Date of publication: November 24, 2025
2degrees respects your privacy and is committed to protecting your personal data. This privacy notice tells you how we look after your personal data when you visit our website or use our products (and tells you about your privacy rights and how the law protects you).
This privacy policy is provided in a layered format. You can use the headings on the left of the page to click through to the specific areas of interest.
This privacy notice gives you information on how 2degrees collects and processes your personal data through your use of this website, the Secaro platform (the "sites") and our services, including any data you may submit or input. It also contains information on your privacy rights.
2degrees Limited is the controller and responsible for your personal data (referred to as "2degrees", "we", "us" or "our" in this privacy notice).
We keep our privacy notices and practices under review. We will notify you of any changes by posting an updated, date stamped version on our sites. If there are material changes we will tell you about them.
The sites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. When you leave our sites, we encourage you to read the privacy notice of every website you visit.
Personal data, or personal information, means any information about an individual from which that individual can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Identity data: first name, last name, user name, password, organisation.
Business Contact data: business email address, business postal address, business telephone number.
Profile data: personal profile on our sites containing name and employment information.
Technical data: IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and site navigation paths.
Usage data: information on how you use sites and services such as length of visit, page interaction/ view, timing, frequency and patterns of use.
User generated data: includes data you submit to us as part of the services, including content which you may post on our messaging board.
Marketing and communications data: your preferences on receiving marketing from us.
We also collect and use aggregated anonymised data such as statistical or demographic data for the purpose of running our programs and improving our product. Aggregated data could be derived from your personal data but is not considered personal data as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific site feature.
We do not collect any special category or sensitive data about you. Nor do we collect any information about criminal convictions and offences.
Our sites are not intended for children and we do not knowingly collect data relating to children.
Identity data, contact data, profile data and user generated data are collected directly from you by filling in forms, creating an account, and posting on our messaging board.
Technical data and usage data are collected automatically when you use sites and services via cookies, server logs and similar technologies.
Business Contact data may also be collected from third parties such as your employer or customer for the purposes of adding you as a user of the services.
Below is a description of how and why we use your personal data, the categories of data used for each purpose and the legal bases we rely on to do so:
| Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
|---|---|---|
| To register you as a user to enable you to access products and services | (a) Identity; (b) Contact | Performance of a contract with you |
| To manage our relationship with you which will include: (a) Providing access to sites and services; (b) Managing the creation of your profile; (c) Notifying you about changes to our privacy notice or terms | (a) Identity; (b) Contact | (a) Performance of a contract with you; (b) Necessary for our legitimate interests (to run our business) |
| To enable us to store and process the data you input on the Platform and the sustainability actions you take, and to analyse your usage metrics | Profile | Performance of a contract with you |
| To administer and protect our business and sites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) Identity; (b) Contact; (c) Technical | (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise); (b) Necessary to comply with a legal obligation |
| To use data analytics to improve our sites, products/services, marketing, customer relationships and experiences | (a) Technical; (b) Usage | Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
| To make suggestions and recommendations to you about services that may be of interest to you | (a) Identity; (b) Contact; (c) Technical; (d) Usage; (e) Profile; (f) Marketing and Communications | Necessary for our legitimate interests (to develop our products/services and grow our business) |
| To connect you with other site users with whom you have a pre-existing business relationship, but may not be in direct communication outside the site, by sharing Contact information | (a) Contact; (b) Profile | Necessary for our legitimate interests (to deliver our service offer allowing buyers and suppliers to exchange environmental data) |
You may receive email marketing communications from us if you have requested information from us or opted in to receive information about our services, or if you or your employer has purchased services from us and you have not opted out of receiving that marketing. You can ask us to stop marketing communications at any time by unsubscribing on the email or sending an email to customerservice@secaro.io.
We use various technologies to collect information which may include sending cookies to your computer or mobile device.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
We may also collect information using web beacons (tracking pixels) which are electronic images that may be used in the services or emails to deliver cookies, count visits and understand whether an email has been opened or acted upon.
