Home

Registry

Project Developer

VVBs

Methodology Devs

ADB

Buyers

Sellers/PO

Contact Us

Get Started

Log in

Left Icon Badge

Policies

SCR GDPR
Privacy Policy

Scope:


This GDPR Privacy Policy applies to people in the European Economic Area (EEA) and the United Kingdom only. A separate global Privacy Policy applies to people outside the EEA/UK.

Except as stated above, this GDPR Privacy Policy applies to all personal data processed by Sustainable Carbon Registry, Inc. ("SCR"), including without limitation via the SCR website located at https://scregistry.io and related portals (e.g., https://scregistry.cloud), as well as SCR’s registry services and stakeholder engagement activities.

SCR recognizes the importance of people’s privacy and that individuals have a right to control how their personal data is collected and used. Providing personal data is an act of trust and we take that seriously.


Collection of information


SCR primarily collects the following personal information:

  • Account information required to open and maintain an account on the SCR Registry (e.g., name, telephone number, email, and position/title of authorized representatives, account managers, and billing contacts identified by an account holder).


  • Contact details for communications with stakeholders, validation/verification bodies (VVBs), methodology developers, strategic partners and other parties relevant to SCR’s activities (e.g., name, telephone number, email, position/title of representatives who will communicate with SCR).


  • If the account holder or counterparty is an individual, additional details about that person may be collected such as bank account and physical address and, if applicable, details needed to conduct verification checks (e.g., date of birth or government‑issued identifiers, where lawful).

  • Registry activity information (e.g., transaction details) which could identify a person.


  • Personal data contained in communications with SCR including via the website, during face‑to‑face meetings, email correspondence or telephone conversations. This may include personal data contained in reports, surveys, questionnaires and forms provided to SCR in order to participate in the SCR Registry or apply to do things such as use SCR logos.


  • Information collected automatically from a website visit such as IP address, device identifiers, browser/user‑agent data, and basic analytics.

In some cases SCR may collect personal data from someone other than the individual concerned (e.g., from the person opening an account holder’s account). If you provide to SCR personal data about another person, you represent that you have addressed all relevant consents, notifications and other requirements to enable SCR to process the personal data for SCR’s purpose of collection.


SCR collects personal data for one or more of the following reasons:
(1) the collection is necessary for us to provide our services;
(2) it is in our legitimate interests to collect this data for the purposes of providing and improving the services;
(3) the collection is necessary for us to comply with our legal obligations or applicable law; or
(4) we have consent, where applicable or required under law.


If SCR is not provided with requested personal data, SCR may be unable to register an account holder, provide the requested registry services and resources, or respond fully to a request.


Using your personal information

SCR uses personal information for the following purposes:

  • Operate the SCR Registry and provide SCR program services, resources and related initiatives and activities.

  • Issue, conduct, compile, manage and analyze reports, questionnaires and surveys and produce reports and/or ratings based on responses.

  • Respond to stakeholder queries or requests for information.

  • Administer and maintain the website(s) and registry portal(s).

  • Improve SCR services and resources, including service quality, security and user experience.

  • For other purposes with your consent or where permitted or required by law.


SCR uses personal data for one or more of the following reasons:
(1) the use is necessary for us to provide our services;
(2) it is in our legitimate interests to use this data for the purposes of providing and improving our services;
(3) the use is necessary for us to comply with our legal obligations or applicable law; or
(4) we have consent, where applicable or required under law.


Disclosing personal information

SCR discloses personal information as follows:

  • Regulatory or programmatic disclosures. Where applicable program rules require (e.g., government schemes or aviation programs such as CORSIA), SCR may disclose personal data to government agencies and competent authorities, in accordance with applicable rules.

  • Service delivery. To deliver services and provide access to resources (including via the website/portal) and to improve those services and access, we may disclose personal data to third parties such as affiliates, partners, service providers, independent contractors, consultants, off‑site security storage or IT providers, website/portal hosts, and other partners of SCR.

