With 20 years’ experience and a global network of project partners, we work with our clients to deliver high quality solutions that ensure immediate, positive impact on the world’s natural capital.
When we send you information we think you might be interested in, you have the right to unsubscribe at any time by contacting us as set out hereunder or by following the unsubscribe instructions in our communications.
When we refer to “our Website” or “this Website”, we mean the specific webpages with a URL starting:
- www.carbonneutral.com; and
“Data Protection Legislation” means (i) before 25 May 2018, the EU Data Protection Directive 95/46 and all national implementing laws (including the UK Data Protection Act 1998); and (ii) on or after 25 May 2018, the EU General Data Protection Regulation 2016/679; together with all other applicable legislation relating to privacy or data protection.
“process” means any operation performed on information about you, including to collect, record, organise, structure, store, alter, use, transfer, destroy or otherwise make available.
We take the security of all the data we hold very seriously and adhere to internationally recognised security standards. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
When and how we share personal data and locations of processing
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.
We are part of a multinational corporation and, in common with other multinational corporations, we use third parties located in other countries to assist us in running our business. As a result, personal data may be transferred outside the countries where we and our clients are located, including to countries outside the European Union ("EU") and to countries that do not have laws that provide specific protection for personal data.
Personal data held by us may be transferred to:
Our parent company, affiliates, and subsidiaries
We may share personal data with our parent company, affiliates, and subsidiaries where necessary for administrative purposes and to provide professional services to our clients (e.g. when providing services involving entities in different territories). Our business contacts are visible to and used by staff from all such entities to learn more about a contact, client or opportunity in which they have an interest.
Third party organisations that provide applications/functionality, data processing or IT services to us
We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service providers, credit card processors, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.
Third party organisations that otherwise assist us in providing goods, services or information
Audtors and other professional advisers
Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation
Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfill requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
Any other person or organisation after a restructure, sale or acquisition of Natural Capital Partners, as long as they use your information for the same purposes we did;
Credit reference agencies or other organisations that help us make credit decisions and reduce the incidence of fraud; and
Other third parties that reasonably require access to personal data relating to you, including your employer.
We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EU are done lawfully. Where we transfer personal data outside of the EU to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as the European Commission approved standard contractual clauses.
We may share non-personal, anonymised and aggregated information with third parties for several purposes, including data analytics, research, submissions, thought leadership and promotional activity.
What personal data we collect
We may collect, record and use your personal data in physical and electronic form, and will hold, use and otherwise process that data in line with the Data Protection Legislation and as set out in this policy.
When we provide services to you or our clients and perform due diligence checks in connection with our services (or discuss possible services we might provide), we will process personal data about you. We may also collect personal data from you when you use this Website.
We may process your data because:
- you give it to us (for example, in a form on our Website, on a business card, or in a resume emailed to us);
- other people give it to us (for example, your employer or adviser, or third party service providers that we use to help operate our business); or
- it is publicly available.
The personal data we process may include your:
- name, gender, age and date of birth;
- contact information, such as address, email, and mobile phone number;
- country of residence;
- lifestyle and social circumstances (for example, your hobbies);
- family circumstances (for example, your marital status and dependents);
- employment and education details (for example, the organisation you work for, your job title and your education details);
- financial and tax-related information (for example your income, investments and tax residency);
- postings or messages on any blogs, forums, platforms, wikis or social media applications and services that we provide (including with third parties);
- IP address, browser type and language, and your access times;
- information in any complaints you make;
- details of how you use our products and services;
- CCTV footage and other information we collect when you access our premises; and
- details of how you like to interact with us, and other similar information relevant to our relationship.
The personal data we collect may also include so called ‘sensitive’ or ‘special categories’ of personal data, such as details about your:
- dietary requirements (for example, when Natural Capital Partners would like to provide you with lunch during a meeting);
- health (for example, so that we can make it easy for you to access our buildings, products and services); and
- sexual orientation (for example, if you provide us with details of your spouse or partner).
We may also process personal data relating to ethnic or racial origin (for example, any multicultural networks you belong to), or about your political opinions (inferred from information you give us about political associations you belong to or have donated to).
We will typically seek separate permission from you in writing to process these special categories of personal data.
If you choose not to provide, or object to us processing, the information we collect (see section ‘Your rights’ below), we may not be able to process your instructions or continue to provide some or all of our services to you or our client.
How we use your personal data
We process information about you and/or your business to enable us to provide our services to you or our clients, and to meet our legal or regulatory obligations. Some of your personal data may be used for other business purposes. Below are some examples.
Use of personal data to provide services to our clients
We will use your personal data to provide you or our clients or other third parties with services, and this includes using your personal data in correspondence relating to those services. That correspondence may be with:
- other third parties;
- our service providers; or
- competent authorities.
