Privacy Policy
CarbonBorder Desk (“we”, “us”, “our”), operated by TheLoomLabs, respects your privacy and is committed to protecting your personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and applicable national law.
1. Data controller
The controller responsible for your personal data is:
- [Legal entity name] (trading as CarbonBorder Desk)
- [Registered address], European Union
- [Company / VAT registration number]
- Email: igor@carbonborderdesk.com
2. What data we collect
Information you give us
- Contact details you send by email (name, email address, company, role).
- The contents of any documents you choose to share with us for a pilot or engagement — which may include commercial invoices, customs declarations, supplier names, and product data.
Information collected automatically
- Standard server logs from our hosting provider (Cloudflare), such as IP address, request time, and user-agent, retained for security and operational purposes.
- Aggregate, cookieless usage statistics via Cloudflare Web Analytics (page views and performance) — no cookies, no fingerprinting, and no cross-site tracking.
- Cloudflare Turnstile processes limited technical signals to protect the contact form from spam and abuse.
- A single strictly-necessary browser storage entry recording your cookie choice. See our Cookie Policy.
We do not use advertising trackers or social media pixels on this website. Fonts are self-hosted, so no font request is sent to third parties.
3. Why we use it and the legal basis
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Responding to enquiries | Legitimate interests / steps prior to a contract |
| Delivering a pilot or desk engagement | Performance of a contract |
| Securing and operating the website | Legitimate interests |
| Meeting legal and accounting obligations | Legal obligation |
4. Document confidentiality
Documents you share are treated as confidential work product. They are used only for the agreed review and evidence workflow, are not sold or shared with third parties unless agreed, and can be handled under an NDA on request.
5. Sharing and processors
We use a limited number of service providers (sub-processors) acting on our instructions, including our hosting/CDN provider (Cloudflare) and email provider. Where data is processed outside the EEA, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.
6. Retention
We keep personal data only as long as necessary for the purposes above or as required by law. Engagement documents are returned or deleted on request once a project ends, subject to any legal retention obligations.
7. Your rights
Under the GDPR you have the right to:
- access, rectify, or erase your personal data;
- restrict or object to processing;
- data portability;
- withdraw consent at any time where processing is based on consent;
- lodge a complaint with your national data protection authority.
To exercise any right, contact igor@carbonborderdesk.com.
8. Changes
We may update this policy from time to time. The “last updated” date above reflects the current version.