Regulation (EU) 2016/679 the (European Union) General Data Protection Regulation (GDPR). The GDPR is effective as of 25 May 2018.
What Information do We Collect? We collect several types of information and data. Unless otherwise stated, all the personal data we obtain has been supplied by you, having given your consent. We use this information to provide you with information, updates, services, and for business administrative purposes. We do not sell your information or data to third parties (other than in the course of a business sale, purchase, or similar event).
Personal Information We collect the following types of information that you supply to us, depending on the kind of service you require. The data we collect may include your name, address, email address, contact number, dates of services provided, type of service provided.
Newsletters and Updates Through our websites, you have the option of receiving updates, newsletters, and occasional marketing material from relevant third parties and us. You can also sign up to receive information by contacting us, or on occasion, passing on your business card or details at events. You will be notified via email of your preferences, and you able to unsubscribe immediately if you choose to do so.
Membership sign up When signing up for an ICR Registry Account, we collect personal data on you and your business, including but not limited to you, your business partners, directors. This information supplied to us by you can include full legal name, DOB, address, email, contact details, business name, and registered address, identification documents, bank account details, IP Address and any other Know Your Client (KYC) information that we collect to process your application.
Disclosure of your Personal Information ICR will disclose your personal information if required to do so by law or in the good faith belief that such action is necessary to:
- conform to legal requirements or comply with legal process served on ICR or the Site;
- protect and defend the rights or property of ICR;
- enforce our policies;
- respond to claims that a listing or other content violates the rights of others;
- protect the personal safety of users of ICR or the public; or
- to report suspected illegal activity.
All such information will be disclosed in accordance with applicable laws and regulations.
Third-Party Information supplied to us Occasionally we obtain information about you from third parties. This is only done when we need to complete due diligence checks on you and your business when signing up for an ICR Registry Account. For further information, see the Terms and Conditions supplied to you when applying for a Registry account. Occasionally, to verify the information we hold about you or obtain missing information, we might obtain information about you from certain publicly accessible sources in the EU and non-EU.
Your Rights Regarding Your Information You have the right to:
- Access your information and receive information on how it is used;
- Have your information corrected and/or completed;
- To have your information deleted (within reason);
- To restrict and object to the use and processing of your information;
- To receive your information in a portable format (within reason);
- To withdraw your consent to the use of your information.
Verifying your identity where you request access to your information Where you request access to your information, we use all reasonable measures to verify your identity before doing so. We will use any measure necessary to protect your information, reduce the risk of identity theft and any general unauthorized access to your information. We will endeavor to fulfill your request to access your data, but we will be unable to process those requests under certain circumstances. These may include nuisance requests, unauthorized requests, or exposing another individual’s information if releasing your information.
Sensitive Personal Information We do not knowingly or intentionally collect “sensitive personal information,” which includes information that may identify your racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic information, biometric information, information about sex life, sexual orientation, or health. Please do not submit your personal information to us. We will use all reasonable efforts to delete any data that we may have erroneously collected.
Data Security and Retention We use multiple security measures to protect your personal data. These include but are not limited to: physical, electronic, internal, and external policies and procedures. All personal data is collected and stored on a secure server.
We retain personal data only for as long as necessary to provide the services you have requested. Due to the nature of our services, we may retain your personal data for a longer period. These reasons may include but are not limited to:
- Safeguard the transparency, integrity of the Registry.
- They are mandated by law.
- For resolving, defending, or enforcing our legal/contractual rights.
- They are needed to maintain financial records.
Age Restrictions Our services and the interactions with our websites are not intended to be used, nor have they been designed to entice individuals under 18 years old. If you know of or have reason to believe anyone under the age of 18 has provided us with personal data, please contact us. We will use all reasonable efforts to delete any data that we may have erroneously collected on behalf of anyone under 18.
If you have any questions or concerns, you can contact us as below
International Carbon Registry (ICR)
phone: +354 864 2388
post: Sundagarðar 2, 104 Reykjavík, Iceland
We will respond to your request or concerns within thirty (30) days.
Data Protection Authority If you are a resident of the European Economic Area (EEA) and you have any concerns about how we collect and process your data, you have the right to contact the lead supervisory authority in the EEA.