App Privacy Policy
Last Updated: 21/10/2024
1. Introduction
At ECOZE, we are dedicated to empowering individuals to influence real change in the fight against climate change. Our innovative platform provides the most powerful carbon footprint tracker available, allowing users to manage their own footprints with unparalleled accuracy. By tracking and analysing your purchases and travel behaviour, we deliver insightful feedback to help you make more sustainable choices.
Commitment to User Privacy and Security:
At the core of ECOZE is a strong commitment to ensuring the privacy and security of our users' data. We understand that your personal information is just that—personal. Our mission is to maintain the highest standards of data protection and transparency, ensuring that you feel safe and confident in using our platform. We are devoted to using your data responsibly, securely, and ethically to enhance your experience and the impact we can make together on climate sustainability.
​
Purpose of This Page:
This page is designed to provide you with a detailed understanding of how ECOZE handles your data and ensures your privacy. Here, you will find comprehensive information about the types of data we collect, how it is used, the measures we take to protect it, and your rights as a user. Our goal is to offer transparency and build trust, so you can fully appreciate the measures we have put in place to safeguard your information while using our platform.​
2. Data Collection
Types of Data Collected:
1. Personal Information:
- Name
- Email address
2. Profile Information:
- Profile photo
- Friend connections within the ECOZE platform
3. Usage Data:
- App activity
- Preferences and settings
- Interaction history
4. Sensor Data:
- Gyroscope data
- Accelerometer data
- GPS location history
5. Purchase Data:
- Online and In-Store purchase information (via email receipts)
- Product-specific data from our extensive database
6. Car Information:
- Car registration number
- Vehicle CO2 emissions data (retrieved via the DVLA API)
7. Other:
- Feedback and survey responses
- Social interactions within the app (e.g., comments, follows, shared achieve
​
How Data is Collected:
1. Direct User Input:
- Information provided when setting up an account
- Details entered into the app (e.g., car registration, actions taken)
- Profile photos uploaded by users
- Friend connections added by users within the platform
2. Automated Collection:
- Data gathered through app interactions and sensors (e.g., gyroscope, GPS)
- Purchase data retrieved through automated subject access requests, partnerships or email receipts.
3. Third-Party Services:
- Data obtained via partnerships with retailers and service providers
- Information sourced from third-party APIs (e.g., DVLA)​
​
Why We Collect Data:
1. Enhancing App Functionality:
- To provide accurate carbon footprint tracking for your purchases and travel
- To enable personalised and relevant feedback for improving your sustainability
2. Customising User Experience:
- To tailor the app's features and content to your preferences
- To enable users to upload profile photos and connect with friends
- To offer personalised tips and recommendations
3. Improving Service and Support:
- To respond to your inquiries and provide customer support
- To address issues and improve the overall app experience
4. Research and Analysis:
- To analyse usage patterns and optimise app performance
- To conduct statistical research and improve our services
5. Marketing and Promotions:
- To send you updates, offers, and promotions related to ECOZE
- To inform you about new features or services that may be of interest
3. Purpose of Data Collection
Enhancing App Functionality:
1. Accurate Carbon Footprint Tracking:
- To provide precise measurements of your carbon footprint by tracking your purchases, travel, and other activities.
- To enable first-of-its-kind tracking at the product-by-product level, offering detailed feedback on your choices.
2. Personalised Feedback and Recommendations:
- To deliver tailored tips and recommendations that help you make more sustainable choices.
- To adjust your default "Average" footprint and provide new tiers as you log sustainable activities.
​
Customising user Experience:
1. Tailored Features and Content:
- To customise app features and content based on user preferences and behavior.
- To provide a personalised and engaging user experience, making sustainability efforts more accessible and rewarding.
2. Social Interactions:
- To allow you to upload and share profile photos.
- To enable you to add friends within the ECOZE platform, enhancing community engagement and shared sustainability efforts.
3. Achievement and Progress Tracking:
- To keep track of your sustainability achievements and progress.
- To provide badges, rewards, and feedback that motivate continuous improvement without eco-shaming
​
Marketing and Promotions:
1. Updates and Offers:
- To send you updates about new features, services, and promotions related to ECOZE.
- To inform you about eco-friendly products and brands that align with your sustainability goals.
2. Engagement Campaigns:
- To run marketing campaigns and promotions that encourage sustainable behavior.
​
Improving Service and Support:
1. User Support:
- To respond to your inquiries and provide necessary customer support.
- To resolve issues promptly and efficiently, ensuring a smooth user experience.
2. User Feedback:
- To incorporate your feedback into app improvements and new features.
- To conduct surveys and gather insights that drive product development.
​
Research and Analysis:
1. Usage Pattern Analysis:
- To analyse user behavior and interaction within the app for optimising performance.
- To identify trends, preferences, and areas for improvement based on collective user data.
