BTRprime.com, the Readiness Tracker, the standalone Quick Assessment, emails to partners@btrprime.com, and related communications.At a glance
- What we collect: contact/professional details, assessment inputs, programme correspondence, minimal logs, and essential cookies.
- Why: to operate the Readiness Tracker, coordinate Article 6 work, and keep systems secure.
- Who sees data: BTR Prime, and where relevant, CACE/ClimatePoint and service providers under DPAs.
- Where stored: primarily EEA/UK; international transfers use SCCs or similar safeguards.
- How long: aligned to BTR/ETF cadence (see retention table).
- Your rights: access, rectify, erase, object/restrict, portability, and complaint routes.
UNFCCC context and terminology
References to Articles 6 and 13 (ETF) are to the Paris Agreement and its modalities, procedures and guidelines. Terms such as “authorization”, “corresponding adjustment”, “inventory (CRTs)”, and “NDC/support tables (CTFs)” are used in their normal UNFCCC sense for information management and reporting support.
Information we collect
- Contact and professional details — name, title, organisation, country, email, phone (if provided).
- Assessment inputs — answers provided for a country readiness check, derived score/band, comments.
- Programme correspondence — emails and scheduling notes when you interact with the programme.
- Usage and device data — basic hosting logs (IP address, user agent, pages, timestamps) and aggregated analytics where implemented.
- Cookies/local storage — essential features (e.g., navigation state). No third-party advertising cookies.
- Public and partner sources — contact points for institutions (e.g., DNAs), from public notices or provided by programme partners for coordination.
How we use information
- Provide the service — operate the Readiness Tracker, generate readiness briefs, and respond to requests.
- Programme operations — coordinate calendars with ministries, designated national authorities (DNAs), validators and relevant stakeholders.
- Support and communications — respond to inquiries, schedule meetings, and send updates you request.
- Improvement and safety — maintain, secure and improve our site and processes; prevent abuse; troubleshoot.
- Compliance — meet legal obligations and respond to lawful requests by competent authorities.
Legal bases (EU/UK GDPR)
- Legitimate interests — operate and secure the site; evaluate country readiness; send requested briefs and coordination notices.
- Contractual necessity — to take steps at your request in anticipation of an engagement.
- Consent — when you submit an assessment and consent to contact; for optional analytics or newsletters (if enabled).
- Legal obligation — to comply with applicable laws and lawful requests.
Legitimate interests test (summary)
- Interest: programme coordination, readiness evaluation, site security.
- Necessity: limited personal data needed to identify contacts and deliver requested outputs.
- Safeguards: minimisation, role-based access, short log retention, opt-outs where applicable.
Joint controllership summary (GDPR Art. 26)
| Activity | Controller role | Primary contact for rights |
|---|---|---|
| Programme-level briefs; coordination with public entities | BTR Prime, CACE, ClimatePoint act as joint controllers | partners@btrprime.com (we coordinate resolution across parties) |
| Platform operation, hosting, site security | BTR Prime as controller; vendors as processors | |
| Independent outreach by supporters | CACE/ClimatePoint may act as independent controllers for compatible purposes |
You may contact any controller. We agree to cooperate and ensure you can exercise your rights consistently via the single address above.
How we share information
- Programme supporters (CACE and ClimatePoint) — For specific activities (e.g., preparing briefs, policy coordination, outreach), we may share your submission and contact details as described above.
- Service providers (processors) — reputable vendors for hosting, email, collaboration and infrastructure under data-processing agreements.
- Public authorities — when legally required or to protect rights, safety and programme integrity.
- Business changes — in a merger, acquisition or reorganisation, data may transfer to a successor subject to this policy.
International transfers
We may process data outside your country. Where required, we use safeguards such as EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum. Typical processor locations: EEA, UK, and the United States (with SCCs).
Retention and BTR cycles
Retention reflects ETF reporting cadence. Unless otherwise required, we keep:
| Category | Typical retention | Reason |
|---|---|---|
| Assessment submissions and briefs | 24 months from last interaction, or for the duration of an active engagement; earlier deletion on request. | Maintain continuity through the BTR drafting window. |
| Programme correspondence | Up to 36 months for auditability and follow-up; earlier deletion on request unless legally required. | Audit trail for coordination and validator lane. |
| Logs and security data | 90 days (rolling), unless required for investigations. | Security and abuse prevention with minimal footprint. |
| Contractual records (if any) | As required by law (typically 6–10 years). | Statutory compliance. |
Confidentiality and classifications
We recognise sovereign information handling. Materials may be marked, for example, “Public”, “Official Use”, “Confidential” or “Restricted” by the providing authority. We honour such markings and limit access accordingly. Where Article 6 requires public information, we publish accordingly; where confidentiality applies, we restrict access and honor sovereign markings.
Security and breach notifications
We apply appropriate technical and organisational measures (encryption in transit, access controls, least-privilege, vendor DPAs, audit trails). If we detect a personal-data breach posing risk, we will notify the relevant authority within required statutory timelines and inform affected individuals as required. Security contact: partners@btrprime.com.
Your rights
If you are in the EEA/UK (or where similar rights apply), you may request:
- Access to your personal data;
- Rectification of inaccurate or incomplete data;
- Erasure (“right to be forgotten”);
- Restriction or objection to certain processing;
- Portability of data you provided;
- Withdrawal of consent where processing relies on consent.
To exercise rights, email partners@btrprime.com or use the rights-request form below. You may also contact partners@btrprime.com and partners@btrprime.com for activities they control. We aim to respond within one month or as required by law.
Lead supervisory authority
Our lead EU/EEA supervisory authority is the Norwegian Data Protection Authority (Datatilsynet). You may lodge a complaint with Datatilsynet or your local authority.
US state privacy notices
We are a B2B programme and do not sell personal information or use it for cross-context behavioural advertising. Where state laws (e.g., California, Colorado, Virginia, Connecticut) apply, you may request access, correction or deletion as above. We do not knowingly collect personal data from minors.
Cookies and local storage
You can adjust non-essential cookies anytime:
| Category | Purpose | Provider | Data | Retention | Opt-out |
|---|---|---|---|---|---|
| Essential | Core site functionality (navigation, basic session, security) | First-party | Session ID, preference flags | Session or until cleared | Via your browser |
| Analytics (optional) | Understand page usage to improve UX (when enabled) | None active | Aggregated usage metrics | See provider policy (if enabled) | Respect banner choices; disable anytime via the button above |
Automated decisions / special-category data
We do not use automated decision-making with legal or similarly significant effects. Please do not submit special-category data unless we explicitly request it on a valid legal basis.
Children
Our services are not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided data, please contact us to remove it.
Changes to this policy
We may update this policy to reflect legal or programme changes. We will revise the “Last updated” date and, where appropriate, notify you.
Contact
Address: 123 Example St, City, Country
Address: Qatar Science and Technology Park, Gharaffa, Doha, Qatar
Address: Universitetsgata 12, 0164 Oslo, Norway
Org.no: 929 099 389
Rights-request form
This lightweight form prepares an email to partners@btrprime.com. No data is sent until you hit “Create email”.
Programme-specific notes
- Assessment emails: When you submit the Quick Assessment, your inputs are assembled into a plain-text email to
partners@btrprime.com. We process it in our email systems and share with CACE/ClimatePoint as needed to prepare and deliver your country brief. - Evidence references: Briefs reference public or ministry-provided documents. Briefs are for programme coordination and are not public disclosures unless expressly agreed by the providing authority.
- DPAs/SCCs: Standard data-processing terms are available on request.