1. Data Controller
Climateware Teknoloji A.Ş., located at BUDOTEK Teknopark, No: 8/29, 34775 Umraniye, Istanbul, Turkey, is the data controller responsible for processing your personal data in connection with Carbondeck.
For GDPR-specific inquiries, contact our Data Protection Tea0m at legal@climateware.com.
2. Data Categories Collected
Based on the Carbondeck Data Points, we process the following categories of personal data:
Category | Examples | Legal Basis (GDPR) |
---|---|---|
Billing & Payment Data | Company Name*, Billing Address*, Tax ID*, TR TIN*, Payment Email*, Cardholder Name* | Contractual necessity, Legal obligation |
Contact & Address Data | Company Name*, Country*, Phone Number*, Main Email*, Facility Address* | Contractual necessity, Legitimate interests |
Organizational Data | Franchise Name, Supplier Name, Operational Scope | Legitimate interests (service delivery) |
Emission & Reporting Data | EF CO2e, Activity Data, GHG Mapping Description | Contractual necessity, Legal obligation |
Optional Data | Company Website, Establishment Year, Facility Area (m²) | Consent (where applicable) |
Note: Fields marked * are mandatory.
3. Purposes of Processing
We process personal data for the following purposes:
- Contractual Obligations: To provide carbon accounting services (e.g., billing, emission reporting).
- Legal Compliance: Tax reporting (Tax ID, TR TIN), environmental regulations (GHG data).
- Legitimate Interests: Improving service functionality, fraud prevention, and customer support.
- Consent: For optional data like Company Website or marketing communications.
4. Data Security
We implement industry-standard measures to protect your data, including:
- Encryption: Payment data is encrypted via PCI-DSS compliant processors.
- Access Controls: Restricted access to sensitive data (e.g., Tax IDs, TR TIN).
- Regular Audits: Periodic security reviews to address vulnerabilities.
While no system is infallible, we commit to promptly addressing any security incidents.
5. Data Retention
We retain personal data only as long as necessary:
- Account Data: Until account deletion or 2 years post-inactivity.
- Payment Data: As required by financial regulations (typically 7 years).
- Tax IDs (TR TIN): Retained as required by Turkish tax law.
- Emission Data: Anonymized where possible; retained for 5 years post-contract termination.
- Marketing Data: Until consent withdrawal or 2 years post-last interaction.
6. International Data Transfers
Carbondeck operates globally, and your data may be transferred outside the EU/EEA. We ensure compliance via:
- Standard Contractual Clauses (SCCs): For transfers to third countries (e.g., U.S. service providers).
- Binding Corporate Rules (BCRs): For intra-group transfers among Climateware affiliates.
- Adequacy Decisions: Where applicable (e.g., transfers to countries with EU-approved data protection laws).
For details on safeguards, see our Privacy Policy.
7. Your GDPR Rights
As an EU/EEA resident, you have the right to:
- Access: Request a copy of your personal data.
- Rectification: Correct inaccurate or incomplete data.
- Erasure: Request deletion of your data (subject to legal obligations).
- Restriction: Limit processing under certain conditions.
- Data Portability: Receive your data in a structured, machine-readable format.
- Object: Object to processing based on legitimate interests or direct marketing.
- Withdraw Consent: For consent-based activities (e.g., marketing emails).
To exercise these rights, log into your account settings or email legal@climateware.com. We will respond within 30 days.
8. Cookies and Tracking
We use cookies for functionality, analytics, and marketing. Non-essential cookies require your consent. Manage preferences via our Cookies & Tracking Notice or browser settings.
9. Children’s Data
Carbondeck is not intended for users under 16. We do not knowingly collect data from minors. Contact us immediately if you believe a child has provided data.
10. Changes to This Statement
We may update this GDPR Compliance Statement. Significant changes will be notified via email or in-service alerts. Continued use constitutes acceptance of revisions.
11. Complaints
If unsatisfied with our response, you may lodge a complaint with your local Data Protection Authority (DPA). For EU DPA contacts, visit EDPB.
12. Contact Us
For GDPR-related inquiries:
Climateware Teknoloji A.Ş.
BUDOTEK Teknopark, No: 8/29
34775 Umraniye, Istanbul
Email: legal@climateware.com