2. Statistical Research:
- To conduct statistical research that informs our strategic direction and enhances our services.
- To generate insights that contribute to our understanding of user engagement and effectiveness in reducing carbon footprints.
4. Data Sharing and Disclosure
Situations Where User Data Might Be Shared:
1. Third-Party Service Providers:
- Purpose: To help us operate, maintain, and improve the ECOZE app.
- Examples: Cloud storage services, analytics providers, payment processors.
- Assurance: Such providers are contractually bound to comply with strict data protection requirements and use the data solely for the purposes specified by ECOZE.
2. Partners and Affiliates:
- Purpose: To enhance the functionality of the app through integrations and partnerships (e.g., for purchase tracking, loyalty programs).
- Examples: Retailers, loyalty program operators, transportation companies.
- Assurance: Data shared with partners and affiliates is limited to what is necessary for the intended purpose and is anonymised where possible.
3. Legal Compliance:
- Purpose: To comply with legal obligations, including responding to lawful requests by public authorities and government agencies.
- Examples: Court orders, subpoenas, regulatory requests.
- Assurance: We will notify users, before disclosing personally identifiable information unless legally prohibited from doing so.
4. Protecting Rights and Safety:
- Purpose: To protect the rights, properties, or safety of ECOZE, its users, or the public.
- Examples: Preventing fraud, addressing security issues, investigating potential violations of ECOZE's Terms of Use.
- Assurance: Such sharing is conducted with the highest regard for user privacy and lawful protocols.
5. Business Transfers:
- Purpose: In the event of a business transaction, such as a merger, acquisition, reorganisation, or sale of assets.
- Examples: Mergers, acquisitions, bankruptcies.
- Assurance: Users will be notified via email and/or a prominent notice on our app of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.
​
Assurance of No Unauthorised Selling of Personal Data:
- Commitment: ECOZE will not sell, trade, or otherwise transfer your personal information to outside parties without your explicit consent.
- Transparency: Any future changes to these practices will be communicated clearly through updates to our privacy policy and direct notifications to users.
​
User Control and Transparency:
1. Consent and Preferences:
- Users can control their data-sharing preferences within the app settings.
- Users can provide and withdraw consent for specific types of data-sharing activities.
2. Data Anonymisation:
- Where possible, data shared with partners and affiliates is anonymised to ensure individual users cannot be directly identified.
- Aggregate data and statistical insights are used to ensure user privacy is maintained.​
5. User Rights
Access and Portability:
1. Right to Access:
- Explanation: Users have the right to request access to the personal data we hold about them.
- How to Exercise: You can submit a request through our app or contact us via email. We will provide a copy of your data in a commonly used, machine-readable format.
- Timeframe: We aim to respond to access requests within one month.
2. Right to Data Portability:
- Explanation: Users have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit those data to another controller.
- How to Exercise: You can contact us to initiate a data portability request. We will assist in transferring your data to a designated third party if technically feasible.
​
Correction:
1. Right to Rectification:
- Explanation: Users have the right to request corrections to any inaccuracies in the personal data we hold about them.
- How to Exercise: You can correct your data directly within the app or contact us to request corrections.
- Assurance: We will make the necessary corrections promptly and inform you once they are completed.
​
Deletion:
1. Right to Erasure (Right to be Forgotten):
- Explanation: Users have the right to request the deletion of their personal data.
- How to Exercise: You can submit a deletion request through the app settings or by contacting us via email.
- Conditions: We will delete your data unless we need to retain it for legal reasons or legitimate business purposes.
- Timeframe: Requests for data deletion are processed within one month.
​
Right to Object and Restriction:
1. Right to Object:
- Explanation: Users have the right to object to the processing of their personal data for specific purposes, such as direct marketing.
- How to Exercise: You can update your preferences in the app settings or contact us to object to certain processing activities.
2. Right to Restrict Processing:
- Explanation: Users have the right to request the restriction of processing of their personal data under certain conditions.
- How to Exercise: You can contact us to request restrictions on processing. We will evaluate the request and, if applicable, restrict processing as requested.
​
User Control and Consent Management:
1. Consent Withdrawal:
- Explanation: Users can withdraw their consent for data processing at any time.
- How to Exercise: You can manage your consent settings directly within the app or contact us to withdraw consent.
2. Privacy Settings:
- Explanation: Users can control their data-sharing preferences and privacy settings within the app.
- How to Access: Navigate to the privacy settings section in the app to update your preferences.
​
How to Exercise Your Rights:
1. Contact Information:
- If you wish to exercise any of your rights, please contact us using the following details:
- Email: info@ecoze.app
- Address: ECOZE Data Protection Team, The Innovation Centre, Broad Quay, Bath, BA1 1UD
- Phone: +44 7821 362372
2. Verification and Response:
- Verification: To ensure security, we may need to verify your identity before processing your requests.
