Privacy Policy
Privacy Policy
Forestio
1. How We Collect Personal Information
2. What Types of Personal Information We Collect
3. What Is the Purpose of Data Processing and Its Legal Basis
4. Who May Have Access to Your Personal Data
5. Are Personal Data Likely to Be Transferred Outside of the European Union?
6. How We Protect and Store Your Personal Data
7. Your Data Protection Rights
8. How Long Is Your Data Stored
9. How We Protect Your Personal Data
10. We Do Not Collect Sensitive Personal Information and Children’s Data
Privacy Policy
Forestio
1. How We Collect Personal Information
2. What Types of Personal Information We Collect
3. What Is the Purpose of Data Processing and Its Legal Basis
4. Who May Have Access to Your Personal Data
5. Are Personal Data Likely to Be Transferred Outside of the European Union?
6. How We Protect and Store Your Personal Data
7. Your Data Protection Rights
8. How Long Is Your Data Stored
9. How We Protect Your Personal Data
10. We Do Not Collect Sensitive Personal Information and Children’s Data
Privacy Policy
Last Updated: Aug 8, 2024
Forestio
Forestio is committed to protecting the privacy and confidentiality of our users and being transparent about our processes regarding users' personal information. Our Privacy Policy informs you as to how we look after your personal information when you visit our website or use our Service and describes how we process your personal information as well as how you can exercise your privacy rights. It meets the requirements of General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and the free movement of such data (the "GDPR").
References in these Terms & Conditions to "Forestio", "we", "our", "us", or "provider", are to Forestio, and references to "user", "client", "you", "your", or "subscriber" are to the person who signs up to use the Forestio services.
The website www.forestio.ai and its subdomains are operated by Generation Forest s.r.o. (Forestio), a company established and existing under the laws of the Czech Republic with its principal office located at Platnéřská 88/9, Staré Město, 110 00 Praha, CZ.
Our primary objective is to establish a comprehensive system integrating technological, scientific, and financial tools. This system aims to support environmental conservation efforts worldwide, focusing on enhancing ecosystem services like carbon sequestration and preserving ecosystem integrity, including biodiversity. For more details, please refer to the information provided on our website.
We specialize in utilizing artificial intelligence solutions and satellite imagery to assess the environmental impact of nature-focused initiatives. These initiatives encompass activities that protect, manage, or restore natural ecosystems, addressing critical societal concerns such as climate change, human health, food and water security, and disaster risk reduction. Our approach prioritizes delivering both human well-being and biodiversity benefits in an effective and adaptable manner.
More information about our services and how you can use them can be found on our website at www.forestio.ai. Please take the time to read through the Terms of Useas well. If you have any questions about this Policy, please contact us at info@forest.io.
Please take a moment to read this Privacy Policy carefully. Your access and use of our website and services imply your acceptance of the terms outlined in this Privacy Policy. If you do not agree with any aspect of this Privacy Policy, you should immediately discontinue access or use of our website and services.
We may modify or update this Privacy Policy from time to time to reflect the changes in our business and practices, this will be indicated by changing the date at the top of this page. When we change the policy in a material manner, we will notify you by email (sent to the email specified in your account), by means of a notice on our services prior to the change becoming effective, or as otherwise required by law.
1. How We Collect Personal Information
Personal information is typically data that identifies an individual or relates to an identifiable individual. This includes information you provide to us, information that is collected about you automatically, and information we obtain from third parties.
To establish an account and access our services, we'll ask you to provide us with some important information about yourself. We may also ask you to upload some files containing information about you, which may include personal data about you or other persons. You confirm that your disclosure of any personal data relating to individuals other than yourself was or will be made in accordance with all applicable data protection laws, and you have the consent or legal grounds to do so.
If you choose not to share certain information with us, we may not be able to serve you as effectively or offer you our services. Any information you provide to us that is not required is voluntary.
As we add new features and services, you may be asked to provide additional information.
2. What Types of Personal Information We Collect
The personal information we process depends on the context of your interactions with Forestio, however, the personal information we collect broadly falls into the following categories:
General Personal Information: first name, last name, country of residency;
Account-related Details: login details; password;
Identification Data: date and place of birth, address, tax residency, citizenship; ID document and data included in the ID document (also photo taken by device’s camera);
Contact Data: mailing address, phone number, email address;
Information about Persons Related to a Legal Entity: first and last name(s), date of birth, address of the board member(s) and ultimate beneficial owner(s), ownership structure document;
Financial Information: bank account information, source of funds, source of wealth;
Blockchain Wallet Information: We collect information related to your blockchain wallet, which includes, but is not limited to, your wallet address, transaction history, and balances. This data is essential for facilitating transactions and services that involve blockchain technology. We ensure that this data collection adheres to relevant legal standards and is solely used for the purposes of providing and improving our services.
