Privacy Policy

Your privacy is important to us!

1.1 Who we are

Cozero (or "we") is a business-to-business software-as-a-service platform that allows its customers to collect & analyze a company’s activity and emission data, to scout and plan emission reduction measures and to engage the most relevant stakeholders into the transformational process towards a low-carbon business. If you'd like to talk to us directly about privacy-related topics, our contact details follow in the next section of this Privacy Policy.

1.2 Name and contact information of the person responsible for processing

Cozero.io is a service of Cozero GmbH. The person responsible for the purposes of the Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:

Cozero GmbH Zionskirchstraße 73a 10119 Berlin Germany Email: privacy@cozero.io

1.3 What this Privacy Policy does

This Privacy Policy describes how Cozero collects, uses, stores, shares and secures your personal data. It applies when you access, visit or use any portion of our site or service. You can retrieve this Privacy Policy from our website, and download, store and print it, at any time. Depending on how you use our site or service, some parts of this policy might or might not apply to you – each chapter clearly explains if it applies to you. Please read this Privacy Policy, our Terms of Service, and our Data Processing Agreement carefully as you must agree to each in order to have permission to use our service. You will not be able to use our service if you do not agree to these policies.

1.4 What 'Personal Data' means

In this Privacy Policy, we'll be talking a lot about your 'personal data'. If you aren't exactly sure what that means, here is how the term is defined in Article 4 of the European General Data Protection Regulation (GDPR) (and this is how we'll be using the term for the purposes of this Privacy Policy): "Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person."

1.5 General information on data processing

1.5.1 Extend of processing personal data

We generally only process personal data of our users insofar as this is necessary to provide a functional website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in cases in which prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

1.5.2 Legal basis for the processing of personal data

Insofar as we obtain the data subject's consent for the processing of personal data, Art. 6 §1 a EU General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data, that is necessary for the performance of a contract to which the data subject is a party, Art. 6 §1b GDPR as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 §1 c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 §1 d GDPR serves as the legal basis. If processing is necessary to safeguard the legitimate interests of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 §1 f GDPR serves as the legal basis for processing.

1.5.3 Data deletion and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. We may store personal data if this has been prescribed by the European or national legislator in EU regulations, laws, or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires unless there is a need for further storage of the data for the conclusion or performance of a contract.

Every time the Website is accessed by a visitor, this Website collects general data and information in connection with your visit. This general data and information is stored in the log files of the server and concerns the following data: browser types and versions used, the operating system used by the accessing system, the webpage from which an accessing system arrived on this Website (known as a referrer), sub-websites that are accessed on this Website via an accessing system, date and time of an access to the Website, IP address, internet service provider of the accessing system other similar data and information aimed at averting danger in the event of attacks directed at our IT systems. When processing this usage data, we do not draw any conclusions as to the visitor. We need this data in order to correctly deliver the content of the Website, optimize the content of and the advertising for this Website, ensure the permanent functionality of our IT systems and the technology underlying this Website as well as provide to authorities the information necessary for purposes of conducting e. g. criminal proceedings in the event of a cyberattack. The legal basis for this processing activity is Art. 6 §1 f GDPR. This data in anonymized form is analyzed by us statistically and with the aim of increasing data protection and data security. The anonymous data of the server log files is stored separately from all personal data provided by a visitor.

Cozero does not make use of Cookies in operating our website https://cozero.io/. Cookies are text files that are stored on your device. Cookies remain on your device and allow companies to recognize your browser on the next visit (persistent cookies).

4.1 Amazon Web Services EMEA SARL ("AWS"), situated at 38 Avenue John F. Kennedy, L-1855 Luxembourg. Please find more information in AWS's General Terms of Service and their Privacy Policy .

4.2 Functional Software, Inc. d/b/a Sentry ("Sentry"), situated at 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA. Please find more information in Sentry's General Terms of Service and their Privacy Policy

4.3 Stripe Payments Europe, Limited ("Stripe"), situated at 1 Grand Canal Street Lower Dublin, Ireland. Please find more information in Stripe's General Terms of Service and their Privacy Policy.

4.4 Twilio Ireland Limited ("SendGrid"), situated at 25-28 North Wall Quay, Dublin 1, Ireland. Please find more information in SendGrid's General Terms of Service and their Privacy Policy.

4.5 Intercom, Inc. ("Intercom"), situated at 55 2nd Street, 4th Floor San Francisco, CA 94105 USA. Please find more information in Intercom's General Terms of Service and their Privacy Policy.

4.6 HubSpot Germany GmbH ("HubSpot"), situated at Am Postbahnhof 17, 10243 Berlin, Germany. Please find more information in HubSpot's General Terms of Service and their Privacy Policy.

4.7 Hunter Web Services, Inc. ("Hunter.io"), situated at 2810 N Church St #50754, Wilmington, Delaware, 19802-4447, USA. Please find more information in Hunter's General Terms of Service and their Privacy Policy.

4.8 HERE Global B.V. ("here.com"), situated at Kennedyplein 222-226, 5611 ZT Eindhoven, Netherlands. Please find more information in Here's General Terms of Service and their Privacy Policy.