- Response: We will respond to your requests promptly, generally within one month. If an extension is necessary, we will inform you of the reason and the expected timeline.
​
Your Rights Under GDPR and Other Regulations:
1. GDPR Compliance:
- Explanation: Under the General Data Protection Regulation (GDPR), users in the EU have additional rights concerning their personal data.
- Assurance: ECOZE complies with GDPR and ensures that all users' rights are respected and upheld.
- Response: We will respond to your requests promptly, generally within one month. If an extension is necessary, we will inform you of the reason and the expected timeline.
6. Data Security
Measures Taken to Protect User Data:
1. Encryption:
- Data in Transit: All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS) to prevent interception by unauthorised parties.
- Data at Rest: Sensitive data stored on our servers is encrypted using strong encryption protocols to protect it from unauthorised access.
2. Secure Data Storage:
- We use secure data storage solutions that comply with industry standards to ensure the safety and integrity of your personal information. Data centres are located in secure facilities with robust physical security measures.
3. Access Control:
- Role-Based Access: Access to user data is restricted based on roles and responsibilities. Only authorised personnel with a legitimate need to access data are granted access.
- Authentication: We employ strong authentication methods, to prevent unauthorised access to our systems.
4. Regular Security Assessments:
- Vulnerability Assessments: We conduct regular vulnerability assessments and penetration testing to identify and address potential security issues.
- Security Audits: Periodic security audits are performed to ensure compliance with security policies and standards.
5. Data Anonymisation and Minimisation:
- Anonymisation: Where possible, data is anonymised to protect user privacy and reduce the risk of identification in case of a data breach.
- Minimisation: We collect only the data necessary for the purposes outlined in our privacy policy and ensure it is retained only as long as necessary.
6. Network Security:
- Firewalls and Intrusion Detection Systems: Our network is protected by firewalls and intrusion detection systems to monitor and block unauthorised access attempts.
- Secure APIs: All interactions with third-party services use secure APIs with strict access control measures.
​
Response Protocol for Data Breaches:
1. Incident Response Plan:
- Preparation: We have a comprehensive incident response plan in place to quickly address any security incidents, including data breaches.
- Detection and Analysis: Our systems continuously monitor for potential breaches, and suspicious activity is promptly investigated.
2. Containment and Eradication:
- Containment: Immediate steps are taken to contain the breach and prevent further unauthorized access.
- Eradication: Any vulnerabilities or malicious actors identified are promptly eradicated, and affected systems are secured.
3. Notification:
- Regulatory Notification: We comply with applicable legal requirements to notify relevant authorities in the event of a data breach.
- User Notification: If your personal data is compromised, we will notify you promptly. The notification will include details of the breach, the data affected, and steps you can take to protect yourself.
4. Remediation and Review:
- Remediation: We take corrective actions to mitigate the impact of the breach and prevent future incidents.
- Review: Post-incident reviews are conducted to improve our security measures and update our incident response plan as necessary.
​
Ongoing Security Practices:
1. Employee Training:
- Security Awareness Training: All employees receive regular training on data security practices and protocols to ensure they understand their role in protecting user data.
- Phishing Simulations: We conduct phishing simulations to educate employees on recognising and responding to phishing attempts.
2. Data Privacy Impact Assessments (DPIAs):
- For any new processing activities or significant changes, we perform DPIAs to identify and mitigate potential privacy risks.
3. Continuous Improvement:
- Technology Updates: We stay up-to-date with the latest security technologies and best practices to continuously enhance our data protection measures.
- Feedback Loop: We actively seek feedback from users and security experts to identify areas for improvement.​​​
7. Cookie Policy
Introduction to Cookies:
Cookies are small text files that are stored on your device when you visit a website. They are widely used to make websites work more efficiently, as well as to provide information to the owners of the site. At ECOZE, we use cookies and similar technologies to enhance your experience, improve our services, and analyse site usage.
​
Types of Cookies We Use:
1. Necessary Cookies:
- Purpose: These cookies are essential for the basic functionality of the website. They enable core functions such as security, network management, and accessibility.
- Examples: Login authentication cookies, session cookies.
2. Performance Cookies:
- Purpose: These cookies collect information about how you use our website to help us improve its performance. This includes metrics like the number of visitors, pages visited, and traffic sources.
- Examples: Google Analytics cookies.
3. Functionality Cookies:
- Purpose: These cookies remember choices you make to improve your experience. This includes remembering your username, preferences (e.g., language), and settings.
- Examples: Preference cookies that remember your settings on return visits.
4. Targeting and Advertising Cookies:
- Purpose: These cookies are used to deliver ads more relevant to you and your interests. They can also be used to limit the number of times you see an ad and measure the effectiveness of advertising campaigns.
