1. Introduction and Scope

Tayo.eco (“the Organization,” “We,” “Us,” or “Our”) is committed to the highest standards of data protection and privacy. This Privacy Policy outlines our protocols for the collection, processing, and safeguarding of Personal Data (as defined below) in accordance with global data protection regulations, including but not limited to the EU/UK GDPR and the CCPA/CPRA.

This Policy applies to all digital properties, consulting services, and advocacy platforms managed by Tayo.eco globally.

2. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person (“Data Subject”).
• Processing: Any operation performed on personal data, such as collection, recording, organization, or storage.
• Controller: The entity which determines the purposes and means of processing personal data. For the purposes of this policy, Tayo.eco acts as the Data Controller.

3. Legal Basis for Processing

We process Personal Data under the following legal frameworks:

1. Contractual Necessity: Where processing is required to fulfill our service obligations to clients.
2. Consent: Where the Data Subject has given clear, affirmative consent for a specific purpose (e.g., newsletter subscriptions).
3. Legal Obligation: Where processing is necessary for compliance with statutory or regulatory requirements.
4. Legitimate Interests: For the improvement of our services and security, provided such interests do not override the fundamental rights of the Data Subject.

4. Categories of Data Collected

4.1 Data Provided Directly by the User

• Identity Data: Name, title, and professional affiliation.
• Contact Data: Email address, telephone number, and physical mailing address.
• Engagement Data: Records of participation in workshops, campaigns, or consulting sessions.

4.2 Data Collected Automatically

• Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, and operating system.
• Usage Data: Information regarding how the User interacts with our digital resources and sustainability toolkits.

5. International Data Transfers
Tayo.eco operates as a global entity. Consequently, Personal Data may be transferred to and processed in jurisdictions outside the European Economic Area (EEA) or the UK. In such instances, we ensure a comparable level of protection through:

• Adequacy Decisions: Transferring data to countries recognized by the European Commission as providing adequate protection.
• Standard Contractual Clauses (SCCs): Utilizing pre-approved legal contracts for data transfer to third-party jurisdictions.

6. Data Retention and Security
We retain Personal Data only for the duration necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements.

We have implemented robust technical and organizational measures (including encryption and multi-factor authentication) to prevent unauthorized access, alteration, or disclosure of Personal Data.

7. Rights of the Data Subject
Under applicable law, Data Subjects possess the following rights:

• Right of Access: To request a copy of the data we hold.
• Right to Rectification: To request the correction of inaccurate data.
• Right to Erasure: To request the deletion of data where there is no compelling reason for its continued processing.
• Right to Object: To object to processing based on legitimate interests or direct marketing.
• Right to Portability: To request the transfer of data to another service provider.

Contact Information
For inquiries regarding this Policy or to exercise your statutory rights, please contact our Data Protection Office:

Email: jane.boles@tayo.eco

Address: 946 Brunette Avenue, Second Floor. Coquitlam, Vancouver, British Columbia. V3K 1C9, Canada