Privacy Policy

Last Updated: 02/05/2025

This Privacy Policy informs you (“you” or “yours”) as to how we look after your personal data when you visit our website (regardless of where you visit it from) or use our services and tells you about your privacy rights and how the law protects you. Please take a moment to read this Privacy Policy which explains how we collect, use, disclose, transfer, and protect your information when you use our website www.eco-wise.co.uk and our software Platform, platform.eco-wise.co.uk.

1. SCOPE

This Privacy Policy applies to all the ECOWISE software services including www.eco-wise.co.uk (“Website”) and https://platform.ecowise.co.uk (“Platform”) offered by EcoWise, registered under trade registration number in 10536593 as EcoWise Ekodenge Limited, in London United Kingdom  (“Ecowise”, “us”, “we” or “our”). Our website and Platform software applications are collectively referred to here as the “Services”).
In accordance with the current European Union General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), in this Privacy Policy we inform you about:

  • Who is responsible for the processing of your personal data
  • What personal data we collect
  • How the personal; data is collected
  • How the personal data collected is used
  • How and with whom the personal data is shared
  • The security of your personal data
  • Your rights and access to your personal data


We also inform you about other data we collect that is associated with your account but falls outside of the category of personal data.
From time to time, we may update this Privacy Policy. Changes will be published on this Platform. When amendments are made, we will update the “last updated date” at the top of this Policy. Whilst we may take steps to notify you of changes it is your responsibility to ensure that you are familiar with our current policies as amended.

2. Responsible party for processing of your data

Your data is processed by a data controller. The data controller is EcoWise Ltd., registered as EcoWise Ekodenge Ltd in London, United Kingdom. The data controller’s address is 184 Shepherds Bush Road, W6 7NL, London, United Kingdom.

Any questions in relation to this privacy policy and exercising of your rights can be carried out by reaching out to the data controller via company contact Information: gdpr@eco-wise.co.uk.

3. What data we collect

References in this Privacy Notice to personal data means information relating to a living individual who is, or can be, reasonably identified from the information, either alone or in conjunction with other information.
References in this Privacy Notice to non-personal data means information that does not relate to a living individual, in that the individual cannot be reasonably identified from the information, either alone or in conjunction with other information.

3.1. Personal data we collect:

To access certain areas of our Platform, or receive certain services through our Website, you will be asked to register with us. During the registration process you will be asked to submit personal data about yourself, including your first name, surname and email address. If you are a business, we may ask you to provide your organisation address. By entering your details in the selected fields you allow EcoWise to provide you with the Services you select.
We also collect web usage statistics information automatically about visitors to our Services. The information can include IP address, browser type and version, page on our Services that you visit, time and date of your visit, time spent on those pages, your language preferences on the Services, and other diagnostics data. How this is done is described in the section headed "Cookies and tracking technologies" below.
We may collect information about your location with your consent to provide you with specific location services, described in the section headed “Location services” below.

3.2. Other data that we collect

We also collect other data that relates to products for which we manage their product identity and information, including without limitation, warranty information, event status, and product surveys. During the usage of our Platform, you may be asked to fill in product information surveys, relating to product usage, repair, maintenance and other aspects relating to the life cycle of products.

4. How we collect data

We collect data through different routes. We collect data directly from you, when you register on our Services including our Platform and our Website, fill in forms, or interact with our customer service upon your request. In all cases where we collect such data your consent will be requested.
We collect non-personal data automatically. Through cookies and similar tracking technologies as you navigate through our Website and our Platform. The means by which we do this are described in the section headed "Cookies and tracking technologies".
We may automatically collect and receive passive data from third parties whose services are integrated with our Services for web analytics purposes. Specific information about third party services is described in section 3.1 ‘Third party services integration’ below.

4.1. Third party services

Our Services  may refer to or rely on third party websites such as client websites, mobile applications and other online services or platforms. We do not control such third parties and we are not responsible for the content, availability, or security of third parties. For privacy information relating to these other apps, websites or services, please consult their privacy policies as appropriate.

5. Use of personal data

5.1. Use purposes

The main reason to process your data is on a legitimate interest basis to access additional  Services within our Platform and our Website. This can include on our Platform managing product information, creation and management of Digital Product Passports, updating product information in the Digital product Passports, and providing survey information. And this can include on our Website news updates, Platform updates, access to EU regulatory compliance information, and for receiving more information about our Platform.

The data is used for providing access through a login or a credential for the services, or for communications through e-mail.
Note that under GDPR, we can only use your personal data if we have a proper reason, e.g.:

  • where you have given consent;
  • to comply with our legal and regulatory obligations;
  • for the performance of a contract with you or to take steps at your request before entering into a contract; or
  • for our legitimate interests or those of a third party.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us (see ‘Contacting us’ below).

The table below explains in more detail what we use your personal data for and why. We will not use your personal data for any other purposes than listed in this table. We will not use your personal data for marketing purposes.

