Data Protection & ePrivacy

Privacy Policy

This Privacy Policy explains how Certif-Scope processes personal and non-personal data in accordance with the GDPR and the EU ePrivacy Directive, following a strict privacy-by-design and data minimization approach.

1. Privacy-by-Design Principles

Certif-Scope is designed to operate without user accounts, without behavioral tracking and without unnecessary data collection. Privacy by design and privacy by default are applied at all stages.

  • no user accounts or persistent profiles
  • no advertising, profiling or behavioral tracking
  • no third-party analytics or audience measurement
  • no cookies requiring consent
  • no storage of detailed financial input data

2. Data You Voluntarily Provide

Depending on how you interact with Certif-Scope, you may voluntarily provide the following information:

  • email address when contacting support or making inquiries
  • optional organization identification information
  • annual spending (€) entered for CO₂e calculation
  • content of messages sent via contact or support forms

3. CO₂e Calculation Processing

CO₂e calculations are performed locally in the user’s browser. Detailed financial inputs are processed on the user’s device and are not stored on Certif-Scope servers.

Only the final aggregated CO₂e result required to generate the attestation is transmitted. No detailed spending breakdowns are retained or logged.

4. Cookies, Trackers and ePrivacy

Certif-Scope does not use advertising cookies, tracking cookies or third-party analytics tools. The website does not rely on cookies requiring user consent under the EU ePrivacy Directive.

  • no marketing or analytics cookies
  • no cross-site or behavioral tracking
  • no cookie consent banner required

Any strictly necessary technical cookies, if used, are limited to essential site operation and do not store personal data.

5. Data Storage and Retention

Certif-Scope does not permanently store CO₂e calculation input data. Financial values are processed transiently in memory and discarded immediately after attestation generation.

Emails and support communications may be retained for up to twelve (12) months for operational and support purposes and can be deleted upon request.

6. Data Sharing and Processors

Certif-Scope does not sell, rent or monetize personal data. Limited processing may involve:

  • hosting and deployment infrastructure providers
  • email delivery services

All processors operate under GDPR-compliant contractual safeguards.

7. Your GDPR Rights

  • right of access
  • right to rectification
  • right to erasure
  • right to restriction of processing
  • right to data portability
  • right to object

To exercise your rights, contact:
contact@certif-scope.com

8. Security Measures

Certif-Scope applies HTTPS encryption and standard technical and organizational measures to protect data against unauthorized access, alteration or disclosure.

9. Policy Updates

This Privacy Policy may be updated to reflect legal, technical or operational changes. The latest version is always available on this page.