- Examples: Cookies that track your browsing habits to show you targeted ads.
​
How We Use Cookies:
1. Enhancing User Experience:
- Storing your preferences and login information to save you time
- Enabling smooth navigation and interactions with our site features
2. Analysing Usage Patterns:
- Collecting aggregate data to understand how users interact with the site
- Using analytics tools to monitor site performance and improve content
3. Personalising Content:
- Providing recommendations based on your past interactions
- Tailoring content to better match your interests and preferences
4. Delivering Targeted Advertisements:
- Displaying relevant ads based on your browsing behaviour
- Measuring the effectiveness of our marketing campaigns
​
Managing Your Cookie Preferences:
1. In-app Preferences:
- Within the ECOZE app, you can manage your cookie preferences through the app settings. This includes opting in or out of certain types of cookies.
​
Third-Party Cookies:
- Some cookies on our site are placed by third-party services that appear on our pages. these third parties may use cookies in accordance with their own privacy policies.
- Examples: Embedded videos from YouTube, social sharing buttons from Facebook, integrated services from partners.
- Assurance: We carefully select third-party partners and require them to adhere to strict data protection and privacy standards.
​
Updates to the Cookie Policy:
ECOZE may update this Cookie Policy from time to time to reflect changes in legislation or our data processing practices. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically to stay informed about how we are using cookies.​​
8. Third-Party Links and Services
Introduction to Third-Party Links and Services:
As you use ECOZE, you may encounter links to third-party websites, services, and content that are not operated by us. These third-party links and services are provided for your convenience and are intended to enhance your overall experience on our platform. However, it is important to understand that ECOZE does not control these external sites and services, and this policy sets out how we handle these interactions.
​
Disclaimer Regarding Third-Party Links and Services:
1. No Endorsement:
- Inclusion of links to third-party websites or services does not imply endorsement or approval by ECOZE of the third-party, its website, or its services. The decision to access these links is made at your own risk.
2. No Control:
- ECOZE has no control over, and assumes no responsibility for, the content, privacy policies, terms of use, or practices of any third-party websites or services. Each of these third parties may have their own privacy policies and terms of use, which we encourage you to review.
​
Data Sharing with Third-Party Services:
1. Partnerships and Integrations:
- Purpose: We may share data with third-party partners to enhance functionality, such as linking to loyalty programs or utilising external APIs for services like vehicle emission data.
- Examples: Partnerships with retailers for purchase data tracking, integration with transport companies for travel footprint calculations.
- Assurance: Data shared with these partners is limited to what is necessary for the intended purpose and is anonymised where possible.
2. Service Providers:
- Purpose: Third-party service providers may be used to process data on our behalf or assist in delivering services.
- Examples: Cloud storage services, payment processors, analytics providers.
- Assurance: Service providers are contractually obligated to handle data securely and in compliance with applicable data protection regulations. They are prohibited from using your data for any purposes other than to facilitate the services they provide to ECOZE.
​
User Responsibility and Awareness:
1. Review Policies:
- Encouragement: We strongly encourage you to read the privacy policies and terms of use of any third-party websites or services that you visit through links on our platform.
2. User Consent:
- Explicit Consent: In some cases, you may need to provide explicit consent to third parties for data sharing. Consent management tools within our app or third-party platforms will be available to manage these preferences.
- Consent Withdrawal: You have the right to withdraw consent for data sharing with third-party services at any time. You can manage these preferences within the app settings or by contacting us.
​
Examples of Third-Party Integrations:
1. Retailer Partnerships:
- Example: Data sharing with retailers for enhanced purchase tracking and carbon footprint calculations using loyalty programs.
2. Transport Companies:
- Example: Integration with public transport providers to automatically log travel data and calculate carbon savings.
3. Analytics Services:
- Example: Using third-party analytics tools to improve app performance and user experience while ensuring data is anonymised and securely handled.
​
Limitation of Liability:
1. Scope of Liability:
- ECOZE shall not be held responsible for any loss or damage resulting from your interaction with third-party websites or services that you access through links on our app.
2. User Discretion:
- Best Practices: It is your responsibility to ensure that any third-party websites or services you engage with meet your individual requirements and standards.​​
​
Updates and Changes to This Policy:
1. Policy Revisions:
- ECOZE reserves the right to update this section as necessary to reflect changes in our practices or for other operational, legal, or regulatory reasons.
- Notification: Users will be notified of any significant changes to this policy via email or through prominent notices on our platform.
9. Terms of Use
Introduction:
Welcome to the ECOZE app. By accessing or using our app and services, you agree to comply with and be bound by the following Terms of Use. These terms govern your use of our app, including any content, features, and services offered through the ECOZE platform.
​
Acceptance of Terms:
1. Binding Agreement:
- By using the ECOZE app, you agree to be bound by these Terms of Use and our Privacy Policy. If you do not agree, please do not use our app.