We use the following cookies:
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
Most web browsers are set to accept cookies by default but if you prefer you can:
Set your browser to reject (Secaro platform or website)
Use the tool featured on our website from a third-party provider, Cookiebot CMP (platform) and HubSpot (website)
On the Secaro platform we use necessary, preference and statistics cookies which can be managed via your browser.
(a) authentication and authorisation - we use cookies to identify you when you visit our website and as you navigate our website (cookies used for this purpose are: sessionid);
(b) security - we use cookies as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally (cookies used for this purpose are: csrftoken);
(c) statistics cookies - we use cookies used by Amazon CloudWatch Real User Monitoring (RUM), a service for tracking web application performance. cwr_s tracks a user's session across multiple page loads, enabling metrics like errors per session or user journeys. swr_u is a user cookie that stores an anonymous user ID and helps count return visitors by identifying unique users over time, without collecting personally identifiable information.
Please note, if you reject cookies this may affect availability of services or certain features.
We may share your personal data with the parties set out below for the purposes set out in the table above.
Service providers such as IT infrastructure and cloud services.
Your employer, if you register or access the services with an email address with a domain owned by your employer.
Our affiliates and group companies.
Our professional advisors such as accountants, auditors, bankers, insurers, lawyers who provide us with professional services.
Regulators or other public authorities where required by law.
In connection with our negotiations for sale, merger, transfer of company assets, financing or acquisition.
Decarbonisation partners offering products such as green finance but only where (a) you have signed up to a webinar or event organised jointly by us and that Decarbonisation Partner; or (b) a Decarbonisation Partner has been assessed as having an offering relevant to your site's profile. You may opt out of receiving such introductions at any time by notifying 2degrees.
With supply chain owners who are customers of 2degrees, only where you are part of their supply chain program and so far as is relevant to measure your engagement with the Platform.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may transfer your personal data outside of the EEA or UK in carrying out the purposes and activities set out in section 4 above. When we transfer personal data outside of EEA or UK we ensure an appropriate degree of protection is in place by implementing at least one of the safeguards:
Adequacy – transferring personal data to countries that have been deemed to provide an adequate level of protection by the European Commission or UK ICO (as appropriate)
For our group company in the US and service providers based outside EEA, UK or countries with adequacy, we will only transfer data to them where an agreement incorporating the UK IDTA, EU SCCs or another legally applicable data transfer mechanism is in place.
Our business and processes are certified to ISO27001, the world's best-known standard for information security management systems (ISMS).
We have in place appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered or disclosed.
We limit access to your personal data to those staff or service providers who need to know, and they only process personal data on our instructions.
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax or accounting requirements. We may retain your personal data for longer in the event of a complaint or reasonably held belief that litigation is a prospect. We determine appropriate retention periods considering the amount and sensitivity of personal data, the potential risk of harm in the event of unauthorised use, the purposes for which we process your personal data and whether these can be achieved by alternative means in addition to legal, regulatory, tax or accounting requirements.
Under certain circumstances, you have rights under data protection laws in relation to your personal data:
Request access to your personal data: You can request a copy of the information we hold about you.
Request correction of your personal data. You can get inaccurate records corrected, provided we can verify the new data you provide is accurate.
Request erasure of your personal data. You can get data deleted where there are valid grounds.
Object to processing of your personal data. Where we process data based on a legitimate interest, you can object and we will assess your objection to determine whether we have legal grounds to continue processing.
Request restriction of processing your personal data. You can ask us to suspend processing while we check accuracy, or assess your objection relating to processing.
Request transfer of your personal data. You can request your personal data in a specific format to transfer to a third party.
Withdraw consent. If we are relying on consent to process your personal data, you can withdraw it (prior processing unaffected).
Complain. You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues ICO.org. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
If you wish to exercise any of your privacy rights, please contact us at the details below.
If you have any questions about this privacy policy or our privacy practices, please contact our team in the following ways:
Full name of legal entity: 2degrees Limited
Email address: customerservice@secaro.io
Postal address: Lambourne House, 311-321 Banbury Rd, Oxford OX2 7JH