General Data Protection Regulation (GDPR) Statement

Ecometrica and GDPR

Ecometrica is firmly convinced that meeting GDPR requirements is much more than just a compliance effort – it is about creating a company-wide culture that values user privacy and data security.

25th May 2018 marks the start of enforcement of the European Union’s General Data Protection Regulation. This new piece of legislation has had a great impact on any business that is either located in the EU or involves handling personal data about EU residents. While Ecometrica’s area of work involves minimal amounts of personal data, we have nevertheless been working diligently to make sure that we are compliant.

This statement provides an overview of the data-related roles and responsibilities when you’ve chosen Ecometrica as your sustainability platform, and will explain Ecometrica’s efforts to live up to the values and requirements of the GDPR.

Ecometrica as the data processor

The personal data you store in the Ecometrica Platform are your data subjects, and you are considered the data controller for this personal data.

Using the Ecometrica Platform means that you have engaged Ecometrica as a data processor to carry out certain processing activities on your behalf.

According to Article 28 of the GDPR, the relationship between the controller and the processor needs to be made in writing (electronic form is acceptable under subsection (9) of the same Article). This is where our Terms of Service and Privacy Policy come in. These two documents also serve as your data processing contract, setting out the instructions that you are giving to Ecometrica with regard to processing the personal data you control and establishing the rights and responsibilities of both parties. Ecometrica will only process your Client Data based on your instructions as the data controller.

Data transfers

One topic that often comes up with customers is data transfers outside of the European Economic Area (EEA).

The GDPR establishes strict requirements for moving data outside of its scope of protection. This is only natural – otherwise it would be impossible for the law to fulfill its purpose.

Who is responsible for meeting these data transfer requirements? As a matter of standard business practice, Ecometrica keeps all Client Data within the EEA. If Ecometrica subsequently engages sub-processors outside the EEA, it is our job to ensure that we transfer the data lawfully.

We will keep an up-to-date list of sub-processors in our Terms of Service to be fully transparent about these transfers. This list will also explain what data is involved and how we have ensured that the data is adequately protected even after it leaves the EEA. We do this by making sure that our third-party service providers have either certified under the EU-US Privacy Shield framework or signed the EU Commission’s standard contractual clauses for data transfers with us.

Hopefully this helps you to better navigate the EU’s data protection requirements. If you have any questions with regard to the above, you’re welcome to reach out to us at

Ecometrica as the data controller

Additionally, Ecometrica acts as the data controller for the personal data we collect about you, the user(s) of our platform, mobile apps, and website. The only data we collect for the use of our Platform are users’ email addresses.

First and foremost, we process data that is necessary for us to perform our contract with you (GDPR Article 6(1)(b)).

Secondly, we process data to meet our obligations under the law (GDPR Article 6(1)(c)) — this primarily involves financial data and information that we need to meet our accountability obligations under the GDPR.

Thirdly, we process your personal data for our legitimate interests in line with GDPR Article 6(1)(f).

What are these ‘legitimate interests’ we talk about?

  • Improving the platform to help you reach new levels of productivity.
  • Making sure that your data and Ecometrica’s systems are safe and secure.
  • Responsible marketing of our product and its features.

As the controller for your personal data, Ecometrica is committed to respect all your rights under the GDPR. If you have any questions or feedback, please reach out to us by email at

What is Ecometrica doing for the GDPR

As a company based in Europe, Ecometrica is very much up to speed with the implications that the EU General Data Protection Regulation has for businesses.

We appreciate the privacy needs of Ecometrica’s users and, as such, have implemented — and will continue to improve — technical and organisational measures in line with the GDPR to safeguard the personal data processed by Ecometrica.

Internal processes, security and data transfers

A large part of GDPR compliance is making sure that there are procedures in place that ensure that data processes are mapped and auditable. We have added elements to our application development cycle to build features in accordance with the principles of Privacy by Design. Any access to the Client Data that we process on your behalf is strictly limited. Our internal procedures and logs make sure that we meet the GDPR accountability requirements in this regard.

We have established a process for onboarding third-party service providers and adopting tools that makes sure that these third parties meet the high expectations that Ecometrica and its customers have when it comes to privacy and security.

Readiness to comply with subject access requests

Data subjects’ ownership of their personal data is at the heart of the GDPR. We have created a readiness to respond to data subject requests to delete, modify, or transfer their data. This means that our Relationship Managers along with the Engineers that assist them in their work are well prepared to help you in any matters involving your personal data.


Our Terms of Service and Privacy Policy are constantly being revised to increase transparency and to make sure the documents meet GDPR requirements. As these are the basis for our relationship with you, it is very important for us to comprehensively and openly explain our commitments and your rights in these documents. Additionally, we’re constantly mapping all our data processing activities to be able to comply with the GDPR accountability requirements.


All of the above is supported by extensive training efforts within the company so that the GDPR compliant processes we’ve put in place are followed. Sessions on data privacy and security are an integral part of our onboarding for new staff.

Cookies & Privacy Policy

What are Cookies?

Cookies are small data files that your internet browser (usually Internet Explorer, Firefox, Chrome, Safari or Opera) places on your computer or smart device. A cookie itself does not contain or collect personal information about you or your use of the internet. However, when you visit one of our websites, the cookies on your computer or device can enable it to deliver a more tailored experience – for example, by remembering your preferences or login information, or by pre-loading content you’ve previously visited to speed up your browsing time.

How & Why Ecometrica Uses Cookies: Your Privacy

Ecometrica categorically does not attempt to infringe on your privacy, and actively take steps to ensure that your privacy is not affected by our use of cookies. We use cookies only in order to remember your choices and preferences, to give you a better user experience by improving our websites and for providing content more accurately suited to your needs.

This means we use cookies in order to remember:

Your browser settings, such as the type of browser you use and what plug-ins you have installed. This keeps us from bothering you every time you enter the website, for example, in order to make sure that you have the necessary software to display any videos or graphics we place on our websites. This also allows us to know how many people are using certain types of software, so that we can adjust our websites to provide the best browsing experience for every visitor.
Your language and region choice. This means that if you have once chosen English as your preferred language this is the default language that will be used when you revisit our website.
Overall visitor movement on and usage of our websites. We do not collect personal data as part of this. We collect statistical data (for example, how many visits a certain page has had each day) so we can optimise our websites. For returning visitors, it will also remember some cached page content which will allow your browser to “pre-load” some content – making your browsing experience much faster.

The only tracking cookies that we use on our websites are analytical, using Google Analytics to capture general usage data on our web pages. This doesn’t capture or store any personal information about you. Ecometrica also uses social sharing buttons for Facebook and Twitter, which allows you to “like” or “tweet” links to articles or pages on our website that you want to share with your friends and followers. Facebook and Twitter may send third party cookies to your device. Ecometrica is not responsible for any cookies these sites use and you should refer to the individual privacy policies of such sites. However, the placement of these third party cookies does not provide Ecometrica with any of your personal or social networking information.

Ecometrica Web Forms: Your Privacy

When you fill out a web form on, your information is only stored if your enquiry is regarding either a sales or partnership enquiry with Ecometrica. This is so that we can maintain a two-way dialogue with you throughout the contractual process and makes it easier for us to contact you in the future. Also, if you submit a speculative application on our Careers page, this information will also be stored so that we can contact you in the future should a position become available at Ecometrica. Note that this is not done automatically: your information is sent to us via the website, but the process of storing your information is always done manually to ensure that we don’t store your details in error. If you’re unsure at all about how your data is being stored, you are welcome to email us directly and we will be happy to reassure you:

Any other enquiries submitted through web forms (questions, comments, requests and so on) will not result in your information being stored for security purposes, unless you specifically ask that we do so.

Deleting or Opting Out of Cookies

Most browsers automatically accept cookies. You can prevent cookies from being stored on your computer or device by setting your browser to not accept cookies. Some browsers provide a mode where cookies are always deleted after a visit. This is called InPrivate in Internet Explorer version 8 and newer; Incognito in Google Chrome version 10 and newer; Private Browsing in Firefox version 3.5 and newer; Private Browsing in Safari version 2 and newer and Private Browsing in Opera version 10.5 and newer.

You can delete cookies already on your computer or device at any time by using the Settings menu in your browser; the location of this menu differs from browser to browser. If you choose not to accept cookies at all, you can still visit our website – however, when cookies are disabled, we cannot guarantee an optimum experience and there may be content that is not available.

After you have typed in some text, hit ENTER to start searching...