2. Modifications:
- ECOZE reserves the right to update or modify these terms at any time without prior notice. Continued use of the app after any changes indicates your acceptance of the new terms.
​
User Responsibilities:
1. Account Registration:
- Accurate Information: You agree to provide accurate, current, and complete information during the registration process and to keep your account information up-to-date.
- Security: You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account.
2. Compliance with Laws:
- You agree to comply with all applicable local, state, national, and international laws and regulations in connection with your use of the app.
3. Prohibited Activities:
- Misuse of the app, including engaging in any unlawful activities, fraud, hacking, or distribution of malicious software.
- Impersonating any person or entity or misrepresenting your affiliation with a person or entity.
​
Intellectual Property:
1. Ownership:
- All content, features, and functionality on the ECOZE app, including text, graphics, logos, icons, and images, are the exclusive property of ECOZE or its licensors and are protected by intellectual property laws.
2. Limited License:
- ECOZE grants you a limited, non-exclusive, non-transferable, and revocable license to use the app for your personal, non-commercial use only.
3. Restrictions:
- You may not copy, modify, distribute, sell, or lease any part of our app or services without our prior written consent.
​
User-Generated Content:
1. Content Ownership:
- Any content you submit, post, or display on the ECOZE app (e.g., profile photos, comments, actions) remains your property. However, by posting content, you grant ECOZE a worldwide, non-exclusive, royalty-free license to use, reproduce, modify, adapt, and display such content in connection with providing and improving our services.
2. Content Standards:
- You agree not to post any content that is unlawful, offensive, defamatory, or violates any third party's rights. ECOZE reserves the right to remove any content that violates these standards.ed.
​
Limitation of Liability:
1. User Responsibility:
- Your use of the ECOZE app is at your own risk. The app is provided "as is" without any warranties of any kind, either express or implied.
2. No Liability:
- ECOZE, its affiliates, and its service providers will not be liable for any indirect, incidental, special, consequential, or punitive damages arising out of or related to your use of the app.
3. Maximum Liability:
- In any event, ECOZE's total liability for any claims arising from your use of the app will not exceed the amount you have paid to ECOZE for the service.​​
​
Dispute Resolution:
1. Governing Law:
- These terms shall be governed by and construed in accordance with the laws of the United Kingdom.
2. Arbitration:
- Any disputes arising out of or related to these Terms of Use or the ECOZE app shall be resolved through binding arbitration in accordance with the rules of The Chartered Institute of Arbitrators (CIArb), to be conducted in the United Kingdom.
3. Class Action Waiver:
- You agree to resolve any disputes on an individual basis, and not as part of any class, consolidated, or representative action.
​
Account Termination:
1. Termination by User:
- You may terminate your account at any time by contacting our support team.
2. Termination by ECOZE:
- ECOZE reserves the right to suspend or terminate your account and access to the app if you violate these Terms of Use or engage in any conduct that ECOZE deems inappropriate or harmful.
10. Changes to Privacy Policy and Terms
Overview:
ECOZE is committed to transparency and keeping our users informed about how their data is used and how our app operates. As laws, regulations, and industry standards evolve, as well as our own company policies and practices, it may become necessary to update our Privacy Policy and Terms of Use. This section details how we will handle these changes and communicate them to our users.
​
Notification of Changes:
1. Method of Notification:
- Email: We will send notifications to the email address registered with your ECOZE account detailing the upcoming changes.
- In-App Notifications: A notification will be provided within the ECOZE app to inform users of changes to the Privacy Policy or Terms of Use.
- Website Announcements: Notices will also be posted on our website, providing details of the changes and the affected sections.
2. Advance Notice:
- Timeframe: Wherever possible, we will provide at least 30 days' advance notice before the changes come into effect. This gives users adequate time to review and understand the implications of any changes.
- Exceptions: In cases where changes are required to comply with legal obligations or for security reasons, the changes may take effect immediately and without prior notice.
​
Review and Acceptance:
1. User Responsibility:
- Ongoing Review: We encourage users to periodically review our Privacy Policy and Terms of Use to stay informed about how their information is protected and the rules governing the use of our app.
- Acceptance of Changes: Continued use of the ECOZE app following the posting of changes to the Privacy Policy and Terms of Use constitutes your acceptance of those changes.
2. Opt-Out and Account Termination:
- Disagreement with Changes: If you do not agree with the updated terms or policy, you have the right to terminate your account at any time.
- Procedure: You can terminate your account by contacting our support team at info@ecoze.app. Terminating your account means you will no longer have access to the ECOZE app and its services.
​
Documentation and Archiving
1. Version Tracking:
- Version Numbers: Each version of the Privacy Policy and Terms of Use will be numbered and dated, allowing users to reference specific versions.
