Privacy Policy and Cookie Policy
Privacy Policy and Cookie Policy
Introduction
This privacy policy (“policy) explains how we process your personal data, incl. what we use it for and how we store and protect it.
Why? Because we care about your privacy.
Who we are
We are the entity responsible for the processing of your personal data in accordance with this policy. Here’s our information:
Carbon & Finch
Second floor of Epsom Square
Suite 8 & 9 in the Epsom Workhub
Epsom square
8-9 Derby Square
Epsom High street
KT19 8AG
Email: support@carbonandfinch.com
Phone: 01372 303 304
To make the policy more user friendly we use “we”, “us”, “our” etc. to describe our company.
When we refer to “you” we mean you as a user of our website, app or customer of our online services or products.
Our website address is: https://carbonandfinch.com.
Links to other websites etc.
On our website, in our emails and on our social-media profiles, we may have links to other companies, apps or websites (“other websites”) that aren’t ours. This policy doesn’t cover how those other websites process your data. We encourage you to read the privacy notices on the other websites you visit.
Why, what and for long we process your data
We process your personal data for these purposes:
Purpose #1: Deliver our service & products
We process your data deliver our services & products, contact you concerning our platform, carry out demos, workshops, and other services that can be ordered through the website. We also process your data to give you access to ensure that you can log into your account, send you notifications, register and identify you as a customer/user, process your payment, enable account and product features, log and save the actions you take when you use our product and website, respond to your questions and provide you with customer service and support, including sending service related messages to you.
Here is the data we process:
- Your contact details such as name, email, title and telephone/mobile number
- The company you work for, including their domain, address and country
- Purchase history
- Your request, e.g. sign-up and use of our product, when you accepted our terms & conditions, when you signed up, when you requested a demo, when you contacted us for support etc.
- If you email us, we will collect the content of your message.
- We also collect data that you enter into our product or website such as prospects, customers, names, job titles, phone numbers, emails and other information relating to your customers or suppliers.
- Payment information, e.g. your credit or debit card details and billing address.
- Login details and verification.
- What choices you made when you set up your account, when you became a customer, your user role, when you are logging into our product.
- Other interactions you have with us and our service, e.g customer support, account and product setup, user interviews, UX research, customer feedback etc.
- Information about how you use our product and what services you and your company are subscribing to.
We don’t process any sensitive data.
We process your data on these legal bases:
- Your consent (GDPR Article 6.1.a)
- To perform our contract with you (GDPR Article 6.1.b)
- Comply with our legal obligations (GDPR Article 6.1.c),
- To pursue legitimate business interests of our own related to operating our website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f).
- For the establishment, exercise or defense of legal claims, where necessary (GDPR Article 9.2.f)
We will keep these data for as long as they are necessary for the purposes for which they are being processed. As a general rule, data will be kept for as long as you use our product or services or have an account with us plus 5 years following the conclusion of your account / relationship with us. Special circumstances or legal requirements may entail that such periods may be shorter or longer, including for the purpose of complying with legal requirements for the erasure or keeping of data.
If you are employed by one of our customers, we will keep your data as long as we have a business relationship with that customer.
We collect your personal data:
- Directly from you
- Online sources, e.g. Linkedin
- Public authorities
- Banks, incl. Stripe
Purpose #2: Marketing
We process your data for marketing-related purposes, incl. sending you newsletters, doing demos and webinars, tailoring our communication with you to accommodate your areas of interests and focus and sending you relevant product and service promotion and offers.
Here is the data we process:
- Your contact details such as name, email, title and telephone/mobile number
- The company you work for, incl. their domain, address and country
- Purchase history, interest areas and use of our digital services,
- What newsletters you signed up for, when you asked to receive email marketing, when you asked to receive a demo,
- When you gave consent
- Which events you have participated in, signed up for etc.
We don’t process any sensitive data.
We process your personal data on these legal bases:
- Your consent (GDPR Article 6.1.a)
- To perform our contract with you (GDPR Article 6.1.b)
- Comply with our legal obligations (GDPR Article 6.1.c),
- To pursue legitimate business interests of our own related to operating our website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f).
- Article 9.2.f (necessary for the establishment, exercise or defence of legal claims)
We keep your data for as long as you are subscribing to our newsletters, email marketing etc. If you ask us to unsubscribe you, we will keep your data for two years after your request so we can show that we have honored your request and to make sure that you aren’t receiving the material.
