.png){kind=small}
Software & Digital Services Terms
Software and Digital Services Terms Last updated: 4 April 2026 1. About these Terms 1.1 These Software and Digital Services Terms (“Terms”) govern access to and use of ZeroBees’ software, hosted tools, digital platforms and related digital services, including paid subscriptions, free tools, trial access, analyst-supported workflows and related support services (together, the “Services”). 1.2 These Terms form a legal agreement between: •Zero Bees Group Limited, company number 13363837, registered office 28 Derwent Grove, London, SE22 8EA, email toby@zerobees.com (“ZeroBees”, “we”, “us” or “our”); and •the business, organisation or other legal person accepting these Terms or using the Services (“Customer”, “you” or “your”). 1.3 These Terms are intended for business and professional use only. By accepting these Terms or using the Services, you confirm that: •you are acting for business purposes or on behalf of a business or organisation; and •you have authority to bind the Customer to these Terms. 1.4 These Terms apply to your use of: •the ZeroBees carbon platform; •the Business Impact Tracker; and •any other ZeroBees-hosted digital products or related digital services that we make available from time to time, unless we expressly state that separate or additional product-specific terms apply. 1.5 If an order form, proposal, statement of work, product page, pricing page, in-product purchase flow or other written commercial document applies to your purchase or use of the Services (an “Order Form”), that Order Form forms part of the agreement between you and us. 1.6 If there is any conflict between these documents, the order of precedence is: 1.the applicable Order Form; 2.any product-specific terms expressly stated to apply; 3.Schedule 1 (Data Processing Terms), where applicable; 4.these Terms; and 5.the Privacy and Cookies Notice. 2. The Services 2.1 The Services may include: •subscription-based access to ZeroBees software platforms; •free self-assessment or other free-access tools; •analyst review, score verification, onboarding, support or training delivered in connection with a digital product; •product documentation, content, templates, calculators, dashboards or reporting tools; and •related digital features, updates or enhancements. 2.2 We may update, improve, modify, suspend or discontinue parts of the Services from time to time. We will use reasonable efforts not to materially reduce the core functionality of a paid Service during a current paid subscription term, except where the change is reasonably required for security, legal, regulatory or technical reasons, or because a third-party dependency changes or ceases. 2.3 We may use third-party infrastructure, hosting, software or support providers in delivering the Services. 3. Accounts, Subscriptions and Authorised Users 3.1 To access some Services, you may need to create an account or be invited to use an account. 3.2 The Customer may authorise its employees, officers, contractors or advisers to access and use the Services on its behalf (“Authorised Users”), subject to any user limits, plan restrictions or role-based permissions. 3.3 The Customer is responsible for: •all use of the Services under its account; •ensuring that Authorised Users comply with these Terms; •keeping account and contact details accurate and up to date; •managing permissions and access levels for Authorised Users; and •promptly revoking access for any person who should no longer have access. 3.4 Each login must be used only by the named user to whom it is assigned, unless a particular product feature expressly allows otherwise. 3.5 We may set reasonable limits on user numbers, sites, entities, data volumes, features, storage, API use, submissions or other aspects of the Services depending on your subscription or product tier. 4. Free Services, Trials and Beta Features 4.1 We may make some Services available free of charge, on a trial basis, or as beta, pilot, early access or evaluation features (“Free Services”). 4.2 Free Services may be subject to additional limits, reduced functionality, reduced support and no service level commitment unless we expressly state otherwise. 4.3 We may change, suspend or withdraw Free Services at any time. 4.4 Unless otherwise expressly agreed, Free Services are provided as available, for business evaluation or limited use, and at your own risk. 5. Licence to Use the Services 5.1 Subject to these Terms and payment of applicable fees, ZeroBees grants the Customer a limited, non-exclusive, non-transferable, non-sublicensable right during the applicable term to permit its Authorised Users to access and use the Services for the Customer’s internal business purposes. 