Published on 03 October 2023
1. Clear Data, Clear Decisions, Clear Impact.
Transparency of data is at the core of what we do at Treefera (“Treefera”, “we”, “us”, or “our”) so we strongly value, respect and strive to protect your data privacy. We are committed to keeping secure any information which we obtain from or about you. We only process your personal data when we believe it is strictly necessary and that we have a valid reason to do so and will do so only with your consent, namely:
- To fulfil contractual obligations: We may need certain personal data to provide, maintain and improve the Offerings and we cannot provide the Offerings in full without some of this information;
- To comply with laws and regulations: In some cases, Treefera has a legal responsibility to collect and store your personal data (such as for anti money-laundering purposes, audit requirements, legal obligations);
- For legitimate interests: Treefera may collect and use your personal data, or share it with other organisations, because we or they have a legitimate reason to do so, and it is reasonable when balanced against your right to privacy;
- With your consent: Where you agree to Treefera collecting your personal data by providing this on our website, or when you expressly accept the terms and conditions presented to you (through a tick-box or similar method) indicating that you are happy for us to use your personal data in a certain way.
Our duty to you: Treefera acts as a controller with respect to your personal data and determines the ways in which your personal data is processed, and also at times acts as a processor of this personal data on your behalf, as detailed in the Policy. While we may comply with and rely on local laws and regulations, we are committed to upholding the rigorous Personal Data protection standards under the GDPR (General Data Protection Regulation) across all of the Treefera entities, irrespective of their location, to ensure the highest level of data privacy for our users worldwide. Throughout his Policy, terms such as 'personal data,' 'processor,' 'processing,' 'controller,' 'data subject,' and other defined terms used, align with the corresponding definitions provided by the GDPR, and are employed in conformity with the GDPR's sanctioned definitions.
If you have any concerns or questions about your privacy rights and choices, please contact firstname.lastname@example.org.
2. Data Collection - how, why and when do we collect personal data?
(a) When you access our website
Monitoring visits to the website: When you visit our website, we will request your consent to collect your personal data including but not limited to your IP address, browser information, device information and connection, user experience on the website, name, email, phone number, job level, industry, field expertise, employer, country, jurisdiction, relevant persona(s). We will also automatically collect information about your use of the website such as what type of content you engage, features you use and actions you take. We will use this information to provide you with relevant news, improve overall experience on our website or respond to your inquiries submitted through our website, troubleshooting, data analysis, system maintenance, as well as in our legitimate interest to know our customers and continuously improve the Offerings.
Analytics: We use online analytics products (such as Google Analytics) which use third-party cookies to help us analyse and enhance the experience of those using our website. Technical analytics such as your visit times and which pages you engage with, will be included in this.
Log information: We also collect log information (information that your browser automatically sends you when you use our website) such as internet protocol address, browser type and settings, data/time of visit, time zone setting, operating system and platform.
Report of abuse and incidents: If you report an abuse or security incident, or request the deletion of your account(s) through our website, we will process your name, email address and location information in order to respond to the request.
(b) When you subscribe to and use the Offerings
Software account creation and management: When you create a new account with Treefera or upgrade an existing account, we will request certain information in order to grant your access and to maintain the account with up to date, accurate information. We will also use this information to contact you in relation to your Order, invoices or a user management query. The personal data requested in this context includes but is not limited to the customer’s name (the customer must be an entity not an individual or sole trader even where the End User(s) are individuals) and users’ name(s), email address, business address, contact telephone number, country, language, job title(s) persona(s) which are applicable to the customer, industry, land ownership details, land boundaries for the project and/or jurisdiction, carbon credit ownership information, project manager (if applicable), and any other information which is required by Treefera for commercially reasonable purposes. Treefera shall collect and store this information securely. Due to the nature of the Software, a limited part of the customer’s account information (such as industry, persona(s), country and project types) may be visible to other users of the Software.
When you subscribe to the Software by entering into a SaaS Agreement, we collect and process information such as your bank name, card or bank number, security code, country and other information. All payment data is stored in line with the third party provider’s own privacy notice.
Monitoring your use of the Software: When you subscribe to the Software, we collect and process certain information regarding your activity such as:
- Log data (Information that your browser automatically sends when you use our Software (internet protocol address, browser type and settings, data/time of request, how you interact with our Software, which insights you access, and your downloads);
- your usage data, including your User ID and details about how you interact with our Software;
- location data such as information about your device’s location (which may be precise or imprecise).
This data is collected for the legitimate purposes of ensuring the accessibility and functionality of our services and getting to know our users and their interests. How much information we collect will depend on the account type and device(s) being used to access the Software. You can opt out of this at any time by refusing access to the information. Please note that if you choose to opt out of location data, you may experience reduced functionality on certain aspects of the Software.
