Privacy Notice (UK)

Last updated: 5 April 2024

1. Who are we?

This is the Privacy Notice for GoCodeGreen, a fintech on a mission to support companies in their sustainable software engineering journeys through the provision of accurate carbon footprint measurement, baselining and action recommendations.
A user can use the GoCodeGreen software calculation model to receive estimated carbon footprints for both the build and run elements of their software product, website or application platform. We will provide a rating for the software assessed when the user selects to use our premium service (referred to in this policy as our “service” or “services”) and also include a recalculation once they have taken actions to reduce their carbon footprint. We also intend to promote sustainable software engineering through our advocacy and education programmes.

GoCodeGreen is owned and operated by GoCodeGreen Limited with a registered address at 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, and company number 13415138. When we refer to our trading name “GoCodeGreen” or “we”, “us” or “our” in this policy, we are referring to GoCodeGreenLimited.

We are the data controller for the information we collect from you, or you provide to us, meaning that we will determine the purposes and methods that your personal data is processed.

2. Purpose of this Privacy Notice

This Privacy Notice intends to provide you with information about how we, as a data controller, may collect and process information we collect from you, or that you provide to us in accordance with applicable data privacy laws. We want you to be confident that when you use the GoCodeGreen platform and services, you understand what personal information we are collecting, how we are using it , and how we are keeping it safe. "Personal data" is any information that can be used to identify you or that we can link to you.

3. Getting in touch

If you have any questions, comments or suggestions relating to this Privacy Notice, you can reach us at privacy@gocode.green , or write to us at: FAO Data Protection Officer, GoCodeGreen Limited, 71-75 Shelton Street, Covent Garden, London WC2H 9JQ.

If you have any concerns, or if you have any unresolved privacy issues, you have the right to lodge a complaint with the relevant supervisory body, which in the UK is the Information Commissioner's Office (ICO). We welcome the chance to deal with any concerns in the first instance and would love you to get in touch.

4. When this Privacy Notice applies

This Privacy Notice applies when you use the GoCodeGreen Services (including the GoCodeGreen website, or any other online service created or hosted by us from time to time on which this Privacy Notice appears).

Additionally this Privacy Notice applies :
• where you apply to us for a job or work placement;
• your supply of services to us where this involves any personal data; and/or
• to any personal information collected from third parties where we are the controller of such information.

5. How is your personal data collected?

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your personal data by filling in forms or by corresponding with us in person, by email, by phone, by post or otherwise. This includes personal data you provide when registering to use our service.
  • Automated technologies or interactions. As you interact with our website, we may automatically collect Technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see section 12 on Cookies for further information.
  • Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources, for example, analytics providers such as Google, or Social Media Platforms. For more information see section 7: ‘Analytics and advertisements’. Any information gathered through these channels will be governed by the privacy settings, policies, and/or procedures of the applicable platform, which we strongly encourage you to review

6. How we use your personal data

We use your personal data only when it is required. This includes:
  • Contract - Where we need to perform the service you have signed up for, for example the use of the GoCodeGreen website.
  • Consent - Where we have your prior consent to use your personal data (for example, where you have consented to receiving marketing).
  • Legitimate Interest - Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
  • Legal - Where we have a legal or regulatory responsibility to do so.

Below is a table of our intended use of your personal data, our lawful basis for processing it in this way, and the types of data we will process in order to fulfil this purpose. Wherever possible we will not process your data, however we may not be able to do some or all of these things below without doing so.

If at any time we intend to change the purpose for which we hold your personal data, for example to offer you with a complimentary service that we may provide in the future, we will give you prior information of that new purpose so you are aware of this.

