{"hide_search_input":"0","hide_near_input":"0","show":"main","filters_pos":"","input_size":"","bar_flex_wrap":"","bar_flex_wrap_md":"","bar_flex_wrap_lg":"","input_border":"","input_border_opacity":"","input_rounded_size":"","btn_bg":"","btn_rounded_size":"","btn_rounded_size_md":"","btn_rounded_size_lg":"","bg":"","mt":"","mr":"","mb":"0","ml":"","pt":"","pr":"","pb":"","pl":"","border":"","rounded":"","rounded_size":"","rounded_size_md":"","rounded_size_lg":"","shadow":"","css_class":""}
{"hide_search_input":"0","hide_near_input":"0","show":"main","filters_pos":"","input_size":"","bar_flex_wrap":"","bar_flex_wrap_md":"","bar_flex_wrap_lg":"","input_border":"","input_border_opacity":"","input_rounded_size":"","btn_bg":"","btn_rounded_size":"","btn_rounded_size_md":"","btn_rounded_size_lg":"","bg":"","mt":"","mr":"","mb":"0","ml":"","pt":"","pr":"","pb":"","pl":"","border":"","rounded":"","rounded_size":"","rounded_size_md":"","rounded_size_lg":"","shadow":"","css_class":""}

Privacy Policy

Last updated: 15/012026

This Privacy Policy explains how SDGZero collects, uses, stores, and protects personal data across the SDGZero Directory and the SDGZero Vault (the members-only platform).

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.

1. Who We Are

SDGZero is a business directory and digital platform designed to support small and medium-sized enterprises (SMEs) by improving visibility, credibility, and alignment with sustainability-led practices.

The platform consists of:

  • The Directory โ€“ a public-facing business listing and discovery platform

  • The Vault โ€“ a private members area providing resources, education, community features, and tools

Data Controller:
SDGZero
Email: support@sdgzero.net

2. Information We Collect

We may collect and process the following types of personal data.

a. Information You Provide Directly

  • Name

  • Email address

  • Business name and role

  • Username and password (encrypted)

  • Business listing information (address, phone number, website, social links)

  • Sustainability or SDG-related information submitted voluntarily

  • Payment and billing details (processed securely by third-party providers)

  • Messages, enquiries, and support requests

b. Information Collected Automatically

  • IP address

  • Browser type and device information

  • Pages visited and interaction data

  • Login activity and access logs

  • Cookies and similar tracking technologies

c. Community and Vault Activity

  • Profile information

  • Forum posts, comments, and group participation

  • Uploaded files or resources

  • Course progress and engagement data

3. How We Use Your Information

We use personal data to:

  • Create and manage user accounts

  • Publish and manage business listings

  • Provide access to Vault content and resources

  • Facilitate community discussions and interactions

  • Process subscriptions and payments

  • Improve platform performance and user experience

  • Communicate updates, service messages, and support responses

  • Maintain security, prevent fraud, and enforce platform rules

  • Support sustainability reporting and badge allocation where applicable

We do not sell personal data.

4. Legal Basis for Processing

We process personal data under one or more of the following legal bases:

  • Contractual necessity โ€“ to provide our services

  • Legitimate interests โ€“ platform improvement, security, and business operations

  • Consent โ€“ marketing communications and optional data

  • Legal obligation โ€“ compliance with applicable laws

5. Cookies and Tracking

SDGZero uses cookies and similar technologies to:

  • Enable core site functionality

  • Remember user preferences

  • Analyse site usage and performance

  • Improve security

You can control cookies through your browser settings. Disabling cookies may limit some functionality.

6. Data Sharing and Third Parties

We may share data with trusted third-party service providers, including:

  • Hosting and infrastructure providers

  • Payment processors

  • Email and communication services

  • Analytics and security tools

  • Automation and integration platforms

All third parties are required to process data securely and in compliance with UK GDPR.

7. Data Storage and Security

We take appropriate technical and organisational measures to protect personal data, including:

  • Secure hosting environments

  • Encrypted connections (SSL)

  • Access controls and authentication

  • Regular platform updates and monitoring

While no system is completely secure, we work to minimise risks and respond promptly to any issues.

8. Data Retention

We retain personal data only for as long as necessary:

  • Active accounts โ€“ for the duration of use

  • Inactive accounts โ€“ reviewed periodically

  • Legal and financial records โ€“ as required by law

  • Community content โ€“ unless deleted by the user or required for moderation

You may request deletion of your account and associated data at any time, subject to legal obligations.

9. Your Rights Under UK GDPR

You have the right to:

  • Access your personal data

  • Correct inaccurate or incomplete data

  • Request erasure of your data

  • Restrict or object to processing

  • Data portability

  • Withdraw consent at any time

  • Lodge a complaint with the Information Commissionerโ€™s Office (ICO)

To exercise your rights, contact: support@sdgzero.net

10. Community Content and Public Information

Please note:

  • Business listings and certain profile information may be publicly visible

  • Content posted in forums or groups may be visible to other members

  • You are responsible for information you choose to share publicly

We reserve the right to moderate or remove content that breaches platform rules or legal requirements.

11. International Data Transfers

Where data is processed outside the UK, we ensure appropriate safeguards are in place, including:

  • Adequacy decisions

  • Standard contractual clauses

  • GDPR-compliant service providers

12. Childrenโ€™s Data

SDGZero is not intended for use by individuals under the age of 18. We do not knowingly collect data from children.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.
Any changes will be posted on this page with an updated revision date.

Continued use of the platform constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or how your data is handled, contact:

SDGZero
Email: support@sdgzero.net