You can withdraw and manage your consent at any time, by clicking "Manage cookies" at the bottom of each website page.
On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.
If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, that is always available at the bottom of the site.
These cookies are necessary to make the site work properly, and are always set when you visit the site.
These cookies collect information to help us understand how the site is being used.
These cookies are used to make advertising messages more relevant to you. In some cases, they also deliver additional functions on the site.
For the purpose of the General Data Protection Regulation (the “GDPR”), CDP Worldwide, CDP Operations Limited, CDP Worldwide (Europe) gGmbH, CDP Europe -Services GmbH, CDP Worldwide Services GmbH, CDP North America, CDP Worldwide-Japan, Beijing Carbon Disclosure Project Environmental Consulting Co, Carbon Disclosure Project India, Carbon Disclosure Project Latin America and CDP World (Hong Kong) Limited, (“CDP Global System”) each act as data controller/controller and as joint controllers as set out in more detail in clause 9 below. You can find the contact details in Appendix 1 below.
2. Personal data we may collect from you
We may collect and process the following personal data about you:
(a) Your name, job title and professional contact details (phone number, email and office address);
(b) Information that you provide by contacting us or by filling in forms on our sites www.cdp.net and www.cdsb.net (together our “site”). This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services. We may also ask you for information when you report a problem with our site; if you contact us, we may keep a record of that correspondence
(c) Information that is automatically sent to us by your web browser or device, such as your IP-address, device type, browser type, referring site, sites accessed during your visit, the date and time of each visitor request
(d) If applicable, personal data you provide in ‘Matchmaker’ project intake forms (in respect of city projects seeking finance);
(e) Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
(f) Further information necessarily processed in a project or contractual relationship with CDP or voluntarily provided by you, such as personal data relating to orders placed, payments made, requests, and project milestones;
(g) Personal data collected from publicly available resources or received from third parties.3. How we store your personal data
We take appropriate measures to ensure that your personal data is kept secure, including preventing it from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal data to those who have a legitimate business need to view it.Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through any online means.4. Where we store your personal data
We predominantly store personal data in our Customer Relationship Management (“CRM”) system which is based in the UK; we also process and store personal data in countries within the European Economic Area (“EEA”) which have the same data protection laws as the United Kingdom.
Countries outside the EEA may have different data protection laws to the United Kingdom. Your personal data will only be transferred or stored outside the EEA where we have a contract in place which gives your personal data protection equivalent to that within the EEA. In this way we make your personal data accessible to staff working for any company within the CDP Global System (namely in North America, Brazil, China, Hong Kong, India and Japan) and to selected third-party service providers for the uses described in this notice. We will not otherwise transfer your personal data outside the EEA.5. Uses made of your personal data
We use information held about you in the following ways:
(a) To ensure that content from our site is presented in the most effective manner for you and for your computer;
(b) To verify your identity (if you registered for a CDP Online Offering) and to answer and fulfil your specific requests;
(c) To communicate with you about products, services and projects of CDP or business partners, e.g. by responding to inquiries or requests;
(d) To carry out our obligations arising from any contracts entered into between you and us;
(e) To provide you with information, products or services provided you have given your consent;
(f) To ensure compliance with legal obligations (such as record keeping obligations);
(g)To solve disputes, enforce our contractual agreements and to establish, exercise or defend legal claims.6. Legal basis for data processing
The legal basis for CPD processing data about you is that such processing is necessary for the purposes of:
In some cases, we may ask if you consent to the relevant use of your personal data. In such cases, the legal basis for us processing that data about you may (in addition or instead) be that you have consented (Article 6 (1) (a) GDPR).7. Disclosure of your personal data
We disclose your data only if the legal conditions are fulfilled, in particular Article 6 GDPR. In accordance with these provisions, a transfer is permissible in particular if
Sometimes the recipients to whom we transfer your personal data are located in countries in which applicable laws do not offer the same level of data protection as the laws of your home country. In such cases, we take measures to implement appropriate and suitable safeguards for the protection of your personal data. In particular, we transfer personal data to external recipients in such countries only if the recipient has (i) entered into EU Standard Contractual Clauses with CDP, or (ii) implemented Binding Corporate Rules in its organization.
