Climate Zero Privacy Policy
Climate Zero and Climate Zero Learn are products of Impact Sustainability Pty Ltd (ACN 152 891 122). This page was updated June 2024.
At Impact Sustainability Pty Ltd (ACN 152 891 122) (“Impact Sustainability”, “we”, “us”) your privacy is important to us. We are committed to protecting your privacy when managing your personal information. We have policies and procedures to ensure that all personal information is handled carefully and securely in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (” Privacy Act”).
The purpose of this Privacy Policy is to inform you about:
- What kind of personal information we collect
- How we use that information
- Our data security measures to protect your privacy
- Whether we disclose your personal information to anyone
- How you may inquire, access and/or seek correction of your personal information and our access and correction handling procedure; and
- How you may alert us about an alleged breach of the APPs and our complaint handling procedure
By accessing or using our services, you agree to the practices described in this policy.
Account information
When you sign up for our services, we may collect personal information such as your name, email address, mobile numbers, job title, and company information to create and manage your account.
Company information
We collect information about your company or organisation including location and address information, utility meters (and their ID’s) and the number of employees.
Consumption and usage data
We process consumption and usage data provided by you or your company. This data may include things like amount of electricity consumed (kWh’s), amount of waste produced (in kgs) and distance travelled by different transport methods.
Financial accounting data
We process financial accounting data provided by you or your company, including data obtained from third party integrations with your accounting software. This data may include financial transactions, invoices, receipts, and related
information.
Usage information
We collect information about how you interact with our services, such as your IP address, browser type, device information, pages visited, and actions taken on our platform.
Metadata
When data records are created, metadata is stored on a per record basis. Metadata includes information such as the user that created the record and the date created.
Cookies
We may use cookies and similar technologies to enhance your user experience and collect certain information about your interactions with our website and services. We may use a combination of functional and analytical cookies.
Provision of services
We use the information you provide to deliver our carbon accounting services, including the accurate calculation and reporting of your carbon footprint data.
Carbon footprint analysis
As an emissions management platform, our primary purpose for collecting and processing your information is to accurately calculate your organisations carbon footprint. We use the data provided by you or your organisation to calculate carbon emissions associated with your business operations.
Insights & recommendations
The carbon footprint analysis allows us to generate valuable insights and recommendations aimed at helping your company reduce its carbon emissions. These insights may include identifying areas of inefficiency, suggesting sustainable practices, and measuring the impact of emission reduction initiatives.
Communication
We may use your personal information collected to communicate with you including information about our services or products, updates on your reduction efforts, related news and updates or new features available in the platform.
Improvement of services
We analyse aggregated usage data to improve our platform’s functionalities, enhance our carbon accounting services, and optimise the user experience for our customers.
Identity and authentication controls
We use an industry-standard approach to handle user authentication to prevent personal data being accessed by unauthorised individuals. This includes secure password handling through hashing and salting. For user authentication, we utilise Firebase Authentication so all authentication data, including login credentials and tokens, are securely stored in data centres located in the United States. These facilities are equipped with state-of-the-art security measures. All other user data, such as personal information and usage data, are stored on secure servers located in Australia. These servers are protected with both physical and electronic safeguards to prevent unauthorised access.
Encryption and data storage
We understand the sensitivity of the data we handle. We use industry-standard encryption methods to safeguard your information at rest and in transit.
Encryption In Transit:
All data transmitted between our clients and our servers is secured using Transport Layer Security (TLS) 1.2 or higher. This protocol ensures
that data is encrypted during its journey over the internet, protecting it from interception or tampering. Firebase Authentication employs secure token-based mechanisms. This ensures that user credentials are handled and transmitted securely, without exposure.
Encryption At Rest:
All personal data stored in our systems, including databases and backups, is encrypted using Advanced Encryption Standard (AES-256) All personal data is stored in a Google Cloud Provider through services such as Firebase Authentication and CloudSQL, all adhering to strict security standards and compliance certifications, namely SOC-2, SOC 3, and ISO 27001.
Access controls
Access to customer data is limited to authorised personnel who require it for providing our carbon accounting services. Access to our systems is strictly based on predefined user roles (Role Based Access Controls). Each role is assigned specific access rights and privileges, depending on the individual’s job function and data access requirements. We adhere to the principle of least privilege, meaning users are granted only the access necessary to perform their job duties. This minimises the risk of unauthorised access, modification or disclosure of sensitive data.
Secure servers
Your data is stored on servers hosted by Google Cloud adhering to strict security standards and certifications namely SOC-2, SOC-3, and ISO 27001.
Data minimisation
We only collect and retain the data necessary for conducting carbon footprint analysis and providing our services. We do not store personal data beyond the required retention period, as outlined in our Data retention policy.
Third-party vendors
In cases where we engage third-party vendors (including Firebase & Google Cloud) to support our services, we conduct due diligence to ensure their security practices align with our high standards.
User responsibility
As a user of our platform, you are responsible for maintaining the security of your account credentials. Please ensure that you keep your login information confidential and refrain from sharing it with unauthorised individuals.
Your data is available for export either via the application or by request. All data can be exported in standard format and therefore is available for reuse.
Third-party service providers
Some of these third-party providers include:
Google Firebase Authentication: We use Google Firebase Authentication for authentication. Authentication data including login credentials and tokens, are securely stored and processed in data centres located in the United States.
Google Cloud: We store your data on servers hosted by Google Cloud through the CloudSQL service. In addition any uploaded files and attachments are securely stored in Google Cloud and are protected from access through our Role Based Access Controls (RBAC).
Amplitude: We use Amplitude for our user Analytics. We share data with Amplitude to understand usage so we can improve our products and services and customer experience.
Legal compliance
We may share your data to comply with legal obligations such as a law, regulation, court order, subpoena, warrant, in the course of a legal proceeding or in response to a law enforcement agency request.
Business transfers
In the event of a merger, acquisition, or sale of our assets, your information may be transferred to the acquiring entity.
International transfers
As Impact Sustainability may be considered a data controller for the purposes of the GDPR and Impact Sustainability does not maintain a physical presence in the European Union, you consent to us transferring your personal information to Australia. In doing this, we are informing you:
- you have the rights set out in this privacy policy and at law under the Privacy Act;
- we process your personal information purely for the purposes of providing services to you and do not process this information for any other purpose; and
- the transfer of your personal information to Australia is necessary for the performance of a contract with you, your employer or any other person who has engaged us to perform services for them.
You have the right to access, rectify, and delete your personal information. Under GDPR, you have the right to delete your data in certain circumstances, including, but not limited to where the information is no longer necessary for the purpose for which it was collected, or where the individual withdraws their consent and there is no other legal ground for processing their data.
If you wish to exercise any of these rights or have questions regarding your data, please contact us at [email protected]
You may be required to put your request in writing for security reasons. For most requests, your information will be provided free of charge, however a small administrative fee may be payable for the provision of information where it requires substantial effort to do so. We reserve the right to refuse to provide you with information that we hold about you, in certain circumstances set out in the Privacy Act.
We may update this Privacy policy from time to time to reflect changes in our practices or legal requirements. We encourage you to review the policy periodically for any updates. The last updated date will be published.
Contact us
If you have any questions, feedback, or complaints regarding this Privacy policy or our data practices in relation to your personal data collection, please contact us.