Last updated: 01/02/2022
Welcome to Dodo! At Dodo we care about your privacy and work to ensure that we uphold the highest standards of privacy and data security. In this document, we want to communicate transparently on what we do with your personal data.
Dodo is a cloud-based emissions calculation platform.
Our registered name is DODO SOFTWARE LIMITED, and our company number is 12646452. Our registered office is at Gemma House 39, Lilestone Street, London, England, NW8 8SS.
For ease of reference we will further refer to ourselves using “we'', “us”, “our” or “ Dodo”. “You”, “your” or “yours” means the organisation using the Services.You can reach us at firstname.lastname@example.org.
What personal data do we collect and why?
If you just visit our website we do not collect any personal data . We will only collect personal data in the following instances:
- If you ask us a question using a contact form or email;
- If you request access to our Services;If you sign up to use our Services;
- If you subscribe to our newsletter;If you apply for a job with us.
We may disclose personal information that we collect, or you provide. This would include:
- If we or our subsidiaries are involved in a merger, acquisition or asset sale, your Personal Data may be transferred.
- To our subsidiaries and affiliates. We may employ third party companies and individuals to facilitate our Service, provide Service on our behalf, perform Service-related services or assist us in analysing how our Service is used.
- To contractors, service providers, and other third parties we use to support our business.
Below you can find what type of personal data we collect, what we use it for and how long we will keep it:
Your first and last name, your address & your company details
We cannot be sure to address you correctly if we don’t know who you are; and if you enter into a contract with us we will need to make sure we know who we are dealing with.
We will keep this information in our customer database for as long as you do not object to us keeping it. If you no longer want us to keep this information, you can always let us know.
Please do note that for as long as we have an ongoing contract we are not able to remove this information from our databases as we will need it to execute the contract. And even after our contract has ended, we may be under a legal obligation to hold on to some of this information for a bit longer. For example: under accounting legislation we must keep copies of our invoices which may mention your name or address.
Phone number and email address
This is so we can easily contact you. In principle, we will never contact you unless it is to answer a question, if we are working on an assignment for you or if you have applied for a job with us.
We may also use your email address to send you our newsletter. We do not want to spam you and we understand if you would rather not receive any newsletters. If that is the case, you can always let us know or you can unsubscribe from our mailing list using the link you can find at the bottom of each newsletter.
As is the case for your name and address, we will also keep your email address and your phone number in our customer or candidate database for as long as you do not object to us keeping it. If you no longer want us to keep this information, you can also always let us know.
Please do note that for as long as we have an ongoing contract we are not able to remove this information from our databases as we will need it to execute the contract.
And even after our contract has ended, we may be under a legal obligation to hold on to some of this information for a bit longer. For example: under accounting legislation we must keep copies of our invoices which may mention your email address.
IP-address, Preferences & Data provided in the platform
If you enter into an agreement with us, you will get access to the platform.
If you make use of the platform, we may collect other personal data such as your IP-address or your browsing preferences, as well as other personal data that you voluntarily provide us with through the platform. This information is either required to operate the Services when you register, and open an account, or will help us tailor our services to you.
Information provided during job applications
If you apply for a position with us, you will probably provide us with personal data in your cover letter and your CV (such as: your grades, which schools you went to, previous jobs, etc.).
We will save the contact details, cover letter and CV of every job applicant in our candidate database and may contact you in the future regarding job openings that may be of interest to you.
Of course, we will delete all this information from our candidate database if you don’t like us holding on to it. Just let us know at email@example.com.
External data processors
- Amazon AWS (infrastructure and web hosting)
- Google (analytics, ads)
- Facebook (ads)
- Stripe (payments)
- Intercom (customer support, marketing emails)
- Mailchimp (marketing emails)
- Substack (marketing emails)
- Hubspot (customer relationship management)
These data processors will have to take sufficient precautions to prevent the loss of your data. Some of these external data processors may be based in the United States and have certified their compliance with the EU-US Privacy Shield Framework, which means they will respect comparable data protection standards as those that apply in Europe.
You should know that in the following exceptional circumstances your data could also be shared with others:
- If we are under a legal obligation to share data with the authorities or if we have to share data to comply with an enforceable government request, we don’t have much of a choice and we will share the data the authorities ask for, which may include yours.
Your data protection rights under GDPR
If you are a resident of the European Union (EU) and European Economic Area (EEA), you have certain data protection rights, covered by GDPR. – See more at https://eur-lex.europa.eu/eli/reg/2016/679/oj
We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please email us at firstname.lastname@example.org.
In certain circumstances, you have the following data protection rights:
- the right to access, update or to delete the information we have on you;
- the right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete;
- the right to object. You have the right to object to our processing of your Personal Data;
- the right of restriction. You have the right to request that we restrict the processing of your personal information;
- the right to data portability. You have the right to be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format;
- the right to withdraw consent. You also have the right to withdraw your consent at any time where we rely on your consent to process your personal information;
- Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not be able to provide Service without some necessary data.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
How do we protect your personal data?
We take measures to ensure that your personal data is kept private. We work hard to protect your personal data against unauthorised access or disclosure. In order to do so, we take organisational measures ensuring that access to your data is restricted to those employees or agents who need to have access to it in order to help us process it. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We are a tech company, so it won’t surprise you we also take a whole range of technical measures to protect your data. Technical measures include, for example, encrypting all personal information (in transit and at rest), user access management and penetration testing.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Where do we store your data?
Our infrastructure is hosted on servers based in the European Union (primarily in London). This allows us to meet specific regulatory and compliance requirements of organisations in Europe. Our data centre provider AWS provides advanced security features and maintains multiple certifications. AWS supports security standards such as PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171 In addition all data is encrypted both in transit and at rest using strong encryption.
In some cases, where strictly necessary to interface with third party data processors (for example analytics, payments and email delivery), we may transfer only the necessary personal data outside of the EEA, in order to:
- Store some information;
- Enable us to provide you with the Services and fulfil our contract with you;
- Fulfil any legal obligations which require us to make that transfer;
- Facilitate the operation of our group businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.
Cookies are saved in your browser’s history and you can always delete them. You can also adjust your browser settings to prevent cookies from being saved on your computer.
There are two main types of cookies that can be set: First party cookies - these cookies are placed and read by Dodo directly when you use our Services. Third party cookies - these cookies are not set by Dodo, but by other companies, like Google or Facebook, for site analytics purposes.
These cookies are essential to the operation of the Services and make it usable by enabling authentication and load balancing.
We use Intercom to provide visitors with support and to send product updates and marketing communications.
We use Google Analytics to generate anonymous statistics on how visitors use the website. We use these cookies to enhance the user experience on our website and to know which parts of the website or platform are most frequently visited or clicked on. This service may also collect information regarding the use of other sites, apps and online resources. You can learn about Google’s practices on the Google website. We have adjusted the Google Analytics settings to ensure no personal data is collected when you visit the platform.
Privacy of the data processed using the Services
When you onboard your company using Dodo, your personal data will be saved in your account on the platform. We will keep this information available for you (the “Controller”) in the platform, but we will never use such information ourselves for any other purpose than to help you process the data.
You may request us to send you a summary of the personal data processed about you. If you feel that your personal data have been processed incorrectly or incompletely, or if you feel that such processing was unnecessary, then you can also ask us to edit, supplement or erase your personal data from our databases. Under the applicable privacy legislation, you also have the right to restrict processing, the right to data portability and the right to object to processing.
If you feel we have failed to respond correctly to a request for information, you have the right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/) or with the relevant authority in your country of work or residence.
If you have any further privacy concerns or if you want to exercise your rights, you can contact us via email at email@example.com.