Privacy Policy and Consent

Effective Date: Sep 10, 2024

Introduction

At Snowkap, we are committed to protecting your personal data and maintaining transparency in how we handle it. This Global Privacy Policy and Consent outlines how we collect, use, store, and protect personal data in connection with our sustainability platform and services.

This policy applies globally to:

  • Our clients and their personnel
  • Vendors, suppliers, and partners
  • ESG consultants approved & authorized
  • Website and platform users
  • Snowkap employees

We comply with the EU General Data Protection Regulation (GDPR) and all relevant data protection laws in the regions where we operate. By using Snowkap’s platform or services, you agree to the

terms outlined here.

Scope of the Policy

This policy applies to all personal data processed by Snowkap through:

  • Our website (e.g., form submissions, cookies)
  • Our ESG and sustainability management platform
  • Business communications and operations
  • Internal HR processes

Please note: Third-party websites or platforms linked through our services are governed by their own privacy policies.

Types of Data We Collect

We may collect:

  • Contact Information: Name, email, job title, phone, company
  • Login & Profile Data: Credentials are Encrypted in transit and at REST, role-based profiles
  • Organizational Details: Vendor IDs, company size, representative data
  • ESG & GHG Metrics: Energy usage, emissions, survey data, reports
  • Uploaded Documents: Audit reports, spreadsheets, certificates
  • Technical & Usage Data: IP address, device info, browser type
  • Cookies: Used for analytics, session management, and preferences
  • Communication Logs: Emails, chats, support tickets
  • Employee Data: HR, payroll, compliance information
  • Sensitive Personal Data: Only processed with explicit consentWe do not knowingly collect data from individuals under 16 years of age.

How We Collect Data

  • Direct Input: Through registration, forms, or contact
  • Automated Tracking: Cookies, analytics, logs
  • Platform Use: Via stakeholder data submitted for ESG/GHG reporting
  • Third-Party Input: From clients or partners providing contact lists
  • System Integrations: Through automated platform and device connections

Purpose of Data Processing & Legal Basis

We process personal data to:

  • Provide our platform and services (Contractual necessity)
  • Deliver ESG/GHG insights and reporting (Legitimate interest)
  • Enable vendor/supplier assessments (Contractual necessity)
  • Support communication and client service (Legitimate interest)
  • Conduct marketing with your consent (Consent)
  • Maintain system security and performance (Legal obligation/Legitimate interest)
  • Fulfill HR, legal, and business obligations (Legal obligation)

Cookies & Analytics

We use:

  • Essential Cookies: For basic website functionality
  • Analytics Cookies: For performance and usage insights
  • Functionality Cookies: To remember user preferences

Consent is requested for non-essential cookies. You may manage cookie preferences through browser settings.

Data Sharing

We only share personal data with:

  • Client organizations (for platform users)
  • Trusted service providers (cloud, IT, analytics)
  • ESG consultants or project partners that are approved & authorized
  • Integrated third-party systems (as authorized)
  • Snowkap affiliates (for business continuity)
  • Regulatory bodies (where legally required)
  • Successor entities (in case of acquisition or merger)

NOTE:
We do not sell personal data under any circumstances.

We only share your personal data with third parties under limited and lawful circumstances, and only when necessary for service delivery, legal compliance, or with your explicit consent. We take steps to ensure all third-party recipients uphold strict data protection and confidentiality standards.

International Transfers

Data may be transferred across borders under appropriate safeguards including:

  • Adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Encryption and access controls

Data Retention

Data is retained as follows:

  • Client/Account Data: 3–7 years post contract
  • Vendor/Assessment Data: Per client contract or audit requirements
  • HR Data: Per legal employment requirements
  • Marketing Data: Until you opt-out
  • Legal Records: As required by law

Secure deletion or anonymization is performed after the retention period.

Your Rights Under GDPR

You have the right to:

  • Access your data
  • Correct inaccurate data
  • Request deletion (“right to be forgotten”)
  • Restrict processing
  • Transfer data to another controller
  • Object to processing
  • Withdraw consent
  • Request human intervention in automated decisions
    Contact us to exercise these rights.

Security Measures

We employ:

  • Data encryption at rest and in transit
  • Multi-level access controls and authentication
  • Secure firewalls and monitoring systems
  • Vendor due diligence for third-party processors
  • Incident response planning
  • Annual VAPT (Vulnerability Assessment & Penetration Testing)
  • Compliance with ISO 27001 and SOC 2 – Type 2

Consent and Preferences

By using our platform or signing this document, you:

  • Consent to the collection and use of your personal data
  • Acknowledge our use of cookies (where applicable)
  • Understand how to manage your preferences and withdraw consent

Contact Us

If you have questions or requests, please reach out to:

Email: privacy@snowkap.com or sysadmin@snowkap.com

Address: Snowkap Office, Plot No 27 Road No 11, Andheri (East), Mumbai, Maharashtra, India

Phone: +91 22 4007 9343

Updates to This Policy

This Privacy Policy may be updated periodically. Material changes will be communicated prominently. Continued use of our services after updates implies acceptance.

Consent

By continuing to use our services or signing this form, you acknowledge and consent to the collection and use of your data as outlined in this Privacy Policy.