Cozero

1. Welcome to Cozero!

Your privacy is important to us

1.1 Who we are
Cozero (or "we") is a business-to-business software-as-a-service platform which allows its customers to collect, analyze emission data, to scout emission reduction measures and to engage the most relevant stakeholders into the transformational process towards a low-carbon business. If you'd like to talk to us directly, our contact details are following in the next section of this Privacy Policy.

1.2 Name and contact information of the person responsible for processing
Cozero.io is a service of Cozero GmbH. The person responsible for the purposes of the Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:
Cozero GmbH
Zionskirchstraße 73a
10119 Berlin
Germany
Email: privacy@cozero.io

1.3 What this Privacy Policy does
This Privacy Policy describes how Cozero collects, uses, stores, shares and secures your personal data. It applies when you access, visit or use any portion of our site or service. You can retrieve this Privacy Policy from ourwebsite, and download, store and print it, at any time. Depending on how you use our site or service, some parts of this policy might or might not apply to you – each chapter clearly explains if it applies to you. Please read this Privacy Policy, our Terms of Service, and our Data Processing Agreement carefully as you must agree to each in order to have permission to use our service. You will not be able to use our service if you do not agree to these policies.

1.4 What 'Personal Data' means
In this Privacy Policy, we'll be talking a lot about your 'personal data'. If you aren't exactly sure what that means, here is how the term is defined in Article 4 of the European General Data Protection Regulation (GDPR) (and this is how we'll be using the term for the purposes of this Privacy Policy): "Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person."

1.5 General information on data processing

1.5.1 Extend of processing personal data
We generally only process personal data of our users insofar as this is necessary to provide a functional website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in cases in which prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

1.5.2 Legal basis for the processing of personal data
Insofar as we obtain the data subject's consent for the processing of personal data, Art. 6 §1 a EU General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data, that is necessary for the performance of a contract to which the data subject is a party, Art. 6 §1b GDPR as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 §1 c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 §1 d GDPR serves as the legal basis. If processing is necessary to safeguard the legitimate interests of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 §1 f GDPR serves as the legal basis for processing.

1.5.3 Data deletion and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. We may store personal data if this has been prescribed by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

2. Provision of the website and creation of log files

Every time the Website is accessed by a visitor, this Website collects general data and information in connection with your visit. This general data and information is stored in the log files of the server and concerns the following data: browser types and versions used, the operating system used by the accessing system, the webpage from which an accessing system arrived on this Website (known as a referrer), sub-websites that are accessed on this Website via an accessing system, date and time of an access to the Website, IP address, internet service provider of the accessing system other similar data and information aimed at averting danger in the event of attacks directed at our IT systems. When processing this usage data, we do not draw any conclusions as to the visitor. We need this data in order to correctly deliver the content of the Website, optimize the content of and the advertising for this Website, ensure the permanent functionality of our IT systems and the technology underlying this Website as well as provide to authorities the information necessary for purposes of conducting e. g. criminal proceedings in the event of a cyberattack. The legal basis for this processing activity is Art. 6 §1 f GDPR. This data in anonymized form is analyzed by us statistically and with the aim of increasing data protection and data security. The anonymous data of the server log files is stored separately from all personal data provided by a visitor.

3. What’s about those cookies?

3.1 Use of cookies
In order to provide this Website and to improve its performance, we use cookies. Cookies are text files that are stored on your device. Cookies remain on your device and allow us to recognize your browser on the next visit (persistent cookies). The following data can be transmitted in this way: Entered search terms Frequency of page views Use of website functions Time spent on individual pages You can set your browser to inform you about the cookie setting and disable cookies individually, or to disable cookies for specific cases or in general. Some cookies are necessary for the functions of the Website. If the usage of these cookies is not enabled on your device or in your browser, the functionality of our Website may be restricted. The legal basis for this processing activity using technically necessary cookies is Art. 6 §1 f GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is the consent of the user in accordance with Art. 6 §1 a GDPR.

5. Getting acquainted - Tracking and Retargeting

5.1 Facebook (Visitor action pixels)
Within our website, we use the "Visitor Action Pixel" of Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are located in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The Visitor Action Pixel allows us to track the behavior of users after they have been directed to our website by clicking on a Facebook advertisement (a "conversion"). We may also use it to measure the effectiveness of Facebook Ads for statistical and market research purposes. The data collected in this way is anonymous to us, which means that we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which we will inform you about according to our state of knowledge. Facebook may link this data to your Facebook account and also use it for its own advertising purposes, in accordance with Facebook's Data Usage Policy. More information about this here. The visitor action pixel is triggered by Facebook when you call up our website and can store a cookie on your device. If you then log in to Facebook or visit Facebook when logged in, the visit to our online offer will be noted in your profile. The data collected about you is still anonymous to us, so we cannot draw conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook as well as for our own market research and advertising purposes. The legal basis for the use of this service is Art. 6 §1 f DSGVO and serves our legitimate economic interests. You can object to the collection by the Facebook pixel and use of your data for the display of Facebook ads here. Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law. You can find more information here.

