Privacybeleid

1. Introduction

Tapio ("Tapio", "We," "Us," or "Our") is committed to respecting the privacy of the individuals whose personal data We process ("You" or "Your") and to treating such data in the strictest confidence and in accordance with applicable law, including:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
• The Belgian law of 30 July 2018 on the protection of individuals with regard to the processing of personal data.

This privacy policy (the "Privacy Policy") is intended to inform You, in a transparent manner, about the data We collect, the purpose of its collection, how We use it, and the rights You have regarding the processing of Your personal data. This Privacy Policy applies to the processing of personal data in connection with all of the following services:

• Visiting Our website (tapio.eco);
• Using Tapio platform (app.tapio.eco);
• Engaging with Us in other related ways, such as through customer support, marketing, or events.

Please read this Privacy Policy carefully.

Should You have further questions, please do not hesitate to contact Us at [email protected].

2. Who is responsible for processing Your data

Tapio SRL is the data controller of Your personal data.

Tapio SRL
Avenue Louise 231
1050 Brussels – Belgium
[email protected]
BCE 0741.588.45

3. What data do We collect?

a) Website interactions (tapio.eco)

When You visit or interact with Our website (tapio.eco), We collect personal data via forms and other interactive features. We use this information primarily to communicate with You and potentially establish a further connection.

Depending on the Website section You use, We may collect:

• Identification and contact details: name, email, phone number, company name, job title;
• Recruitment information: CV, cover letter, LinkedIn profile;
• Analytics data: IP address, connection data, browser type/version. Information about "Cookies" can be found in Our Cookies Policy.

b) Tapio platform usage (app.tapio.eco)

When You create an account and use the Tapio platform to manage Your company's carbon footprint, We may collect:

• Account details: name, email, optional job title, LinkedIn profile, profile picture;
• Operational data: commuting distance estimate, city or ZIP code, travel data;
• Analytics data: IP address, browser type/version, operating system, time of the request;
• Usage data: platform activity logs, feedback forms, bug reports.

c) Contract management and client relationships

In the course of managing business relationships and contracts, We may collect:

• Contact details: name, email, phone number;
• Business information: company name, invoicing data.

d) Public professional profiles

We may collect and process publicly available (professional) data from social media platforms (such as LinkedIn) or similar online sources, including:

• Public profile information: name, current job title, employer, professional experience, education, skills, professional interests, profile link.

4. Why do We collect Your Data?

a) Website interactions (tapio.eco)

We collect Your personal data through Our website forms and interactive features to:

• Respond to Your demo requests
• Process Your registration to the Tapio Carbon Academy
• Communicate with You when You join the marketplace or contact Us
• Send You resources such as maturity assessments
• Register You for events and webinars
• Manage recruitment processes
• Send You Our newsletter (with an option to unsubscribe at any time)
• Analyse Your use of Our website to improve user experience via cookies and analytics tools

We also use cookies and similar technologies to enhance Your navigation and track user interactions. Please refer to Our Cookies Policy for further information.

In addition, We process data from Our social media channels (e.g., LinkedIn) to analyse audience behaviour, enhance outreach, and manage recruitment processes.

b) Tapio platform usage (app.tapio.eco)

We process Your personal data when You use the Tapio platform to:

• Create and manage Your user account
• Identify and connect You with Your colleagues within the platform
• Compute Your company's carbon footprint, including estimating commuting distances and travel data
• Monitor platform security and detect technical issues
• Gather Your feedback, bug reports, and suggestions to improve our platform
• Understand user behaviour for platform improvement via cookies and analytics tools

Additionally, aggregated and anonymized data may be used for benchmarking, statistical analyses, or machine learning purposes.

c) Contract management and client relationships

We process personal data to:

• Establish, execute, and manage contracts and business relationships
• Issue invoices and handle payment records
• Maintain operational continuity and track historical business information

d) Public professional profiles

We process this information to identify and evaluate potential candidates, collaborators, or partners, based on Our legitimate interest in developing Our professional network and recruitment efforts.