5.2 The licence in clause 5.1 does not include any right to: •resell, sublicense, lease, rent, timeshare or otherwise commercialise the Services, except where expressly agreed in writing; •copy, reproduce, modify or create derivative works of the Services except as expressly permitted by law or by us in writing; •reverse engineer, decompile, disassemble or attempt to discover source code, underlying models or non-public methods, except to the limited extent such restriction is prohibited by applicable law; •access or use the Services to build or support a competing product or service; or •use the Services in a manner that exceeds your purchased plan or agreed use case. 6. Fees, Billing and Taxes 6.1 Where fees apply, you must pay the fees and charges set out in the applicable Order Form, pricing page or in-product purchase flow. 6.2 Subscription fees are payable in advance unless otherwise stated. 6.3 Unless otherwise stated: •monthly subscriptions renew monthly; •annual subscriptions renew annually; and •one-off verification or fixed-fee product purchases do not renew automatically. 6.4 Either party may elect not to renew a subscription by giving notice before the next renewal date in accordance with the applicable Order Form or plan rules. 6.5 Fees are non-refundable except where these Terms expressly state otherwise or where refund rights cannot lawfully be excluded. 6.6 You must pay all applicable taxes, duties and similar charges, excluding taxes based on our net income, unless applicable law requires otherwise. 6.7 If you fail to pay undisputed amounts when due, we may: •charge interest on overdue sums at 4% per annum above the Bank of England base rate, accruing daily; •suspend access to the relevant Services on reasonable notice; and/or •recover reasonable costs of collection. 6.8 You must not withhold, offset or deduct any amount from fees due to us except where required by law. 7. Product-Specific Workflows 7.1 Certain Services may include product-specific workflows, evidence windows, review stages, analyst allocation processes, scoring logic or verification steps. 7.2 Where product-specific workflow terms apply, they may be set out in: •the relevant Order Form; •the product page; •the in-product workflow; •support documentation incorporated by reference; or •separate product-specific terms. 7.3 Unless expressly stated otherwise, any timing stated for analyst allocation, review, feedback, support response or verification is an estimate only, not a guaranteed turnaround time. 7.4 The quality, completeness and timing of any review, score, report or verification outcome may depend on the timeliness, completeness and accuracy of the Customer Data and evidence you provide. 8. Customer Responsibilities 8.1 You are responsible for: •providing accurate, complete and lawful information and Customer Data; •ensuring that you have all rights, permissions and lawful grounds needed to upload or submit Customer Data; •reviewing and validating outputs, calculations, reports, scores or recommendations before relying on them for business, legal, tax, regulatory, reporting or commercial purposes; •maintaining appropriate internal controls, backups and records for your own business needs; and •ensuring that your systems, devices and internet connections are adequate and secure for use of the Services. 8.2 You must promptly notify us if: •you become aware of unauthorised access to the Services; •account credentials are compromised; or •there is any actual or suspected security incident affecting your account or your use of the Services. 9. Acceptable Use 9.1 You must not, and must not permit any third party to: •use the Services for any unlawful, fraudulent, misleading or abusive purpose; •undermine or attempt to undermine the security, integrity or availability of the Services or any related systems; •interfere with or disrupt the Services or the use of the Services by others; •upload, transmit or introduce malware, malicious code or harmful content; •access or attempt to access any account, data or system without permission; •use the Services to infringe intellectual property, confidentiality, privacy or other rights of any person; •use the Services to store or process data in a way that breaches applicable law; •scrape, harvest, mine or systematically extract data or content from the Services except as expressly permitted by us; •use the Services to develop, train or improve a competing product or service without our written permission; or •behave towards our personnel in a threatening, abusive, discriminatory or harassing manner. 9.2 We may suspend access immediately if we reasonably believe there is a breach of this clause 9 or a material security, legal or regulatory risk. 10. Customer Data 10.1 As between the parties, the Customer retains ownership of all data, content, files, materials and information submitted, uploaded, entered or otherwise provided by or on behalf of the Customer to the Services (“Customer Data”). 10.2 The Customer grants ZeroBees a non-exclusive, worldwide, royalty-free licence during the term to host, copy, process, transmit, display, analyse and otherwise use Customer Data solely to: •provide, operate, support and secure the Services; •perform the agreement and any applicable Order Form; •maintain, troubleshoot, improve and develop the Services; •comply with law and enforce our rights; and •create aggregated and anonymised statistical information that does not identify the Customer, any individual or any confidential Customer Data. 10.3 We will not sell Customer Data. 10.4 You acknowledge that use of the Services may involve the processing of personal data, including personal data that you upload or submit. Where and to the extent we process personal data on your behalf as processor, Schedule 1 applies. 