We keep your information for up to two years after our most recent contact with you.
If we have collected publicly accessible information about you for the purpose of being able to carry out marketing activities, we will keep such data for as long as the relevant activity is ongoing and for two years after that.
Regarding events, seminars, courses etc. we’ll keep your personal data as long as they are necessary for the purposes of the course, the event or seminar in question and for evaluating them.
We collect your data:
- Directly from you
- Online sources, e.g. social media that are publicly available (Linkedin)
Purpose #3: Improve, optimize or modify the experience on our website, online service and apps
We process your data to improve and optimize the experience on our website, the services and in the product etc. We use the data to operate our services, enhance and protect the security and ensure their secure, reliable, and robust performance, to improve the content we show you, determine what content is most helpful and the usability of our website, apps and online services.
Here is the data we process
When you visit our website, our servers may automatically log the standard data provided by your web browser. It includes your computer’s Internet Protocol (IP) address, your browser type and version, your user agent, the pages you visit, the time and date of your visit, the time spent on each page, and other details.
Cookie information: We use cookies and similar technologies to collect additional website usage data and to operate our services.
We receive information when you interact with our services, e.g. when you visit our websites, when you sign into your account, or when you interact with email subscriptions. This includes information such as your IP address, browser type, browser language, operating system, the referring web page, pages visited, location, device information, and cookie information.
We process your data on these legal bases:
- Your consent (GDPR Article 6.1.a)
- To perform our contract with you (GDPR Article 6.1.b)
- Comply with our legal obligations (GDPR Article 6.1.c),
- To pursue legitimate business interests of our own related to operating our website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f).
- Article 9.2.f (necessary for the establishment, exercise or defence of legal claims)
We keep this data for up to 2 years and cookie information is kept in accordance with the cookie policy.
We collect your data:
- Directly from you
- Online sources, e.g. social media that are publicly available (LinkedIn)
- From the use of the cookies which you were presented with in visiting our website
Purpose #4: Business- and product development
We process your data to do data analysis, audits, developing new products and services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.
Here is the data we process
- Your contact details such as name, email, title and telephone/mobile number
- The company you work for, incl. their domain, address and country
- How you are using our products and services
- Purchase history, interest areas and use of our digital services,
We process your data on these legal bases:
- Your consent (GDPR Article 6.1.a)
- To perform our contract with you (GDPR Article 6.1.b)
- Comply with our legal obligations (GDPR Article 6.1.c),
- To pursue legitimate business interests of our own related to operating our website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f).
We collect your data:
- Directly from you
- Online sources, e.g. social media that are publicly available
We will retain data processed for this purpose for:
For as long as you have an account with us plus up to 3 years from you are no longer using our services.
Purpose #5: Statistics
We process your data to compile statistics for the use of our website and apps.
Here is the data we process
When you visit our website or apps, our servers may automatically log the standard data provided by your web browser. It includes your computer’s Internet Protocol (IP) address, your browser type and version, your user agent, the pages you visit, the time and date of your visit, the time spent on each page, and other details.
Cookie information: We use cookies and similar technologies to collect additional website usage data and to operate our services.
We receive information when you interact with our services, e.g. when you visit our websites, when you sign into your account, or when you interact with email subscriptions. This includes information such as your IP address, browser type, browser language, operating system, the referring web page, pages visited, location, device information, and cookie information
We process your data on these legal bases:
Your consent (GDPR Article 6.1.a)
To perform our contract with you (GDPR Article 6.1.b)
Comply with our legal obligations (GDPR Article 6.1.c), incl. the ePrivacy Directive
To pursue legitimate business interests of our own related to operating our website and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f).
We collect your data:
Directly from you
Online sources, e.g. social media that are publicly available (LinkedIn)
The use of cookies as described when you visited our website (of course depending on your acceptance of the different cookie categories)
We will retain your data up to 3 years from when you visited our website and/or used our services & products.
Purpose #6: Comply with obligations
Data is processed to comply with legal obligations and requirements, requests from public and governmental authorities, relevant industry standards and our internal policies, and protect our operations and our rights.
Here is the data we process
Your contact details such as name, email, title and telephone/mobile number
The company you work for, incl. their domain, address and country
Information required to comply with public and governmental authorities
Purchase history and use of our digital services,
The data retention period will be based on statutory requirements.
