Geometric bear logoReturn to homeCarbon Jacked

Carbon Jacked Ltd Privacy Policy

Introduction - Carbon Jacked Privacy Policy

If you are a visually impaired customer, a customer who has another disability or a customer who seeks support in other languages, you may access support to understand this Privacy Policy by emailing us at

Carbon Jacked is committed to taking reasonable steps to protect the privacy of individuals from organisations it enters into a contractual agreement with to provide access to the Carbon Jacked Employee Sustainability Platform. This privacy policy explains how and why we collect, use and protect your information.

It is important that you read this privacy policy so that you are fully aware of how and why we are using your personal data. By using the Service, you indicate your acceptance of this Policy. If you do not agree to this Policy, you should not use this platform.

Contents of this policy

  1. Our privacy principles
  2. How to read this policy
  3. The type of personal information we collect
  4. Use of user information and why
  5. Communication
  6. Public Employee Sustainability Rankings data
  7. Children’s privacy
  8. Sharing user information
  9. Data transfers
  10. Retention of information
  11. Security
  12. Data protection rights
  13. How to complain
  14. Changes to our Privacy Policy
  15. Our contact details

1. Our privacy principles

‍We understand and value the importance of privacy. We have therefore set the following principles for our policy:

  1. We only collect the personal information that we need in order to provide you with our services/products.
  2. We do not retain personal information for longer than is necessary.
  3. By allowing users to contact us easily, we offer users ways to control their personal information and express their preferences.

2. How to read this policy

Where this privacy policy refers to ‘us’, ‘we’, ‘our’ or ‘Carbon Jacked’ this means Carbon Jacked Ltd.

Where this privacy policy refers to ‘user(s)’, ‘individual(s)’, ‘employee(s)’ or ‘you’ this means the user of the platform.

Where this privacy policy refers to ‘platform’, ‘website’ or similar it means any website operated by Carbon Jacked Ltd e.g. or

3. The type of personal information we collect

For the purposes of this Privacy Policy, “personal information” or “personal data” means any information that relates to an identified or identifiable individual. We do not collect any “sensitive” personal information/data on individuals as defined by the UK Information Commissioner’s Office.

We may collect the following categories of personal information that users choose to provide to us when the Carbon Jacked Employee Sustainability Platform is used or otherwise interacted with or users receive our products and services.

Information from others

For users that receive access to Carbon Jacked through their employer or other such organisation, their basic contact information is submitted to us by that organisation to facilitate their enrolment in our services.

Basic Contact information

For users to have an account and access to the Carbon Jacked Employee Sustainability Platform, we currently collect and process the following information:

  • Full name
  • Work email address
  • Where applicable Country, Office, Team/Function

Communication and platform-based information provided by the user

When users send or respond to emails, messages, or other communications from Carbon Jacked, we may collect user email addresses, names, and any other personal information the user chooses to include in the body content of their communications. In addition, when they interact with certain features of our Platform, we may collect the content of those interactions. For example, if users actively choose to calculate their carbon footprint using the carbon footprint calculator on the Platform, they can submit information about their lifestyle, such as their travel and the type of diet they follow.

Payment information

In circumstances where users do sign up for a paid product or service from us, they may be required to provide their payment card or bank account information. Please note that Carbon Jacked does not directly process payment card information, but does rely on third-party payment processors to do so on our behalf. Please note that third party terms may apply to these payment services. Personal information collected for these purposes includes card number, type, expiration date, and billing address, and certain anonymized, limited and/or truncated versions of this information may be provided to Carbon Jacked.

Other information

There are other times users may choose to provide information to us, including in the following scenarios:

  • Signing up to receive our newsletter
  • Creating an account on our website
  • Subscribing to our services
  • Using our carbon footprint calculator
  • Using our Employee Sustainability Rankings
  • Asking for direct marketing to be sent
  • Engaging with us on social media
  • Entering a competition, promotion or survey
  • Contacting us (e.g. customer services)
  • Leaving comments or reviews on our services

Information we automatically collect

Our Platform and Website may collect standard tracking information from users automatically as they use them. This information may include:

  • Browser and device data, such as IP address, device identifier, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons, and the language version of the Websites and Apps you are visiting; and
  • Usage data, such as geolocation data, browsing history, time spent on the Platform, pages visited, links clicked, language preferences, performance of features, patterns of use, and the pages that led or referred you to our Platform including individual Websites and Apps.For example, we use Google Analytics on our Websites to help us analyse your use of our Websites and diagnose technical issues.
  • Cookies and web-beacons - we may use cookies and other tracking technologies such as pixels, web beacons, embedded scripts, and tags (“Cookies”). We also collect information about users’ online activities on websites and connected devices over time and across third-party websites, devices, apps, and other online features and services.

