The company Carbon Planet s.r.l., (VAT: 07277880485), with registered office in Trento (TN) – 38121 – via ai Bolleri n° 22/a, email: info@carbonplanet.earth, PEC: carbonplanet@pec.it, represented by its sole shareholder and legal representative pro tempore, in its capacity as Data Controller pursuant to EU Regulation 2016/679 of 27 April 2016 (GDPR) and the applicable Italian legislation on data protection from time to time, recognizes the importance of protecting personal data and intends to inform its valued customers, users (Data Subjects) of the website, as well as individuals contacting us for information requests, about the purposes and methods of processing the data provided. The Data Controller is a benefit company that pursues common benefit interests by operating responsibly, sustainably, and transparently towards individuals, communities, territory, and environment, as well as cultural and social assets, entities, associations, and other stakeholders. In particular, it carries out the following activities: developing tools aimed at creating, improving, and preserving ecosystem benefits for humans, animals, and plants; activities aimed at assisting businesses in the ecological transition process by providing them with tools to incentivize sustainable actions in the interest of the planet. The Data Controller supports entrepreneurs and institutions in implementing social and environmental sustainability strategies through training, the creation of certification protocols, as well as the implementation and management of web-based platforms (via the website www.carbonplanet.earth) and software tools, based on shared computerized records, allowing, for example, the negotiation of carbon dioxide removal certificates and, more generally, the elimination of climate-altering emissions (within the voluntary market); promoting and organizing conferences, seminars, courses, workshops, and events on sustainability and ecosystem benefits; generating CO2 removal certificates and other climate-altering substances as well as validating, controlling, archiving, monitoring, and verifying their correct use.
The Data Controller wishes to inform that the processing of personal data will be carried out in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, integrity, and confidentiality. The Data Controller can be contacted at the following references:

tel.: +39 3491397410

web site: www.carbonplanet.earth

email: info@carbonplanet.earth

PEC: carbonplanet@pec.it

We invite you to read this Notice carefully. By visiting our website, using our services, or interacting with us in any other way, the user/customer agrees to the data processing activities described in this Privacy Notice. Please note that this Notice is exclusively for our customers and/or users of our website. Any websites whose links are provided on our site or any links to content provided by third parties are subject to their own terms and Privacy Notices, which we encourage you to review. If this Notice is updated, the continued use by the user of our website and services will imply acceptance of the updated Notice.

1. Processing of Personal Data

We may process the following data about the user/customer (Data Subject):

• Data Provided by the Customer/User: The customer/user may provide us with personal data by sending an information request through our contact form on the website, contacting us by phone, fax, email, PEC, handing out brochures and/or business cards and analog documentation at our registered office or during any study and/or research and/or training meeting. Such data may include: name, surname, date of birth, tax code, residential and/or domicile address, email address, PEC, billing address, credit card details, business name or denomination. Regarding data relating to carbon removal credits (CRD), in order to confer uniqueness to the associated certificate, the following data are processed: tracking of the entity that generated the CDR (Carbon Remover), who purchases it and the methods of CDR usage (compensation, resale, storage), recording every change of status over time. The system consistently ensures retroactive traceability of the CO2 removal path, attributing it to the NFT holder, and provides geolocation of the CO2 removed incorporated into each individual CDR. It ensures the uniqueness of each CDR (embedded in the NFT), the non-repeatability of the purchase and use in compensation, as certified by the distributed public register.
• User/Customer Data Collected by the Controller. Simply browsing the website does not require your registration and does not result in the direct collection of your personal data, except for the Internet Protocol (IP) address, URI and URL addresses, date and time of access to the website, cookies (please see our cookie policy at the bottom of this page), log files recording events, history, and activities performed by the user/customer during browsing. These data are collected anonymously and do not directly identify the user/customer browsing our website, but are primarily intended to obtain anonymous statistical information useful for monitoring the correct functioning of the website and its usage patterns. The processing of data provided during your registration on the website is necessary to enable the Controller to provide the requested service on your behalf, such as allowing you to negotiate carbon dioxide removal certificates through our Platform and, more generally, to eliminate climate-altering emissions within the voluntary market.
• Third Party Data Provided by the User/Customer Specifically Delegated and Legitimized for this Purpose. A user/customer acting on behalf of another person or providing data of another person guarantees to be authorized by that person to provide their personal data and ensures that the provided data are correct. In such cases, users/customers act as independent data controllers and assume all legal obligations and responsibilities. In this regard, they provide the broadest indemnity with respect to any dispute, claim, request for compensation for damages from processing, etc. that may be received by the company Carbon Planet s.r.l. and its employees and/or collaborators from third parties whose personal data have been processed through the use of our website in violation of the current Privacy regulations by users.
• User/Customer Data Received from Third Parties. We may receive data from public administrations, judicial authorities, postal service companies, couriers, or any other third party in the performance of the service.

