Legal / GDPR Compliance Statement for Carbondeck

GDPR Compliance Statement for Carbondeck

Effective starting: March 17, 2025

TABLE OF CONTENTS

Climateware Teknoloji A.Ş. ("Carbondeck," "we," "us") is committed to ensuring the privacy and security of personal data in compliance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This statement outlines how we collect, use, store, and protect personal data collected through Carbondeck’s carbon accounting platform, including the specific data points outlined in our systems. For more details, review our Privacy Policy.

 

1. Data Controller

Climateware Teknoloji A.Ş., located at BUDOTEK Teknopark, No: 8/29, 34775 Umraniye, Istanbul, Turkey, is the data controller responsible for processing your personal data in connection with Carbondeck. 

For GDPR-specific inquiries, contact our Data Protection Tea0m at legal@climateware.com.

2. Data Categories Collected

Based on the Carbondeck Data Points, we process the following categories of personal data:

Category 

Examples 

Legal Basis (GDPR) 

Billing & Payment Data

Company Name*, Billing Address*, Tax ID*, TR TIN*, Payment Email*, Cardholder Name*

Contractual necessity, Legal obligation

Contact & Address Data

Company Name*, Country*, Phone Number*, Main Email*, Facility Address*

Contractual necessity, Legitimate interests

Organizational Data

Franchise Name, Supplier Name, Operational Scope

Legitimate interests (service delivery)

Emission & Reporting Data

EF CO2e, Activity Data, GHG Mapping Description

Contractual necessity, Legal obligation

Optional Data

Company Website, Establishment Year, Facility Area (m²)

Consent (where applicable)

Note: Fields marked * are mandatory.

3. Purposes of Processing

We process personal data for the following purposes:

  • Contractual Obligations: To provide carbon accounting services (e.g., billing, emission reporting).
  • Legal Compliance: Tax reporting (Tax ID, TR TIN), environmental regulations (GHG data).
  • Legitimate Interests: Improving service functionality, fraud prevention, and customer support.
  • Consent: For optional data like Company Website or marketing communications.
4. Data Security

We implement industry-standard measures to protect your data, including:

  • Encryption: Payment data is encrypted via PCI-DSS compliant processors.
  • Access Controls: Restricted access to sensitive data (e.g., Tax IDs, TR TIN).
  • Regular Audits: Periodic security reviews to address vulnerabilities.

While no system is infallible, we commit to promptly addressing any security incidents.

5. Data Retention

We retain personal data only as long as necessary: 

  • Account Data: Until account deletion or 2 years post-inactivity.
  • Payment Data: As required by financial regulations (typically 7 years).
  • Tax IDs (TR TIN): Retained as required by Turkish tax law.
  • Emission Data: Anonymized where possible; retained for 5 years post-contract termination.
  • Marketing Data: Until consent withdrawal or 2 years post-last interaction.
6. International Data Transfers

Carbondeck operates globally, and your data may be transferred outside the EU/EEA. We ensure compliance via:

  • Standard Contractual Clauses (SCCs): For transfers to third countries (e.g., U.S. service providers).
  • Binding Corporate Rules (BCRs): For intra-group transfers among Climateware affiliates.
  • Adequacy Decisions: Where applicable (e.g., transfers to countries with EU-approved data protection laws).

For details on safeguards, see our Privacy Policy.

7. Your GDPR Rights

As an EU/EEA resident, you have the right to: 

  1. Access: Request a copy of your personal data.
  2. Rectification: Correct inaccurate or incomplete data.
  3. Erasure: Request deletion of your data (subject to legal obligations).
  4. Restriction: Limit processing under certain conditions.
  5. Data Portability: Receive your data in a structured, machine-readable format.
  6. Object: Object to processing based on legitimate interests or direct marketing.
  7. Withdraw Consent: For consent-based activities (e.g., marketing emails).

To exercise these rights, log into your account settings or email legal@climateware.com. We will respond within 30 days.

8. Cookies and Tracking

We use cookies for functionality, analytics, and marketing. Non-essential cookies require your consent. Manage preferences via our Cookies & Tracking Notice or browser settings.

9. Children’s Data

Carbondeck is not intended for users under 16. We do not knowingly collect data from minors. Contact us immediately if you believe a child has provided data.

10. Changes to This Statement

We may update this GDPR Compliance Statement. Significant changes will be notified via email or in-service alerts. Continued use constitutes acceptance of revisions.

11. Complaints

If unsatisfied with our response, you may lodge a complaint with your local Data Protection Authority (DPA). For EU DPA contacts, visit EDPB.  

12. Contact Us

For GDPR-related inquiries:

Climateware Teknoloji A.Ş.

BUDOTEK Teknopark, No: 8/29

34775 Umraniye, Istanbul

Email: legal@climateware.com