Please review our “Cookies and tracking technologies” section below for more information about our use of these technologies.

Aggregated, anonymous, and de-identified data

We may create aggregated, anonymous, or de-identified data from personal information by removing data components that make the data personally identifiable to users, or potentially personally identifiable to users, or through obfuscation or other means. Once information is aggregated, anonymized, or de-identified such information is no longer personal information, and use of the data is not subject to this Privacy Policy.

Cookies and tracking technologies

A cookie is a small file of letters and numbers that we store via a user’s browser. Our website uses cookies to distinguish individuals from other users of our website. This helps us to provide users with a better experience when they browse our website and also allows us to improve our site. For example, we use cookies to offer sign-in functionality, to remember user preferences and to understand how our web pages are used.

We may use both temporary and persistent cookies. Users can delete cookies in their browser anytime and they can also block cookies from being placed; however, this could affect the quality of the service.

We may also rely on service providers and other partners to provide many features of our Platform using data about how individuals use our Platform, which may include personal information. Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

4. Use of user information and why

We may use personal information in the following ways:

  • To provide our products and services, including the delivery of content and facilitation of interactive features.
  • To communicate with users regarding the Carbon Jacked Platform, products and services.
  • To notify users about updates or changes to the Carbon Jacked Platform, products and or services.
  • To provide customer service, answer user questions or requests for information, or handle complaints.
  • Where applicable, to facilitate payment transactions, manage orders, and account for applicable sales taxes.
  • To deliver on any agreements that we may have with a user, organisation or employer.
  • To maintain and improve the quality of the Carbon Jacked Platform, products and services, including to perform research and development, understand our user trends, and understand the effectiveness of our marketing and advertising.
  • To provide users with information about new products and services, promotions, and other opportunities that we believe may be of interest to them.
  • To protect ourselves, users and others; preventing fraud and other unlawful or unauthorised activity; and creating and maintaining a trusted, secure, and reliable online environment.
  • To comply with our legal obligations or conduct any legal cases where the information is relevant.
  • Please note that we may also use personal information to cross-reference or convert various types of accounts that users may be associated with on our Platform, for example personal and employee accounts.

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

  1. Either individual consent. Users are able to remove their consent at any time. They can do this by contacting
  2. Or, we have a contractual agreement to provide users with access to the Carbon Jacked employee platform.

5. Communication

We may use individual information to contact users, including to fulfil our contractual obligations, such as to provide educational content about sustainability. We may also contact users about administrative and access issues for the platform where needed.

Users have the option to unsubscribe from these communications at any time.

6. Public Employee Sustainability Rankings data

For our public ‘Employee Sustainability Rankings’ we do not collect or store any personal identifying information. This includes not collecting or storing user analytics such as IP addresses.

7. Children’s privacy

Please note our Platform is intended for individuals at least 18 years old or older, as such we do not knowingly collect data relating to children.

8. Sharing user information

We may share personal data with the third parties categorised below for the purposes set out in this privacy policy or where legally acceptable.

We may share personal data with the following categories of third parties:

  • Suppliers and service providers (such as outsourced services partners, technology service providers, manufacturers and post and courier services).
  • Payment services providers, e.g. via Stripe - payment processors may take personal data directly from users as part of processing a purchase, and they will be data controllers in their own right for that processing.
  • Auditors and professional advisers like bankers, lawyers, accountants and insurers.
  • Government, regulators and law enforcement.

We may also share data with third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets.

Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use personal data in the same way as set out in this privacy policy.

9. Data transfers

In some cases, where we are operating internationally, the personal information we collect may be processed outside of the country in which users reside. Not all countries have the same protections for information. However, we look to ensure that user information processed by us and our suppliers outside of a user’s country is protected in the same way as it would be if it was processed within their country.

