TAPIO SRL of 231, Avenue Louise, 1050 Brussels, Belgium (TAPIO, we, us or our) is a b2b focused company offering an all-in-one carbon strategy platform. TAPIO also has a b2c product that offers a carbon offset subscription to individuals.
TAPIO operates on the internet site www.tapioview.com.
In order to provide you with our services, we need certain information about you (including personally identifiable information – information that identifies you personally). This Privacy Policy explains what information we collect about you for what purpose and what we use it for. It also explains what rights you have with regard to the data processing operations affecting you. Additionally, any concerns and questions you may have in the handling of your data can be directed to our Data Protection Officer, who’s direct contact is at the bottom of this privacy notice.
You can obtain more information on the protection of personal data from the Privacy Commission (https://www.privacycommission.be) :
Data protection authorities
Rue de la Presse 35
1000 Bruxelles
Tél.: +32 2 274 48 00
E-mail: commission@privacycommission.be
1. Purpose of our Policy
- TAPIO SRL of 231, Avenue Louise, 1050 Brussels, Belgium (TAPIO, we, us or our) provides the services offered on the website www.TAPIOVIEW.COM (TAPIO).
- For the purposes of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”), we are the data controller. You can contact our Data Protection Officer:
by post:
TAPIO SRL
Avenue Louise 231
1050 BrusselsBy email:
pierre@tapioview.com - We have adopted this Privacy Policy to ensure that we have standards in place to protect the data that we collect about individuals and companies that is necessary and incidental to:
- Providing the TAPIO website and services we offer; and
- The normal day-to- day operations of our business.
- By publishing this Privacy Policy we aim to make it easy for our users, customers and the public to understand what data we collect and store, why we do so, how we receive and/or obtain that information, and the rights an individual has with respect to their data in our possession.
2. The information we collect
- First, your data is captured because you communicate it to us. Besides, in the course of business it is necessary for us to collect data. This information allows us to identify who an individual is for the purposes of our business, share data when asked of us, contact the individual in the ordinary course of business and transact with the individual. Without limitation, the type of information we may collect is:
- Personal Information. We may collect personal details such as an individual’s name, location, date of birth, nationality, family details and other information that allows us to identify who the individual is;
- Contact Information. We may collect information such as an individual’s email address, telephone number, third-party usernames, residential, business and postal address and other information that allows us to contact the individual;
- Financial Information. We may collect financial information related to an individual such as any bank or credit card details used to transact with us and other information that allows us to transact with the individual and/or provide them with our services;
- Device Information. We collect device-specific information, such as the hardware model, operating system version, advertising identifier, unique application identifiers, unique device identifiers, browser type, language, wireless network, and mobile network information (including the mobile phone number); and
- Communication Information: We may collect information exchanged by post, email, via the site or any other communication means with a user.
- Anonymized company data collection. As part of using TAPIO’s services, the user will submit data about their company in order to calculate their environmental footprint. This data, such as business transport types used and energy consumption, is collected and stored by TAPIO in an anonymous manner.
- Cookies. For the provision of our services and to make our offer more user- friendly, effective and secure, we also use cookies for data collection and storage. Cookies are small data packets that are stored on your device and do no harm. We collect cookies in the following categories:
- Technical cookies: They help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
- Preference cookies: They enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
- Statistical cookies: They help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
- Marketing cookies: They are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user.
We may collect certain information by other automated means using technologies such as web beacons, pixels, browser analysis tools, server logs, and mobile identifiers. In many cases the information we collect using other tools is only used in a non-identifiable without reference to personal information. For example, we may use information we collect to better understand website traffic patterns and to optimize our website experience. In some cases, we associate the information we collect using cookies and other technology with your personal information. Our business partners may also use these tracking technologies on the site or engage others to track your behavior on our behalf.
- We may collect other data about an individual, which we will maintain in accordance with this Privacy Policy.
- You hereby grant your express consent that we may collect the data according to this clause 3, subject to the other regulations of this Privacy Policy.