Additional information
We do not sell or rent your data to marketers or third parties.
Some of these grounds for processing your data overlap, so there may be several reasons which justify us processing your data.
We may also use your data in other ways but we will inform you about these purposes when we collect your data.
If you would like more information about our legal basis for processing your data, feel free to contact us (see our details in the beginning of the policy).
Please note that special circumstances or legal requirements may mean that such periods may be shorter or longer, depending on the purpose of complying with legal requirements for the erasure or keeping of information.
Third parties and processors
We use companies (processors) to help us deliver our services to you, e.g. to provide the hosting environment for our product, send out newsletters, to help us run our website, manage our payment etc.
When we use a processor we make sure that there is a legal agreement in place regarding how they will be handling data on our behalf. We’ll also make sure that they have appropriate security measures in place and if they are located outside the EU, we’ll of course make sure that there is a legal agreement in place allowing us to give them access to the data (see more below).
We share your personal data with:
- Suppliers and vendors that we work with to assist our company (meaning service providers, technical support, supply services, and financial institutions)
- Group entities
- Public authorities
Here’s are some of the suppliers we use:
- JeffreyaI.com is our sales and engagements platform
- Amazon Web Services to host a few of our services with AWS. Data is stored within the European Union
- Salesforce’s Heroku’s PaaS infrastructure for most parts of our services. Data is stored within the European Union.
Read our cookie policy regarding the suppliers we use for those services.
In the event that we are involved in a bankruptcy, merger, acquisition, reorganization, your information may be transferred as part of that transaction. This policy will continue to apply to your information also after the information has been transferred to the new entity.
Transfer to countries outside the EU/EEA
In some cases, we’ll transfer your data to the following countries outside the EU/EEA:
USA
The transfers will take place on the basis of these legal bases:
The country/countries has/have not been deemed by the Commission of the European Union to have an adequate level of protection of personal data. We will provide appropriate safeguards for the transfer:
through the use of “Model Contracts for the Transfer of Personal Data to Third Countries”, as published by the Commission of the European Union, or any other contractual agreement approved by the competent authorities. You may obtain a copy of the contract/agreement by contacting us at support@carbonandfinch.com.
Your rights
You have these rights:
- Your right of access and rectification – You have the right to ask us for copies of your personal data or ask us to rectify information you think is inaccurate. There are some exemptions, which means you may not always receive all the information we process but as a main rule you can always contact us and ask for your information.
- Your right to erasure – You can ask us to erase your personal information in certain circumstances.
- You also have the right to have the processing of your personal data restricted.
- Your right to withdraw your consent: If processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdrew your consent. You may withdraw your consent by sending an email to support@carbonandfinch.com.
- Your right to restriction of processing and object to processing – You have the right to ask us to restrict the processing of your information and a similar right to object to processing.
- Your right to data portability: You have the right to receive your personal information in a structured, commonly used and machine-readable format (data portability).
- Where your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data about you for such marketing.
- The law gives us one month to respond to you, but we will try to respond sooner.
- There may be conditions or limitations on these rights. It is therefore not certain e.g. you have the right of data portability in a specific case – this depends on the specific circumstances of the processing activity. You are always welcome to contact us and ask. The same goes for some of the other rights.
Complaints
You can always lodge a complaint with a data protection authority, for example the United Kingdom Data Protection Agency.
Assistance and additional information
You can take steps to exercise your rights by using the contact details above. If you have questions about the policy, feel free to contact us by using the contact details in this policy.
How to unsubscribe to email marketing material?
If you’ve subscribed to our newsletters or asked to receive marketing material from us, you can always unsubscribe. In all these emails we include an unsubscribe link and you always click the link and easily unsubscribe.
You can also unsubscribe by sending us an email to support@carbonandfinch.com
Children and our services
Our services and website aren’t directed to children, and you can’t use our services if you are under the age of 18.
Changes to the policy
Sometimes we need to make changes to this policy to reflect our current practices. We will take reasonable steps to let you know about changes via our website.
If you are a registered user, we will notify you via email if significant changes are being made to the policy using the email address you gave us when you signed up.
If you continue to use our website or services after the notification, we will regard this as your acceptance of our privacy practices.
The policy was last updated on 01 October 2024.