Privacy Policy

Welcome to our privacy policy document. We take the protection and safe handling of your data incredibly seriously, and hope that you are able to find all the information you need within this document.

This document contains the following information:

  • What data is collected and why
  • How your data is handled, and by who
  • Threat and vulnerability management (how we keep your data safe)
  • Your rights to your data
  • Please note that our product and services trades under the formal business registration name of WOCE Solutions Private Limited, and we will be referring to ourselves under this official name throughout the document. This privacy policy refers to all services created and/or managed by WOCE Solutions Private Limited

    What data is collected, and why?

    We collect only the data we need. Here’s what that means practically.

    Your Identity and Access

    On signing-up for a product curated by WOCE Solutions Private Limited, we will typically ask for information such as your name, email address and phone number for validation purpose. We will not use your name in external marketing communications or any public statements without your permission.

    Your In-App Responses

    In order for us to provide you with information on your carbon footprint, we ask a number of questions about your lifestyle. This data that you create within the app is transmitted securely and kept securely on our cloud servers. We do not share the information attached to your profile with anybody outside of our organisation and you will need to be logged into your account to access this data.

    Cookies and Do Not Track

    We do use persistent first-party cookies to store certain preferences, make it easier for you to use our applications, and support some in-house analytics. A cookie is a piece of text stored by your browser to help it remember your login information, site preferences, and more. You can adjust cookie retention settings in your own browser.

    Voluntary Communication

    When you write to WOCE Solutions Private Limited with a question or to ask for help, we keep that correspondence, including the email address, so that we have a history of past correspondences to reference if you reach out in the future.

    Information we do not collect

    We don’t collect any characteristics of protected classifications including age, race, religion, sexual orientation, or physical and mental abilities or disabilities. You may provide these data voluntarily, such as if you include a pronoun preference in your email signature when writing into our Support team.

    How your data is handled, and by who

    Our default practice is to not access your information. We may access or share your information in response to a specific request or to help you troubleshoot, or in order to handle an error or software bug, with your permission. If at any point we need to access your account to help you with a Support case, we will ask for your consent before proceeding.

    We have an obligation to protect the privacy and safety of both our customers and the people reporting issues to us. If we do discover you are using our products for a restricted purpose, we will report the incident to the appropriate authorities.

    Identity and Access Management

    Predefined security groups are utilized to assign role-based access privileges and segregate access to data to the production systems. Administrator access to the production systems is granted based on job roles and responsibilities and limited to authorized personnel. Put simply, only a very limited number of specific people within WOCE solutions private limited that need to access data are allowed to access data.

    For admin accounts (the ‘data controller’), we have two-factor authentication to protect access to user data. When a member of the team has their role terminated, access to all restricted information is revoked and any hardware used by the team-member is returned.

    Sale of Data

    Carbon Book has not and will not ever sell our user’s data.

    Storage of Data

    We use a GDPR-approved authentication service provider to manage user login information. All data obtained thereafter is stored on our database with AWS

    Threat and Vulnerability Management

    Risk Assessments

    We perform annual risk assessments of production applications and services. Results from risk assessment activities are reviewed to prioritize the treatment of identified risks. We perform a vendor security review for third-party vendors whose services will store, process, or transmit our customer data.

    We perform risk-based continuous control monitoring throughout the year by performing control testing using a formal methodology. The testing results are documented and reviewed by management, including remediation plans for identified observations.

    Scanning For Vulnerabilities

    We conduct vulnerability scans against the production environment to identify threats and assess their potential impact to system security on a weekly basis. Results are evaluated and remediated according to risk rating.

    Our goal is to execute a 3rd party application penetration test on an annual basis, a process that includes additional 3rd party remediation testing if any high or moderate risk vulnerabilities are identified.

    Monitoring tools are used to continuously monitor security events, latency, network performance, and virtual server performance. Incident response procedures are in place that outlines the response procedures to security events and include lessons learned to evaluate the effectiveness of the procedures.

    Application & Infrastructure Security

    A configuration management tool is utilized to ensure security hardening and baseline configuration standards have been established on production servers.

    Network traffic to and from untrusted networks passes through a policy enforcement point; firewall rules are established in accordance with identified security requirements and business justifications.

    An issue tracking system is in place to centrally maintain, manage, and monitor application and infrastructure changes from development through implementation.

    Your rights to your data

    All Users Hold The Same Rights

    We apply the same data rights to all customers, regardless of their location. These rights include:

  • Right to Know. You have the right to know what personal information is collected, used, shared or sold. We outline both the categories and specific bits of data we collect, as well as how they are used, in this privacy policy.
  • Right of Access. This includes your right to access the personal information we gather about you, and your right to obtain information about the sharing, storage, security and processing of that information.
  • Right to Correction. You have the right to request correction of your personal information.
  • Right to Erasure / “To be Forgotten”. This is your right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession and, by extension, all of our service providers.
  • Right to Complain. You have the right to make a complaint regarding our handling of your personal information with the appropriate supervisory authority.
  • Right to Restrict Processing. This is your right to request restriction of how and why your personal information is used or processed, including opting out of sale of personal information.
  • Right to Object. You have the right, in certain situations, to object to how or why your personal information is processed.
  • Right to Portability. You have the right to receive the personal information we have about you and the right to transmit it to another party.
  • Right to not be subject to Automated Decision-Making. You have the right to object and prevent any decision that could have a legal, or similarly significant, effect on you from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between you and us, is allowed by applicable law, or is based on your explicit consent.
  • If you have questions about exercising these rights or need assistance, please contact us at support@worldofcirculareconomy.com