1 Who We Are

Name: Combatting Carbon Limited

Address: 32 Pembroke Avenue, Wirral, CH46 0TP

Phone Number: 0151 364 2468

Email: [email protected]

Website: www.combattingcarbon.com

2 The Type of Personal Information We Collect

Combatting Carbon is comprised of two platforms / interfaces:

  1. Our Greenhouse Gas emissions reporting platform, in partnership with SwiftCase.
  2. Combatting Carbon Travel Tracker, which is a mobile application to support companies in collecting and reporting vehicle travel emissions.

2.1 Combatting Carbon Reporting Platform

If you are a company, we do business with, to onboard your company in which you represent, we will process some personal data, as well as collecting information on your emissions activities and how your company operates. These emissions activities will be inline with the Greenhouse Gas Protocol Scopes 1,2 and 3 emissions.

We may process the following personal data to facilitate our business relationship with the company in which you represent and set you up on our platform. Such as the following:

  • Employee data (employee names and email addresses).
  • Contact details (email addresses, full name, title, and telephone numbers).
  • Company vehicle information (if relevant and necessary).
  • Location data utilising GPS tracking (for the purpose of tracking vehicle mileage to support our greenhouse gas emissions calculations) using our Combatting Carbon Travel Tracker.
  • Vehicle registrations.
  • Website analytics.

2.2 Combatting Carbon Travel Tracker

The Combatting Carbon Travel Tracker will allow the company in which you represent track travel and transport emissions, utilising GPS location tracking. Our Travel Tracker is downloadable onto any smartphone via the Apple or Android Store.

All employees who download this application will get their own individual login, which is accessed using their own unique password. For us to set employee accounts up we will initially generate their individual, unique password for their first-time login. The User is then free to change and set their own personal password.

The personal information we will need to set up a User on our Travel Tracker application, is the following:

  • Employee data (name and email address)
  • Vehicle registrations – for us to allocate certain company vehicles to individual employee accounts.
  • Location data utilising GPS tracking – to capture total mileage for journeys logged. A journey will only be locked, and the GPS tracking initiated once the individual employee has accepted, and started the journey tracking themselves.

Journey and travel data will be sent directly to our Combatting Carbon Reporting Platform (SwiftCase) and logged as emissions data. This data will then be used by the company you represent to understand the magnitude of their travel emissions split across the company. We will not use this data for ourselves or share with any third-party companies.

Our Combatting Carbon Travel Tracker application will be limited to over 18’s only.

3 How We Get the Personal Information and Why We Have It

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • For us to be able to support your company with undertaking accurate greenhouse gas emissions calculations.
  • For us to be able to set up individual employee accounts on our Combatting Carbon Reporting Platform (SwiftCase) and Combatting Carbon Travel Tracker Application for employees to access their individual accounts.
  • To set up your company and employee details on our Combatting Carbon Travel Tracker Application for your Company to be able to gather data on your travel emissions.

For us to undertake our services, we will need to gather data directly from the company in which you represent as well as any third-party companies (i.e. suppliers) that we identify as a ‘Data Source’ to be able to calculate your emissions activities.

If we receive any personal information indirectly from third-party individuals or companies, the initial contact will have been set up by yourself (or the company in which you represent) and it will only ever be used for your (the company in which you represent) use.

We may use Application Processing Interface (API) to collect and report on your data. Dependant on your company in which you represent requirements, there are two different options for us to collect this data.

  1. You (or the company in which you represent) sends the data directly to us via an API request – relevant documentation to do this will be provided by us.
  2. We will use a Public Facing API, and ‘poll’ yours (or the company in which you represent) system for the relevant data and collect it on your behalf at set intervals.

If we were to use a Public Facing API, there would not be a requirement to collect any personal information. We would only be after the relevant data to be able to undertake our emissions calculations on behalf of your company in which you represent.

We will not share your personal information with any third-party organisations or individuals.

We use the information that you have given us to:

  • Facilitate our business relationship which you represent.
  • Communicate with your business in which you represent.
  • We will only ever use any relevant personal information to calculate greenhouse gas emissions on your company’s behalf.
  • Any data stored on our platform is for your company to use, in however you prefer for your own internal and external reporting requirements.

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

  • (a) Your consent. You are able to remove your consent at any time. You can do this by contacting contact@combattingcarbon
  • (f) We have legitimate interest.

4 How We Store Your Personal Information

Combatting Carbon have partnered with SwiftCase to deliver our services. Any data we collect as a company to deliver our services, will be stored on the SwiftCase platform.

4.1 How we store your data on the SwiftCase platform

The following information on data storage refers to the SwiftCase platform (and in-turn) our Combatting Carbon Reporting Platform.

4.1.1 Security Measures

We take the protection of your data very seriously. When you use our SwiftCase platform, your personal information is stored on secure servers that utilise state-of-the-art security measures. These measures include encryption, firewalls, and access controls designed to guard against unauthorised access, alteration, disclosure, or destruction of your personal information.

4.1.2 Data Hosting

The data you provide is hosted on servers within the UK. We ensure that our hosting services use the latest security technology and comply with the highest data protection regulations.

4.1.3 Data Encryption

All data is encrypted during transit and at rest. We use industry-standard encryption protocols to ensure that your data is protected from the point of entry to our systems and as it is stored.

4.1.4 Access Control

Access to your data within SwiftCase is limited to authorised personnel who are required to handle this information to provide services to you or for the technical maintenance of the platform. All staff with access to your data are trained on data protection best practices.

4.1.5 Data Retention and Deletion

Your data is retained only for as long as necessary to fulfil the purposes for which it was collected or as required by law. Upon termination of our services or at your request, we will delete your personal information from the SwiftCase platform securely. Data will be purged from our servers, and any backups will be securely overwritten. We will only store your personal data for as long as it is needed. If an employee ceases employment with the company in which you represent, when we are informed, we will purge our data.  

4.1.6 Regular Audits

We review our data storage policies and practices to ensure ongoing compliance with current data protection laws. Our security measures are also subject to regular audits to identify potential vulnerabilities and implement improvements promptly.

4.1.7 Compliance with Data Protection Laws

We adhere to the UK General Data Protection Regulation (UK GDPR) and other relevant data protection laws. We also ensure that any third-party service providers we use to store your data meet a similarly high standard of data protection.

4.1.8 Notification of Breaches

In the unlikely event of a data breach, we have a robust breach notification system in place. We will notify affected individuals and any applicable regulators as required by law.

4.1.9 Updates to Our Storage Practices

Our data storage practices align with technological advancements and regulatory changes. Any changes that happen to be made to our data storage practices will be communicated to you through an updated version of our privacy policy.

5 Your Data Protection Rights

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at [email protected] if you wish to make a request.