- Archived Versions: Previous versions of the Privacy Policy and Terms of Use will be archived and made available upon request. This ensures transparency and allows users to remain informed about historical changes.
2. Access to Updated Documents:
- Easy Access: The latest version of our Privacy Policy and Terms of Use will always be accessible on our website and within the ECOZE app.
- Change Log: A change log detailing major amendments will be maintained and made available to users, outlining the nature of the changes and their implications.​
11. Contact Information
Purpose:
Providing clear and accessible contact information is crucial for maintaining open lines of communication with our users. Whether you have questions, concerns, or feedback about your data, privacy, security, or any other aspect of the ECOZE app, we are here to help.
​
See Below:
#### General Inquiries
For any general inquiries or questions about the ECOZE app, including app functionality, features, and user experience:
- **Email:** info@ecoze.app
- **Phone:** +44 7821 362372
- **Address:** ECOZE Support Team, The Innovation Centre, Broad Quay, Bath, BA1 1UD
#### Privacy and Data Protection
For questions or issues related to your privacy, personal data, or data protection rights, please contact our Data Protection Team:
- **Email:** info@ecoze.app
- **Phone:** +44 7821 362372
- **Address:** ECOZE Data Protection Team, The Innovation Centre, Broad Quay, Bath, BA1 1UD
#### Technical Support
If you encounter technical issues with the ECOZE app or need assistance with troubleshooting:
- **Email:** info@ecoze.app
- **Phone:** +44 7821 362372
- **Address:** ECOZE Technical Support, The Innovation Centre, Broad Quay, Bath, BA1 1UD
#### Business and Partnership Inquiries
For business or partnership-related inquiries, including potential collaborations, B2B functionalities, and media requests:
- **Email:** info@ecoze.app
- **Phone:** +44 7821 362372
- **Address:** ECOZE Business Development, The Innovation Centre, Broad Quay, Bath, BA1 1UD
#### Feedback and Suggestions
We value your feedback and suggestions for improving the ECOZE app. To share your thoughts or propose new features:
- **Email:** info@ecoze.app
- **Phone:** +44 7821 362372
- **Address:** ECOZE Feedback Team, The Innovation Centre, Broad Quay, Bath, BA1 1UD
#### Reporting Security Issues
If you discover a security vulnerability or have concerns about the security of your data:
- **Email:** info@ecoze.app
- **Phone:** +44 7821 362372
- **Address:** ECOZE Security Team, The Innovation Centre, Broad Quay, Bath, BA1 1UD
#### Regulatory and Legal Inquiries
For any legal inquiries or correspondence from regulatory bodies:
- **Email:** info@ecoze.app
- **Phone:** +44 7821 362372
- **Address:** ECOZE Legal Department, The Innovation Centre, Broad Quay, Bath, BA1 1UD
​
Contact Form and Help Center:
1. Contact Form:
- Access: You can also reach us through the contact form available on our website and within the ECOZE app. Simply provide your name, email, topic of inquiry, and message.
2. Help Center:
- Access: Visit our Help Center on the ECOZE website or app for FAQs, tutorials, and user guides. This resource is available to help you find quick answers to common questions and issues.​​
12. Consent Management
Overview:
At ECOZE, we prioritise user consent and control over personal data. This section outlines how we manage user consent for data collection, use, and sharing, ensuring compliance with data protection regulations and respecting users' rights to privacy.
​
Giving Consent:
1. Account Registration:
- Explicit Consent: By creating an account on the ECOZE app, you provide explicit consent for us to collect, store, and process your personal data in accordance with our Privacy Policy and Terms of Use.
- Consent Disclosure: During registration, you will be informed about the types of data we collect and the purposes for which it is used.
2. Feature-Specific Consent:
- In-App Prompts: For certain features, such as GPS-based tracking or access to your purchase history, we will ask for your explicit consent through in-app prompts or notifications.
- Third-Party Integrations: When linking third-party services (e.g., loyalty programs, car registration data), you will be prompted to give consent for data sharing with those services.
​
Managing and Updating Consent:
1. Periodic Reviews:
- Review Prompts: Periodically, we may prompt you to review and update your consent settings to ensure they accurately reflect your preferences.
- Notification of Changes: If there are significant changes in our data processing activities, you will be notified and asked to review and update your consent.
2. Privacy Settings Dashboard:
- User Control: The app includes a privacy settings dashboard where you can view and manage all consents you have given.
- Access and Updates: Easily access and update your data processing consents at any time through the dashboard.​​
​
Types of Consent:
1. General Consent:
- Account Setup: General consent obtained during account registration for routine data collection and processing.
2. Sensitive Data Consent:
- Explicit Consent: Separate and explicit consent for processing sensitive data types, such as precise location information or health data (if applicable).
