CarbonAnalytics Privacy Policy

CarbonAnalytics ("we," "us," "our," or "Company") is committed to protecting your privacy and personal data in compliance with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and other applicable privacy laws. IMPORTANT DISCLAIMER: We provide carbon accounting software tools and methodologies. We are NOT professional carbon accountants, auditors, or verifiers. Users are solely responsible for data accuracy, regulatory compliance, and independent verification of all carbon calculations before official reporting or public disclosure.

CarbonAnalytics serves as the data controller for personal data processed through our services. For data protection inquiries, contact us at privacy@carbonanalytics.com. Service Limitations: Our data processing supports your use of carbon accounting tools. All calculations and reports generated require independent professional verification before official use.

You have the right to lodge complaints with the Information Commissioner's Office (ICO) at www.ico.org.uk. We encourage you to contact us first to resolve any concerns.

We collect the following types of personal data: Identity Data: • First and last name • Username or unique identifier • Job title and company information • Profile picture Contact Data: • Email address • Phone number • Business address • Communication preferences Technical Data: • IP address • Browser type and version • Operating system • Device information • Cookies and tracking technologies Usage Data: • Platform interaction data • Feature usage patterns • Session duration and frequency • Carbon calculation inputs Financial Data: • Payment method information • Billing address • Transaction history • Subscription details Carbon Data: • Energy consumption data • Emissions calculations • Sustainability metrics • Environmental reporting data

We do not intentionally collect special categories of personal data (race, ethnicity, political opinions, religious beliefs, health data, etc.) or criminal conviction information.

• Account registration • Contact forms and surveys • Customer support interactions • Event registrations • Newsletter subscriptions

• Website and platform usage through analytics • Cookies and tracking technologies • API usage logs • Security monitoring

• Business contact databases • Social media platforms (when you connect accounts) • Integration partners and APIs • Public sustainability databases

We process personal data based on: Consent: When you opt-in to marketing communications or optional services Contract Performance: To provide our carbon analytics services and fulfill subscription agreements Legitimate Interests: For business operations, security, fraud prevention, and service improvement Legal Compliance: To meet regulatory requirements, tax obligations, and legal proceedings

• Account creation and management • Carbon footprint calculations and analytics • Sustainability reporting and insights • Customer support and troubleshooting • Platform security and fraud prevention

• Payment processing and billing • Service improvement and development • Usage analytics and performance monitoring • Legal compliance and regulatory reporting

• Service updates and notifications • Educational content and resources • Event invitations and webinars • Marketing communications (with consent) • Personalized recommendations

• Platform feature development • Carbon calculation methodology improvement • Sustainability trend analysis • Academic research partnerships (anonymized data)

We share data with trusted third-party processors including but not limited to: • Cloud hosting and infrastructure providers • Database and backend service providers • Frontend hosting and deployment platforms • Payment processors • Email service providers • Analytics platforms • Customer support tools All service providers are bound by appropriate data processing agreements and security requirements.

In case of merger, acquisition, or sale, your data may be transferred as part of business assets.

We may disclose data when required by law, court order, or to protect our rights and safety.

We may share data with your explicit consent for specific purposes.

Your data may be transferred to and processed in countries outside the UK/EU where our service providers operate, including but not limited to cloud infrastructure providers, database services, and hosting platforms.

We ensure adequate protection through: • European Commission adequacy decisions • Standard Contractual Clauses (SCCs) • Binding Corporate Rules • Certification schemes • Infrastructure provider compliance with international data protection standards

We retain personal data for: • Account data: Duration of account plus 3 years • Financial data: 7 years for tax and audit purposes • Usage data: 2 years for analytics and improvement • Marketing data: Until consent withdrawn plus 1 year

Data is deleted when: • No longer necessary for original purpose • Consent is withdrawn (where applicable) • Processing becomes unlawful • Legal obligation requires deletion

Under data protection law, you have the right to: Access: Request copies of your personal data Rectification: Correct inaccurate or incomplete data Erasure: Request deletion of personal data Restriction: Limit processing in certain circumstances Portability: Receive data in structured format Objection: Object to processing based on legitimate interests Automated Decision-Making: Not be subject to solely automated decisions

To exercise your rights, contact us at privacy@carbonanalytics.com. We'll respond within 30 days and may request identity verification.

We don't charge fees for rights requests unless they're excessive or unfounded.

We implement appropriate technical and organizational measures including: • End-to-end encryption for data in transit (TLS/SSL) • Strong encryption for data at rest • Multi-factor authentication systems • Enterprise-grade cloud infrastructure security • Database-level security controls and access restrictions • Regular security assessments and monitoring • Employee training on data protection • Incident response procedures • Industry-standard cloud security practices

We'll notify relevant authorities and affected individuals of data breaches within required timeframes.

We use cookies for: • Essential platform functionality • Performance and analytics • Personalization and preferences • Security and fraud prevention

You can control cookies through your browser settings and our cookie preference center.

We use services like Google Analytics with privacy-friendly configurations and data processing agreements.

Our services are not intended for children under 16. We don't knowingly collect data from children under 16.

Users aged 16-18 should have parental consent before using our services.

We may update this policy to reflect legal changes or service improvements. Material changes will be communicated via email or platform notifications.

Continued use of our services after policy updates constitutes acceptance of changes.

For privacy-related questions or concerns: • Email: privacy@carbonanalytics.com • Address: Carbonsystem Technology Limited, 10-12 Mulberry Green, Old Harlow, Essex, United Kingdom, CM17 0ET

Information Commissioner's Office (ICO) • Website: www.ico.org.uk • Phone: 0303 123 1113