Privacy Policy
Overview
This Privacy Policy explains how Furthr Ltd (“we”, “us”, “our”) collects, uses, and protects personal information through our website, digital platforms, and professional services. It applies to both individual users and business clients . This policy is governed by UK GDPR and Data Protection Act 2018.
Data Controller & Processor
Furthr Ltd acts as:
- Data Controller for consumer subscriptions, user accounts, and website data.
- Data Processor when processing data on behalf of clients under contractual agreements for emissions measurement, reduction planning, or offsetting.
Personal Data we collect
A. Consumer and Account Data
Includes name, contact details, payment details (handled by PCI-compliant processors), and account activity.
B. Device and Analytics Data
Collected automatically via cookies, pixels, and log files to improve performance and security (e.g. IP address, browser type, usage patterns).
C. Client and Project Data
For business clients, we process limited personal and business information provided to us under contract in order to deliver emissions measurement, reduction planning, and sustainability reporting services. Used solely to deliver emissions measurement and sustainability reporting services.
How we use Personal Data
Purpose and Legal Basis:
- Delivering products and services – Contract performance
- Customer support and billing – Contract performance
- Data analytics and service improvement – Legitimate interests
- Complying with legal obligations – Legal obligation
- Marketing communications (opt-in only) – Consent
- Emissions measurement, analysis, and reporting for clients – Contract performance
Sharing data
We share data only with:
- Verified subcontractors and IT providers under data processing agreements (DPAs)
- Cloud and hosting providers ensuring UK/EU data residency or equivalent safeguards
- Regulators or authorities where legally required
We never sell or monetise personal data.
International Transfer
Where data is transferred outside the UK or EEA, we rely on Standard Contractual Clauses (SCCs) or equivalent legal mechanisms ensuring adequate protection.
Retention and Deletion
We retain personal and project data only for as long as required to fulfil contractual, legal, or verification obligations. Retention periods vary depending on data type and processing purpose.
A. Consumer accounts (B2C users)
Retention Period: Up to 12 months after account cancellation or inactivity
Deletion / Anonymisation Trigger: Deleted or anonymised following account closure, except where required for legal or billing reconciliation.
B. Client project data (emissions measurement, reduction, or offset projects)
Retention period: Retained for up to 5 years post-engagement (unless a shorter period is contractually required)
Deletion / Anonymisation Trigger: Automatically deleted or anonymised upon client request, contract expiry, or five years after project completion.
C. Verification and audit evidence (e.g., emissions documentation, supporting records)
Retention period: 7 years from reporting year-end
Deletion / Anonymisation Trigger: Required for audit traceability under ISO 14064, SECR, and CSRD frameworks; deleted following expiry of statutory audit requirements.
D. Financial, invoicing, and legal correspondence
Retention period: 7 years
Deletion / Anonymisation Trigger: Required by UK Companies Act 2006 and HMRC record-keeping obligations.
E. Aggregated or anonymised datasets (benchmarking, market insights)
Retention period: Retained indefinitely in non-identifiable form
Deletion / Anonymisation Trigger: Data irreversibly anonymised; cannot be re-associated with any client or individual.
Furthr enforces a secure deletion and anonymisation protocol across all environments, ensuring data is purged from backups and subcontractor systems within 90 days of the relevant trigger.
Security Measures
Furthr applies strict security controls, including encryption in transit and at rest, access management, staff training, and regular penetration testing aligned with ISO 27001. Any personal data breach is reported to affected clients without undue delay (normally within 24 hours) and to the Information Commissioner’s Office within 72 hours where legally required.
Data Protection and Privacy Commitments
As part of our commitment to data protection and privacy at [Your Company Name], our privacy policy incorporates crucial elements typically found in a Data Processing Agreement. This approach ensures that we maintain compliance with relevant data protection laws and regulations, such as the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, without the need for a separate DPA.
Key Elements Included in Our Privacy Policy:
Incident Reporting: In the event of a security incident or data breach, we commit to notifying the relevant parties promptly, aiming for within 48 hours, to facilitate immediate and effective action.
Data Subject Rights: We provide assistance with requests pertaining to data subject rights, ensuring compliance with individuals’ rights under data protection regulations.
Legal and Regulatory Compliance: Our policy and practices are aligned with national and international data protection laws, with regular updates to ensure ongoing compliance with evolving standards.
Data Processing Standards: When processing data on behalf of clients or third parties, we adhere to strict security and confidentiality standards, consistent with our role as a data processor.