We may lawfully use your personal data as follows:

Processing needs
Lawful basis
To enhance your user experience and maintain our Software Platform
Based on legitimate interests to provide you with a good user experience on our Platform
To allow you to participate in interactive features of our Software Platform
Based on legitimate interests to provide you with features on our Platform, and based on a contract where we have agreed to offer you specific interactive features
To provide you with communications about our Platform and our Services
Based on legitimate interests to give the latest insights about our Platform and associated information about Digital product Passports
To provide customer support
Based on legitimate interests to provide you support in using our Platform and Website and its features
To gather analyses or valuable information to improve our Platform and our Website
Based on legitimate interests to continuously improve the performance and features on our Platform and our Website
To monitor the usage of our Platform and our Website
Based on consent provided by you to monitor usage and our legal obligation under GDPR to comply with section 7 (see ‘Data retention’)
To detect, prevent, and address technical issues
Based on legitimate interests to maintain our Website and our Platform to you on an error-free and secure basis.
To enforce usage terms and conditions and protect your privacy rights
Based on legitimate interests to and legal obligations for you and us to comply with the law.
To enforce legal rights or defend or undertake legal proceedings
Based on the need to resolve disputes in a contract between you and us.
To communicate about changes to our terms or policies or changes to the services
Based on consent provided by you for us to provide communications
To communicate with you by email about our Platform, News updates, and EU regulatory information
Based on consent provided by you for us to communicate about out Platform, News updates and EU regulatory information.
To comply with our legal and regulatory obligations.
Based on the need to comply with legal obligations including tax regulations

5.2. Customer support management

In cases where you reach out to us for exercising your rights through gdpr@eco-wise.co.uk  or for general questions or needs, a customer support or engineer may need to access your personal data from our server.

Any personal data that is accessed by our customer support or engineer teams is deleted after a specific enquiry or support ‘ticket’ has been closed.  No personal data is allowed to be kept on an individual’s machine or transferred to another server. Our customer support and engineer teams may be outside the European Union, residing within London or Türkiye.

6. Sharing your information

6.1. Personal data sharing

We do not share your personal data with third parties outside the Services except as legally permitted in the following limited circumstances:

  • All personal data may be shared for business transfer purposes, in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • We may share your personal data when you have given us consent, with clients who are the product manufacturers of products, in cases where you have one or more of the client’s products associated with your personal data in your account. For purposes of external service offerings of the client in relation to the product use and management throughout the product life cycle. Please see the section on ‘Transferring your personal data out of the EU’ for more details in this regard.
  • All personal data may be shared for law enforcement purposes. Under certain circumstances, we may be required to disclose your information by law or in response to valid requests by public authorities (e.g., a court or a government agency), such as a court order, subpoena or search warrant or other legal requirement to detect, prevent, or investigate potential security incidents or fraud.
    We will not share your personal data with any other third party for any other purpose.

6.2. Non-personal data sharing

We may share non-personal data with third parties as legally permitted under the following limited circumstances:

  • Passively collected non-personal information collected through cookies or tracking technologies from your use of our Services may be shared with external service providers, but only for purposes of monitoring and analysing the use of our Services.
  • Based on consent provided by you with clients who are the product manufacturers of the product that is the subject of the related data. For purposes of providing insights into the use and management of the specific manufacturer’s products throughout the product life cycle. In all cases all data will be shared only on an anonymised basis and isolated from any of your personal data.
  • All non-personal may be shared for business transfer purposes, in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

If you would like more information about who we share our data with and why, please contact us (see ‘Contacting us’ below).

6.3. Data Protection

The data we collect is hosted and stored in cloud servers from AWS in the European union in Germany for GDPR compliance reasons. We employ appropriate security measures to protect your information and keep it secure and maintained within the European Union. These measures include data encryption, access controls, and regular security audits. However, no method of transmission over the internet or method of electronic storage is 100% secure, so we cannot guarantee absolute security.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

7. Data Retention

In general, we will retain your personal data and other data for a period of 90 days after which we will delete your personal data (section 3.1), and anonymise any non-personal data (section 3.2).

In cases where you have an active registered account with a login on our Platform, we will retain your personal data for as long as you have an active registered account, to continue to provide you with the purposes as described in section 5.1 (see ‘Use purposes’ above). An active account is an account that has been in use within the last 90 days or that has an active duration of use associated with a license payment for that account. An active account can also be inactivated either directly or by exercising your rights described in section 9 “Your Rights”, after which your data will be deleted within 90 days.

In cases where you have an active registered e-mail subscription after filling in a form on our Website, we will retain your personal data for as long as the subscription is active, to continue to provide you with the purposes as described in section 5.1 (see ‘Use purposes’ above). An active e-mail subscription is an e-mail that has been actively registered through a form on our Website, and which has not been inactivated by an unsubscribe action. An active e-mail subscription can be inactivated either directly through an unsubscribe option contain in an e-mail sent by us, or by exercising your rights described in section 9 “Your Rights”, after which your data will be deleted within 90 days.