11. Privacy and Data Protection 11.1 Each party will comply with applicable data protection law in connection with its performance of these Terms. 11.2 To the extent we process personal data on your behalf as a processor, the data processing terms in Schedule 1 apply and form part of these Terms. 11.3 To the extent we process personal data as an independent controller, we do so in accordance with our Privacy and Cookies Notice. 12. Confidentiality 12.1 Each party may receive or have access to confidential information of the other party in connection with the Services (“Confidential Information”). 12.2 Each party must: •keep the other party’s Confidential Information confidential; •use it only for the purposes of performing or receiving the Services; •protect it using at least reasonable care; and •disclose it only to those of its personnel, advisers and subcontractors who need to know it for those purposes and who are bound by confidentiality obligations. 12.3 Confidential Information does not include information that: •is or becomes public through no breach of these Terms; •was lawfully known by the receiving party before disclosure; •is lawfully obtained from a third party without restriction; or •is independently developed without use of the disclosing party’s Confidential Information. 12.4 A party may disclose Confidential Information where required by law, court order or regulator, provided that, where lawful and practicable, it gives prior notice to the other party. 13. Intellectual Property 13.1 ZeroBees and its licensors own all intellectual property rights in and to the Services, including the software, platform architecture, designs, methodology, templates, content, reports, dashboards, product documentation, branding and all improvements to them, except for Customer Data and any Customer-owned materials. 13.2 Except for the limited rights expressly granted under these Terms, no intellectual property rights are transferred to the Customer. 13.3 We may use feedback, suggestions, recommendations and enhancement requests provided by you without restriction or obligation, provided we do not disclose your Confidential Information in doing so. 14. Support, Maintenance and Changes 14.1 We will provide reasonable support for the Services in accordance with the applicable plan, Order Form or product description. 14.2 Unless expressly agreed otherwise in writing, we do not provide a guaranteed support response time, resolution time, uptime commitment or service level agreement. 14.3 We may perform maintenance, updates, patches, fixes and upgrades from time to time, including emergency maintenance where reasonably necessary. 14.4 We will use reasonable efforts to minimise disruption, but the Services may be unavailable from time to time due to maintenance, technical issues, security measures or factors outside our reasonable control. 15. Security 15.1 We will maintain appropriate technical and organisational measures designed to protect the Services and Customer Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Customer Data, taking into account the nature of the Services and the risks involved. 15.2 No system can be guaranteed to be completely secure. You are responsible for maintaining your own internal security, device security, backups and access controls. 15.3 We may introduce, require or recommend account security features from time to time, including multi-factor authentication. 16. Warranties and Disclaimers 16.1 We warrant that: •we will provide the Services with reasonable skill and care; and •during a paid subscription term, the Services will materially conform to their applicable description in the Order Form or relevant product documentation, subject to reasonable changes, maintenance, updates and known limitations. 16.2 The Services are tools intended to support analysis, workflow, reporting, measurement, assessment and related business processes. Unless expressly agreed in writing, the Services do not constitute legal, financial, tax, accounting, audit, certification or regulated professional advice. 16.3 You remain responsible for: •your decisions, filings, disclosures, submissions, certifications and regulatory compliance; •the completeness and accuracy of Customer Data and evidence submitted by you; •assessing whether outputs, scores, recommendations or reports are appropriate for your circumstances; and •obtaining independent professional advice where needed. 16.4 Except as expressly set out in these Terms and to the maximum extent permitted by law, we exclude all implied terms, conditions, warranties and representations. 17. Suspension 17.1 We may suspend some or all of the Services immediately on notice, or without notice where reasonably necessary, if: •you fail to pay undisputed amounts when due; •we reasonably believe there is unauthorised access, misuse or a security incident; •your use of the Services breaches these Terms; •continued provision of the Services would create a legal, regulatory or sanctions risk; or •suspension is necessary to protect the Services, our systems, other customers or third parties. 