4.9 Datadog Inc. ("datadoghq.com"), situated at 620 8th Avenue, 45th Floor, New York, NY 10018 USA. Please find more information in Datadog's General Terms of Service and their Privacy Policy.

If you subscribe to our newsletter, then we store your email address and use this to send the newsletter. Your email address is not made public or disclosed to third parties. Collected data: Email address, first name, last name Purpose of use: Sending of the newsletter requested Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. For the newsletter, the data are stored as long as it is expected that a newsletter will be sent and as long as you have not objected to the use of your data. Legal basis: article 6 §1 a GDPR -- consent Revocation: You can unsubscribe from our newsletter at any time using a link included in each issue. We will then delete your email address from our distribution list. As an alternative, you can also unsubscribe from our newsletter at any time by sending an email to privacy@cozero.io.

If you register on our website, then we store your personal data to create your Cozero account. Collected data: Email address, first name, last name, company, position in your company Purpose of use: Creation of account requested Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. Legal basis: Article 6 §1 a GDPR -- consent Revocation: You can delete your Cozero account at any time by sending an email to privacy@cozero.io

Upon conclusion of the contract, we collect, process and use personal data only to the extent that they are necessary for the establishment, content or modification of the legal relationship. Collected data: Email address, first name, last name, payment information, VAT ID Purpose of use: conclusion of a contract, purchase Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. Legal basis: Article 6 §1 a GDPR -- consent We only transfer personal data to third parties if this is necessary for the execution of the contract, for example to the companies entrusted with the delivery of the goods or the credit institution commissioned with the handling of payments. A further transmission of the data does not take place or only if you have expressly agreed to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

If your personal data is processed, you are considered a data subject within the meaning of the GDPR and you have the following rights against Rocket Internet as data controller:

8.1 Right of Access Right to information according to Art. 15 GDPR: You have the right to obtain information about the personal data processed by us, the processing purposes, the categories of processed personal data, the recipients or categories of recipients to whom your data was or are being disclosed, the planned period of storage or the criteria for determining the duration of storage, the right of correction, deletion, limitation of processing, objection to processing, complaint to a supervisory authority, the origin of your data, if they were not collected by us, the existence of automated decision-making including profiling and possibly significant information on the logic applied and the scope and intended impact of such processing, as well as your right to be informed of what guarantees according to Art. 46 GDPR exist in case of redirection of data in third countries.

8.2 Right to Correction Right to correction according to Art. 16 GDPR: You have the right to immediate correction of incorrect data concerning you and/or completion of incomplete data.

8.3 Right to Deletion Right to deletion according to Art. 17 GDPR: You have the right to demand the deletion of your personal data if the requirements of Art. 17 §1 GDPR are met. This right does not apply if the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the pursuit, exercise or defense of rights.

8.4 Right to Restriction of Processing Right to restriction of processing according to Art. 18 GDPR: You have the right to demand the restriction of the processing of your personal data provided that the correctness of your data is verified, if you refuse to delete your data due to inadmissible data processing and instead restrict the processing of your data, if you need your data for the assertion, exercise, or defense of legal rights, after we no longer require these data for their purpose, or if you have objected for reasons of your particular situation, as long as it is not ascertained, whether our legitimate reasons prevail.

8.5 Information to Third Parties Right to information in accordance with Art. 19 GDPR: If you exercise the right to correct, delete, or limit the processing towards the responsible contact, this person is obliged to inform all recipients who have been disclosed personal data about the correction, deletion, or limitation of processing of the data, unless this is impossible or requires a disproportionate effort. You have the right to be informed about the respective recipients.

8.6 Right to Data Portability Right to data portability according to Art. 20 GDPR: You have the right to receive your personal data provided to us in a structured, common, and machine-readable format or to request transmission to another responsible person, insofar as this is technically feasible.

8.7 Right to Withdraw the Declaration of Consent under Data-Processing Law Right to revoke granted consent according to Art. 7 §3 GDPR: You have the right to revoke consent provided in the processing of data at any time with effect for the future. In the case of revocation, we will delete the respective data immediately, as far as further processing cannot be legally justified for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

8.8 Right to file a Complaint with a Supervisory Authority Right to file a complaint according to Art. 77 GDPR: If you consider the processing of your personal data a violation of the GDPR, you have the right to file a complaint to a supervisory authority, in particular in the member state of your location, your place of work, or the place of alleged infringement.

8.9 Right to Objection If you have given your consent (Art. 6 §1 a GDPR) to the processing of your data, you can withdraw your consent at any time. Such a withdrawal influences the permissibility of processing your personal data after you have provided it to us. If we base the processing of your personal data on the weighing of interests (Art. 6 §1 f GDPR), you may object to the processing at any time. In the event of your justified objection, we will either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue (possibly limited) processing. You can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your objection under the above-mentioned contact details.

This Privacy Policy may change at any time, in particular pursuant to any changes made to the laws and regulations in force, or if we make any substantial improvements, additions or changes to our practices regarding your personal data. We will ensure we keep you informed of any substantial changes in due course. If you have any questions regarding this Privacy Policy, feel free to email us directly at privacy@cozero.io.