Last update: 13 April 2023

Privacy Policy

  1. SCOPE OF THIS PRIVACY POLICY 

    1. This Privacy Policy sets out how the World Business Council for Sustainable Development ("WBCSD", "we", "us" or "our") collects, processes and handles personal data. 'Personal data' is any information that relates to a person who is identifiable or reasonably identifiable, and includes 'personal data' or 'personal information' under relevant data protection laws.

    2. Depending on where you reside and from where you are using our services, there may be different data protection laws that apply when we use your personal data and/or certain rights (as set out in section ‎6) may not apply in certain jurisdictions.

  2. ABOUT US 

    1. The Climate Drive(https://www.theclimatedrive.org/) is a not-for-profit digital platform designed to help scale climate action for multinationals and their strategic suppliers. In order for us to provide the above services and products, we use personal data and WBCSD will be acting as a controller of your personal data.  

    2. If you have any questions about WBCSD's use of personal data, please contact us using the contact details provided in the "Contacting Us" section below (see section 9).

  3. WHOSE PERSONAL DATA DO WE USE? 

    1. The personal data that we collect, use and disclose, and the purposes of that collection, use or disclosure, will depend on your relationship with us. In respect to this Privacy Policy, we obtain and process personal data relating to our prospective and existing users of the Climate Drive platform.

    2. Please note that in order to access some parts of the Climate Drive website, we require you to provide personal contact information that can be used to contact or identify you. What personal data do we collect and use?

      1. general information such as your name, job title and company you work for;

      2. contact information such as your email address; and

      3. any information that you choose to provide to us in relation to any communications with you. We do not collect any of your special category data or sensitive personal information. 

    3. How do we obtain your personal data? We obtain your personal data: 

      1. directly from you via The Climate Drive or other means you use to communicate with WBCSD in relation to The Climate Drive;  

      2. from other departments within WBCSD; and/or 

      3. from third parties who may introduce or refer organisations to WBCSD. 

    4. For what purpose do we use your personal data and with whom is it shared? We process your personal data for a number of different purposes and under applicable data protection laws, we must have a "lawful basis" to do so. We rely on the following 'lawful bases' or 'purposes' when processing your personal data:  

      1. we need to use your personal data to enter into or perform our agreement; 

      2. where we have a legitimate business interest to use your personal data, such as maintainingbusiness records of all enquiries received, ensuring the security of our systems and websites and understanding and tracking our website usage. In all such cases, we will always consider your interests and undertake a balancing exercise to ensure that our business interest does not cause you harm or override your own interest; or 

      3. where we have your consent, for the purposes that consent has been given.  Please see below for further details of the different ways we use your personal data and the legal grounds or purposes we rely on when doing so.

Purpose for processing your personal data  

Legal basis or purpose for processing your personal data 

With whom do we share your personal data 

To discuss new usersand provide assisted onboarding services.  

If you are a sole trader, we need to use your personaldata to enter into an agreement with you.  

 

If you are a representative or account management contact of one of our prospective user organisations, we need to use your personal data for our legitimate business interests (to onboard a new organisation). 

Other WBCSD group companies 

Other representatives within a user's organisation 

Third party providers/vendors and agents (including their subcontractors) such as IT suppliers, document management providers and software providers and information security providers and call recording providers 

Professional third parties such as actuaries, auditors, lawyers and tax advisers 

 

Administration and management (including moderation and record keeping) of your account to facilitate the provision of the Climate Drive Platform 

If you are the existing user, we need to use your personal data to perform the agreement we have with you.  

If you are a representative or account management contact of an existing user organisation, we need to use your personal data for our legitimate business interests (to administer and manage your organisation's account and to provide user support for you to be better able to use our services).  

 

Other WBCSD group companies 

Other representatives within a user's organisation 

Third party providers/vendors and agents (including their subcontractors) such as IT suppliers, document management providers and software providers and information security providers and call recording providers 

Professional third parties such as actuaries, auditors, lawyers and tax advisers 

 

To improve the quality of our services and website and customer experience and carry out software and service compatibility and improvements 

If you are the existing user, we need to use your personal data to perform the agreement we have with you.  

If you are a representative or account management contact of an existing user organisation, we have a legitimate business interest (to improve our products and services and to develop our business). 

We have a legal obligation to ensure the security of personal data and our systems. 

Other representatives within a user's organisation 

Third party providers/vendors and agents (including their subcontractors) such as IT suppliers, document management providers and software providers and information security providers and call recording providers 

Professional third parties such as actuaries, auditors, lawyers and tax advisers 

 

To administer and protect our business and keep our products working, safe and secure (by troubleshooting, data analysis, testing, system maintenance and monitoring and addressing other security/technical issues and monitoring and assessing compliance with our policies and standards).  