3. Marketing Consent:
- Opt-In/Opt-Out: Consent for receiving marketing communications from ECOZE and its partners. Users have the option to opt in or out of such communications at any time.
- Updating Preferences: Marketing consent preferences can be managed within the app settings or by contacting our support team.
​
Children’s Privacy:
1. Age Restrictions:
- Minimum Age: ECOZE’s services are not intended for children under the age of 13. We do not knowingly collect data from children under this age.
2. Parental Consent:
- Verification: For users between 13 and 16 years old, parental consent may be required, and we provide mechanisms to verify such consent.
​
Transparency and Communication:
1. Clear Communication:
- Consent Requests: All requests for consent will be clear, concise, and easy to understand, ensuring users are fully informed about what they are agreeing to.
2. Documentation and Records:
- Consent Records: We maintain detailed records of when and how consent was obtained, including what users were told and what they consented to.
- Access to Records:*Users can request access to their consent records as part of their data access rights.
13. Compliance with GDPR and Other Regulations
Overview:
ECOZE is committed to compliance with the General Data Protection Regulation (GDPR) and other relevant data protection regulations to ensure the privacy, security, and rights of our users. This section outlines our approach to regulatory compliance and the measures we take to protect your personal data.
​
General Data Protection Regulation (GDPR):
1. Data Controller and Data Protection Officer (DPO):
- Data Controller: ECOZE is the data controller responsible for the processing of your personal data.
- Data Protection Officer (DPO): We have appointed a DPO to oversee our data protection strategy and ensure compliance with GDPR.
- DPO Contact: info@ecoze.app
2. Lawful Basis for Processing:
- Consent: We obtain your consent for data processing activities where required.
- Contractual Necessity: Processing is necessary for the performance of a contract with you, such as providing our app's services.
- Legal Obligation: Processing is necessary to comply with legal obligations.
- Legitimate Interests: Processing is based on our legitimate interests, provided these are not overridden by your rights and freedoms.
3. Individual Rights Under GDPR:
- Right to Be Informed: You have the right to be informed about the collection and use of your personal data.
- Right of Access: You have the right to access your personal data and obtain a copy.
- Right to Rectification: You have the right to rectify inaccurate personal data.
- Right to Erasure: You have the right to request the deletion of your personal data (right to be forgotten).
- Right to Restriction: You have the right to request the restriction of processing your personal data.
- Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
- Right to Object: You have the right to object to the processing of your personal data.
- Rights Related to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing.
4. Data Protection Impact Assessments (DPIAs):
- Purpose: We conduct DPIAs for processing activities that pose a high risk to your rights and freedoms.
- Assessment Areas: Identifying risks, implementing measures to mitigate risks, and ensuring compliance with GDPR.
5. Data Breach Notification:
- Notification Requirements: In case of a data breach, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay if there is a high risk to their rights and freedoms.​
​
Managing and Updating Consent:
1. Periodic Reviews:
- Review Prompts: Periodically, we may prompt you to review and update your consent settings to ensure they accurately reflect your preferences.
- Notification of Changes: If there are significant changes in our data processing activities, you will be notified and asked to review and update your consent.
2. Privacy Settings Dashboard:
- User Control: The app includes a privacy settings dashboard where you can view and manage all consents you have given.
- Access and Updates: Easily access and update your data processing consents at any time through the dashboard.​​
​
Compliance with Other Regulations:
1. Data Protection Act 2018 (DPA 2018):
- UK Law: Compliance with the DPA 2018, which complements and supplements GDPR within the UK.
- Data Subject Rights: Ensuring the rights of data subjects under the DPA 2018 are upheld.
2. California Consumer Privacy Act (CCPA):
- Scope: While primarily focused on GDPR, we also strive to align our practices with CCPA for users in California.
- Rights Under CCPA: Ensuring the rights of California residents, such as the right to know, right to delete, and right to opt-out of data sales, are respected.
3. Other International Regulations:
- Global Compliance: We monitor and comply with other relevant international data protection regulations to ensure comprehensive protection of user data.
- Adaptation and Updates: Regularly updating our policies and practices to stay compliant with evolving global data protection standards.
​
Data Transfers and International Compliance:
1. Data Transfers:
- EU-U.S. and Swiss-U.S. Privacy Shield: Although the Privacy Shield Framework was invalidated, we ensure equivalent protection for data transfers to the U.S. by using alternative mechanisms such as Standard Contractual Clauses (SCCs).
- Adequacy Decisions: We only transfer data to countries deemed to provide an adequate level of data protection by the EU Commission.
2. Third-Party Service Providers:
- Due Diligence: Conducting due diligence on third-party service providers to ensure they comply with GDPR and other relevant regulations.
- Data Processing Agreements: Implementing data processing agreements with third parties to establish clear responsibilities and compliance standards.