Purpose / activity 

Our lawful basis for processing  this data

Type(s) of Data we use for  this purpose

To register you to use the  GoCodeGreen Service 

Contract 

Registration Information

To manage our  

relationship with you  (including notifying you  about changes to our  terms and conditions or  this privacy policy)

Contract; Legal obligation 

Email address

To understand our user  base better

Legitimate interests (to understand our  user demographic and what users want  to get out of our service)

Registration Information, Additional  Personal Information

To create anonymised  and aggregated market  research

Legitimate interests (to communicate  the behaviour of groups of consumers  to people and organisations that want to  understand spending behaviour and  who are members of GoCodeGreen)

Anonymised and aggregated  Registration information, Account  and Transactional information and  Technical information

To carry out our  

obligations arising from  any contracts entered into  between you and us.

Contract

Email Address, registration  

information, Additional Personal  Information

To facilitate our internal  business operations,  including to fulfil our legal  or regulatory  

requirements and to  maintain and update our  records

Contract, Legal obligation

Email Address, registration  

information, Additional Personal  Information


For our business  

purposes, including data  analysis, submitting  

invoices, detecting,  

preventing, and  

responding to actual or  potential fraud, illegal  activities, or intellectual  property infringement.

Contract, Legal obligation

Email Address, registration  

information, Additional Personal  Information

To provide user support  and technical instructions  regarding your account

Contract

Registration information, Account  and Transactional information and  Technical information


To monitor and improve  our services

Legitimate interests (to track the use of  our service and identify areas where we  can improve service performance or  service functionality. This includes  business and technical improvements)

Registration information, Technical  information, Additional Personal  Information

To provide you on an  ongoing basis with  

information and services,  including relevant  

marketing  

communications related  to GoCodeGreen, and  other information or  materials

Consent

Registration information, Technical  information, Additional Personal  Information

Use of necessary,  

functional and analytical  cookies

Legitimate interests (in operating our  website); Consent 

Technical information

As we believe reasonably  necessary or appropriate  to: comply with our legal  

obligations; respond to  legal process or requests  for information issued by  government authorities or  other third parties; or  protector your, ours, or  others rights.

Legal 

As required by law

7. Analytics and advertisements

As with most companies, GoCodeGreen engages with third party providers for analytics and advertising information. Any information gathered through these channels will be governed by the privacy settings, policies, and/or procedures of the applicable platform. Below are some of the main analytics and advertising partners GoCodeGreen uses, along with information about how you can review and/or opt out of their services.

Analytics
We use third party analytics providers, including Google, Amplitude and others, to collect information about the usage of our online services and enable us to improve how these online services work. The information allows us to see the overall patterns of usage across our services, helps us record any difficulties you have with our services, shows us whether our advertising is effective or not, and allows us to use responses to advertisements to optimise ad performance.
Google Analytics, Amplitude and others use cookies and other similar technologies to collect information about the usage of our online services and to report website and mobile application trends to us, without storing any personal data on external third-party analytics provider platforms.

You can opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout

Personalised and behavioural advertising
We may sometimes participate in third party advertising partners (such as Google, YouTube, Facebook) in marketing and behavioural targeting programs.
These services allow us and our partners to display ads that are likely to be more relevant (such as behavioural or targeted ads that are based on information about your browsing history). This activity is performed by tracking usage data and by using cookies to transfer information to the partners that manage the marketing and behavioural targeting activity.

For opting-out of ads served by Google, visit https://support.google.com/ads/answer/2662922?hl=en
For opting out of a range of advertising networks, visit http://optout.networkadvertising.org

Facebook
We may sometimes participate in Facebook.com's Custom Audience program which enables us to display personalised ads to persons on our email lists when they visit Facebook.com. We do not share any of your personal information with Facebook. The Customer Audience Tool lets us convert your email address to a
unique number that Facebook uses to match to unique numbers Facebook generates from emails addresses of its users. You may opt-out of participation in our Facebook Custom Audience by sending an email, from the email address you are opting out of, to the email address provided in our contact information below.
We may also use a piece of code called the Facebook pixel, which allows us to track how you are using our website. The pixel allows us to measure the effectiveness of our advertisements, analyse the effectiveness of our services, and optimise what ads you see from us.
You can manage what advertising from Facebook by logging into Facebook and
going to https://www.facebook.com/settings/?tab=ads#_.