- The table below lists more precisely what data we collect, for what purpose and on what basis.
Which data? | Which purpose? | Which legal basis? |
---|---|---|
Contact data, last name, first name, e-mail address, phone number | * Identification * Security * Performance of contract * Marketing |
* Art. 6, 1., a) GDPR * Art. 6, 1., b) * Art. 6, 1. C) * Art. 6.1., f) |
Financial data | * Performance of contract | * Art. 6, 1., b) |
Contractual data | * Performance of contract | * Art. 6, 1., b) |
Interaction data | * Performance of contract * Continuous optimization of the site, the services, and the advertising |
* Art. 6, 1., b) * Art. 6.1., f) |
Utilisation data | * Continuous optimization of the site, the services, and the advertising | * Art. 6.1., f) |
3. How information is collected
- Most information will be collected in association with an individual’s use of our website and services, an enquiry about TAPIO or generally dealing with us. However, we may also receive data from other sources such as advertising, an individual’s own promotions, public records, mailing lists, contractors, staff, recruitment agencies and our business partners (such as Facebook or Twitter). In particular, information is likely to be collected as follows:
- Registration /Subscriptions/Purchases. When an individual registers, subscribes and/or purchases a service, list, account, connection or other process whereby they enter data details or grant access to information in order to receive or access something, including a transaction or services;
- Accounts/Memberships. When an individual submits their details to open an account and/or become a member with us;
- On this website we use the ‘pixels’ of Facebook and Linkedin (called ‘Linkedin Insight Tag’). These pixels connect to Facebook and Linkedin servers when you visit our website. These pixels can transmit data such as the IP address, browser type/ version, operating system, page previously visited, host name of accessing device and the time of the request. This makes it possible for Facebook and Linkedin to identify the users of our website, and to display the targeted advertising to those users interested in our website. We can use the pixels to assess the effectiveness of our advertisements. If data is processed outside the EEA, where no data protection level according to the European standard exists, the EU-US Privacy Shield shall apply: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO You can object to the collection by the Facebook pixel and use of your data here: https://www.facebook.com/settings?tab=ads. You can disable Linkedin Insight Tag from your account by going to ‘Settings & Privacy’ > ‘Ads’ > ‘Interactions with Businesses’ and selecting ‘No’: https://www.linkedin.com/psettings/advertising/actions-that-showed-interest
- You hereby grant your express consent that we may collect the data according to this clause 4.
4. How data is stored
- The data that we collect from you may be transferred to partners and stored at a destination outside the European Economic Area (EEA). We rely on the fact they participate in the EU-US and Swiss-US Privacy Shield frameworks.
- Our provider of the platform automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are browser type and browser version, operating system used, referrer URL, host name of the accessing computer, time of the server request and the IP address.
The data is for data security and error analysis only. A merge of this data with other data sources will not be done.
- Most of the cookies we use are so-called “session cookies”. They will be deleted automatically at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, and enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of our website.
- You can register on our platform to use our services. We only use the data entered for the purpose of using the respective offer for which you have registered. The mandatory information requested during registration, such as name and email address, must be provided, otherwise the registration cannot be completed.
For important changes such as the scope of the offer or in case of technical changes, we use the email address given at registration to inform you in this way. The data collected during registration will be stored by us as long as you are registered for our services and will subsequently be deleted.
- By submitting your personal data, you agree to this transfer, storing or processing according to this clause 5, provided always that we shall safeguard compliance with the respective applicable data protection laws.
5. How long is the data stored?
- We process the data concerning you for as long as you continue to use our services. When you cease to be a user, the length of retention will depend on the type of contractual relationship you had with us, as well as the type of data.
- If you have never been a customer per se, i.e. if you have never signed an agreement with us, we will be able to delete all your data on request. We will automatically delete your data after 2 years.
- If you have been a customer, we will keep all your contact and contractual data for a period of 5 years (prescription period) after the end of the contract.
