CarbonScape Docs

Legal policies and Data

Our main goal in handling data is to ensure transparency, clarity and accountability for everyone involved. We comply with

EU privacy laws⁠

also knows

GDPR⁠

. We have outlined the most important parts below.

For more elaborate information please visit the associated links or

contact us⁠

How do we approach data and use or process it?

User groups, permissions and risk management

We have identified four major user groups and associated roles. As we do not have any functionality for externals yet, this group is yet to be further defined.

Roles

Roles

Who

Role

Function

GDPR

Measures

User

Data Supplier

Users that enter or upload their CO2 data.

Data Controller

General terms and conditions, Privacy agreement

StudioAvw, MVRDV

Data Processor

Organizations that analyze or combine data into a hollistic picture.

Data Processor

Data processing agreement, Non-disclosure agreement

StudioAvw

Administrator

Plaform management and supervision of functionality, quality, security and rights.

(Partial) Data Processor

Data processing agreement, logging, DPIA, security, authorisationmanagement

Externals

Stakeholders with read rights to certain datasets (Optional).

There are no rows in this table

⁠

Based on the above set of roles a set of permissions is provided ranging from full access to partial access, opt-in and no access policies as outlined below. This list functions as a global overview providing the most common data types.

Permissions

Permissions

Type of data

Data Supplier

Data Processor

Administrator

Externals

CO2 data

👁️ own data or shared data

🔒 opt-in

👁️

❌ / 🔒 opt-in

User data (name, email, company name)

👁️ own data or shared data

🔒 opt-in

👁️

❌ / 🔒 opt-in

Carbon Dashboard

👁️

🔒 opt-in

👁️

👁️ / 🔒 opt-in

Project data

👁️

🔒 opt-in

👁️

👁️ / 🔒 opt-in

System access

❌

👁️

❌

There are no rows in this table

⁠

Although we do our best do ensure data is kept within the above framework we may not be able to fully provide the safety of your data. Please see our measures below.

Risk management

Risk management

Risk

Likelyhood

Severity

Risk Level

Measures

Unauthorised access

Encryption, 2FA, accessmanagement, logging, backups

Accidental sharing of data

Rights structure, contractual agreements

Data leak at system administrator

Reporting procedures, limiting risk

Lack of transparency towards stakeholders

Transparency statement, right of inspection

There are no rows in this table

⁠

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.