5. How do We justify the collection of Your data?

We process Your personal data based on the following legal grounds:

• Your consent — We may ask for Your specific consent to process Your personal data, for example when You register for an event or a training session, subscribe to our newsletter, or provide optional information on Your platform profile. You may withdraw Your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
• The performance of a contract or to take steps at Your request before entering into a contract — We need to collect and process some of Your data in order to provide You with Our services, respond to Your inquiries, manage Your user account, or fulfill Our contractual obligations. If You choose not to provide this data, it may prevent Us from delivering the requested service.
• Our legal obligations — We are required to collect and retain certain personal data to comply with legal requirements, such as accounting and tax obligations.
• Our legitimate interests, provided these are balanced with Your rights and freedoms — We have a legitimate interest in processing Your personal data to improve Our services, ensure the security of Our website and platform, manage customer relationships, process recruitment applications, develop Our professional network, respond to Your requests, detect and prevent fraud, and defend Our rights in case of disputes. We always take care to balance Our legitimate interests with the respect of Your privacy.

6. What are Your rights?

We wish to inform You that, in the context of the processing of Your data, You have the right:

• To obtain confirmation that We are processing Your data and to request a copy of that data at any time and free of charge. We may ask You for proof of identification before granting Your request.
• To request that We update Your data or correct data that You consider to be inaccurate or incomplete.
• To request that We delete Your data or restrict the way in which We use it if You consider that there is no or no longer any lawful basis for processing it.
• To withdraw Your consent to the processing of Your data (to the extent that the processing is based on Your consent).
• To receive a copy of the data You have provided to Us in a structured, commonly used and readable format and to pass that data on to another party (another data controller, to the extent that the processing is based on consent or contract).
• To object to the processing of Your data for which We use legitimate interest as a legal basis. In such cases, We will stop processing unless We have compelling legitimate grounds for doing so.

7. How long do We keep Your data?

We keep Your data for as long as necessary to achieve the purposes for which it is collected. The retention periods may vary from one processing operation to another, depending on the purpose and the legal basis for the retention periods.

8. How do We protect Your data?

We do everything in Our power to protect Your data in the best possible way. To do so, We have implemented strict access controls, encryption technologies, and data handling procedures to safeguard personal information from unauthorized access, disclosure, alteration, or destruction. Additionally, We conduct regular audits of both Our platform and website, as well as Our general internal processes, to ensure ongoing security.

Moreover, We carefully select service providers who meet Our security standards and follow best practices for data protection. We ensure that We are using the latest, most secure versions of software and platforms to minimize vulnerabilities and maximize the security of Your data. We are committed to continuously improving Our data protection practices and taking any necessary actions to maintain the highest level of security.

9. Are Your data shared with third parties?

Our staff members have access to Your data on a strictly "need to know" basis and for the purposes described above. In addition, they are subject to a strict obligation of confidentiality.

To help Us deliver, improve, and support Our Services, We also work with carefully selected third-party service providers ("processors") who process personal data on Our behalf. Each processor acts under a contract that ensures the protection and security of Your data and may only process it according to Our instructions.

We may therefore transfer Your data when necessary to:

10. Are Your data transferred outside the European Union?

We will transfer Your data to a country outside the European Union and European Economic Area only where that country provides a level of protection equivalent to that which You may enjoy in Your country of residence or to the extent permitted by applicable law, for example by ensuring the protection of data through appropriate contractual arrangements.

11. Updates and changes to the Privacy Policy

This Privacy Policy may be updated periodically to ensure compliance with applicable laws and to reflect changes in Our data processing practices or legal requirements. Updates will be published on this page, and where appropriate, We will notify you by email.

12. Contact Us and the Data Protection Authority

If You wish to exercise any of the rights set out above, report a problem with Our applications, require specific assistance or wish to send a comment, please contact Us by the means set out below:

• By e-mail: [email protected].
• By post: Avenue Louise 231, 1050 Brussels – Belgium.

You can also contact the Data Protection Authority directly and/or lodge a complaint:

• Rue de la Presse, 35, 1000 Brussels – Belgium.
• +32 (0)2 274 48 00.