Last updated: 14/02/23
Who we are and what is this policy for?
We are BeZero Carbon Ltd (BeZero, we, us, our), a company registered in England and Wales under company number 12577887 whose registered office is at Senna Building, Gorsuch Place, London E2 8JF.
We are the controller in relation to the personal data processed in accordance with this policy (except where this policy explains otherwise). This means that we decide the purposes and means of processing your personal data.
What personal data do we collect about you?
We may process your personal data that we have obtained:
from you – when you interact with us;
from the company you work for – if they are a current or prospective customer or supplier; and
when you use our platform (https://bezerocarbonmarkets.com); or
when you use our website (https://bezerocarbon.com).
The personal data about you that we process may include:
contact information: your name, the name of the company where you work (our customer or supplier), job title, office location, work email address and work telephone number;
platform information: username and password;
platform usage information: projects, and underlying information, and other content viewed on each visit;
feedback and enquiry information: any responses you give when you rate our services or reply to a survey, any information you send when you contact us, submit an enquiry on our website or platform or comment on our social media pages (for example, your social media handle); and
marketing information: preferred methods of communication and product types in which you are interested.
Cookies and other technologies
How we use your information
BeZero is required to identify a legal justification (also known as a lawful basis) for collecting and using your personal data. There are six legal justifications which organisations can rely on under UK and European law. The most relevant of these to BeZero are where we use your personal data to:
pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by your other rights and freedoms (e.g. your right to privacy); or
comply with a legal obligation that we have.
|Taking steps to enter into a contract with our customer
|Legitimate interests (necessary to conclude our contract with our customer and obtain contact details for key personnel)
|Providing our service to our customer
|Legitimate interests (necessary to fulfil our service contract with our customer)
|Processing payments and collecting and recovering monies owed to us
|Legitimate interests (to receive payments or recover monies owed to us)
|Sending marketing communications
|Legitimate interests (necessary to promote our services and grow our business) / Consent (when you tick our opt-in box)
|Asking you to participate in surveys and other types of feedback
|Legitimate interests (necessary for product and service improvement purposes)
|Understanding how our service, platform and website are being used
|Legitimate interests (necessary to improve and optimise our services, platform and website)
|Administering and protecting our services, platform, website and internal systems
|Legitimate interests (necessary to provide our services, platform and website, monitor and improve network security and prevent fraud)
|Legal obligation (necessary to comply with our obligations under data protection law)
We sometimes anonymise the personal data we collect (so it can no longer identify you as an individual) and then combine it with other anonymous information so it becomes aggregated data. Aggregated data helps us identify trends (such as the number of key personnel with similar role title or percentage of website visitors visiting a particular webpage on our website). Data protection law does not govern the use of aggregated data and the various rights described below do not apply to it.
Who we share your personal data with
We may share your personal information with the following categories of recipients:
Our personnel: BeZero employees (or other types of workers) who have contracts containing confidentiality and data protection obligations.
Our supply chain: other organisations that we engage to support the services we offer through the website and platform, in particular those providing website and data hosting services, providing fulfilment services, distributing any communications we send, supporting or updating marketing lists, facilitating feedback on our services and providing IT support services from time to time.
These organisations will process your personal information in accordance with our instructions and we will only provide to them such personal data as is required for them to provide their support. We will have a contract with each organisation containing confidentiality and data protection obligations. Please see the section on Marketing for more details on how we use HubSpot.
Our professional advisers: such as our accountants, auditors, legal advisors and/or other professional advisors where we require specialist advice to help us conduct our business.
Any actual or potential buyer of our business: In this case personal data held by us about our customers may be one of the transferred assets.
Parties to protect us and you: If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply terms and other agreements with you or the company you work for, or to protect the rights, property, or safety of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.
Sales and Marketing
BeZero only provides its services to businesses (which means we operate on a Business-to-Business basis, also known as B2B). We only ever send marketing communications to work contact details, and we always include a link in our emails so that you can unsubscribe at any time.
BeZero uses HubSpot, Outplay and Salesforce to help us deliver and monitor the communications we send. Their digital tools let us see whether a recipient has clicked any of the links in our email, which help us understand what content that recipient appears to be interested in and allow us to personalise the content of future of our messages.
Pixels (which are a similar technology to cookies) within those emails enable us to see:
if the email was opened
where the device opening the email was located (based on the device’s IP address)
the type of email service (e.g. Outlook) that was used
if the email (or its content) were shared on social media
if the email was flagged as spam
Where your information is stored or transferred to
The data that we process in relation to you may be transferred to, and stored at, a destination outside the UK and/or European Economic Area ("EEA") that may not be subject to equivalent data protection law. It may also be processed by staff situated outside the UK/EEA who work for us or for one of our suppliers.
We transfer your personal data outside of the UK/EEA:
In order to store it.
In order to enable us to provide goods or services to and fulfil our contract with you or the company your work for. This includes order fulfilment, processing of payment details, and the provision of support services.
Where we are legally required to do so.
How we keep your information safe
We have implemented security measures to prevent your personal data from being accidentally or illegally lost, used or accessed by those who do not have permission. These measures include
access controls and user authentication
policies and training
taking regular back-ups of our IT systems
If you receive any unusual emails from us, please let us know by emailing us at email@example.com.
How long will we keep your information
We keep information about our customers’ personnel for up to six years after the end of our agreement ends to identify any issues and resolve any legal proceedings, unless our customer informs us before that that you no longer work for them
We keep information about prospective customers’ key personnel for up to 12 months, or until we receive replacement details or a request to remove that individual’s details.
We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.
Your legal rights
Under UK and European law, you have specific rights in relation to your personal data.
It is usually free for you exercise your rights and we aim to respond within one month (although we may ask you if we can extend this deadline up to a maximum of two months if your request is particularly complex or we receive multiple requests at once).
We can decide not to take any action in relation to a request where we have been unable to confirm your identity (this is one of our security processes to make sure we keep information safe) or if we feel the request is unfounded or excessive. If this happens we will always inform you in writing.
We may charge a fee where we decide to proceed with a request that we believe is manifestly unfounded or excessive.
If you wish to make any of the legal right requests listed below, please email firstname.lastname@example.org.
The right of access (obtaining a copy of your data)
The right to rectification (correcting your data)
The right to erasure (deleting your data)
The right to restrict processing (to stop use of your data for a time limited period)
The right to data portability (to move your data to another organisation)
The right to object (to object to our use of your data)
The right to complain to the relevant supervisory authority (in the UK, this is the Information Commissioner’s Office and you can contact them here: https://ico.org.uk/make-a-complaint). However, we hope that that if you are concerned about how we use your information that you contact us in the first instance so that we can try to help.
There are some limited exemptions to these rights, so they may not apply in every scenario and BeZero may decline your request (but we would explain our decision in writing if this was the case).
Where the processing of your personal information by us is based on consent, you have the right to withdraw that consent without detriment at any time. You can withdraw your consent by clicking the 'unsubscribe' button on any marketing communications or contacting us at email@example.com.
Changes to this policy
We may sometimes need to update this policy to reflect any changes to the way we operate or to comply with new legal requirements. Changes to this policy will be uploaded to our websites and we will notify you by of any substantive changes before they take effect.
For any queries related to this policy or how we process your personal data please contact: firstname.lastname@example.org.