Transaction Data and Nature of Using the Service: transaction sums, counter-parties;
Usage Information: information on how our services and platform are used, including feedback provided;
Technical Information: technical information collected during the use of the services (please also see our Cookies Policyfor further information about the use of cookies);
Correspondence between You and Us
Social Media and Third-Party Data: If you access our services through third-party connections (e.g., Facebook Connect), we may receive data like your user ID and information you permit the third party to share with us.
Device Information: Unique identification numbers associated with your device (Device ID), mobile carrier, device type, and manufacturer, and, depending on your device settings, your geographical location data, including GPS coordinates.
Online Behavioral Data: Data collected through cookies, log files, device identifiers, and clear gifs, used for personalized content, advertising, service effectiveness, and diagnostics.
3. What Is the Purpose of Data Processing and Its Legal Basis
Purpose of Data Processing
Legal Basis
Legal Compliance & Fraud Prevention:
Adhering to legal requirements, including anti-money laundering laws, and preventing fraud.
For compliance with a legal obligation [GDPR Article 6-1(c)]
We may rely on legal obligation as a legal basis when transferring your personal data to third parties. For example to verify your identity by comparing the personal information you provide against third-party databases and public records and/or to fraud prevention services.
Enabling Access to Our Platform and Providing You with Our Services:
Performing operations related to contracts, subscriptions, invoices, and customer relationship management.
For the performance of a contract with you or to take steps at your request prior to entering into a contract [GDPR Article 6-1(b)]
Service Communication:
Updating you about service changes, security, and new features.
For the performance of a contract with you or to take steps at your request prior to entering into a contract under [GDPR Article 6-1(b)]
Service Improvement:
Enhancing user experience and developing new features.
For the performance of a contract with you [GDPR Article 6-1b] or based on our legitimate interests [GDPR Article 6-1(f)]
When we process your personal data for our legitimate interests we always ensure that we consider and balance any potential impact on you and your rights under data protection laws.
Accounting Compliance:
Maintaining records for legal and accounting purposes.
Accounting Compliance: Maintaining records for legal and accounting purposes.
Facilitating Corporate Transactions:
Managing mergers, acquisitions, and similar transactions.
Based on our legitimate interests [GDPR Article 6-1(f)]
Direct Marketing and Sales-Related Activities:
Sending promotional communications based on user preferences.
Based on our legitimate interests [GDPR Article 6-1(f)]
Consent-Based Activities:
Activities such as sharing data with third parties, based on user consent.
Your consent [GDPR Article 6-1-(a)]In those situations, we process personal data on the terms as provided in the consent that has been granted to us by you.
Technical Data Collection:
Using cookies for website functionality and analytics.
User consent and legitimate interests
Your personal information may be used to combine and anonymize data about you and your use of the service in order to create aggregate, anonymized statistics which we may use to provide certain features within the service and for promoting and improving the service in reliance on our legitimate interests. In cases where the customer and/or statistical data is anonymized, we make sure that no personal data is included (which means that no person can be identifiable), and therefore, personal data processing regulation and the GDPR shall not apply to such processing.
4. Who May Have Access to Your Personal Data
Our Data Sharing and Transfer Guidelines
We only share your personal data when we have a valid reason for it, and we take care to allow your personal information to be accessed only by those who require access to perform their tasks and duties, and to share only with third parties who have a legitimate purpose for accessing it.
We only use service providers (data processors) that provide sufficient guarantees to implement appropriate technical and organizational security measures to protect your personal data. We have concluded appropriate data processing agreements with the service providers and shall remain responsible for their actions with respect to the processing of your personal data. Should you require more detailed information regarding the data processors we use (e.g., their names and locations), please contact us via the contact details below.
We may transfer your personal data to third countries, i.e., countries outside the EU/EEA area, for the purposes explained in this Privacy Policy. For more details, please refer to the section titled 'Are Personal Data Likely to Be Transferred Outside the European Union?' When transferring personal data to third countries, we will ensure that the transfer is subject to appropriate safeguards under the GDPR and that your rights are protected.
We will never sell or rent your personal information to third parties without your explicit consent.
We Will Only Share Your Information in the Following Circumstances:
Identity and data verification service providers in order to prevent fraud and other types of crime, and to comply with applicable laws and regulations. In doing so, we are able to confirm your identity and data by comparing the information you provide us, or we collect, to public records and other third-party databases.
Financial institutions and payment service providers with which we partner to process payments you have authorized.
IT service providers and servers provide IT solutions and other related services necessary for our daily business function.
Service providers under contract who help with parts of our business operations for example, but not limited to, data analytics, customer support, transaction monitoring, marketing, cloud storage, and blockchain services.
Advertising partners. We may cooperate with third-party advertising platforms and social media channels to promote our services, both on our websites and third-party websites. To this effect, we may share limited personal information to achieve this purpose. For example, we and our third-party advertising partners may use cookies, pixels, web beacons, and similar technologies to gather information about your activities on the website and other websites to provide you with advertising based on your browser activities and interests. For further information, please see our Cookie Policy.
Professional advisors who provide banking, legal, compliance, insurance, accounting, or other consulting services in order to provide us advice or complete third-party financial, technical, compliance, and legal audits of our operations or otherwise comply with our legal obligations.
Changes to Forestio business. If Forestio engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of its assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), Forestio may share or disclose data in connection therewith, subject to standard confidentiality obligations.
Business transfers. With companies or other entities that we plan to demerge or merge with, or be acquired by. You will receive prior notice of any change in applicable policies.
Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include our parent company and/or any subsidiaries (if any), companies with an ownership interest in Forestio, joint venture partners, or other companies that we control or that are under common control with us.
Public institution(s). Any competent law enforcement body, regulatory body, government agency, court or other third party where we believe disclosure is necessary (a) as a matter of applicable law or regulation, (b) to exercise, establish, or defend our legal rights, or (c) to protect your vital interests or those of any other person.
Enforcement of agreements. Forestio may share data to ensure compliance with and to enforce contractual or legal obligations with respect to the Services and our business, including any applicable lease agreements.
Protection of rights. Forestio may share data to protect and defend our rights and property, including intellectual property rights, and to ensure compliance with applicable laws and enforce third-party rights, including intellectual property and privacy rights.
Safety and security. Forestio may share data to protect your safety and security; to protect the safety, security, and property of our users; and to protect the safety, security, and property of Forestio and our employees, agents, representatives, and contractors.
5. Are Personal Data Likely to Be Transferred Outside of the European Union?
Your personal data is hosted on Google Cloud servers within the European Union, ensuring compliance with strict data protection laws. When using specific tools and processors, data may be transferred outside the EU. We ensure all transfers are GDPR-compliant:
Transfers to Adequately Protected Countries: Data transferred to countries recognized by the EU for adequate protection are handled per GDPR Article 45.
Transfers to Countries Without Adequate Protection: For other countries, we implement safeguards like Standard Contractual Clauses or Binding Corporate Rules, as outlined in GDPR Article 46.
Other GDPR Safeguards: We may use additional measures under GDPR Chapter V for data transfer security.
6. How We Protect and Store Your Personal Data
We take appropriate and reasonable technical and organizational measures designed to protect personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the personal information. These measures include but are not limited to the implementation of appropriate computer security systems and safeguards such as firewalls and data encryption, enforcement of physical access controls to our buildings and files, and authorizing access to personal information only for those employees who require it to fulfill their job responsibilities. If you have any questions about the security of your personal information, you may contact us at the contact details below.
However, we cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur. Please recognize that you play a vital role in protecting your own personal information. When registering with our services, it is important to choose a password of sufficient length and complexity, to not reveal this password to any third-parties, and to immediately notify us if you become aware of any unauthorized access to or use of your account.
Furthermore, we cannot ensure or warrant the security or confidentiality of the information you transmit to us or receive from us by Internet or wireless connection, including email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your data is no longer secure, please contact us.
7. Your Data Protection Rights
To the extent required by applicable data protection regulations, you have all the rights of a data subject as regards your personal data. Such rights include the following:
Right to be Informed: As illustrated in this privacy policy, in compliance with articles 13 and 14 of the GDPR.
Right of Access: As per Article 15 of the GDPR, you have the right to access all your personal data at any time.
Right to Rectification: You can rectify inaccurate, incomplete, or obsolete personal data as defined by Article 16 of the GDPR.
Right to Restriction of Processing: In certain cases defined in Article 18 of the GDPR, you can restrict the processing of your personal data.
Right to Erasure (“Right to be Forgotten”): As per article 17 of the GDPR, you can request the deletion of your personal data and prohibit any future collection.
Right to File a Complaint: Under GDPR article 77, you can file a complaint to a competent supervisory authority if you believe your data is mishandled.
Right to Define Post-Mortem Instructions: You can outline instructions regarding your personal data after your death.
Right to Withdraw Consent: Article 7 of the GDPR allows you to withdraw consent at any time, without affecting the lawfulness of processing before the withdrawal.
Right to Data Portability: Under Article 20 of the GDPR, you have the right to receive your personal data in a standard format and transfer it to another entity.
Right to Object: As per Article 21 of the GDPR, you can object to the processing of your personal data. Please note that we may continue to process your personal data despite this opposition for legitimate reasons or for the defense of legal claims.
Please note that the above rights may be subject to exceptions and limitations. We cannot, for example, provide personal data if it would violate our duty of confidentiality or if we have a legal obligation to retain such data. Also, certain information is necessary for us to provide the services to you, and if we cannot use your information, we may not be able to continue providing our services.
How to Exercise Your Rights
To exercise any of your privacy rights, including the correction or deletion of your personal data, please contact us via email at info@forest.io.
Upon receiving your request, we will provide instructions and assistance for verifying your identity and processing your request in accordance with applicable data protection laws.
8. How Long Is Your Data Stored
We store your personal information securely throughout the life of your account. We will only retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting obligations or resolving disputes.
Personal data obtained for the purposes of the fulfillment of obligations related to anti-money laundering and terrorist financing prevention, or data necessary for accounting purposes, shall be retained as required under applicable legislation and industry standards. Generally, respectively at least for 5 or 7 years since the date of the end of our business relationship, but not longer than 10 years.
Personal data obtained for the purposes of the fulfillment of obligations related to anti-money laundering and terrorist financing prevention, or data necessary for accounting purposes, shall be retained as required under applicable legislation and industry standards. Generally, respectively at least for 5 or 7 years since the date of the end of our business relationship, but not longer than 10 years.
Personal data obtained for the purposes of the fulfillment of obligations related to anti-money laundering and terrorist financing prevention, or data necessary for accounting purposes, shall be retained as required under applicable legislation and industry standards. Generally, respectively at least for 5 or 7 years since the date of the end of our business relationship, but not longer than 10 years.
9. How We Protect Your Personal Data
We maintain physical, technical, and administrative procedures to protect the data we collect and to secure it from improper or unauthorized use. We work hard to protect data in our custody and control from loss, misuse, and unauthorized access, use, disclosure, modification, or destruction, and to use industry-standard security measures in order to ensure an appropriate level of security in light of reasonably available methods in relation to the risks and nature of the information we collect.
Please remember:
You provide information to us, including your Personal Information, at your own risk.
No data transmission over the Internet is guaranteed to be 100% secure, and we cannot guarantee that unauthorized access, hacking, data losses, or other breaches will never occur.
You are responsible for protecting your account information related to the Services, including any applicable credentials, log-ins, passwords, etc., and for ensuring that they are not used by others to access the Services.
10. We Do Not Collect Sensitive Personal Information and Children’s Data
Forestio does not intentionally collect, process, or store, and we request that you do not post, upload, store, display, transmit, or submit Sensitive Personal Information on or through the Services, except to the extent directly requested in connection with the relevant aspect of the Services. “Sensitive Personal Information” includes, but is not limited to, government-issued identification numbers; consumer reports; background checks; any code or password that could be used to gain access to personal accounts (other than your password to your Forestio account); genetic data or biometric data; any Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; or data concerning health or sex life or sexual orientation, or similar information. Forestio is not responsible and will not be liable for any loss or damages you or another individual may experience due to your disclosure of Sensitive Personal Information while using the Services.
The Services are not directed to or intended for children, and Forestio does not intentionally collect, process, or store through the Services any Personal Information from any person under 13 years of age. In the event we discover we have inadvertently collected, processed, or stored any Personal Information from a person under 13 years of age without verifiable parental consent, we will promptly take the appropriate steps to delete such data or seek the necessary verifiable parental consent for that collection in compliance with the Children’s Online Privacy Protection Act (“COPPA”). We request that users not provide us with any Personal Information of any person under 13 years of age.