- Finally, we may retain your personal data for longer if you have given your consent or if it is necessary for us to do so in connection with legal proceedings. Naturally, we make every effort to ensure that we do not have to provide your data to a court of law as evidence.
6. When data is disclosed
- It may be necessary for us to disclose an individual’s data to third parties in a manner compliant with the GDPR and other similar applicable laws (e.g. the authorities) in the course of our business, such as for processing activities like website hosting.
- We will not disclose or sell an individual’s data to unrelated third parties under any circumstances,.
- There are some circumstances in which we must disclose an individual’s information:
- Where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a governmental authority should be made aware of;
- As required by any law (including the GDPR and other similar applicable laws) including court orders; and/or
- In order to sell our business (as we may transfer data to a new owner).
- We will not disclose an individual’s data to any entity that is in a jurisdiction that does not have a similar regime to the GDPR or an implemented and enforceable privacy policy similar to this Privacy Policy. We will take reasonable steps to ensure that any disclosure to an entity will not be made until that entity has agreed in writing with us to safeguard data as we do.
- We may partner with or utilize third-party service providers (such as Gmail from Google, Inc) to communicate with an individual and to store contact details about an individual. These service providers may be located outside the EEA, including the United States of America.
- If the Company gets involved in a merger, asset sale, financing, liquidation or bankruptcy, or acquisition of all or some portion of the business to another company, we may share information with that company before and after the transaction closes.
- You hereby grant your express consent that we may disclose the data according to this clause 7.
7. Third Party Services, websites and accounts
- We may share an individual’s information with third parties for the processing and storage of certain personal information. For example:
- all information may be processed and stored with cloud service providers (such as Amazon Web Services);
- all payment information shall be provided to and processed by a payment gateway (such as Stripe).
- all personal information for the purposes of sales and marketing shall be stored and processed on a CRM software (such as Odoo).
- We use Google Analytics,which is a web analysis tool of Google LLC. The cookies generate data on the following user behvaior:
- The pages visited
- Time spent on individual pages
- Clicks & pointer activity
- General location such as country
- A compressed form of the IP address
- Browser specifications(for example which browser is being used)
- Screen resolutions(to specify whether it may be desktop of mobile activity)
- Source of the visit(external link or organic Google search)
This information is used by Google to compose reports and create user behavior/activity patterns. The IP address of individual visitors is not combined with other data. You may further consult the privacy policy of Google directly here: https://policies.google.com/privacy. After a period of 14 months the personal data is deleted or made anonymous. The data that is recorded is stored on a Google server in the United States. If site visitors wish to revoke their consent, we invite them to contact our Data Protection Officer directly.
- We use Hotjar, which is a web analysis service of Hotjar Ltd. They utilize cookies that get stored in the cache of visitors web browsers with the objective of creating an overview of how visitors use our website. The cookies used by Hotjar can generate the following information:
- Which pages are visited
- Specifically which elements of the page are clicked
- Browser specifications(for example which browser is being used)
- Screen resolution(to define whether it is a mobile or desktop)
- The IP address & user ID in the form of a Hotjar tracking ID
We use Hotjar in the objective of analysing the user behavior’s on our site so that we may better their general experience. The information recorded by Hotjar is collected and stored anonymously. The data that is recorded is stored on a Hotjar server in Ireland. Data stored anonymously will be stored indefinitely for as long as required to complete the aforementioned objectives. You may further consult the privacy policy of Hotjar directly here: https://www.hotjar.com/legal/policies/privacy. If site visitors wish to revoke their consent, we invite them to contact our Data Protection Officer directly.
- We recommend that you read the privacy policies of third-party service providers so you can understand the manner in which your personal information will be handled by these providers.
- In particular, remember that certain service providers may be located in or have facilities that are in a different jurisdiction (including outside the EEA). So, if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
- We may link your account with a third party (such as Facebook, LinkedIn, Twitter or Google+) to our services to enable certain functionality, or you access or register to the website via such third party account, which respectively allows us to obtain information from those accounts (including your profile picture, friends or contacts).
