Privacy Policy

Introduction

CobaltTrail Ltd ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your information when you visit our website cobalttrail.world or use our green construction certification services.

We are the data controller for the personal data we process. Our registered office is located at Evagoras Avenue 74, Paphos, 8050, Cyprus. Registration Number: HE256341.

Data We Collect

The data we collect depends on how you interact with our website and services. We may collect the following types of personal information:

• Contact Information: Name, email address, phone number, company name, and postal address
• Website Usage Data: IP address, browser type, device information, pages visited, time spent on site, and referral sources
• Communication Data: Messages, enquiries, and correspondence you send to us
• Project Information: Details about your construction projects, certification goals, and technical requirements
• Cookie Data: Information collected through cookies and similar tracking technologies

How We Use Your Information

We use of your data is based on legitimate business interests, contractual necessity, or your consent. Specifically, we use your personal information to:

• Provide green building certification consultation and services
• Respond to your enquiries and communicate about our services
• Process and fulfil service requests and contracts
• Improve our website functionality and user experience
• Send relevant information about our services (with your consent)
• Comply with legal obligations and protect our legitimate interests
• Analyse website usage and performance through analytics tools

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, please refer to our Cookie Policy.

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Consent: When you provide explicit consent for marketing communications or cookie usage
• Contract: To perform our contractual obligations when providing services
• Legitimate Interest: For business operations, website improvement, and fraud prevention
• Legal Obligation: To comply with applicable laws and regulations

Data Sharing and Third Parties

We do not sell, trade, or rent your personal information to third parties. We may share your data with:

• Service Providers: Trusted third parties who assist in operating our website and services
• Google Services: Google Analytics and Google Ads for website analytics and marketing
• Legal Authorities: When required by law or to protect our legal rights
• Business Partners: Certification bodies and professional organisations as necessary for service delivery

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Our data retention periods are:

• Contact Enquiries: 3 years from last contact
• Client Data: 7 years after project completion for legal and professional requirements
• Website Analytics: 26 months (Google Analytics default)
• Marketing Data: Until consent is withdrawn or 3 years of inactivity

Your Rights

Under GDPR and applicable privacy laws, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Request transfer of your data to another service
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing at any time

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• SSL encryption for data transmission
• Secure hosting and data storage
• Regular security updates and monitoring
• Access controls and staff training
• Regular security assessments

International Data Transfers

As we use Google Analytics and Google Ads, some of your data may be transferred to countries outside the European Economic Area (EEA). These transfers are protected by appropriate safeguards, including Google's compliance with the EU-US Data Privacy Framework and standard contractual clauses.

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal data, please contact us, and we will take steps to remove such information.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding your personal data, please reach out to us: