Privacy Policy

Data controller

ONE TERRA ZERO IMPACT, S.L. a company with address in Carrer de Vara de Rey 17, Sant Antoni de Portmany, 07820, Balearic Islands, Spain and VAT number B02738680 (hereinafter, “Agora” or “Agora Climate”) is committed to protecting your personal data. This privacy policy (hereinafter, “Privacy Policy”) will inform you as to how we look after your company and personal data when you interact with our system (hereinafter, the “System”).

Contact Details[email protected]

 

Privacy Practices

Agora adheres to the following principles in order to safeguard your privacy, which align with the General Data Protection Regulation 2016/679 (referred to as “GDPR”):

  • We only gather the minimum amount of personal data required to deliver our Services.
  • We use your personal information solely for the purposes outlined in privacy policy, unless you provide your consent for any additional use.
  • We dispose of your personal data once it is no longer necessary.
  • Unless specified in this privacy policy, we do not disclose your personal information to any third parties.

 

Agora Services

Agora is a company that offers sustainability consultancy and the Agora System (hereinafter “Services”) to other companies or individuals (hereinafter, “Customers”). The Agora System offers a premium corporate carbon footprint calculation in all three scopes in a software as a service (SaaS) way. This means it checks on the Customer’s activity and its value chain activity and converts them into impact in terms of emissions. It also generates reduction plans for the short, medium and long term, in order to tackle highest emitting sources and reduce emissions to the minimum; and offers high quality emission offsets through our partners. The System also offers reports that Customers can share to their stakeholders to showcase their sustainability efforts.

 

Controller / Processor

Agora can be both a Controller and a Processor of personal data for the purposes of GDPR. For example, Agora will be the Controller of personal data when a Customer enters into a contract directly with us, for the processing of said Customer’s data. In the case of users who browse our website, Agora will be processor for the processing of data collected here, such as cookies (see “Cookies Policy”), or any data that is interesting to enjoy our content.

Example: if you are a user of our website and you need to access a particular service, such as accessing to the carbon offsetting portfolio, we will manage your personal data for the intended purpose.

 

Customers’ personal data

Since the service Agora provides is B2B, Customer’s data is mainly company data. However, we may ask for basic information from the company representative (employee or shareholder) that arranges the service contract, such as full name, work e-mail, identity number, etc. In the event that the company data requested included some information about its employees, such as residency post code or gender ratio, this would be shared in a totally anonymous way, meaning that it would not be possible for us to track down to specific employees personal data such as their names, e-mails, or contact information.

In the circumstance that you, as a person, represent your own company (i.e. freelancer) we may ask you for some additional personal information, such as working address, personal electricity/gas consumption bills, amongst others.

 

End users’ data collected by our System**

To provide our Customers with the necessary services, Agora‘s System collects the following information from End-Users:

  • Device data: We automatically collect device details such as device ID, model and manufacturer, operating system, version information, IP address, etc.

Should you wish to modify our access or permissions, you can do so via our System or through your device’s settings.

Agora assures that all necessary security measures have been implemented to prevent any unauthorized modification, loss, treatment, or access to the aforementioned information by third parties, which can be used for purposes other than those requested by the Customer.

 

End-user data collected by our Website.**

  • Provision of free digital content:
    • Data collected: email address, last name, first name, title.
    • Intended use: personalized delivery of the requested content.
  • Request for software demo or consultancy appointment: If you request an appointment for a web demo, we will use your data to contact you and arrange a demo date.

Storage period: we will only store your data for as long as it is necessary to achieve the intended purpose. If you do not become a customer, we will delete your data at the end of the our demo presentation or appointment.

 

Purposes and basis of the processing of your personal data under GDPR**

Agora processes your personal data:

  • To perform successfully our consultancy services.
  • To respond to your request for demos, contact, or additional information, whether as a Customer, provider, or End-User.
  • To draft, negotiate, or sign contracts or other agreements with you.
  • To ensure the security and presentation of our website or system (log files).
  • To fulfill the purposes established by our Customers – acting as data controllers – and following their instructions, as specified in the Data Processing Agreement (DPA) entered into between us and our Customers.

Please be assured that Agora does not process your personal data for its own purposes. We process usage and analytics information, as well as some statistical and aggregate data derived from personal data, for the improvement and further development of our services, in an anonymized manner.

If the Customer wishes to use any of the integrations provided by our System for different functionalities, the Customer must accept the respective terms and conditions and privacy policy of the providers, and the data will be processed for the purposes stated in those policies.

