Privacy Policy

1. Introduction

SustainCERT SA ("SC,") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, and share your information when you visit our website, use our services, or interact with us in any way.
By using our website or services, you agree to the terms of this Privacy Policy. If you do not agree, please refrain from using our website and services.

2. Who We Are

SC is a leading sustainability impact verification company that specializes in providing digital verification solutions for climate and sustainability claims. Our mission is to enable companies to credibly measure, report, and verify their impact in alignment with recognized standards and frameworks. We work with businesses, project developers, and sustainability stakeholders to ensure that climate actions are measurable, transparent, and accountable.

3. Information We Collect

We collect various types of personal data to provide and improve our services. The categories of personal data we may collect include:

3.1 Personal Data You Provide

Identity Data: Name, username, organization, and job title.
Contact Data: Email address, phone number, and postal address.
Financial Data: Payment details (e.g., credit card, bank account information).
Transaction Data: Records of payments and purchases made through our services.
Marketing Preferences: Your choices regarding receiving marketing communications.

3.2 Data Collected Automatically

We collect certain data automatically when you interact with our services, such as:

Technical Data: IP address, device type, browser type, operating system, referral URL, and access timestamps.
Usage Data: Pages visited, time spent on our website, and interactions with our services.
Cookies and Tracking Technologies: See our [Cookie Policy] for more details.

3.3 Data from Third-Party Sources

We may receive personal data from:

Service providers (e.g., analytics providers, payment processors, and IT support services).
Public sources and social media platforms.

4. How We Collect Information

We collect personal data:

Directly from you: When you interact with our website, sign up for services, or contact us.
Automatically: Using cookies and tracking technologies (see our Cookie Policy for details).
From third parties: Such as analytics providers and payment processors.

5. How We Use Your Information

We use your personal data for the following purposes:

To provide and manage our services.
To process transactions and payments.
To improve and customize our services.
To communicate with you regarding updates, changes, or inquiries.
To send marketing and promotional communications (with your consent).
To comply with legal and regulatory obligations.
To protect the security and integrity of our services.

6. Legal Basis for Processing

SC processes personal data based on the following legal grounds:

Contractual Necessity: When processing is required to fulfil our contract with you.
Legitimate Interests: For purposes such as service improvement, security, fraud prevention, and ensuring efficient communication.
Consent: When you have given explicit permission (e.g., marketing communications). You can withdraw your consent at any time, without affecting the lawfulness of processing based on consent before such withdrawal.
Legal Obligation: To comply with applicable laws and regulations.

7. Statutory or Contractual Requirements

Certain personal data (e.g., name, email, payment information) is required to enter into or perform a contract with SustainCERT. Failure to provide such data may make it impossible for us to deliver our services. In other cases, providing data is optional, but may affect your user experience or service access.

8. Sharing and Disclosure of Data

We do not sell your personal data. However, we may share your data in the following circumstances:

With Service Providers: We engage third-party vendors (e.g., payment processors, cloud providers) to support our operations.
With Clients (e.g., verification bodies or other stakeholders engaged through our platform) when necessary to perform contractual or certification functions
For Legal Compliance: If required by law, we may disclose your data to authorities.
For Standards Compliance: If and as required by Standards (e.g. Verra, Gold Standard, UNFCCC), we may disclose your data to those Standards.
In Business Transfers: In case of mergers, acquisitions, or asset sales, your data may be transferred.
With Your Consent: We will share data if you explicitly agree to it.

All recipients are bound by confidentiality and data protection obligations.

9. Automated Decision-Making

We do not use your personal data for automated decision-making, including profiling, that produces legal or similarly significant effects on you. If such practices are introduced in the future, you will be notified and provided with the option to object or opt out.

10. International Data Transfers

Your data may be transferred outside the European Economic Area (EEA), and as such, we adopt appropriate safeguards, such as:

Standard Contractual Clauses (SCCs)
Binding Corporate Rules (BCRs)
Adequacy decisions adopted by the European Commission

11. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, accounting, or reporting obligations. Retention periods include but are not limited to:

Account and transaction data: up to 10 years after account closure.
Marketing data: until consent is withdrawn or the data becomes inactive.
Financial data: up to 10 years as required by tax and financial regulations.
Legal or regulatory data: for the duration mandated by applicable laws.

When data is no longer needed, it will be securely deleted or anonymized.

12. Data Security

SustainCERT is committed to protecting your personal data through the implementation of robust security measures designed to prevent unauthorized access, misuse, alteration, or disclosure. We employ industry-standard security protocols and continuously improve our safeguards to enhance data protection. While we take reasonable steps to safeguard your data, SustainCERT cannot guarantee that Personal Data stored or sent to SustainCERT will be completely safe and encourages you to use caution. To the maximum extent allowed by applicable law, you agree and acknowledge that SustainCERT will not be liable or responsible if any information about you is intercepted, accessed, and/or used by an unintended recipient.

If you suspect a security breach, please contact us at security@sustain-cert.com.

13. Your Rights (GDPR Compliance)

As a data subject under GDPR, you have the following rights:

Access: Request a copy of your personal data.
Rectification: Request corrections to inaccurate data.
Erasure: Request deletion of your personal data.
Restriction: Request limited processing of your data.
Portability: Request transfer of your data to another provider.
Objection: Object to data processing based on legitimate interests or direct marketing.
Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
Complaint: Lodge a complaint with a relevant supervisory authority.

To exercise your rights, contact us at privacy@sustain-cert.com.

14. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. For more details, please refer to our [Cookie Policy].

15. Changes to This Policy

We may update this Privacy Policy periodically. Any changes will be posted on this page with an updated revision date.

16. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, you may contact us at:

SustainCERT SA
Registered Address:
SustainCERT SA,
33, Boulevard Prince Henri,
L-1724, Luxembourg

Email: privacy@sustain-cert.com
Website: www.sustain-cert.com

Last Updated: June 2025