Provided the legal requirements have been met, we may disclose your personal data to:
(a) other companies within the CDP Global System or third parties – e.g. our business partners or suppliers - in connection with your use of the CDP Online Offerings or our business relationship with you;
(b) organisations that receive responses to our questionnaires including our investor signatories and supply chain members;
(c) organisations that receive the personal data provided in ‘Matchmaker’ project intake forms (in respect of city projects seeking finance) including investors, project developers, engineering firms and non-profit organisations;
(d) third parties, including our partners, and other organisations that are aligned with our mission;
(e) our external third-party service providers which process such data only for the purpose of such services; and
We will hold your personal data for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period we consider the amount, the nature and sensitivity of the personal data, the potential risks of harm from unauthorised use or disclosure, the purposes and whether we can achieve those purposes by other means. We will delete your data if they are no longer being needed for the purposes for which they were collected or to comply with our legal obligations such as retention obligations under tax or commercial laws.9. Joint activities and website visits
Data controllers are joint controllers where your personal data is shared with another controller in the CDP Global System for any of the following activities (joint activities):
(a) disclosure related activities to companies, cities states and regions;
(b) marketing, newsletters, and other communication activities;
(c) investor and supply chain member activities;
(d) non-disclosure related activities including, contracts with third parties; and
(e) adding and accessing personal data in the CRM system.
As far as non-joint activities are concerned, CDP Worldwide is responsible for the data processing by the CDP Online Offering (data controller in the sense of Article 4 (7) GDPR).10. Responsibilities for joint activities
The responsibilities of the parties are set out in Appendix 2 below.
Under Article 26 (3) and Article 32 (4) GDPR, each of the joint controllers can be held liable for the entire damage. If one joint controller is held liable, Article 82 (5) GDPR applies.11. Social media features
We use the following social media plug-ins ("plug-ins"):
All social media links and plug-ins (YouTube plugin) are indicated with the brand names of the respective providers Google, Twitter, and LinkedIn ("Provider"). We use the so-called two-click solution. This means that when you visit our site, no personal data is passed on to the providers of the plug-ins. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked box and thereby activate it, the plug-in provider will receive the information that you have accessed the corresponding website of our online offer.If you interact with the plug-in, e.g. by playing an imbedded YouTube video, the data will be transferred directly from your browser to the Provider and saved by the Provider.For more information on the purpose and scope of data collection, processing and use, please refer to the privacy statements below:
12. Your rights
Under the GDPR you have several important rights. In summary, these include rights to:
(a) access your personal data;
(b) require us to correct any mistakes in your information which we hold;
(c) request the erasure of personal data concerning you in certain situations;
(d) request the data to be transferred to a third party in certain situations;
(e) object at any time to processing of personal data concerning you for direct marketing;
(f) object in certain other situations to our continued processing of your personal data;
(g) otherwise restrict our processing of your personal data in certain circumstances; and
(h) claim compensation for damages caused by our breach of any data protection laws.
How to complain
We hope that we can resolve any query or concern you raise about our use of your personal data.
