Privacy Policy

Last updated: March 2026

Green Crescent Environmental Engineering Consultancy ("GCEEC", "we", "our", or "us") is committed to protecting the privacy and security of your personal data. This Privacy Policy describes how we collect, use, store, and share information when you use the GCEEC GHG Platform (the "Platform"), visit our website at ghg.gceec.com (the "Site"), or interact with us in any other way.

By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please do not use our services.

1. Information We Collect

1.1 Account Data

When you register for an account or request a demo, we collect personal information necessary to provide and manage your access to the Platform. This includes:

  • Full name and job title
  • Business email address and phone number
  • Company name, address, and industry sector
  • Billing and payment information (processed securely via third-party payment providers)
  • User credentials (passwords are stored using industry-standard one-way hashing)
  • Role and permission settings within the Platform

1.2 Usage Data

We automatically collect information about how you interact with the Platform and Site, including:

  • Pages and features accessed, timestamps, and session duration
  • Browser type, operating system, device type, and screen resolution
  • IP address and approximate geographic location
  • Referral URLs and search terms used to reach our Site
  • Actions performed within the Platform (e.g., reports generated, data uploaded)
  • Error logs and performance metrics

1.3 Emission Data

The Platform processes greenhouse gas emission data and related environmental information that you input or connect via integrations. This may include:

  • Energy consumption records (electricity, gas, fuel)
  • Fleet and transportation activity data
  • Waste disposal and water consumption records
  • Supply chain and procurement data for Scope 3 calculations
  • Facility-specific operational data
  • Custom emission factors and calculation parameters
  • Generated reports and disclosure documents

Emission data belongs to you. We process it solely to provide the Platform's services and do not use it for purposes unrelated to your account without your explicit consent.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery: To provide, maintain, and improve the Platform, including emission calculations, report generation, and analytics dashboards.
  • Account management: To create and manage your account, process payments, and provide customer support.
  • Communication: To send you service-related notices, updates, security alerts, and administrative messages. With your consent, we may also send marketing communications about new features, industry insights, and regulatory updates.
  • Security and fraud prevention: To detect, prevent, and respond to security incidents, fraudulent activity, and violations of our Terms of Service.
  • Analytics and improvement: To analyse usage patterns and trends in order to improve the Platform's performance, user experience, and feature set.
  • Legal compliance: To comply with applicable laws, regulations, and legal processes, including the UAE Personal Data Protection Law (PDPL).
  • Aggregated insights: To produce anonymised, aggregated benchmarks and industry reports. Individual company data is never identifiable in such publications.

3. Data Storage & Security

3.1 Data Residency

By default, all data for UAE-based clients is stored in data centres located within the United Arab Emirates. We offer data residency options across multiple regions, including Europe and Asia-Pacific, for clients with specific regulatory requirements. Enterprise clients may opt for on-premise or private cloud deployments for complete data sovereignty.

3.2 Encryption

  • At rest: All data is encrypted using AES-256 encryption within our data centres.
  • In transit: All communications between your browser and the Platform are secured using TLS 1.3 encryption.
  • Backups: All backups are encrypted and stored in geographically separated locations with controlled access.

3.3 Security Measures

We implement comprehensive security measures to protect your data, including:

  • ISO 27001 certified Information Security Management System (ISMS)
  • SOC 2 Type II compliance with independent audit reports
  • Multi-factor authentication (MFA) and SSO/SAML integration
  • Role-based access control (RBAC) with granular permissions
  • Annual independent penetration testing and continuous vulnerability scanning
  • Immutable audit trails for all data access and modifications
  • Intrusion detection and prevention systems
  • Regular security awareness training for all staff

3.4 Data Retention

We retain your personal and emission data for as long as your account is active or as needed to provide you with the Platform's services. Upon account termination, we will securely delete or anonymise your data within 90 days, unless retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing our agreements). You may request earlier deletion at any time.

4. Third-Party Services

We engage a limited number of trusted third-party service providers to help deliver and improve the Platform. These include:

  • Cloud infrastructure providers: For hosting, storage, and computing resources (UAE-based data centres).
  • Payment processors: For securely processing subscription payments. We do not store your full payment card details on our servers.
  • Analytics providers: For understanding Site usage patterns and improving the user experience.
  • Email service providers: For delivering transactional and, where consented, marketing communications.
  • Customer support tools: For managing support tickets and providing assistance.

All third-party providers are contractually bound to protect your data and may only process it on our instructions. We conduct due diligence to ensure each provider meets our security and privacy standards. We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

5. Cookies & Tracking

We use cookies and similar tracking technologies to enhance your experience on the Site and Platform.

5.1 Types of Cookies We Use

  • Strictly necessary cookies: Required for the Platform to function, including authentication, session management, and security. These cannot be disabled.
  • Functional cookies: Remember your preferences, such as language, region, and display settings.
  • Analytics cookies: Help us understand how visitors interact with the Site and Platform so we can improve performance and usability.
  • Marketing cookies: Used with your consent to deliver relevant advertisements and measure campaign effectiveness.

5.2 Managing Cookies

You can manage your cookie preferences through your browser settings or our cookie consent banner. Disabling certain cookies may affect the functionality of the Platform. For more information, please refer to your browser's help documentation.

6. Your Rights

You have the following rights with respect to your personal data, subject to applicable law:

  • Right of access: You may request a copy of the personal data we hold about you, including the purposes of processing and the categories of data concerned.
  • Right to rectification: You may request that we correct any inaccurate or incomplete personal data. You can also update most information directly through your Platform account settings.
  • Right to deletion: You may request that we delete your personal data where it is no longer necessary for the purposes for which it was collected, subject to legal retention obligations.
  • Right to data portability: You may request to receive your personal data and emission data in a structured, commonly used, machine-readable format (such as JSON or CSV), and to have it transmitted to another controller where technically feasible.
  • Right to restrict processing: You may request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
  • Right to object: You may object to the processing of your personal data for direct marketing purposes at any time. You may also object to processing based on our legitimate interests, and we will cease processing unless we have compelling grounds.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing performed prior to withdrawal.

To exercise any of these rights, please contact us at privacy@gceec.com. We will respond to all legitimate requests within 30 days.

7. UAE Data Protection Compliance

GCEEC is committed to full compliance with the United Arab Emirates Personal Data Protection Law (Federal Decree-Law No. 45 of 2021, "UAE PDPL") and its implementing regulations. Our data protection practices are designed to meet the requirements of the UAE PDPL, including:

  • Lawful basis for processing: We process personal data only where we have a lawful basis, including the performance of a contract, compliance with legal obligations, legitimate interests, and consent.
  • Data minimisation: We collect only the personal data that is necessary for the specified purposes and do not retain it longer than required.
  • Cross-border transfers: Where personal data is transferred outside the UAE, we ensure adequate safeguards are in place as required by the UAE PDPL, including standard contractual clauses and adequacy assessments.
  • Data Protection Officer: We have appointed a Data Protection Officer (DPO) responsible for overseeing our data protection strategy and ensuring compliance. The DPO can be reached at dpo@gceec.com.
  • Breach notification: In the event of a personal data breach that poses a risk to data subjects, we will notify the UAE Data Office and affected individuals within the timeframes required by the UAE PDPL.
  • Data Protection Impact Assessments: We conduct DPIAs for processing activities that are likely to result in high risks to the rights and freedoms of data subjects.

We also comply with the General Data Protection Regulation (GDPR) for European data subjects, the Abu Dhabi Global Market Data Protection Regulations 2021, and the Dubai International Financial Centre Data Protection Law.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Platform, or applicable laws. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify you via email or a prominent notice within the Platform
  • Where required by law, seek your renewed consent before applying changes

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data. Continued use of the Platform after changes are posted constitutes your acceptance of the revised policy.

9. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:

Terms of Service

For the full Terms of Service governing your use of the GCEEC GHG Platform, please contact us at legal@gceec.com or visit your account settings within the Platform. A summary of key terms is provided during the registration process.