Sweep allows you to input, upload and store in the Sweep Service ("Sweep") any business data that you choose – for example, kilometers travelled, kWh of energy consumed as well as custom emission factors or information about your company's contribution programme preferences. Data can be in any text, document or image format. We refer to this data as "Content".
We also receive the following types of information below and we collect only what we need. Here’s what that means in practice:
When you sign up to Sweep, we ask for identifying information such as your name, position, email address and your company name so you can personalise your new account and we can send you invoices, updates or other essential information. We’ll never sell your info to third parties, and we won’t use your name or company in marketing statements without your permission.
When you subscribe to a Sweep account, when you contribute and buy tCO2e, you are redirected to our international financial partner Stripe. You will be asked for your credit card, billing address and some basic information about your company. That’s so we can charge you for the service, calculate taxes due and send you invoices. Your credit card details are passed directly to our third party/financial partner and do not ever go through our servers. We store a record of the payment transaction, for account history, invoicing and billing support. We store your billing address to calculate any sales tax due worldwide or, for example, VAT in the EU, and so we can print it on your invoices.
When you browse our marketing pages or applications, your browser automatically shares certain information, such as which operating system and browser version you are using. We track that information, along with the pages you are visiting, the time the page takes to load, and which website referred you for statistical purposes such as conversion rates and to test new designs. We sometimes track specific link clicks to help inform design decisions. This web analytics data is tied to your IP address and user account if applicable and if you are signed into our Services. We use third-party web analytics software such as Segment, Intercom, Zendesk and Plausible.
We do use persistent cookies to store certain preferences, make it easier for you to use our applications, and to support some in-house analytics. A cookie is a piece of text stored by your browser to help it remember your login information, site preferences and more. You can adjust cookie retention settings in your own browser. To learn more about cookies, including how to see which cookies have been set and how to manage and delete them, please visit: www.allaboutcookies.org.
When you write to Sweep with a question or to ask for help, we keep that correspondence, including the email address, so that we have a history of past correspondences to refer to if you reach out in the future. We also store any information you volunteer, such as surveys. Sometimes when we carry out customer interviews, we may ask for your permission to record the conversation for future reference or use. We only do so if you give your express consent.
We do not collect any data on characteristics of protected classifications, including age, race, gender, religion, sexual orientation, gender identity, gender expression, or physical and mental abilities or disabilities. You are given the option to add a picture to your user profile. This could be a picture of you or something else that you choose to represent you. We do not extract any information from profile pictures; they are solely for your own use.
By default, we do not access your information. The only times we will ever access or share your information are:
To provide products or services you’ve requested. We do use some third-party services to run Sweep and only to the extent that's necessary to process some or all of your personal information. We share such information with third-party services who process data on our behalf, to operate and develop the features and functionality of Sweep and to complete your payment transactions, to fulfill your sales and support requests and to communicate with you as described in the voluntary correspondence section above.
To help you squash a software bug, with your permission. If at any point we need to access your account to help you with a Support case, we will ask for your consent before proceeding.
To investigate, prevent, or take action regarding restricted uses. Accessing a customer’s account when investigating potential abuse is a measure of last resort. We have an obligation to protect the privacy and safety of both our customers and the people reporting issues to us. We do our best to balance those responsibilities throughout the process. If we do discover you are using our products for a restricted purpose, we will report the incident to the appropriate authorities.
When required under applicable law. Sweep SAS is a French company and all data infrastructure is located in Europe (Ireland).
If European law enforcement authorities have the necessary warrant, criminal subpoena, or court order requiring us to share data, we have to comply. Otherwise, we reject requests from local and federal law enforcement when they seek data. And, unless we’re legally prevented from doing so, we will always inform you when such requests are made. In the event that a government authority outside Europe approaches Sweep with a request, our default stance is to refuse, unless our jurisdiction compels us to comply through procedures outlined in a mutual legal assistance treaty or agreement.
Similarly, if Sweep receives a request to preserve data, we refuse unless compelled by our governing authority. In these situations, we notify affected customers as soon as possible unless we are legally prohibited from doing so. Furthermore, unless we receive a proper warrant, court order, or subpoena before the required preservation period expires, we destroy any copies we have of customer data once the preservation period lapses.
At Sweep, we apply the same data rights to all customers, regardless of their location. The most most advanced privacy regulations in place are the European Union’s General Data Protection Regulation (“GDPR”). Sweep recognises all of the rights granted in these regulations, except as limited by applicable law. These rights include:
-Right of Access. This includes your right to access the personal information we gather about you, and your right to obtain information about the sharing, storage, security and processing of that information.
-Right to Correction. You have the right to request correction of your personal information.
-Right to Erasure / “To be Forgotten”. This is your right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession and, by extension, all of our service providers. Fulfillment of some data deletion requests may prevent you from using Sweep services because our applications may then no longer work. In such cases, a data deletion request may result in closing your account.
-Right to Complain. You have the right to make a complaint regarding our handling of your personal information with the appropriate supervisory authority. To identify your specific authority or find out more about this right, as an EU individual you should go to https://edpb.europa.eu/about-edpb/board/members_en.
-Right to Restrict Processing. This is your right to request restriction of how and why your personal information is used or processed, including opting out of the sale of personal information.
-Right to Object. You have the right, in certain situations, to object to how or why your personal information is processed.
-Right to Portability. You have the right to receive the personal information we have about you and the right to transmit it to another party.
-Right to not be subject to Automated Decision-Making. You have the right to object and prevent any decision that could have a legal, or similarly significant, effect on you from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between you and us, is allowed by applicable law, or is based on your explicit consent.
If you have questions about exercising these rights or you need assistance, please contact us at email@example.com.
All data is encrypted via SSL/TLS when transmitted from our servers to your browser. The database backups are also encrypted.
When you terminate your account, Sweep must keep track of your contributions and information, such as quantity purchased, date of purchase and geography, to avoid problems such as double-counting of the tCO2e issued/purchased. Once canceled, your account is no longer accessible to anyone, but the data points mentioned above remain available in Sweep's databases.
Our products and other web properties are operated in Europe. Because of this, please be aware that any information you provide to us will be transferred to and stored in Europe. By using our site, participating in any of our services and/or providing us with your information, you consent to this transfer.
We commit to resolve complaints about your privacy and our collection or use of your personal information. Contact: firstname.lastname@example.org