5.2 Facebook custom audiences
Our website uses the service "Facebook Custom Audiences". Facebook Custom Audiences is a service of the company Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA; hereinafter "Facebook"). This service enables us to show the user advertising related to their interests on the social network -- Facebook. For this purpose we have implemented the Facebook Remarketing Tag on our website. When you visit the website, this tag creates a direct link with Facebook's servers. This gives Facebook information on the pages that you have visited our website. Facebook then compares this with your Facebook user account. The next time that you visit Facebook, you will be shown customized advertisements -- Facebook Ads -- related with your interests. The legal basis for the use of this service is article 6 §1 f GDPR -- justified interest. Our justified interest in using this service is based on sending advertising to the website's users in a targeted manner. You can find further information in Facebook's data privacy Instructions here. Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law. You can find more information here.

5.3 Google marketing services
We use on our website marketing and remarketing services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). These services allow us to display advertisements in a more targeted manner in order to present ads that are relevant to users' interests. Remarketing is used to show users ads and products that have been identified as being of interest on other sites in the Google Network. For these purposes, a code is executed when Google calls up our website and so-called (re)marketing tags are integrated into the website. These tags are used to store an individual cookie, i.e. a small file, on the user's device (similar technologies can be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites users have visited, what content they are interested in and which offers were clicked on. In addition, technical information on the browser and operating system, referring websites, visiting time and other information on the use of the online offer is stored. The IP address of the user is also recorded, whereby we inform within the framework of Google Analytics that the IP address is shortened within member states of the European Union or in other states which are party to the Agreement on the European Economic Area. All user data is only processed as pseudonymous data. Google therefore does not store names or e-mail addresses. All advertisements shown are therefore not shown specifically for one person, but for the owner of the cookie. This information is collected by Google and transmitted to servers in the USA and stored there. The Google marketing services we use include the online advertising program Google AdWords. In the case of Google AdWords, each AdWords customer receives a different conversion cookie. Cookies can therefore not be tracked through the websites of AdWords customers. The information collected through the cookie is used to compile conversion statistics for AdWords customers who have opted in to conversion tracking. AdWords advertisers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. We may include third-party ads based on Google Marketing Services DoubleClick. DoubleClick uses cookies to enable Google and its partner sites to serve ads based on users' visits to this site or other sites on the Internet. Further information about Google's use of data when using Google partner sites can be found here. General information about Google's use of data for marketing purposes can be foundhere. The legal basis for the use of this service is Art. 6 §1 f DSGVO and serves our legitimate economic interests. If you wish to object to interest-based advertising by Google marketing services, you can use the setting and opt-out options provided by Google. Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law. You can find more information here.

6. Use of third-party provider tools

6.1 YouTube
We use the service of YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA ("YouTube") to display videos. As a subsidiary of Google, YouTube is covered by Google's Privacy Shield certification.

6.2 Hubspot
On this website we use HubSpot for our online marketing activities. HubSport is a software company from the USA with a branch office in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telephone: +353 1 5187500. This is an integrated software solution that we use to cover different aspects of our online marketing. This includes, among others: Email marketing (newsletter, together with automated mailings, e.g., for provision of downloads), social media publishing & reporting, reporting (e.g., traffic sources, accesses, etc. ...), contact management (e.g., user segmentation & CRM), landing pages and contact forms. Our registration service enables visitors to our website to find out more about our company, to download contents and to provide their contact information, together with further demographic information. This information, together with the contents of our website are stored on the servers of our software partner HubSpot. We can use it to make contact with visitors to our website and to determine which of our company's services are interesting for them. All information collected by us is subject to this data privacy policy. We use all information collected exclusively for optimizing our marketing measures. Moreover, we use the live chat service "messages" from HubSpot on some sub-pages to improve users' experience on our website for the sending and receipt of notifications (round chat icon on the lower right edge of the screen). If you consent to and use this feature, then the following data are transferred to the HubSpot servers: Content of all chat messages sent and received; Context information (e.g., page on which the chat was used); Optional: Email address of the user (if it is provided by the user via the chat feature) The legal basis for the use of HubSpot's services is article 6 §1 f GDPR; justified interest. Our justified interest in the use of this service is the optimization of our marketing measures and the improvement of our service quality on the website. HubSpot is certified under the conditions of the "EU; U.S. Privacy Shield Framework" and it is subject to TRUSTe's Privacy Seal, as well as the "U.S.; Swiss Safe Harbor" Framework. More information on HubSpot's data privacy provisions.More information from HubSpot regarding to EU data protection provisions. More information on the cookies used by HubSpot can be found here & here.

6.3 Hotjar
We use Hotjar in order to better understand our users' needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users' experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don't like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users' behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the 'about Hotjar' section of Hotjar's support site. The processing of data using Hotjar is based on our legitimate interest according to Art. 6 §1 f GDPR.

6.4 Amazon Web Services
The Website uses a service by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg ("AWS") to provide a stable and secure Internet presentation. For this reason, AWS may collect your IP-address and store it in log files. For details about the data usage in the context of the use the services provided by AWS, please refer to the data privacy notice of AWS here. The processing of data using AWS is based on our legitimate interest according to Art. 6 §1 f GDPR.