8. Disclosure of Your Information

In order to provide you with your service, and to maintain our business activities,
we may exchange your personal data in the following ways.

  • To third-party service providers (data processors) contracted to GoCodeGreen. These companies are authorised to use your personal information only as necessary to provide these services to us, and via contractual agreements that establish their responsibilities to protect your data;
  • To regulators, authorities or bodies who require reporting of processing activities in certain circumstances. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud;
  • To professional advisers, including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
  • Anonymous statistical information about users of our websites and related usage information to reputable third parties, including analytics and search engine providers.
  • To any other third party with your prior agreement to do so, where such agreement will be recorded by us, and retained in line with our data retention policy, and include the purpose, frequency and duration of the information sharing.
When such third parties no longer need your personal data to fulfil this service, they will dispose of such details in line with GoCodeGreen’s procedures unless they are themselves under a legal obligation to retain information (provided that this will be in accordance with applicable data privacy laws). If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your consent, unless we are legally required to do otherwise.
We own the database rights in the information collected via our online services. We do not sell, rent, or otherwise share information that reasonably identifies you or your organisation with unaffiliated entities for their independent use except as expressly described in this Privacy Notice or with your express prior permission.
We may share information that does not reasonably identify you or your organisation as permitted by applicable law.

9. International Data Transfers

Where you are submitting personal data from within the European Economic Area (“EEA”), such information may be transferred to countries outside the EEA.
By way of example, this may happen if one or more of our third party service providers with whom we share personal data in accordance with section 8 (Disclosure of your information) are located, or have their servers located, outside
your country or the country from which the data were provided.

If we transfer your information outside the EEA in this way, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
  • The country has been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
  • If we use certain service providers based out-with the EEA, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
  • If we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

10. Retention of your data

We retain the information we collect no longer than is reasonably necessary to fulfil the purposes that such data was originally collected in accordance with our internal data retention polices or to comply with our legal and regulatory obligations. The table below sets out the length of time we retain your personal data:

What personal data? 

How long do we keep it and why?

Data we collect through Google Analytics  

IP address, location, browser type, device used,  operating system, pages accessed and date / time  of access.

38 months to be able to track how users are using  our website over time, as the website changes, in  order to optimise the content we provide and  marketing we do

Data Facebook collects through your use of our  Facebook page

2 years to track how users are using our Facebook  page over time, in order to optimise the content we  provide and marketing we do

Data we collect through Facebook pixel Information  about website and application browsing, activity,  history, and device information

2 years to track response to our Facebook  promotions, optimise the Facebook advertising we  do


Data we collect when you contact us 

1 year so we can respond to requests and follow  up requests

Transaction data when you register your bank  account

13 months to allow us to model to businesses the  effects of making sustainability investments

Data we collect through Amplitude  

Information about website and application  browsing, activity, history, and device information

2 years to be able to track how users are using our  website over time, as the website changes, in order  to optimise the content we provide and marketing  we do

Data we collect through Branch  

Information about device, browsing, activity, history.

2 years to be able to understand how users are  engaging with our product.

Data we collect through OneSignal  

Information about device, browsing, activity, history.

2 years to be able to understand how users are  engaging with our product.

11. Security

Security of your personal information is important to us and we follow generally accepted industry standards and best practices to protect your information at all times.