Beta or trial users: Please note that if you are a user of the Software in any trial, free, Beta or similar version, please exercise caution and refrain from using sensitive data as these versions may have specific limitations concerning the use of Personal Data or sensitive information.
Information collected through your subscription and use of the Offerings: As a Customer, depending on your applicable persona(s), industry and the Offerings which you subscribe to in your Order(s), we may collect and process (either directly from you or through third party sources where your prior written consent is obtained), the following types of data (but not limited to):
- Project Location Data including project locations, areas of interest (AOI);
- Land ownership proof in the form of land boundary confirmation and any related documentation provided by you;
- Satellite data and images;
- Drone data: (light detection and ranging (LiDAR) images
- Drone data: optical images
- Jurisdiction and Boundary data (open source tree data for the areas within the jurisdictional boundaries)
- Tree characteristics (height, species, location etc)
- AI Model Output data
- Carbon credit data prepared as part of the Software (and other parts of the Offering) for clients following the analysis of tree data
Third Party Products: If any part of the Offerings is integrated with third-party services or products, any Personal Data which you use with such third-party products may be visible to the third-party providers and will be processed in accordance with their own privacy policies. Treefera bears no liability in relation to such third-party services or products.
Technical Support: As part of the Offerings for our customers, we provide technical support for our Software. The details and extent of this support can be found upon request. If you request our support, we will process the personal data required for such support including name, email address, country, company or employer, job title and device ID, in accordance with our Technical Support Terms. We may also process any voice data (with your consent) where support is provided using a remote system or telephone or video call. We shall process this data to perform the Offerings under the contract with you, to administer and protect our business and Software (including troubleshooting, data analysis, system maintenance, testing, reporting and hosting of data). In providing the support, Treefera is concerned with technical data and therefore intends to limit its access to, and use of, personal data to only what is required to provide the Offerings and support under its contracts with customers and requests that you limit the disclosure of any personal data to that strictly necessary.
(c) Treefera marketing, events and communications
Attendance at events: When you attend a Treefera event (whether it's virtual or in person) we may collect personal data such as your name, email address, job title, industry, location, company, badge photograph, voice recordings, and identification documents when required by applicable laws and policies. This data is gathered for the purpose of event registration, providing event-related information before, during, and after the event, as well as seeking your feedback and addressing follow-up inquiries. We obtain this information only with your consent or when it's necessary to fulfil our legal and financial obligations or to comply with relevant laws and policies. During our events (or third party events in which we are participating), we regularly have videographers and photographers present to capture the guests and discussions or presentations based on our legitimate interests to document our events, market their success and to improve future events. You may at any time prior to the event, opt out of photos, video recordings and voice recordings of you from the event by contacting us at email@example.com.
Use of your image or voice: The photos, videos and recordings of our events are often used on our website, social media accounts and other marketing messaging. If you attend a Treefera event as a speaker or guest and do not wish for your voice or image to be used on any platform, please let us know in advance of the event by contacting us at firstname.lastname@example.org.
Marketing communications: We may process your personal data for the purpose of informing you about the Offerings, improving our sales strategy in existing and new markets, enhancing our prospect database, understanding our customers, users and their industries or personas, and sending you marketing communications through telephone or email communications. The personal data processed for this purpose includes your name, email address, telephone number and any other relevant information provided by you or provided by third parties with your consent. We shall only process such personal data based on either your explicit or implied consent (such as through your use of a particular Offering) or based on your legitimate interest provided that the applicable privacy laws permit this. We aim to limit our marketing communications to only those Offerings, news or events which you have shown an interest in, or that we believe you would be interested in. Should you wish at any time to opt out of these marketing communications, you can do so by either clicking on the ‘unsubscribe’ link included in the relevant communication, or by contacting us directly at email@example.com. Please note that we may from time to time, use third party marketing communications and surveys to gather information and we shall do so in accordance with the privacy policies of those third parties.
Essential communications: Please note that should you opt out of marketing communications by the means set out above, Treefera may still contact you regarding your use of the Offerings, billing queries, or to respond to your questions, queries or other issues with your account.
Resellers: If you are a Reseller of Treefera’s Offerings, we may process your personal data such as your full name, company, industry, institution, job title, position or occupation, location, email, telephone number, and any other necessary information to perform the underlying Reseller Agreement and to create or manage your accounts if necessary.
Alliance Partner: If you are a Treefera Alliance Partner, we may process your personal data such as your full name, company, industry, institution, job title, position or occupation, location, email address, telephone number and any other information relevant to your partnership with us. We shall also, subject to the terms of our memorandum of understanding or any subsequent agreement, process and use your logo and company name for the purpose of our marketing and communications.
