Privacy Policy

This Privacy Policy describes how the Environmental Project Management Office (“Environmental PMO”, “we”, “our”, or “us”) collects, uses, stores, and protects personal and project-related data obtained through our platforms, services, and communications. By interacting with us—whether by using our website, project tools, or entering into a formal agreement—you consent to the practices outlined in this policy.

Data We Collect

In the course of providing our services, we collect both personal and non-personal information. This may include names, professional contact information, organizational affiliations, job titles, user credentials for platform access, project-related documentation, and correspondence records. We may also collect technical data such as IP addresses, device identifiers, and usage logs when clients or stakeholders access our platforms (e.g., OpenProject, Tresorit, or our client portals).

Purpose of Data Collection

We collect data exclusively for purposes directly related to the services we provide. These purposes include project coordination, stakeholder engagement, communication, data room access, document sharing, technical support, compliance reporting, and performance monitoring. We do not collect more information than is necessary to achieve these goals, and we do not use the data for unrelated or unauthorized activities.

Lawful Basis for Processing

We process personal data under legal bases permitted by applicable data protection laws, such as your explicit consent, the performance of a contract, compliance with legal obligations, or our legitimate interests in providing secure and professional environmental project management services.

Data Sharing and Disclosure

We do not sell, rent, or trade personal information. We may share data only with trusted third parties who support our operations—for example, secure hosting providers, analytics tools, or subcontractors—strictly for the purposes outlined in this policy. These third parties are bound by confidentiality and data protection obligations consistent with our own standards. We may also disclose data if legally required to do so by government authorities or judicial orders.

Data Storage and Security

We store all data on encrypted, access-controlled platforms that adhere to international standards for information security. Files shared through our document platforms (e.g., Tresorit) are protected with end-to-end encryption and hosted in GDPR-compliant data centers. Access to personal and sensitive data is restricted to authorized personnel and regularly reviewed. We take proactive measures to prevent unauthorized access, data breaches, or misuse of any information in our custody.

Data Retention

We retain personal and project data only for as long as necessary to fulfill the purposes for which it was collected, or as required by legal, regulatory, or contractual obligations. Once data is no longer needed, we ensure its secure deletion or anonymization. If clients wish to terminate services and request data removal, we will comply promptly, except where retention is required by law.

Data Subject Rights

In accordance with applicable data protection regulations, you have the right to access, correct, update, or delete your personal information. You may also object to certain types of data processing, request data portability, or withdraw your consent at any time. To exercise these rights, please contact us using the information provided at the end of this policy. We may request verification of your identity before processing any data-related requests.

Use of Cookies and Analytics

Our website and digital platforms may use cookies or similar technologies to enhance user experience, track performance, and improve security. These tools may collect limited technical information such as page visits, session duration, or device type. Users can manage cookie preferences through their browser settings.

International Data Transfers

If we transfer data across national borders, we ensure that such transfers are compliant with applicable legal safeguards. Our service providers hosting data outside your country are required to implement adequate data protection measures, such as Standard Contractual Clauses (SCCs) or equivalent frameworks.

Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal obligations. Any material updates will be published on our website, and active clients may be notified directly. Continued use of our services after such updates constitutes acceptance of the revised policy.

Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your data, please contact our Data Protection Officer or reach out through your designated Project Manager. You may also contact us through our official email or client portal.