Welcome to our privacy policy document. We take the protection and safe handling of your data incredibly seriously, and hope that you are able to find all the information you need within this document.
This document contains the following information:
Please note that our product and services trades under the formal business registration name of WOCE Solutions Private Limited, and we will be referring to ourselves under this official name throughout the document. This privacy policy refers to all services created and/or managed by WOCE Solutions Private Limited
We collect only the data we need. Here’s what that means practically.
On signing-up for a product curated by WOCE Solutions Private Limited, we will typically ask for information such as your name, email address and phone number for validation purpose. We will not use your name in external marketing communications or any public statements without your permission.
In order for us to provide you with information on your carbon footprint, we ask a number of questions about your lifestyle. This data that you create within the app is transmitted securely and kept securely on our cloud servers. We do not share the information attached to your profile with anybody outside of our organisation and you will need to be logged into your account to access this data.
We do use persistent first-party cookies to store certain preferences, make it easier for you to use our applications, and support some in-house analytics. A cookie is a piece of text stored by your browser to help it remember your login information, site preferences, and more. You can adjust cookie retention settings in your own browser.
When you write to WOCE Solutions Private Limited with a question or to ask for help, we keep that correspondence, including the email address, so that we have a history of past correspondences to reference if you reach out in the future.
We don’t collect any characteristics of protected classifications including age, race, religion, sexual orientation, or physical and mental abilities or disabilities. You may provide these data voluntarily, such as if you include a pronoun preference in your email signature when writing into our Support team.
Our default practice is to not access your information. We may access or share your information in response to a specific request or to help you troubleshoot, or in order to handle an error or software bug, with your permission. If at any point we need to access your account to help you with a Support case, we will ask for your consent before proceeding.
We have an obligation to protect the privacy and safety of both our customers and the people reporting issues to us. If we do discover you are using our products for a restricted purpose, we will report the incident to the appropriate authorities.
Predefined security groups are utilized to assign role-based access privileges and segregate access to data to the production systems. Administrator access to the production systems is granted based on job roles and responsibilities and limited to authorized personnel. Put simply, only a very limited number of specific people within WOCE solutions private limited that need to access data are allowed to access data.
For admin accounts (the ‘data controller’), we have two-factor authentication to protect access to user data. When a member of the team has their role terminated, access to all restricted information is revoked and any hardware used by the team-member is returned.
Carbon Book has not and will not ever sell our user’s data.
We use a GDPR-approved authentication service provider to manage user login information. All data obtained thereafter is stored on our database with AWS
We perform annual risk assessments of production applications and services. Results from risk assessment activities are reviewed to prioritize the treatment of identified risks. We perform a vendor security review for third-party vendors whose services will store, process, or transmit our customer data.
We perform risk-based continuous control monitoring throughout the year by performing control testing using a formal methodology. The testing results are documented and reviewed by management, including remediation plans for identified observations.
We conduct vulnerability scans against the production environment to identify threats and assess their potential impact to system security on a weekly basis. Results are evaluated and remediated according to risk rating.
Our goal is to execute a 3rd party application penetration test on an annual basis, a process that includes additional 3rd party remediation testing if any high or moderate risk vulnerabilities are identified.
Monitoring tools are used to continuously monitor security events, latency, network performance, and virtual server performance. Incident response procedures are in place that outlines the response procedures to security events and include lessons learned to evaluate the effectiveness of the procedures.
A configuration management tool is utilized to ensure security hardening and baseline configuration standards have been established on production servers.
Network traffic to and from untrusted networks passes through a policy enforcement point; firewall rules are established in accordance with identified security requirements and business justifications.
An issue tracking system is in place to centrally maintain, manage, and monitor application and infrastructure changes from development through implementation.
All Users Hold The Same Rights
We apply the same data rights to all customers, regardless of their location. These rights include:
If you have questions about exercising these rights or need assistance, please contact us at support@worldofcirculareconomy.com