity will remain anonymous and we do not use this information to identify you.
We may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive.
They help us to improve the Website and to deliver a better and more personalised service. They enable us:
- to estimate our audience size and usage pattern;
- to store information about your preferences, and so allow us to customise our site according to your individual interests;
- to speed up your searches; and
- to recognise you when you return to our site.
Most web browsers offer users controls, to give you the option to delete or disable cookies. You can usually find out how to do so by referring to the ‘Help’ option on the menu bar of your browser, or by visiting the browser developer’s website. This will usually tell you how to prevent your browser from accepting new cookies; notify you when you receive new cookies; and disable cookies altogether. Please note that disabling cookies will stop you accessing private areas of the website. Blocking all cookies (including essential cookies) will have a negative impact upon the usability of many websites. If you block cookies, you will not be able to use all the features on our website.
Except for essential cookies , all cookies will expire after a period of one (1) week.
Questions, comments and requests regarding this Policy are welcomed and should be addressed to firstname.lastname@example.org.