We have a legitimate business interest (to take all necessary measures to protect and uphold our systems, carry out investigations to prevent security issues). 

We have a legal obligation to ensure the security of personal data and our systems. 

Other representatives within a user's organisation 

Third party providers/vendors and agents (including their subcontractors) such as IT suppliers, document management providers and software providers and information security providers and call recording providers 

Professional third parties such as actuaries, auditors, lawyers and tax advisers 

To comply with applicable laws, court orders, government and law enforcement agencies’ requests. 

We have a legitimate business interest to comply with law enforcement agencies' requests and assist with the prevention/detection of criminal activity. 

We have a legal obligation. 

Other representatives within a user's organisation 

Professional third parties such as auditors, lawyers and tax advisers 

Any third party in order to meet our legal and regulatory obligations, including statutory or regulatory reporting, or the detection or prevention of unlawful acts 

Government departments where reporting is mandatory under applicable law 

Police or law enforcement agencies 

Communicating with you and responding to any enquiries you have 

If you are theuser, we need to use your personal data to perform the agreement we have with you. 

If you are a representative or account management contact of an organisation, we need to use your personal data for our legitimate business interests (to send you communications and updates about our services and ensure that complaints are handled). 

We have a legitimate business interest (to respond to any enquiries you have raised via our website). 

Where required under applicable law, we will obtain your consent to communicate with you for these purposes. 

Other WBCSD group companies 

Other representatives within a user's organisation 

Third party providers/vendors and agents (including their subcontractors) such as IT suppliers and software providers and call recording provider  

Ensuring that our websites operate and are user friendly  

We have a legitimate business interest (to set cookies to ensure that our websites are functional). 

 

Other representatives within a user's organisation 

Third party providers/vendors and agents (including their subcontractors) such as IT suppliers and software providers and call recording provider 

Professional third parties such as actuaries, auditors, lawyers and tax advisers 

Monitoring and analysing usage of any The Climate Drive via cookies  

We have your consent. 

Other representatives within a user's organisation 

Third party providers/vendors and agents (including their subcontractors) such as IT suppliers and software providers and call recording provider 

Professional third parties such as actuaries, auditors, lawyers and tax advisers 

For general business management and operation purposes such as business planning and audits. 

We have a legitimate business interest (to effectively manage our business). 

 

Other WBCSD group companies 

Other representatives within a user's organisation 

Third party providers/vendors and agents (including their subcontractors) such as IT suppliers and software providers and call recording provider 

Professional third parties such as actuaries, auditors, lawyers and tax advisers 

To carry out customer satisfaction surveys. 

We have a legitimate business interest (to understand how we can improve the Climate Drive). 

 

Other WBCSD group companies 

Other representatives within a user's organisation 

Third party providers/vendors and agents (including their subcontractors) such as IT suppliers and software providers and call recording provider 

Professional third parties such as actuaries, auditors, lawyers and tax advisers 

To exercise and/or defend our legal rights.  

We have a legitimate business interest (to exercise and/or defend our legal rights). 

Other WBCSD group companies 

Other representatives within a user's organisation 

Third party providers/vendors and agents (including their subcontractors) such as IT suppliers and software providers and call recording provider 

Professional third parties such as actuaries, auditors, lawyers and tax advisers 

In connection with a business transaction such as merger, restructuring or sale of the business or business strategies.  

We have a legitimate business interest (for business administration and operations) 

 

Other WBCSD group companies 

Other representatives within a user's organisation 

Third party providers/vendors and agents (including their subcontractors) such as IT suppliers and software providers and call recording provider 

Professional third parties such as actuaries, auditors, lawyers and tax advisers 

  1. HOW DO WE PROTECT YOUR PERSONAL DATA WHEN SENDING IT OUTSIDE THE UK AND/OR EUROPE? 

    1. There will be some circumstances in which we will need to transfer your personal data outside of Switzerland. In each of these circumstances, we take steps to ensure that your personal data is adequately protected and in compliance with data protection laws such as entering into the EU Standard Contractual Clauseswith thenecessaryamendments and adaptations are made for use under Swiss data protection lawor ensuring the transfer is to a country which has been deemed to provide an adequate level of protection for your personal data. 

  2. COOKIES

    1. For information on the use of cookies, please refer to our cookie policy.

  3. YOUR RIGHTS 

    1. Under some data protection laws, including those applicable within the UK and the EU, you have the right to make certain requests of us in relation to the personal data that we hold about you. If you wish to exercise these rights at any time please contact us using the details set out in the "Contacting Us" section (see section ‎9). 

    2. There may be some circumstances where we may not be able to comply with your request (such as where this would conflict with our obligation to comply with other regulatory and/ or legal requirements). However, if we cannot comply with your request, we will tell you the reason, and we will always respond to any request you make. In some locations, not all rights will be available.  