What personal data? How long do we keep it and why? Data we collect through Google Analytics IP address, location, browser type, device used, operating system, pages accessed and date / time of access. 38 months to be able to track how users are using our website over time, as the website changes, in order to optimise the content we provide and marketing we do Data Facebook collects through your use of our Facebook page 2 years to track how users are using our Facebook page over time, in order to optimise the content we provide and marketing we do Data we collect through Facebook pixel Information about website and application browsing, activity, history, and device information 2 years to track response to our Facebook promotions, optimise the Facebook advertising we do Data we collect when you contact us 1 year so we can respond to requests and follow up requests Transaction data when you register your bank account 13 months to allow us to model to businesses the effects of making sustainability investments Data we collect through Amplitude Information about website and application browsing, activity, history, and device information 2 years to be able to track how users are using our website over time, as the website changes, in order to optimise the content we provide and marketing we do Data we collect through Branch Information about device, browsing, activity, history. 2 years to be able to understand how users are engaging with our product. Data we collect through OneSignal Information about device, browsing, activity, history. 2 years to be able to understand how users are engaging with our product.

We store information in access controlled premises or electronic databases requiring logins and passwords using best in class technology and practices. All employees, officers or contractors of GoCodeGreen and third party providers with access to confidential information are subject to access controls and confidentiality obligations, and we require our third-party data storage providers to comply with appropriate information security industry standards.

Whilst we continually strive to ensure that our systems and controls are updated to reflect technological changes, the transmission of information via the internet is not completely secure, and as such we cannot guarantee the security of your data transmitted to our online services which is at your own risk.

If you communicate with us using a non-secure web platforms, you assume the risks that such communications between us are intercepted, not received, delayed, corrupted or are received by persons other than the intended recipient. Once we have received your information, we will take reasonable steps to use procedures and security features to try to prevent unauthorised access, modification or disclosure. You can help us to keep your information secure by ensuring that any username or password in relation to our online services is kept strictly personal to you and not be made available to any other person.

You should stop using your username and password and notify us immediately if you suspect that someone else may be using your user details or password.

12. Cookies Policy

Our website and services delivered online use cookies and other similar technologies, for example, to distinguish you from other users when you browse our websites or use our online services and to allow us to improve our online services.

13. Online services - Links to third party sites, services and
content

In addition to our online services, which we control directly, we also use and provide links to websites which are controlled by third parties, which may include:
• Twitter, LinkedIn, Instagram and YouTube, where we have certain GoCodeGreen accounts and profiles.
• Facebook, where we have a social page.

If you use or follow a link to any of these third-party websites, please be aware that these websites have their own privacy policies and that we cannot accept any responsibility for their use of information about you.

Our online services may include integrated content or links to content provided by third parties (such as video materials). This Privacy Notice does not address the privacy, security, or other practices of the third parties that provide such content.

14. Your rights

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data personal data:
• Access to your information (Data Subject Access Request)
• Request correction of your personal data
• Request deletion of your personal data
• Object to processing of your personal data
• Request restriction of processing your personal data
• Request transfer of your personal data
• Right to withdraw consent
• Right to review by an independent authority

If you would like to exercise any of the rights set out in this section, please contact us at privacy@gocode.green

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). Depending on the nature of the request, we may be required to verify the identity of those who make a request to us, we will accept the following forms of ID when information on your personal data is requested: Passport, Driving licence, Birth certificate, Utility bill dated within the last 3 months.

We may refuse to provide access where we have legitimate reasons for doing so under applicable data privacy laws, and in exceptional circumstances may charge a fee for access if the relevant legislation allows us to do so, in which case we will provide reasons for our decision.

We try to respond to all legitimate requests within 30 days. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Please note that where you withdraw your consent we will no longer be able to provide you with the products or services that rely on having your consent.

15. Changes to this privacy notice

Your provision of personal data to us or use of our online services constitutes your acceptance of the terms of this Privacy Notice.

As technologies and information governance practices develop, and data privacy laws (and surrounding guidance) evolve, we may need to revise this Privacy Notice. You should therefore review this page regularly to ensure that you are aware of any changes to its terms.

We will post any Privacy Notice changes on this page and, if the changes are significant or may materially impact upon your rights, we will provide a more prominent notice or contact you by other means (including, for certain services, email notification of Privacy Notice changes).

16. Further information

To find out more about GoCodeGreen please visit https://gocode.green