​
Training and Awareness:
1. Employee Training:
- Regular Training: Providing regular training sessions for employees on data protection principles, GDPR compliance, and security practices.
- Awareness Campaigns: Conducting awareness campaigns to reinforce the importance of data protection within the organisation.
2. User Education:
- Resource Center: Offering resources and guidance to help users understand their rights and how ECOZE protects their data.
- Support: Providing dedicated support channels for users to ask questions and seek clarification on data protection matters.
​
Continuous Improvement:
1. Regular Audits:
- Internal Audits: Conducting regular internal audits to assess our compliance with GDPR and other data protection regulations.
- External Audits: Engaging external experts to perform independent audits and provide recommendations for improvement.
2. Policy Review:
- Regular Updates: Regularly reviewing and updating our privacy policy, terms of use, and data protection practices to ensure ongoing compliance and reflect changes in regulations.
14. Data Retention Policy
Overview:
ECOZE is committed to retaining personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. This section outlines how we determine retention periods and manage data disposal.
​
Data Retention Criteria:
1. Purpose Fulfilment:
- Operational Necessity: Personal data is retained as long as it is necessary to provide our services, enhance user experiences, and fulfil the purposes outlined in our Privacy Policy.
2. Legal and Regulatory Requirements:
- Compliance: Retention periods are determined based on applicable legal and regulatory requirements. This includes compliance with data protection laws, tax regulations, and other statutory obligations.
3. Contractual Obligations:
- Service Agreements: Personal data may be retained in accordance with our contractual obligations with users, partners, and service providers.
4. User Consent and Preferences:
- User Requests: Data retention periods may be adjusted based on user preferences, requests for data deletion, or consent withdrawal.​
​
Types of Data and Retention Periods:
1. Personal Information:
- Examples: Name, email address, contact details.
- Retention Period: As long as the user maintains an active account with ECOZE and for a reasonable period thereafter to comply with legal obligations or resolve disputes.
2. Profile Information:
- Examples: Profile photo, friend connections within the ECOZE platform.
- Retention Period: As long as the user maintains an active account with ECOZE and for a reasonable period thereafter.
3. Usage Data:
- Examples: App activity, preferences, settings, interaction history.
- Retention Period: For analytical and operational purposes, generally up to 36 months after collection, unless otherwise required for legal or regulatory compliance.
4. Sensor Data:
- Examples: Gyroscope data, accelerometer data, GPS location history.
- Retention Period: Retained for up to 12 months for performance analysis and optimisation, unless otherwise required for legal purposes.
5. Purchase Data:
- Examples: Online and in-store purchase details, product-specific data.
- Retention Period: Retained for up to 36 months for the purpose of providing accurate carbon footprint tracking and personalised recommendations.
6. Car Information:
- Examples: Car registration number, vehicle CO2 emissions data.
- Retention Period: Retained as long as the user maintains relevant features or services and for up to 36 months thereafter for analytical purposes.
7. Other:
- Examples: Feedback, survey responses, social interactions.
- Retention Period: Generally retained for the duration of the active account and up to 24 months thereafter for service improvement and analytical purposes.​​
​
Data Disposal and Deletion:
1. Automated Deletion:
- Scheduled Deletion: Personal data that is no longer necessary will be deleted or anonymized according to predefined schedules.
- User Requests: Upon verified user requests for data deletion, we will promptly delete or anonymize the requested data.
2. Manual Deletion:
- Verification: Personal data will be manually reviewed and deleted upon user request, ensuring compliance with their rights under data protection laws.
- Documentation: A record of deletion requests and actions taken will be maintained for audit and compliance purposes.
3. Anonymisation:
- Purpose: Where possible, data will be anonymised rather than deleted to allow for continued use in aggregate analytics and service improvement without compromising individual user privacy.
4. Secure Disposal:
- Methods: Secure methods are used to dispose of physical and digital data, ensuring that deleted data cannot be reconstructed or accessed by unauthorised parties.
- Service Providers: Any third-party service providers handling data disposal are contractually obligated to follow industry-standard data destruction practices.
​
Exceptions:
1. Legal Holds:
- Retention Extensions: Personal data subject to a legal hold or required for ongoing litigation, audits, or investigations will be retained beyond the standard retention periods until the hold is lifted or the matter is resolved.
2. Regulatory Requirements:
- Extended Retention: Certain data may be retained for longer periods if required by applicable laws, regulations, or judicial proceedings.
​
User Rights:
1. Access to Retention Information:
- Transparency: Users can request information about the retention periods for specific types of data by contacting our support team.
- Email: info@ecoze.app
2. Right to Erasure:
- Request Deletion: Users have the right to request the deletion of their personal data at any time, subject to legal and regulatory obligations.
- Process: Deletion requests can be submitted through the app settings or by contacting our support team.​