  • De‑identified or aggregated information. We may share and disclose de‑identified and aggregated information for the purposes of research and promotional activities (e.g., aggregated data from website visitor reports, event registrations, completed reports, questionnaires and surveys), including via the website or other media.

  • Corporate transactions. SCR may disclose personal data in connection with a sale or transaction involving all or a portion of the business to representatives of a prospective purchaser, and where required by applicable law.

  • Other lawful disclosures. SCR may also disclose personal data with your consent or where permitted or required by law.


SCR discloses personal data for one or more of the following reasons:
(1) the disclosure is necessary for us to provide our services;
(2) it is in our legitimate interests to disclose this data for the purposes of providing our services;
(3) the disclosure is necessary for us to comply with our legal obligations or applicable law; or
(4) we have consent, where applicable or required under law.


Our use of cookies

Cookies are pieces of information that a website transfers to your device. Most web browsers are set to accept cookies. SCR uses cookies to make your use of the website, resources and services more convenient (for example, to estimate overall number of users and determine traffic patterns through the website). If you do not wish to receive cookies, you may set your browser to refuse cookies, but this may affect your ability to take full advantage of the services and resources on the website.


Storage and security of personal data

SCR endeavors to take reasonable steps to keep secure any personal data, and to keep this information accurate and up to date. Information may be stored on secure servers that are protected in controlled facilities. We require our personnel and data processors to respect the confidentiality of any personal data held by SCR.

SCR may use facilities outside your country of residence to process or back up information. As a result, we may transfer personal data to facilities in other jurisdictions for storage and processing. Where we do so, we will take steps designed to ensure an adequate level of protection consistent with applicable law (for example, appropriate contractual safeguards).


Retaining personal data

SCR will retain personal data for as long as necessary to provide our services and as required to comply with legal obligations. We may retain personal data after the termination of a contractual relationship if necessary to comply with applicable laws or to establish, exercise or defend legal claims, on a need‑to‑know basis only. When we no longer require personal data, we will ensure it is deleted or anonymized.


Your rights (EEA/UK)

As provided by applicable data protection law, the following rights may apply for personal data collected, used and disclosed by SCR:

  • Access: the right to be told about how personal data is processed and to access such personal data.

  • Correction: where personal data is incorrect, the right to request rectification. Please keep your details up to date and use any facilities we provide to update them.

  • Portability: in some cases, the right to request that personal data is provided in a structured, machine‑readable format, and to require us to transfer the personal data to another controller.

  • Erasure ("right to be forgotten"): in some cases, the right to require us to erase personal data.

  • Restriction: in some cases, the right to require us to restrict processing of personal data.

  • Object: in some cases, the right to object to processing.

  • Withdraw consent: where we rely on consent, the right to withdraw consent at any time (which may impact our ability to provide certain services or communications).

To exercise these rights, please contact us using the details in the Contact Us section below. Please include sufficient details so we can understand the nature of your request. We may need to request personal data in order to verify identity. In some cases, we may respond that a request will not be actioned where permitted or required under law.


Links to other websites

The SCR website may provide access to third‑party websites where content is not controlled by SCR. These linked websites are not under SCR’s control, and we are not responsible for the content or the conduct of the organizations accessed via links to such third‑party websites. Before disclosing your personal data on any website, please examine the terms and conditions and privacy policy of that website.


Future changes

SCR may amend this GDPR Privacy Policy from time to time. Any such amendments will be posted on the website and will take effect at least fourteen (14) days after such posting. Please keep checking this GDPR Privacy Policy to ensure you are aware of the current version.


Concerns and complaints

If you have a concern or complaint about our processing of your personal data, including about our compliance with applicable data protection laws, please contact us using the details in the Contact Us section below. We will consider and respond to issues raised. Please include sufficient details so we can understand the nature of your concern. We may need to request personal data in order to verify your identity. You also have the right to lodge a complaint with the competent data protection supervisory authority.


Contact Us

We can be contacted in connection with privacy matters as follows:

Date of SCR GDPR Privacy Policy: 10th October 2025