Data Protection and Privacy Policy
Welcome to Riskoa, supporting both Emvide and LCA Factory. We are committed to protecting the privacy and security of our users' data. This Data Protection and Privacy Policy outlines how we collect, use, protect, and share information gathered through both platforms.
Data Collection:
User Information: We collect personal information such as name, email address, and professional details to create accounts, provide customer support, and communicate updates.
Usage Data:
For Emvide, we collect data related to your usage of the platform, such as login information, time spent on the platform, and the types of analyses conducted. This data helps us improve our services and enhance user experience.
For LCA Factory, we collect data related to project details, such as the scope of work, lifecycle boundaries, and other project-specific inputs.
Project Data:
Emvide: We store the lifecycle assessment data you input, including details about products, processes, and environmental impacts. This information remains confidential and is used solely for your LCA projects, unless specifically selected to share with additional parties. This remains a user option.
LCA Factory: Data provided by clients for assessments, such as Bills of Materials (BOMs) and environmental metrics.
Lifecycle Assessment Data Sources and Use:
Emvide is Riskoa’s lifecycle assessment (LCA) system and data infrastructure. It is used directly by platform users and underpins delivery through the LCA Factory service. All assessments follow a structured approach to data sourcing, documentation, and governance consistent with recognised LCA standards and good practice.
Primary (Client-Provided) Data
Where available, assessments are based on data supplied by clients, which may include:
Bills of Materials (BOMs)
Product specifications and compositions
Manufacturing process descriptions and routes
Energy use, material inputs, yields, and losses
Supplier-specific environmental data where provided
Client-provided data remains the property of the client and is used solely for the purposes of the agreed assessment.
Secondary and Background Data
Where primary data is incomplete or unavailable, Emvide uses recognised secondary life cycle inventory (LCI) datasets, including:
The latest released version of the ecoinvent database
Peer-reviewed or publicly available LCI datasets
Industry-average or regionally representative background data appropriate to the defined system model
Secondary datasets are selected based on relevance, coverage, and methodological suitability and are documented within the underlying model.
Environmental Product Declarations (EPDs) and Additional Sources
Additional data sources may be incorporated where appropriate, including:
Environmental Product Declarations (EPDs) that meet recognised LCI and LCIA system model requirements
Supplier-specific datasets that are methodologically transparent and fit for purpose
The suitability of such data is assessed on a case-by-case basis.
Assumptions, Proxies, and Custom Data
Where assumptions, proxy data, or custom datasets are required:
These are explicitly recorded within the model and supporting documentation
Their use is aligned with recognised LCA standards and methodological guidance
They are reviewed and refined as improved or more specific data becomes available
Where clients or users introduce custom or third-party data, responsibility for the appropriate end use, referencing, and validity of that data rests with the user.
Traceability and Review
All data inputs, sources, and assumptions used within Emvide are traceable within the assessment workflow. In LCA Factory delivery, assessments are taken through defined review and quality gates, including:
Validation of data sources and scope
Explicit review of assumptions and proxies
Iterative refinement prior to decision-ready outputs
This ensures assessments are transparent, defensible, and appropriate to their intended use.
Data Use:
Service Provision: Your data enables us to deliver tailored and efficient services for both Emvide and LCA Factory.
Improvement and Development: We analyse usage data to enhance Emvide functionalities and introduce new features that respond to user needs.
Communication: We use your contact information to send updates, notifications, and informative content.
Data Protection:
At Riskoa, we prioritise the security and confidentiality of your data across both Emvide and LCA Factory. We employ rigorous measures to ensure your information remains safe from unauthorised access and breaches.
1. Security Measures
Encryption: All data transmitted and stored on our platforms is encrypted using industry-standard encryption protocols to safeguard against unauthorised access.
Secure Infrastructure: Our platforms operate on secure servers located in compliant data centres with advanced physical and digital security measures.
Regular Audits: We conduct periodic security audits and vulnerability assessments to ensure our systems are up-to-date and resilient against emerging threats.
2. Access Controls
Restricted Access: Data access is limited to authorised personnel who require it to fulfil their job responsibilities. These personnel are bound by strict confidentiality agreements and undergo regular training on data protection practices.
Role-Based Permissions: Access to sensitive data is managed through role-based permissions, ensuring users and staff only have access to the information necessary for their tasks.
Two-Factor Authentication (2FA): All access to sensitive systems and data requires two-factor authentication to add an additional layer of protection.
3. Monitoring and Response
Continuous Monitoring: We utilise real-time monitoring tools to detect and respond to potential security threats swiftly.
Incident Response Plan: In the unlikely event of a data breach, our incident response plan ensures immediate action, notification to affected parties, and mitigation measures to minimise impact.
4. Alignment with Standards
ISO Compliance Roadmap: Riskoa is committed to aligning its platforms with international standards such as ISO 27001 for information security management.
GDPR Compliance: We adhere to the General Data Protection Regulation (GDPR) and other relevant data protection laws to ensure your rights are respected and your data is handled responsibly.
Data Sharing:
No Third-Party Sharing: We do not sell, trade, or otherwise transfer your personal data to external parties. Any sharing of data is strictly limited to what is necessary to provide our services, and with your explicit consent.
Legal Compliance: We may disclose your information if required by law or if such action is necessary to comply with legal processes or to protect the rights, property, or safety of Emvide, our users, or others.
User Rights:
Access and Control: You have the right to access your personal information, correct any inaccuracies, or request its deletion. You can manage your information through your account settings or by contacting our support team.
Data Portability: Upon request, we can provide you with a copy of your data in a commonly used electronic format.
Consent Withdrawal: You may withdraw your consent to data processing at any time. However, this will not affect the lawfulness of processing based on consent before its withdrawal.
Updates to Our Privacy Policy:
This Privacy Policy is periodically reviewed and updated to reflect changes in our practices or regulatory requirements. We maintain an internal version history to track all changes, which is available upon request. Significant updates will be communicated to users through the platform or direct communication. We encourage you to review this Privacy Policy regularly to stay informed about how we protect your data.
We encourage you to review our Data Protection and Privacy Policy regularly to stay informed about how we are protecting your information. If you have any questions or concerns about our data practices, please contact us at [email protected].
Last updated