7. Newsletter

If you subscribe to our newsletter, then we store your email address and use this to send the newsletter. Your email address is not made public or disclosed to third parties. Collected data: Email address, first name, last name Purpose of use: Sending of the newsletter requested Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. For the newsletter, the data are stored as long as it is expected that a newsletter will be sent and as long as you have not objected to the use of your data. Legal basis: article 6 §1 a GDPR -- consent Revocation: You can unsubscribe from our newsletter at any time using a link included in each issue. We will then delete your email address from our distribution list. As an alternative, you can also unsubscribe from our newsletter at any time by sending an email to privacy@cozero.io.

8. Registration

If you register on our website, then we store your personal data to create your Cozero account. Collected data: Email address, first name, last name, company, position in your company Purpose of use: Creation of account requested Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. Legal basis: Article 6 §1 a GDPR -- consent Revocation: You can delete your Cozero account at any time by sending an email to privacy@cozero.io

9. Conclusion of a contract

Upon conclusion of the contract, we collect, process and use personal data only to the extent that they are necessary for the establishment, content or modification of the legal relationship. Collected data: Email address, first name, last name, payment information, VAT ID Purpose of use: conclusion of a contract, purchase Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. Legal basis: Article 6 §1 a GDPR -- consent We only transfer personal data to third parties if this is necessary for the execution of the contract, for example to the companies entrusted with the delivery of the goods or the credit institution commissioned with the handling of payments. A further transmission of the data does not take place or only if you have expressly agreed to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

10. Rights of data subjects

If your personal data is processed, you are considered a data subject within the meaning of the GDPR and you have the following rights against Rocket Internet as data controller:

10.1 Right of Access
Right to information according to Art. 15 GDPR: You have the right to obtain information about the personal data processed by us, the processing purposes, the categories of processed personal data, the recipients or categories of recipients to whom your data was or are being disclosed, the planned period of storage or the criteria for determining the duration of storage, the right of correction, deletion, limitation of processing, objection to processing, complaint to a supervisory authority, the origin of your data, if they were not collected by us, the existence of automated decision-making including profiling and possibly significant information on the logic applied and the scope and intended impact of such processing, as well as your right to be informed of what guarantees according to Art. 46 GDPR exist in case of redirection of data in third countries.

10.2 Right to Correction
Right to correction according to Art. 16 GDPR: You have the right to immediate correction of incorrect data concerning you and/or completion of incomplete data.

10.3 Right to Deletion
Right to deletion according to Art. 17 GDPR: You have the right to demand the deletion of your personal data if the requirements of Art. 17 §1 GDPR are met. This right does not apply if the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the pursuit, exercise or defense of rights.

10.4 Right to Restriction of Processing
Right to restriction of processing according to Art. 18 GDPR: You have the right to demand the restriction of the processing of your personal data provided that the correctness of your data is verified, if you refuse to delete your data due to inadmissible data processing and instead restrict the processing of your data, if you need your data for the assertion, exercise, or defense of legal rights, after we no longer require these data for their purpose, or if you have objected for reasons of your particular situation, as long as it is not ascertained, whether our legitimate reasons prevail.

10.5 Information to Third Parties
Right to information in accordance with Art. 19 GDPR: If you exercise the right to correct, delete, or limit the processing towards the responsible contact, this person is obliged to inform all recipients who have been disclosed personal data about the correction, deletion, or limitation of processing of the data, unless this is impossible or requires a disproportionate effort. You have the right to be informed about the respective recipients.

10.6 Right to Data Portability
Right to data portability according to Art. 20 GDPR: You have the right to receive your personal data provided to us in a structured, common, and machine-readable format or to request transmission to another responsible person, insofar as this is technically feasible.

10.7 Right to Withdraw the Declaration of Consent under Data-Processing Law
Right to revoke granted consent according to Art. 7 §3 GDPR: You have the right to revoke consent provided in the processing of data at any time with effect for the future. In the case of revocation, we will delete the respective data immediately, as far as further processing cannot be legally justified for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

10.8 Right to file a Complaint with a Supervisory Authority
Right to file a complaint according to Art. 77 GDPR: If you consider the processing of your personal data a violation of the GDPR, you have the right to file a complaint to a supervisory authority, in particular in the member state of your location, your place of work, or the place of alleged infringement.

10.9 Right to Objection
If you have given your consent (Art. 6 §1 a GDPR) to the processing of your data, you can withdraw your consent at any time. Such a withdrawal influences the permissibility of processing your personal data after you have provided it to us. If we base the processing of your personal data on the weighing of interests (Art. 6 §1 f GDPR), you may object to the processing at any time. In the event of your justified objection, we will either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue (possibly limited) processing. You can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your objection under the above-mentioned contact details.

11. Privacy policy changes

This Privacy Policy may change at any time, in particular pursuant to any changes made to the laws and regulations in force, or if we make any substantial improvements, additions or changes to our practices regarding your personal data. We will ensure we keep you informed of any substantial changes in due course. If you have any questions regarding this Privacy Policy, feel free to email us directly at privacy@cozero.io