  2. Purpose and Legal Basis of Processing

The Controller may process the personal and non-personal data of users/customers for the purposes outlined below and on the basis of the specified legal grounds.

A) Registration on the website www.carbonplanet.earth and on the Platform

Registration on the website www.carbonplanet.earth and its Platform can be done by simply filling out all the fields of the contact form necessary for creating one’s own account/profile. The Controller may process the identifying data necessary for the complete registration procedure on the site and the creation of your account for the purpose of:

• Proceeding with your negotiations of carbon dioxide removal certificates through our Platform;
• Monitoring your exchange and/or negotiation activities on our website and Platform;
• Responding to user questions, comments, complaints, and information requests.

The legal bases legitimizing the processing are the fulfillment of a contractual and/or pre-contractual obligation and a legal obligation. The provision of personal data for the above purposes is mandatory to conclude the contract.

B) Execution of Information Requests, Pre-contractual Measures Taken at the Request of the Customer/User, Execution of a Contract to Which the Customer/User is a Party

• Personal or contact data forwarded via telephone, fax, email, PEC, through the contact form on our website, and all contact forms on our Platform may be used by the Controller to follow up on a service or to respond to user/customer questions and information requests.
• Contact data, data relating to carbon removal credits (CRD), information about the entity that generated the CDR (Carbon Remover), who purchases it and the methods of CDR usage (compensation, resale, storage), retroactive traceability of the CO2 removal path, attributing it to the NFT holder, geolocation data of the CO2 removed incorporated into each individual CDR, credit card number, IBAN may be used by the Controller to process your purchase order, process transactions through our website, for billing purposes related to the transactions carried out, and to provide assistance in various transactional phases.

The legal bases legitimizing the processing are the fulfillment of a contractual and/or pre-contractual obligation and a legal obligation. The provision of personal data for the above purposes is mandatory to conclude the contract through our website and our Platform, and refusal to provide them will result in the Controller’s inability to proceed with the contractual relationship.

C) Execution of Any Agreements Entered into by the Controller, Training Courses, and Research Activities

• Your personal data, identifying data, and traceability data of the carbon removal credit certificate may be processed to adhere to agreements that the Controller has entered into with third-party providers, public or private entities in order to carry out activities such as: research to find buyers and sellers of CO2 removal certificates and other climate-altering substances; implementation of new certification methodologies in partnership with institutions, research centers, and certification bodies; provision of training courses for client companies and certifiers.

The legal bases legitimizing the processing are the fulfillment of a contractual and/or pre-contractual obligation and a legal obligation.
The provision of personal data for the above purposes is mandatory to provide the requested service, and refusal to provide them will result in the Controller’s inability to proceed with the contractual relationship.

D) Administrative, Accounting, and Tax Obligations Related to the Requested Service

Your personal data may be processed to fulfill legal obligations, including but not limited to:

• Anti-money laundering, tax, and accounting obligations.

The legal bases legitimizing the processing are the fulfillment of a contractual and/or pre-contractual obligation and a legal obligation.
The provision of personal data for the above purposes is mandatory to provide the requested service, and refusal to provide them will result in the Controller’s inability to proceed with the contractual relationship.

E) Offering You a Better Service

User/customer data collected during browsing on our website may be used:

• To allow our providers and service providers to perform certain functions on our behalf, including hosting our websites, obtaining anonymous statistical information on website usage to improve its functionality and user/customer experience;
• To ensure the security of our premises and business; verify the identity of the user/customer; prevent or detect fraud or abuse of our website; manage technical aspects of our website, including identifying faults, diagnosing technical problems and maintenance, testing, encryption, and similar operations.

The legal basis legitimizing the processing is the Controller’s legitimate interest in providing an ever better and more satisfying contractual experience.

F) Sending Communications to Keep Valued Customers/Users Informed about Activities and/or Events Organized by the Controller that Correspond to the Customer/User’s Previous Interests, Taking into Account Their Reasonable Expectations

• Your email address data may be used by the Controller for marketing and promotion purposes of scientific deepening activities, conferences, study meetings, events that the Controller believes may be of interest to the customer/user, taking into account their reasonable expectations.

The legal basis legitimizing the processing is the Controller’s legitimate interest in providing an ever better and more satisfying contractual experience. Your right to object to this type of processing remains unaffected, and you can communicate your desire to do so at any time by emailing info@carbonplanet.earth or by checking the corresponding preference in the options at the bottom of each promotional email sent by us.

