Privacy Policy & Consent
Effective Date: September 10, 2024
At Snowkap, your privacy is paramount. This Global Privacy Policy and Consent explains how we collect, use, store, and protect personal data across our sustainability platform and related services.
This policy applies to:
- Clients and their personnel
- Vendors, suppliers, and partners
- Authorized ESG consultants
- Website and platform users
- Snowkap employees
We comply with the EU General Data Protection Regulation (GDPR) and all relevant regional data protection laws. By using our services, you agree to the practices outlined in this policy.
1. Scope of This Policy
This policy governs personal data collected via:
- Our website (forms, cookies, interactions)
- Snowkap’s ESG and sustainability platform
- Business communications and operations
- Internal HR processes
Note: Third-party platforms linked from our services have their own privacy practices.
2. Types of Data We Collect
We may collect and process the following categories of personal data:
| Category | Examples |
|---|---|
| Contact Information | Name, email, phone, job title, company |
| Login & Profile Data | Credentials (encrypted), role-based access |
| Organizational Details | Vendor IDs, company size, representatives |
| ESG & GHG Metrics | Emissions, energy usage, survey responses, reports, email, phone, job title, company |
| Uploaded Documents | Audit files, certificates, spreadsheets |
| Technical & Usage Data | IP address, device/browser info, session activity |
| Cookies | Preferences, analytics, session management |
| Communication Logs | Emails, chats, support records |
| Employee Data | Payroll, compliance, and HR-related data |
| Sensitive Personal Data | Only with explicit consent |
We do not knowingly collect data from individuals under 16 years of age.
3. How We Collect Data
- Direct Input via forms, registrations, or contact
- Automated Tracking through cookies and analytics
- Platform Use for ESG/GHG reporting submissions
- Third-Party Input from clients or partner lists
- System Integrations via connected platforms or devices
4. Why We Process Personal Data
| Purpose | Legal Basis |
|---|---|
| Deliver platform services | Contractual necessity |
| Generate ESG/GHG insights and report | Legitimate interest |
| Assess vendors/suppliers | Contractual necessity |
| Communicate with clients and users | Legitimate interest |
| Send marketing communications | Consent |
| Ensure security and platform performance | Legal obligation / Legitimate interest |
| Meet HR, legal, and audit obligations | Legal obligation |
5. Cookies & Analytics
We use the following cookies:
- Essential Cookies – For core platform functionality
- Analytics Cookies – To measure and improve performance
- Functionality Cookies – To remember preferences
Consent is required for non-essential cookies. You can manage your preferences through browser settings.
6. Data Sharing
Your data may be shared with:
- Client organizations (for platform access)
- Authorized service providers (e.g., cloud, analytics, IT)
- Approved ESG consultants and project partners
- Integrated systems (with consent)
- Snowkap affiliates for continuity
- Regulatory authorities, if legally required
- Acquiring entities in case of merger or acquisition
We do not sell personal data under any circumstances.
We only share data under lawful, necessary, and secure conditions with strict confidentiality obligations.
7. International Data Transfers
Where data is transferred outside your country, we use appropriate safeguards such as:
- EU adequacy decisions
- Standard Contractual Clauses (SCCs)
- Data encryption and access controls
8. Data Retention Policy
| Data Type | Retention Period |
|---|---|
| Client/Account Data | 3–7 years post contract |
| Vendor Assessment Data | As per client contract or audit cycles |
| HR/Employee Data | As per legal employment requirements |
| Marketing Data | Until opt-out |
| Legal & Compliance Data | As required by law |
Data is securely deleted or anonymized after the applicable period.
9. Your Rights Under GDPR
You have the right to:
- Access your data
- Rectify inaccuracies
- Request deletion (“right to be forgotten”)
- Restrict or object to processing
- Transfer data to another service
- Withdraw previously given consent
- Request a human review of automated decisions
To exercise your rights, contact us at: privacy@snowkapbeta.cwwws.com
10. Security Measures
We take your data security seriously. Measures include:
- End-to-end encryption (at rest and in transit)
- Role-based access controls and authentication
- Continuous monitoring and incident response
- Third-party vendor due diligence
- Annual VAPT audits
- Compliance with ISO 27001 and SOC 2 Type II
11. Consent and Preferences
By using our platform or services, you:
- Consent to our data collection and processing practices
- Accept the use of cookies (as applicable)
- Understand how to manage preferences or withdraw consent
12. Updates to This Policy
We may revise this policy periodically. Significant changes will be communicated. Continued use of our services implies acceptance of the updated terms.
13. Final Consent Statement
By using our services or signing any relevant documents, you confirm your understanding and consent to the collection, use, and protection of your data in accordance with this Privacy Policy.