We may also use your personal data to conduct due diligence checks relating to the services.Because we provide a wide range of services to our clients or other third parties, the way we use personal data in relation to our services also varies. For example, we might use personal data about:
- a client’s employees to communicate about our services; or
- a client’s employees and customers in the course of developing a white label product for a client.
Use of personal data for other activities that form part of the operation of our business
We may also use your personal data in connection with:
- legal or regulatory requirements;
- requests and communications from competent authorities;
- client account opening and other administrative tasks;
- financial accounting, invoicing and risk analysis;
- relationship management, which may involve:
(a) sending you thought leadership or details of our products and services;
(b) contacting you for feedback on services;
(c) sending you event invitations; and
(d) other marketing or research purposes;
- recruitment and business development, which may involve:
(a) the use of testimonials from a client’s employees as part of our recruitment and business development materials (with that employee’s permission); and
(b) the use of third-party data sources to help us verify and improve the information we hold about key business relationships with individuals;
- services we receive from our professional advisors, such as lawyers, accountants and consultants;
- investigating or preventing security incidents; or
- protecting our rights and those of our clients.
Use of personal data collected via our Website
In addition to the above, we may also use your personal data collected via our Website:
- to provide you a service you have engaged us to provide on our Website, which may involve:
(a) processing information you have provided on a calculator that measures greenhouse gas emissions attributable to your business operations or personal life;
(b) processing credit card transactions in connection with instrument management services or other services; and
(c) corresponding with you, including by email or telephone, in connection with customer service.
- to manage and improve our Website;
- to tailor the content of our Website to give you a more personalised experience;
- to draw your attention to information about our products and services that may be of interest to you; or
- to manage and respond to any request you submit through our Website.
We seek to ensure that we only keep your personal data for the longest of:
- the period we expect is necessary for the relevant activity or services;
- any retention period that is required by law; or
- the period in which litigation or investigations might arise in respect of the services.
The legal grounds we use for processing personal data
- you have explicitly agreed to us processing your information for a specific reason;
- the processing is necessary to perform the agreement we have with you or to take steps to enter into an agreement with you;
- the processing is necessary for compliance with a legal obligation we have such as keeping records for tax purposes or providing information to a public body or law enforcement agency; or
- the processing is necessary for the purposes of a legitimate interest pursued by us or a third party, which might be:
(a) to provide our services to you or our clients and other third parties and ensure that our client engagements are well-managed;
(b) to prevent fraud;
(c) to protect our business interests;
(d) to ensure that complaints are investigated;
(e) to evaluate, develop or improve our services or products; or
(f) to keep you or our clients informed about relevant products and services and provide you with information, unless you have indicated at any time that you do not wish us to do so.
To the extent that we process any special categories of data relating to you for any of the purposes outlined above, we will do so because:
- you have given us your explicit consent to process that data;
- we are required by law to process that data in order to ensure we meet our ‘know your client’ and ‘anti-money laundering’ obligations (or other legal obligations imposed on us);
- the processing is necessary to carry out our obligations under employment, social security or social protection law;
- the processing is necessary for the establishment, exercise or defence of legal claims; or
- you have made the data manifestly public.
Please note that in certain circumstances it may be still lawful for us to continue processing your information even where you have withdrawn your consent, if one of the other legal bases described above is applicable.
Individuals’ rights and how to exercise them
Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights. Where we decide how and why personal data is processed, we are a data controller and include further information about the rights that individuals have and how to exercise them below.
Access to personal data
You have a right of access to personal data held by us as a data controller. This right may be exercised by emailing us at firstname.lastname@example.org. We may charge fees for a request for access in accordance with applicable law. We will aim to respond to any requests for information promptly, and in any event within the legally required time limits.
Amendment of personal data
To update personal data submitted to us, you may email us at email@example.com or, where appropriate, contact us via the relevant website registration page or by amending the personal details held on relevant applications with which you registered. When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information.
Withdrawal of consent
Where we process personal data based on consent, individuals have a right to withdraw consent at any time. We do not always, or even generally, process personal data based on consent (as we can usually rely on another legal basis). To withdraw consent to our processing of your personal data please email us at firstname.lastname@example.org or, to stop receiving an email from a marketing list we use, please click on the unsubscribe link in the relevant email received from us.
Other data subject rights
If you wish to exercise any of these rights or if you have any questions or comments about privacy issues, please send an email to email@example.com.
Right to complain
If you wish to raise a complaint about how we are using your information, you can contact us by sending an email to firstname.lastname@example.org.
You can also complain to the Information Commissioner’s Office, which regulates and supervises the use of personal data in the UK, on 0303 123 1113. If you are not based in the UK, you have a right to complain to the EU Data Protection Authority (“DPA”) in your jurisdiction.