GreenKPO

Legal

Data Processing Agreement

This Data Processing Agreement forms part of the Terms of Service between the Customer and KPO Data Limited (GreenKPO).

Effective Date: June 2026

1. Roles of the Parties

  • Customer acts as the Data Controller.
  • GreenKPO acts as the Data Processor.
  • GreenKPO processes personal data only on documented instructions from the Customer unless required by law.

2. Scope of Processing

GreenKPO processes personal data solely to provide its carbon accounting platform, including:

  • Collection and organisation of operational data.
  • Calculation of carbon emissions.
  • Generation of reports and insights.
  • Platform functionality and support.

3. Types of Personal Data

  • Employee names.
  • Employee email addresses.
  • Work-related activity data including commuting, travel and usage patterns.

4. Categories of Data Subjects

  • Employees of the Customer.
  • Authorised users of the platform.

5. Customer Responsibilities

  • Maintain a lawful basis for processing personal data.
  • Provide privacy notices to employees and users.
  • Ensure submitted data is accurate.
  • Ensure all instructions provided to GreenKPO comply with applicable laws.

6. GreenKPO Obligations

  • Process personal data only according to Customer instructions.
  • Ensure personnel handling data are bound by confidentiality.
  • Implement appropriate technical and organisational safeguards.
  • Assist Customers with data protection compliance requirements.

7. Security Measures

  • Encryption.
  • Access controls.
  • Secure hosting infrastructure.

These measures help protect personal data from unauthorised access, loss, misuse, or disclosure.

8. Sub-processors

GreenKPO may engage trusted third-party service providers, including:

  • AWS (Hosting Services)
  • MongoDB (Database Services)
  • Stripe (Payment Processing)
  • Google Analytics (Analytics)
  • SendGrid (Communications)

GreenKPO ensures all sub-processors are subject to appropriate data protection obligations.

9. International Transfers

  • Personal data is stored within the European Union.
  • Data is not transferred outside the EU unless appropriate safeguards are implemented.

10. Data Subject Rights

GreenKPO will reasonably assist Customers in responding to:

  • Access Requests
  • Deletion Requests
  • Other applicable GDPR rights

11. Data Breaches

In the event of a personal data breach, GreenKPO will:

  • Notify the Customer without undue delay.
  • Provide reasonable information to support compliance obligations.

12. Data Retention and Deletion

Personal data is retained in accordance with the GreenKPO Privacy Policy.

  • Delete personal data upon request.
  • Return personal data where requested.
  • Retain data where legally required.

13. Audit Rights

Customers may request reasonable information demonstrating compliance.

  • Audits must be reasonable and proportionate.
  • Must not disrupt platform operations.
  • Subject to confidentiality obligations.

14. Liability

Liability under this DPA is subject to the limitations contained within the GreenKPO Terms of Service.

15. Governing Law

This Data Processing Agreement is governed by the laws of Ireland.

Get your first compliant carbon view in days, not months

Book a walkthroughSee how it works
Check Your Carbon Readiness