Privacy policy
We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are, and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR). We are also subject to the EU General Data Protection Regulation (EU GDPR) if you are based in the EU.
Key terms
Here are some key terms used in this policy:
We, us, our: TransitionZero is a registered charity numbered 1194424 and a company limited by guarantee in England numbered 12914740. Our registered office is at 7 Bell Yard, London, United Kingdom, WC2A 2JR, and our main trading address is County Hall, Belvedere Road, London, SE1 7PB.
Personal data: Any information relating to an identified or identifiable individual.
Special category personal data: Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership. Genetic and biometric data (when processed to uniquely identify an individual). Data concerning health, sex life or sexual orientation.
Data subject: The individual who the personal data relates to.
Personal data we collect about you
We may collect and use the following personal data about you:
- your name and contact information, including email address and telephone number and employer details
- location data, if you choose to give this to us
- your professional interests
- your professional online presence, e.g. LinkedIn profile
- information from accounts you link to us, e.g. Facebook
- information about how you use our website, IT, communication and other systems
- your responses to surveys, e.g. your expected use of data downloads
We collect and use this personal data to help us to deliver our charitable aims.
How your personal data is collected
We collect most of this personal data directly from you—in person, by telephone, text or email and/or via our website. However, we may also collect information from a third party, e.g.:
- your employer
- from cookies on our website—for more information on our use of cookies, please see the Cookies Settings button on our website
- via our IT systems, e.g.:
- from door entry systems and reception logs
- through automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems
How and why we use your personal data
Under data protection law, we can only use your personal data if we have a proper reason, e.g.:
- where you have given consent
- to comply with our legal and regulatory obligations
- for the performance of a contract with you or to take steps at your request before entering into a contract
- for our legitimate interests or those of a third party.
A legitimate interest is when we have an operational or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
The table below explains what we use your personal data for and why:
Your rights
Description
Access
The right to be provided with a copy of your personal data
Rectification
The right to require us to correct any mistakes in your personal data
Erasure (also known as the right to be forgotten)
The right to require us to delete your personal data—in certain situations
Restriction of processing
The right to require us to delete your personal data—in certain situations
Data portability
The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
To object
The right to object: —at any time to your personal data being processed for direct marketing (including profiling); —in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests.
Not to be subject to automated individual decision making
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
AMP (AI chatbot)
When you interact with the chatbot on our platform, Scenario Builder, we will process your chats and interactions with the bot, and associate them with your user identity, to:
- operate the chatbot and enable it to process your input and respond to it, so that we can provide the chatbot to you; and
- understand how you use the chatbot and any problems you encounter with it, so that we can improve the bot and our service more generally.
We do that on the basis of our legitimate interest in providing the bot and understanding how it is used.
We use Google Gemini to power the bot, so your inputs will be shared with and processed by Google in order to formulate responses. Your personal data will therefore be transmitted to Google in the United States of America. We have configured Google Gemini not to retain your inputs or the responses generated. You can find out more about how Google protects
your personal data here.
We also use Langfuse to help us to analyse your chats and interactions with the bot, so that information will be shared with them. They will store your information within the European Union, and will only use that information to provide their service to us.
We will retain this information for 180 days, after which time we will aggregate and anonymise it, and then delete the original versions.