    3. Your rights under data protection laws in the UK and EU are: 

      1. the right to access your personal data

        1. you are entitled to a copy of the personal data we hold about you and certain details of how we use it; and 

        2. we will usually provide you with your personal data in writing, unless you request otherwise, or where you have made the request using electronic means, in which case the information will, where possible, be provided to you by electronic means; 

      2. the right to rectification: we take reasonable steps to ensure that your personal data that we hold is accurate and complete, however, you can ask us to amend or update the personal data if you do not believe that this is so or if your details change; 

      3. the right to erasure: you have the right to ask us to erase your personal data in certain circumstances, for example where you withdraw your consent or where the personal data we obtained is no longer necessary for the original purpose; this right, will, however, need to be balanced against other factors, for example, we may have  legal obligations which mean we cannot comply with your request; 

      4. the right to restrict processing: in certain circumstances, you are entitled to ask us to stop using your personal data, for example where you think that we no longer need to use your personal data or where you think that the personal data we hold about you may be inaccurate; 

      5. the right to data portability: you have the right, under certain circumstances, to ask that we transfer personal data that you have provided to us to another third party of your choice; 

      6. the right to object to marketing: you can ask us to stop sending you marketing messages at any time. You can exercise this right by either clicking on the "unsubscribe" link which is contained in any email that we send to you or you can use the details set out in the "Contacting Us" section to contact us (see section ‎9). Please note that exercise of this right does not extend to service related communications which, where necessary, we will continue to send; 

      7. the right to object to processing: where we process your personal data based on our legitimate business interests (indicated in this privacy policy), you can object to our processing. We will consider your objection and determinewhether or not our legitimate business interests prejudice your privacy rights; 

      8. the right to withdraw consent: we may ask for your consent for certain uses of your personal data – we have indicated in this Privacy Policy where we do need your consent. You have the right to withdraw your consent at any time;  

      9. rights relating to automated decision-making:we do not carry out any automated decision making. If this changes in the future, we will let you know; and    

      10. to the right to lodge a complaint with the applicable data protection supervisory authority: we encourage you to contact us(using the details in the Contacting Us section (see section ‎9)) if you have any concerns with how we use your personal data and we will do our best to resolve your concerns. However, please note that you have a right to complain to the applicable data protection supervisory authority (depending on your territory) if you believe that any use of your personal data by us is in breach of applicable data protection laws. 

        1. if you are based in the UK, the relevant supervisory authority is the Information Commissioner's Office, you can find out more information at the Information Commissioner’s Office website: https://ico.org.uk/

        2. if you are based in Switzerland, the relevant supervisory authority is the Federal Data Protection and Information Commissioner, you can find out more information at the Information Commissioner’s Office website: https://www.edoeb.admin.ch/edoeb/en/home.html.  Please note that lodging a complaint will not affect any other legal rights or remedies that you have. 

  4. HOW WE PROTECT YOUR PERSONAL DATA 

    1. We have put in place appropriate security measures and policies and procedures to prevent your personal data from being accidentally lost, used, interfered with or accessed in an unauthorised manner, altered or disclosed. We will notify you and any applicable regulator of a breach where we are legally required to do so. 

    2. Where we have given you (or you have chosen) a password, you are responsible for keeping this password confidential. Please do not share your password with anyone. 

    3. The security of your data is important to us, but remember that no method of transmission over the internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. You agree and accept the risks associated with the use of the internet. 

  5. HOW LONG DO WE KEEP YOUR PERSONAL DATA? 

    1. We will only keep your personal data for as long as is necessary to fulfil the relevant purposes as set out in this privacy policy and more widely to comply with our legal obligations.  

    2. If you would like further information regarding the periods for which your personal data will be stored, please contact us using the details in the "Contacting Us" section.  

    3. We may also aggregate and anonymise personal data and use and share such aggregated and anonymised personal data with third parties for statistical purposes and for the purpose of data analytics, service development, and/or improvement. 

  6. CONTACTING US 

    1. If you have any queries about how we handle your personal data, the contents of this privacy policy, your data protection rights under applicable data protection laws, how to update your records or how to obtain a copy of the personal data that we hold about you, please contact us at theclimatedrive@wbcsd.org.

  7. UPDATES TO THIS PRIVACY POLICY 

    1. We may change this Privacy Policy from time to time, for example, as the result of changes to applicable law, technologies, our services or other developments.Such changes shall be effective from the date and time the revised Privacy Policy is posted on the Climate Drive website. We encourage you to review our Privacy Policy on a regular basis so that you will be aware of any changes to it. 

    2. This privacy policy was last updated on 13 April 2023.