Aggregated Insights
Furthr may use anonymised or aggregated emissions and activity data to produce benchmarking or market insights. No individual or organisation is identifiable in these outputs.
Your Rights
You have the right to request / access personal information we hold about you (also known as a subject access request)
You can ask that your personal information be corrected, updated, or deleted
You can request the restriction of processing your personal information. This would suspend the processing of your personal information under the following scenarios:
If you have disputed the accuracy of our data about you and we are verifying that claim.
You can contact our Data Protection officer at jagatheesh@furthr.earth
Where the processing of your personal information has been unlawful but you do not want us to delete it
Where we no longer need your personal information but you need us to still hold your personal information as you need it to establish, exercise or defend legal claims
You have objected to the processing of your personal information and we are in the process of verifying if we have legitimate grounds override those of the individual.
You can request your personal information be transferred to another data controller. This means we will provide to you, or a third party of your choice, your personal information in a structured, commonly used, machine-readable format. This only applies to automated information you initially provided to us with consent and was then used for the carrying out of the contract with you.
You have the right to object to the processing of your personal information where we claim processing under legitimate business interests, if given your specific circumstances you feel it is impacting your fundamental rights and freedoms. You also have the right to object to the processing of your personal information for direct marketing purposes.
You can withdraw consent at any time where you have previously given consent to the processing of your personal information.
Finally, you also have the right to make a complaint with the relevant data protection authority if you think that your personal information is not being processed in accordance with applicable data protection law.
If you would like to exercise any of your rights, please contact us through the contact information below.
Minors
The Site is not intended for individuals under the age of 18.
Links to Third Party Sites
As part of our site we may have links to third party sites, please note that once on these third party sites you will be subject to their privacy policy.
Cookies
Cookies are small text files sent by your browser to a website that you visit. These cookies are stored on your browser and allows us to record specific pieces of information whenever you visit or interact with our sites.
Some cookies have been installed on the basis of consent, this consent can be withdrawn at any time through your web browser. We use cookies for 4 main reasons outlined below:
Operational necessity. We may use cookies, web beacons, or other similar technologies to identify irregular site behavior, prevent fraudulent activity and improve security; or that allow you to make use of our functions such as shopping-carts, saved search, or similar functions
Performance related. We may use cookies, web beacons, or other similar technologies to assess the performance of our website including as part of our analytic practices to help us understand how our visitors use our websites, determine if you have interacted with our messaging or to improve our website content and services
Functionality related. We may use cookies, web beacons, or other similar technologies that allow us to offer you enhanced functionality when accessing our site. This may include identifying you when you sign into our sites or keeping track of your specified preferences or past items viewed so that we may enhance the presentation of content on our sites
Advertising or Targeting Related. We may use first-party or third-party cookies and web beacons to deliver content, including ads relevant to your interests, on our sites or on third party sites. This includes using technologies to understand the usefulness to you of the advertisements and content that has been delivered to you, such as whether you have clicked on an advertisement. Our main partner are:
Facebook - to provide advertising services through Facebook’s advertising and marketing platforms and other social networking plug-ins or marketing tools
Google Analytics - Google Analytics is an online analytics platform that tracks your interactions with the website. Whilst the cookies are used to identify you as an user, they do not do so with personally identifiable information.
Behavioural Advertising
As described above, we use your personal information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by:
FACEBOOK (INCLUDING INSTAGRAM) - https://www.facebook.com/settings/?tab=ads
GOOGLE - https://www.google.com/settings/ads/anonymous
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
Do Not Track
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
Contact Us
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at hello@furthr.earth or by mail using the details provided below:
Updates to this Policy
We may update this policy from time to time. Material changes will be notified via email or on our website 30 days before they take effect.
Contact
Furthr Ltd
71-75 Shelton Street, London WC2H 9JQ, United Kingdom
Email: privacy@furthr.earth
Appendix A: Cookie Policy
We use cookies to:
- Remember preferences and session data
- Improve analytics and performance
- Deliver personalised content and measure marketing effectiveness
You can manage or disable cookies in your browser settings. Non-essential cookies are used only with your consent.
Appendix B: Lawful Bases Summary
Processing Activity and Lawful Basis:
- Account management – Contract
- Subscription payments – Contract
- Website analytics – Legitimate interests / consent
- Marketing – Consent
- Client project data – Contract
- Security and compliance – Legal obligation