- The information we may obtain from those services often depends on your settings or their privacy policies. We recommend that you read any third-party privacy policies before entering any personal information.
- When you click on the links on our website, they may direct you to third party websites. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
- You hereby grant your express consent that we may share and obtain the data according to this clause 8.
8. The safety and security of data
- We will take all reasonable precautions to protect an individual’s data from unauthorized access. This includes appropriately securing our physical facilities and electronic networks.
- The security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorized access to, data where the security of information is not within our control.
- We are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual’s data in accordance with this policy or any applicable laws). The collection and use of an individual’s information by such third parties may be subject to separate privacy and security policies.
- If an individual suspects any misuse or loss of, or unauthorized access to, their data, they should let us know immediately.
- We are not liable for any loss, damage or claim arising out of another person’s use of the data where we were authorized to provide that person with the data.
9. Your rights
- You have the right to information, correction, blocking or deletion of your data at any time. Any given consent can be revoked at any time and you may partially object to the processing of your data, even if no consent was required from you for the processing. You can contact our data protection officer at any time for further information on privacy issues.
You have the following rights:
- the right of access and rectification (we must be able to tell you what data we hold about you and you can modify this data),
- the right to forget (you can ask us to delete all the data we hold about you),
- the right to limit processing (you can, for example, ask us to stop receiving our blogs),
- the right of portability (you can request a complete extract of your data from us),
- the right of withdrawal of consent (you can, for example, withdraw your permission to use commercial profiling cookies),
- the right of objection (you can, for example, request that we no longer use your data to receive commercial actions from us).
However, keep in mind that we can only offer our services if we store and process your personal data. Where we have processed your data into statistics, we cannot change or delete the statistical data that has been derived from your personal data. This statistical data has already been processed and it has become impossible to trace the identity of an individual. It is therefore no longer personal data protected by the GDPR. Consequently, your data protection rights, such as the right of access, rectification or portability, do not apply to statistical data derived from your personal data.
- To exercise your rights, you may send us your request, dated and signed, with a copy of both sides of your identity card:
by post:
TAPIO SRL
Avenue Louise 231
1050 BrusselsBy email:
(info@tapioview.com).Upon receipt of your complete request, we will respond to your request within a maximum of 30 calendar days.
- Complaints & Disputes
If you want to file a complaint, you can send us your request, dated and signed, with a copy of both sides of your identity card:by post:
TAPIO SRL
Avenue Louise 231
1050 BrusselsBy email:
(info@tapioview.com).Upon receipt of your complete request, we will respond to your request within a maximum of 30 calendar days.If we are unable to reach an agreement, you can submit a request for mediation to the Belgian Data Protection Authority: Belgian Data Protection Authority, Rue de la Presse 35, 1000 Brussels, by phone +32 2 274 48 00, e-mail: contact@apd-gba.be or http://www.dataprotectionauthority.be
10. Additions to this policy
- We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect 7 days after their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
- If we decide to change this Privacy Policy, we will post the changes on our website. It is your responsibility to refer back to this Privacy Policy to review any amendments. We may do things in addition to what is stated in this Privacy Policy to comply with the GDPR, and other similar applicable laws, and nothing in this Privacy Policy shall deem us to have not complied with the GDPR and other similar applicable laws.
Contacting us
info@tapioview.com
TAPIO SRL
231 Avenue Louise
1050 Brussels, Belgium
Data Protection Officer
If you have any concerns about the way Tapio is handling your User Personal Information, please let us know immediately. You may reach out to our Data Protection Officer directly at the email below. Please fill the subject line of any emails as “Privacy Concerns” as to allow us to respond promptly, within a 30 day delay at the latest. Alternatively, you may send us a mail correspondence to the address specified below.
Pierre Collinet
pierre@tapioview.com
231 Avenue Louise
1050 Brussels, Belgium