For example, whenever we transfer information outside of the UK or EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer information to countries that have been deemed to provide an adequate level of protection for personal information; or
  • Where we use certain service providers, we may use specific contracts approved for use in the UK or the EEA, as applicable, which give personal information adequate protection.

10. Retention of information

We will only retain information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain information for a longer period in the event of a complaint.

To determine the appropriate retention periods for information, we will take into account factors including:

  • The amount, nature and sensitivity of the information.
  • The potential risk of harm from unauthorised use or disclosure of user information.
  • The purposes for which we process user information and whether we can achieve those purposes through other means.
  • Our contractual obligations and rights in relation to the information involved.
  • Legal obligation(s) under applicable law to retain information for a certain period of time.
  • Applicable regulatory, tax, accounting or other requirements;
  • Our legitimate interests for retaining the information (see ‘Use of user information and why’ above).
  • Whether there is an actual or potential dispute.
  • Guidelines issued by relevant data protection authorities.

In some circumstances users can ask us to delete their information (see “Data protection rights” section below). At the end of a retention period, we will securely delete or anonymise their information.

11. Security

We adopt robust technologies and policies to protect user information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have implemented procedures to deal with any personal data breach and will notify users and any applicable regulator of a breach where we are legally required to do so.

Unfortunately, the transmission of information via the internet is not completely secure. Although we take steps to protect user information, we cannot guarantee the security of their information transmitted; any transmission is at their own risk. Once we have received their information, we will use procedures and security features to try to prevent unauthorised access.

Where users have chosen a password which allows access users are responsible for keeping this password confidential. Users must keep any password created, or other secure login method, secret, and prevent unauthorised access. We advise passwords are not shared.

12. Data protection rights

In certain circumstances, under local data protection law, users may have rights in relation to the information we hold about them. We will handle a request to exercise these rights in line with the applicable law.

If users are in the UK or the EU, they have the following rights:

  • The right to be informed. They have the right to be provided with clear, transparent and easily understandable information about how we use their information and their rights. This is why we’re providing them with the information in this policy.
  • The right of access. This is also known as a “data subject access request”. Users have the right to receive a copy of their information if we hold any information about them and to check that we are processing it lawfully.
  • The right to rectification. Users are entitled to have any incomplete or inaccurate information we hold about them corrected, though we may need to verify the accuracy of the new information they provide to us.
  • The right to erasure. This is also known as “the right to be forgotten”. Users have the right to request the deletion or removal of certain information that we hold about them where there is no good reason for us continuing to process it. The right is not absolute and only applies in certain circumstances.
  • The right to restrict processing. Users have rights to block or suppress further use of their information in certain circumstances. When processing is restricted, we may still have a lawful reason to hold their information, but we will not use it further.
  • The right to data portability. They have the right to receive their information in a structured, commonly used and machine-readable format. This right is not absolute and only applies in certain circumstances.
  • The right to withdraw consent. Where we rely on consent to use user information, they have the right to withdraw that consent at any time. Withdrawing consent will not, however, make unlawful our use of their information before they withdraw their consent. If they withdraw their consent, we may not be able to provide certain services to them.
  • The right to object to processing. Users have the right to object to certain types of processing of their information, including processing for direct marketing purposes.

If users wish to exercise their privacy rights, they can contact

13. How to complain

If users have any concerns about our use of their information, they can make a complaint to us at

Users can also complain to the ICO if they are unhappy with how we have used their data.

The ICO’s address:
Information Commissioner’s Office,
Wycliffe House,
Water Lane,
United Kingdom

Helpline number: 0303 123 1113

ICO website:

14. Changes to our privacy policy

We may change this Privacy Policy from time to time to reflect new services or changes in our data practices or relevant laws. The date at the bottom of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes are effective when we post the revised Privacy Policy on the Carbon Jacked website. We may take reasonable measures to notify users via email and/or a prominent notice on our Platform prior to certain changes becoming effective, and will update the effective date at the top of this Privacy Policy. Users are advised to review this Privacy Policy periodically for any changes.

We update this privacy policy from time to time, so users should remember to check back in every so often, in case anything has changed and, where appropriate, we will notify users of the changes, for example by email or another method.

This privacy policy was last updated in November 2023.

15. Our contact details

Carbon Jacked Ltd

2 The Mill, Waterside Village, Loughborough, East Midlands LE11 1FU

Phone Number: