The CRREM Foundation is committed to protecting and respecting your privacy. We also think it is important to inform you about this in a clear and transparent manner. In this privacy policy we provide information about what we do with your personal data.
Version April 2025
We respect your privacy and therefore ensure that we always treat your personal data confidentially. And in doing so, comply with the privacy legislation.
We are Stichting Carbon Risk Real Estate Monitor, a foundation (‘Stichting’ in Dutch) organised under the laws of the Netherlands, whose corporate seat is at Amsterdam, with its principal place of business at Strawinskylaan 3051 (Atrium building, 4th floor), 1077 ZX, Amsterdam, hereinafter referred to as “Foundation“.
If your employer is a customer of our services, we may receive and process your personal data as part of the services we provide to them. In this context, your employer acts as the data controller and determines the purposes and means of the processing, while we act as a data processor on their behalf. We could also collect your personal data when you fill out forms on our website, create an account, contact us, subscribe to our services, or otherwise communicate with us.
In the context of providing our services, we may collect and process the following type of personal data:
– Full name;
– E-mail address;
– Phone number;
– communication history, usage data (pages visited etc)
We collect and process your personal data for the following purposes:
– to provide our services;
– to respond to requests or feedback;
[- to send newsletters, offers;
– to analyze usage and performance of our website]
We process your personal data based on various legal grounds, depending on the purpose of the processing. [In some cases, we do so with your consent, for example, when you subscribe to our newsletter; you may withdraw your consent at any time.] We also process data when it is necessary for the performance of a contract, such as providing a or taking steps at your request prior to entering into an agreement. In certain situations, we are legally required to process your data in order to comply with legal obligations, such as tax or regulatory requirements.
Furthermore, we may process your data based on our legitimate interests, such as improving our services, securing our systems, or preventing fraud, provided that your rights and freedoms are not unduly affected.
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, accounting, or reporting requirements. The exact retention period depends on the type of data and the purpose for which it is processed. For example, data related to contractual obligations may be retained for the duration of the contract and for a period thereafter as required by applicable law. Where processing is based on your consent, we will retain your data until you withdraw your consent, unless there is another legal basis to continue processing. Once the data is no longer needed, it will be securely deleted or anonymized.
We may retain your personal data with third party service providers who assist us in our mission. We ensure that such third parties are contractually obligated to safeguard your personal data and process it only in accordance with our instructions and applicable data protection laws.
We may share your personal data with trusted third parties who support the operations and mission of our Foundation. This may include service providers such as IT and cloud storage providers, auditors, legal and financial advisors, and regulatory authorities when required by law. In some cases, we may also share limited data with partner organizations or funders, but only when necessary and with appropriate safeguards in place. All recipients are contractually bound to use your data solely for the agreed purposes and to maintain its confidentiality. We never sell your personal data or share it for commercial marketing purposes.
Access to your personal data is restricted to authorized personnel within the Foundation. This includes staff or IT personnel, all whom are bound by confidentiality obligations.
We are committed to keeping your personal data safe. We use appropriate safeguards—both technical and organizational—to protect your information from unauthorized access, loss, or misuse. Only authorized individuals have access to your data, and we ensure that anyone handling it understands their responsibility to protect your privacy.
Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:
To exercise any of these rights, or if you have questions about how we handle your personal data, please contact us at: info@crrem.org.