 

Legal Basis**

Your personal data is processed based on several legal bases in accordance with the GDPR, including your consent under Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR, for the performance of a contract under Art. 6 para. 1 lit. b) GDPR, for compliance with legal obligations under Art. 6 para. 1 lit. c) GDPR, or for legitimate interests under Art. 6 para. 1 lit. f) GDPR. The legal basis for processing your data depends on the specific purpose of processing:

  • Contacts: if you contact us through email or a contact form, the legal basis for processing your data is Art. 6 para. 1 lit. f) GDPR, we have a legitimate interest in processing your contact and assume that there are no conflicting interests on your part. However, if the contact is related to a contract or its performance, the legal basis is Art. 6 para. 1 lit. b) GDPR. If you give your consent, the legal basis for processing your contact is Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR, if applicable.
  • Contracts: we process your personal data under Art. 6 (1) lit. b) GDPR to perform or initiate contracts, including processing data on our System unless another processing purpose with a relevant legal basis applies. We also process your data in compliance with legal provisions, such as tax law, which is lawful under Art. 6 (1) c) GDPR. If a request doesn’t lead to a contractual relationship, we have a legitimate interest under Section 6 (1) (f) GDPR to retain request data for a limited time to assert legal claims or defend ourselves against lawsuits.
  • Security: when our website is accessed, the respective internet browser transmits usage data that is stored in log files (server log files). The stored data includes the accessed website’s name, the file, access date and time, amount of transferred data, successful access notification, browser type and version, user’s operating system, referrer URL, IP address, and requesting provider. We evaluate these log file data records to safeguard our website against attacks, identify and fix errors, and monitor server utilization, which is also our legitimate interest under Art. 6 para. 1 lit. f) GDPR.
  • Complaints: when you file a complaint through the designated channel, we process your personal data based on Art. 6 (1) lit. c) of the GDPR, which allows us to fulfill our legal obligations. This includes processing the data using our System and website.
  • Video calls: if you participate in a video call with our team that is recorded, we rely on your consent as the legitimate basis for processing your personal data.

 

Security**

Agora employs cutting-edge security measures to prevent unauthorized access, maintain data accuracy, and ensure information is used correctly. We also implement appropriate organizational measures to safeguard your information, even when collaborating with business and technology partners. We carefully select processors and third parties who utilize suitable security measures and provide ample guarantees, including technical and organizational measures, to protect the data we entrust with them. Our employees are bound by a Non-Disclosure Agreement or clause related to their employment, and we have established internal processes such as regular training and frequently updated policies to ensure the availability and resilience of our systems and services.

 

Personal data sharing

Agora processes data within the European Union (EU) or in a third country that the European Commission has deemed to have adequate security measures in place. All data is hosted in the EU and stored in the EU-West1 region of Amazon Web Services (AWS) located in Frankfurt. Service providers that process your data have entered into binding agreements that comply with the lawfulness of third country transfers. Government agencies and administrations may receive your data if legally required, and service companies like tax advisors or lawyers may also receive your data. Occasionally, we may need to transfer your data to third parties in order to fulfill your request, such as booking a meeting with us.

 

Retention period

We hold personal data for varying durations based on factors such as the type of data, contractual obligations with our Customers, legal requirements, and other relevant considerations. Generally, we will cease processing your data if you are no longer our client. If there is no legal or contractual obligation to retain your data, we will delete it. However, if we must retain your data to fulfill a contractual or legal obligation, or to settle disputes or enforce our rights, we will restrict access to the data to specific individuals or roles. When it comes to data provided for a complaint, we will store it only for as long as necessary and appropriate to comply with the requirements of the Whistleblowers Directive. After that, we will securely delete the data without any obligation to block it.

 

Your rights according (GDPR)

Under the GDPR, you possess certain rights regarding the processing of your personal data:

  • Right to be informed: You have the right to receive clear, transparent, and easily understandable information about how we use your personal data and about your rights.
  • Right of access: You have the right to access your personal data.
  • Right to rectification: You have the right to rectify your personal data if it is inaccurate or incomplete.
  • Right to erasure: You have the right to request the deletion or removal of your personal data where there is no compelling reason for us to keep using it. However, this is not an absolute right to erasure, and exceptions apply.
  • Right to restrict processing: You have the right to ‘block’ or suppress further use of your personal data. When processing is restricted, we may still store your personal data, but we may not use it further.
  • Right to data portability: You have the right to obtain and reuse your personal data for your own purposes across different services.
  • Right to object to processing: You have the right to object to certain types of processing.
  • Right to lodge a complaint: You have the right to lodge a complaint about how we handle or process your personal data with your national data protection authority.
  • Right to withdraw consent: If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time.
  • Right not to be subject to automated-decision making: You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal (or similarly significant) effects to you.

Agora generally acts on requests and provides information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information for baseless, excessive, or repeated requests, or for further copies of the same information.

You can communicate with us and exercise your rights by sending written communication to the following e-mail address: [email protected]. However, in some cases, we may refuse the request if you ask for the deletion of data that is necessary for fulfilling legal obligations.

 

Changes to this Privacy Policy

We retain the right to modify this privacy policy in order to align with advancements in product and service development, evolving industry standards, or new regulations. If any alterations are significant in nature, we will make an effort to notify you.

Last update: February 15th, 2023