The only exception to the 90-day period of deletion is personal data associated with a login of a user on our Platform linked to an organisation that needs to be kept for legal reasons including disputes and tax authority purposes, which is kept for a period of six years. This exception covers only personal data necessary to contact an individual that has initiated payments carried out for Software as a Service licenses, for extended features usage in our Platform.

8. Transferring your personal data out of the European Union

At this point in time, we do not transfer your personal data outside of the EU and all data is maintained in our contracted cloud servers in Germany. If this changes, we would comply with applicable EU laws designed to ensure the continued protection and privacy of your personal data. Any updated destinations to which we send your personal data, would be indicated in the present section and notified to you in accordance this Privacy Policy.

Furthermore, under EU data protection laws, we can only transfer your personal data to a country outside the EU where: the EU government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the EU GDPR; there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you; or a specific exception applies under relevant data protection law. Accordingly, if we were to start transferring your personal data from the EU to:

  • The United Kingdom (UK): we would rely on the adequacy finding granted by the EU to the UK under the Withdrawal Agreement to do; for any transfers from the UK to the EU, we would rely on the adequacy regulation granted to the UK under the Adequacy Decision.
  • Türkiye: we would rely on first having a Data Transfer Agreement (DTA) in place including Standard Contractual Clauses (SCCs), signed between Ekodenge and the client to ensure lawful data transfer. Second, a Data Processing Agreement (DPA) in place to regulate the processing of customer data by the client on behalf of the company, ensuring compliance with GDPR.
  • Any other country located outside the European Union: we would rely on appropriate safeguards under the EU GDPR, such as by including the relevant Standard Contractual Clauses in our data processing agreements.
    In the event we could not or choose not to continue to rely on either of those mechanisms at any time we would not transfer your personal data outside the EU

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies, including web beacons and scripts, to track the activity on our Software Platform and store certain information.

A cookie is a small simple file that is sent along with pages of our software platform and stored by your browser on the hard drive of your computer or another device. The information stored therein may be returned to our servers or to the servers of the relevant third parties during a subsequent visit.
A script is a piece of program code that is used to make our website function properly and interactively. This code is executed on our server or on your device.
A web beacon (or a pixel tag) is a small, invisible piece of text or image on a website that is used to monitor traffic on a website. In order to do this, various data about you is stored using web beacons.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse functional cookies connected with our Software Platform some parts of the Platform may become inaccessible or not function properly

10. Location Service

We provide a service that where you can enter a location entry in our Platform in the the Digital Product Passport, available if specific access rights have been granted, to save the product status across the product lifecycle.

To enhance your user experience so that the information does not need to be manually entered we may utilise an area location service, which are typically available on mobile devices or applications. As part of the area location service you are provided with the opportunity to provide your consent to the use of location services, which, for example, process information deriving from GPS, sensors, beacons or Wi-Fi access points, so as to retrieve your area or neighbourhood location. Your device will have settings that allow you to turn off these services should you no longer wish to benefit from them. To withdraw your consent at any time you can turn off the localisation permissions for our Platform on your device.

11. Your rights

You generally have the following rights, which you can usually exercise free of charge. For more information regarding these rights, please visit your data protection authority website. A list of data protection authorities in European Union countries can be found here: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.


Data management need
Your right
Access to a copy of your personal data
The right to be provided with a copy of your personal data.
Correction (also known as rectification)
The right to require us to correct any mistakes in your personal data.
Erasure (also known as the right to be forgotten)
The right to require us to delete your personal data—in certain situations.
Restriction of use
The right to require us to restrict use of your personal data in certain circumstances, e.g. if you contest the accuracy of the data.
Data portability
The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations.
To object to use

The right to object:

  • at any time to yourpersonal data being used for direct marketing (including profiling)
  • in certain other situations to our continued useof your personal data, e.g. where we use you personal data for our legitimateinterests.
Not to be subject to decisions without human involvement

The right not to besubject to a decision based solely on automated processing (includingprofiling) that produces legal effects concerning you or similarlysignificantly affects you

We do not make any such decisions based on datacollected by the Services.

You have the right to access, correct, update or request deletion of your personal data at any time. You can also object to or restrict the processing of your personal data and have the right to portability of your personal data. To exercise these rights, please contact us at gdpr@eco-wise.co.uk.
You have the right to withdraw your consent for processing of your personal data at any time. This may mean your access to certain services is restricted or denied as a result. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, please contact us at gdpr@eco-wise.co.uk.

When we receive a request, we will take reasonable steps to verify your identity, and we will respond to your request to exercise these rights within a reasonable time (and in all cases within 30 days of receiving a request)

In addition, you may have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority. A list of data protection authorities in European Union countries can be found here: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en

11. Contacting us

We welcome your questions, comments, and concerns about privacy. If you have any questions about this Privacy Policy or our data practices, please contact us as follows: by e-mail at  gdpr@eco-wise.co.uk or write to us at EcoWise Ekodenge Ltd. Shepherds Bush Road 184, W6 7NL, London, United Kingdom.
You also have the right to lodge a complaint with your local data protection authority. A list of data protection authorities in European Union countries can be found here: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en