The GDPR also gives you the right to lodge a complaint with the competent data protection authority. A list and contact details of local data protection authorities is available here:
For the United Kingdom
Information Commissioner’s OfficeWycliffe HouseWater LaneWilmslowCheshireSK9 5AFe-mail: firstname.lastname@example.orgWebsite: https://ico.org.uk
Changes to our privacy notice
Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Latest Privacy Notice February 2021.Contact
Questions and requests regarding this privacy notice should be addressed to
Outside European Union (or EEA): email@example.com or
European Union (or EEA): firstname.lastname@example.org
CDP Worldwide, 4th Floor, 60 Great Tower Street, London EC3R 5AZ, UK
CDP Operations Limited, 4th Floor, 60 Great Tower Street, London EC3R 5AZ, UK;
CDP Worldwide – Services GmbH, all of WeWork, Potsdamer Platz -Kemperplatz 1, 10785 Berlin, Germany;
CDP Worldwide - Japan, GINZA ISHII Building, 5F 6-14-8, Ginza Chuo-Ku, Tokyo, 104 -0061, Japan;
Beijing Carbon Disclosure Project Environmental Consulting Co. Limited, Room 025, 1/F, Jingshi Law Firm Building, No.37 Dongsihuan Mid Rd, Chaoyang District, Beijing, 100025 China;
Carbon Disclosure Project India, 906 Chiranjiv Tower, 9th Floor, 43 Nehru Place, New Delhi 110019;
CDP Operations India Private Limited, 906 Chiranjiv Tower, 9th Floor, 43 Nehru Place, New Delhi 110019; Carbon Disclosure Project Latin America, Rua Dr. Mauricio de Lacerda, 30; CEP 04303-190 -Sao Paulo/ SP, Brazil;
CDP Worldwide (Hong Kong) Limited, 9/F Asia Orient, 33 Lockhart Road, Wanchai, Hong Kong;
CDP Europe AISBL, Avenue des Arts 6-9, 1210 Bruxelles, Belgium;
CDP Worldwide (Europe) gemeinnützige GmbH, c/o WeWork Potsdamer Platz, Kemperplatz 1, 10785 Berlin, Germany;
CDP Europe - Services GmbH, c/o WeWork Potsdamer Platz, Kemperplatz 1, 10785 Berlin, Germany;
CDP North America, Inc. 127 W 26th Street, Suite 300, New York, NY 1001, USA.
Providing information (Articles 13, 14 GDPR)
Right of access, rectification, erasure, data portability, objection (Articles 15-17, 20, 21 GDPR)
Commissioning sub-processors, Records of processing activities, Determination of security measures (Articles 28, 30, 32, 24 GDPR)
Notification of data breaches (Articles 33, 34 GDPR)
CENTRALISED ACTIVITIES IN UK
CDP Worldwide and CDP Operations LimitedCoordination of the worldwide process for disclosure as follows:
a) Disclosure related activitiesadding contacts to CRM, sending disclosure-related e-mails to companies, cities, states and regions.
b) Investor related activitiesadding contacts to CRM, targeting new investors (e.g. to become signatories or members), and account related activities.
c) Supply chain member and reporter services activitiesreceiving contact lists from members, entering into contracts with suppliers and sharing supplier contacts with members.
d)Communication activitiesSending out newsletters and updates toorganisations; hosting on-line events, including using third party platforms and other such activities.
e) Non-disclosure activitiesall other activities including contracts with third parties; HR and employee activities; systems administration and account activities;on-line activities including carried out by CDSB.
1. Activities carried out in Europe
a) Supply chain member and reporter services activitiesreceiving contact lists from members, entering into contracts with suppliers and sharing contacts with members.
CDP Europe-Services GmbH
CDP Worldwide (Europe) gGmbH (Climetrics:CDP Europe-Services GmbH)
c) Communication activitiesSending out newsletters and updates toorganisations; hosting on-line events, including using third party platforms and other such activities.
CDP Worldwide (Europe) gGmbH
d) Non-disclosure activitiesall other activities including contracts with third parties;
2. Activities carried out in North America
a) Supply chain member and reporter services activitiesreceiving contact lists, entering into contracts with suppliers and sharing contact information with members.
d) Other disclosure and non-disclosure activitiesall other disclosure related activities including adding contacts to CRM, sending out disclosure related emails and all other non-disclosure activities including, contracts with third parties.
3. Activities carried out in India
CDP Operations India Private Limited
Carbon Disclosure Project India
d) Other disclosure and non-disclosure activitiesall other disclosure related activities including adding contacts to CRM, sending out disclosure related emails and all other non-disclosure activities including contracts with third parties.
4. Activities carried out in South America
Carbon Disclosure Project Latin America
b) Investor related activitiesadding contacts to CRM, targeting new investors (e.g. to become signatories or members), and account related activities
5. Activities carried out in China
Carbon Disclosure Project Environmental Consulting
6. Activities carried out in Japan
CDP Worldwide Japan
7. Activities carried out in Asia Pacific Region
CDP Worldwide (Hong Kong) Ltd
or continue with
Already connected? Sign in.
Help us match your profile by telling us a bit more about yourself.
Be the first to know about our job openings.
Add people who can recommend you as a colleague.