3. How do we share your personal data?
Treefera may share information as set out below but shall not under any circumstances, sell this information to third parties or to advertisers. We take caution when contracting with any third party processors or other controllers and abide by the requirements of GDPR in relation to personal data transfers.
Business transfers: (reorganisation of the company structures, insolvency proceedings or transition of service to another provider). The disclosure of your personal data may be required for due diligence processes.
Social media companies: If you contact us through social media such as LinkedIn, Twitter, or other platforms, your personal data may be recorded and processed by those companies in accordance with their own privacy policies.
Legal requirements: We may share your personal data with government authorities, industry peers, fraud prevention agencies, courts, or other third parties if:
(a) required by law to do so, or if in good faith we believe that such action is necessary to comply with a legal obligation;
(b) to protect and defend our rights or property;
(c) if we determine, in our sole discretion, that there is a violation of our terms, policies, or the law;
(d) to detect or prevent fraud or other illegal activity;
(e) to protect the safety, security and integrity of our products, employees or users, the public; or
(f) to protect against legal liability.
Affiliates: We may disclose your personal data to our affiliates (meaning an entity that controls or is controlled by, or is under common control with, Treefera Ltd). Our affiliates shall use such personal data in a manner consistent with this Policy.
Enforcement purposes: We may share your personal data with third parties where necessary for enforcement or the collection of outstanding payments.
When we share your personal data with any third party, we shall take all reasonable contractual, legal, technical, and organisational measures to ensure that your personal data is treated with the adequate level of protection and in accordance with applicable law.
4. How do we transfer your personal data?
Treefera has a number of entities across the world. As part of the Offerings, we may be required to transfer your personal data between our various entities and affiliates. We may also be required to share certain personal data with third party providers (marketing advisors, client management system providers, platforms or services used to store data relating to our existing and prospective customers). If at any time we are required to transfer your personal data, we shall do so only to the extent necessary and at all times in accordance with the required procedures and laws.
5. How do we keep your personal data safe and secure?
We implement and continuously review strict processes and procedures to protect your personal data at an organisational and technical level and take this responsibility very seriously. However, as with any electronic internet transmission or information platform, we cannot guarantee 100% security and safety from hackers, cybercriminals, or unauthorised third parties which are able to defeat these security measures to improperly access, steal, or modify your personal data and we cannot accept liability for any incidents outside of our reasonable control.
6. How long do we store your personal data for?
7. What choices and rights do you have in relation to your personal data?
Based on the applicable laws of your country, you may have the right to request access to any personal data which we collect from you, change that information or request that we delete it (provided there are no legal or regulatory requirements or reasons for us to maintain such information on our records). To request to review, update, or delete your personal data, please submit a request to firstname.lastname@example.org.
As a reminder, you have the choice to:
- Decline to provide personal data when requested from you (please note that this may prevent you from using certain aspects of our Services or functionalities of the website or becoming a customer).
- Update your consent to the Cookies Policy at any time. Please see our Cookies Policy for further detail on what cookies we use and how you can withdraw or update your consent.
- Update your communication preferences. Treefera may from time to time, send you updates about our Services or the wider market, advertisements, developments, event updates and other forms of communication. Such communications may include but are not limited to email, text messages and push notifications. You may withdraw consent or update your communication preference at any point by visiting your online account settings or getting in touch with us at email@example.com.
- You may at any point review the personal data which you have provided to us and update these by contacting us directly.
As a user, you have the following rights at all times:
- The right to be informed about how we process your personal data.
- The right to access your data.
- The right to rectification where we hold inaccurate or incomplete information about you.
- The right to erasure where it is no longer necessary for us to process or hold the personal data Information for the purpose for which it was collected, or when you have withdrawn your consent formally in writing to us at firstname.lastname@example.org. Please note that there may be certain legal or other obligations preventing us from immediately deleting some of your personal data.
- Right to restrict processing of your personal data or object to our processing where you believe that the information is incorrect or that we are using your data unlawfully. You may also object to our processing where you believe that there are circumstances which would make such processing unlawful.
- Right to challenge an automated decision made by Treefera if the decision carries with it legal or similarly significant effects.
- Right to withdraw consent. Where we process your personal data based on your consent, you may withdraw this consent at any time by contacting us in writing or by requesting this via our website.
- Right to lodge a complaint. Please contact us if you have any questions at email@example.com in the first instance. Should you fail to receive an adequate and timely response from us you have the right to lodge a complaint with your national supervisory data protection authority. For UK, this can be made at https://ico.org.uk/make-a-complaint/.
8. Treefera’s rights to change and update this Policy
We reserve the right to review and update this Policy from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this Policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Policy frequently to be informed of how we are protecting your information.
9. Contact us