17.2 Where reasonably practicable, we will give you notice of suspension and an opportunity to remedy the issue. 18. Term and Termination 18.1 These Terms start when you first accept them, create an account, place an order or first use the Services, and continue until terminated in accordance with this clause 18. 18.2 Each paid subscription continues for its initial term and any renewal term unless either party gives notice of non-renewal in accordance with the applicable Order Form or plan rules. 18.3 Either party may terminate a subscription or these Terms: •for material breach by the other party that is not remedied within 14 days of written notice; •immediately if the breach is incapable of remedy; or •immediately if the other party becomes insolvent or subject to a relevant insolvency process. 18.4 We may terminate Free Services or trial access at any time. 18.5 Termination of one Service or Order Form does not automatically terminate all Services unless expressly stated. 19. Effect of Termination 19.1 On termination or expiry: •your right to access and use the terminated Services ends; •you must stop using the terminated Services; and •any accrued rights and obligations remain in force. 19.2 Subject to payment of all outstanding fees, we will give you a reasonable opportunity to request export of Customer Data from the terminated Service during any post-termination access or export period we make available for that Service. 19.3 After the applicable export period, we may delete or render inaccessible Customer Data from the relevant live environment, subject to: •our backup and retention practices; •any legal or regulatory retention obligations; and •Schedule 1 where applicable. 19.4 Clauses intended to survive termination, including clauses relating to fees, confidentiality, intellectual property, liability, governing law and dispute resolution, will continue in force. 20. Liability 20.1 Nothing in these Terms excludes or limits liability for: •death or personal injury caused by negligence; •fraud or fraudulent misrepresentation; or •any liability that cannot lawfully be excluded or limited. 20.2 Subject to clause 20.1, neither party is liable to the other for any: •loss of profit; •loss of revenue; •loss of business; •loss of anticipated savings; •loss of goodwill or reputation; •loss of opportunity; or •indirect or consequential loss, arising out of or in connection with the Services or these Terms. 20.3 Subject to clauses 20.1 and 20.4, each party’s total aggregate liability arising out of or in connection with the Services and these Terms, whether in contract, tort (including negligence), misrepresentation, restitution or otherwise, will not exceed the total fees paid or payable by the Customer to ZeroBees for the affected Services in the 12 months immediately preceding the event giving rise to the claim. 20.4 The exclusions and cap in this clause 20 do not apply to: •the Customer’s liability to pay fees properly due; •either party’s misuse of the other party’s intellectual property; •either party’s breach of confidentiality; or •the Customer’s breach of clause 9, except to the extent such exclusion or limitation is prohibited by law. 21. Indemnity 21.1 The Customer will indemnify ZeroBees against losses, damages, costs and expenses reasonably incurred by ZeroBees arising from a third-party claim to the extent that the claim arises from: •Customer Data; •the Customer’s or an Authorised User’s unlawful or unauthorised use of the Services; or •the Customer’s breach of clause 9, except to the extent caused by ZeroBees’ breach of these Terms or negligence. 22. Force Majeure 22.1 Neither party is liable for delay or failure to perform to the extent caused by events beyond its reasonable control, including internet or telecommunications failures, denial of service attacks, cloud or infrastructure failures, labour disputes, acts of government, sanctions, war, civil unrest, natural disasters or pandemics. 23. Notices 23.1 Notices under these Terms must be in writing and sent: •to ZeroBees at toby@zerobees.com (or any replacement address we notify); and •to the Customer at the email address associated with the relevant account or Order Form. 23.2 A notice is deemed received: •if sent by email, when delivery is recorded by the sender’s email system, unless the sender receives an error or bounce-back message; or •if sent on a business day after 5pm, on the next business day in England. 24. Changes to the Terms 24.1 We may update these Terms from time to time. 24.2 If we make a material adverse change, we will use reasonable efforts to give advance notice, including by email, in-product notice or website publication. 24.3 Updated Terms will apply from the stated effective date. If you do not agree to a material adverse change, you may terminate the affected Service before the next renewal or, where required by law, cease use before the change takes effect. 25. General 25.1 These Terms, together with the documents incorporated by reference, form the entire agreement between the parties in relation to their subject matter and replace any prior discussions, proposals or understandings on that subject matter. 