3. Disclosure of User/Customer Data (Data Subject)

Your personal data may be disclosed, strictly within the limits relevant to the obligations, tasks, and purposes outlined above, and in compliance with applicable laws, to the following categories of recipients:

• Entities to whom such communication must be made in order to fulfill or enforce specific obligations provided by laws, regulations, and/or EU legislation (for example, law enforcement agencies; public administrations and supervisory authorities; revenue agency; judicial authorities).
• Natural persons and/or legal entities who, as employees, collaborators, consultants, and external suppliers of the Controller, respectively provide assistance to the Controller’s activity or instrumental services thereto, operating, following specific and specific appointment, as authorized or data processors (for example, companies and professionals offering insurance, banking, administrative, and accounting services; suppliers providing management, maintenance, and development services for the IT systems used by the data controller; outsourcing or cloud computing service providers; employees, occasional workers, partners, collaborators who provide their work activity directly or indirectly to the Controller).

4. Transfer of User/Customer Data (Data Subject)

Personal data processed in electronic and paper form are stored in Italy on servers located within the European Union and will not be subject to transfer outside the European Union.

5. Methods of Processing and Retention of User/Customer Data (Data Subject)

The data will be processed both on analog and digital media. The data of our valued users/customers will be retained for the time necessary to fulfill contractual and pre-contractual obligations and for all activities instrumental to the pursuit of the purposes indicated above. After this period, in compliance with the principle of necessity and minimization, personal data will be retained only for the period strictly necessary to fulfill obligations under accounting, tax regulations, as well as for other purposes provided by laws or regulations.
A) Registration on the website www.carbonplanet.earth and the Platform: Personal data used to complete registration and manage user/customer accounts will be retained for the entire duration of the contractual relationship established and also subsequently for compliance with all legal obligations in accounting and tax matters or for other purposes provided by laws or regulations for up to 10 years after the termination of the contract.
B) Execution of Information Requests, Pre-contractual Measures Taken at the Request of the Customer/User, Execution of a Contract to Which the Customer/User is a Party: Personal data used for the execution of purchase orders sent to our website and Platform will be retained for the entire duration necessary to execute contractual obligations and subsequently for 10 years.
C) Execution of Any Agreements Entered into by the Controller, Training Courses, and Research Activities: Personal data processed for the execution of such services will be retained for the time necessary to manage contractual obligations and subsequently for 10 years.
D) Administrative, Accounting, and Tax Obligations Related to the Requested Service: Personal data processed for the execution of such services will be retained for the time necessary to manage contractual obligations and subsequently for 10 years.
E) Offering You a Better Service: Personal data used to comply with this purpose will be retained for the entire duration of the established contractual relationship and also subsequently for compliance with all legal obligations in accounting and tax matters or for other purposes provided by laws or regulations.
F) Sending Communications to Keep Valued Customers/Users Informed about Activities and/or Events Organized by the Controller that Correspond to the Customer/User’s Previous Interests, Taking into Account Their Reasonable Expectations: Personal data used for this purpose may be retained for 48 months from the date of your last purchase, unless you explicitly oppose and/or revoke such processing.

6. Profiling

Personal data will not be subject to dissemination or any entirely automated decision-making process, including profiling

7. Social networks

The Controller uses major social networks, and for any possible interactions of personal data and the related processing they may undergo, configurations may vary according to the privacy preferences you have set on the respective social networks. In this regard, users are invited to review the privacy policy of the social networks used.

8. User’s Rights (Data Subject):

The user/client can exercise the rights outlined in Articles 7 and 15-22 of the EU Regulation 2016/679. They can obtain information about the purposes and methods of the processing, the identifying details of the Controller, as well as other parties to whom the personal data may be communicated or who may become aware of it as controllers or authorized persons. Additionally, the user/client has the right to:

• Access, update, rectify, or integrate inaccurate or incomplete data when there is an interest.
• Request erasure, anonymization, or blocking of data processed unlawfully, including data that do not need to be retained for the purposes for which they were collected or subsequently processed (“right to be forgotten”).
• Request restriction of processing in cases specified by Article 18 of EU Regulation No. 2016/679.
• Exercise (where applicable) the right to data portability (the right to receive all personal data concerning them in a structured, commonly used, and machine-readable format).
• Object in whole or in part, for legitimate reasons, to the processing of personal data.

It is also the user/client’s right to lodge a complaint with the Italian supervisory authority, namely the Garante per la protezione dei dati personali, located in Rome (RM) – 00187 – Piazza Venezia, No. 11.
For the exercise of your rights or for questions or information regarding the processing of your data and the security measures adopted, you can contact the Controller at the references provided at the beginning of this Privacy Policy.