25.2 Neither party may rely on any representation not expressly set out in these Terms or the applicable Order Form, except for fraudulent misrepresentation. 25.3 The Customer may not assign, transfer or deal with its rights or obligations under these Terms without our prior written consent, not to be unreasonably withheld or delayed. We may assign these Terms to an affiliate or as part of a merger, acquisition, corporate reorganisation or sale of business. 25.4 If any provision is held invalid, illegal or unenforceable, the remainder will continue in full force. 25.5 A failure or delay to enforce a right is not a waiver of that right. 25.6 A person who is not a party to these Terms has no right to enforce them under the Contracts (Rights of Third Parties) Act 1999, except where these Terms expressly provide otherwise. 25.7 These Terms and any non-contractual obligations arising out of or in connection with them are governed by the law of England and Wales. 25.8 The courts of England and Wales have exclusive jurisdiction to settle any dispute arising out of or in connection with these Terms, save that either party may seek urgent injunctive or equitable relief in any court of competent jurisdiction where necessary to protect its confidential information, intellectual property or systems. ________________________________________ Schedule 1 – Data Processing Terms This Schedule 1 applies where and to the extent ZeroBees processes personal data on behalf of the Customer as a processor in connection with the Services. 1. Roles 1.1 The Customer is the controller and ZeroBees is the processor, unless otherwise stated in an applicable Order Form or unless the parties act as independent controllers for a particular processing activity. 2. Details of Processing 2.1 The subject matter, duration, nature and purpose of the processing, the types of personal data and categories of data subjects are those described in the applicable Order Form, product workflow, service description or as otherwise reasonably necessary to provide the Services. 2.2 The processing may include hosting, storage, organisation, retrieval, review, reporting, analytics, support, deletion and other processing reasonably required to provide and secure the Services. 3. Customer Instructions 3.1 ZeroBees will process personal data only on the Customer’s documented instructions, including as set out in these Terms, the applicable Order Form, and documented use of the Services by the Customer and its Authorised Users, unless otherwise required by law. 3.2 If ZeroBees believes an instruction infringes applicable data protection law, it will inform the Customer, unless prohibited by law. 4. Confidentiality 4.1 ZeroBees will ensure that persons authorised to process personal data are subject to an appropriate duty of confidentiality. 5. Security 5.1 ZeroBees will implement appropriate technical and organisational measures to protect personal data, taking into account the state of the art, implementation costs, the nature, scope, context and purposes of processing, and the risks to individuals. 6. Sub-processors 6.1 The Customer authorises ZeroBees to use sub-processors in connection with the Services. 6.2 ZeroBees will impose data protection obligations on sub-processors that are substantially equivalent to the obligations in this Schedule. 6.3 ZeroBees remains responsible for the performance of its sub-processors to the extent required by applicable law. 6.4 ZeroBees will make available information about its material sub-processors on request or through an online list where maintained. 7. Assistance 7.1 Taking into account the nature of the processing and the information available to ZeroBees, ZeroBees will provide reasonable assistance to the Customer in relation to: •requests from data subjects; •personal data breach notification obligations; •data protection impact assessments; and •consultations with supervisory authorities, to the extent required by applicable data protection law and reasonably requested by the Customer. 8. Personal Data Breaches 8.1 ZeroBees will notify the Customer without undue delay after becoming aware of a personal data breach affecting personal data processed on behalf of the Customer. 9. Deletion and Return 9.1 On termination or expiry of the relevant Services, ZeroBees will, at the Customer’s choice and subject to technical practicality, legal obligations and standard backup retention, delete or return the relevant personal data after any export period made available under the Services. 10. Audits and Information 10.1 ZeroBees will make available information reasonably necessary to demonstrate compliance with this Schedule and applicable controller-processor obligations. 10.2 Where reasonably required, the Customer may request an audit or inspection, subject to reasonable notice, confidentiality protections, proportionality, frequency limits, and protection of other customers’ systems and confidential information. ZeroBees may satisfy this obligation through provision of third-party audit reports, certifications or comparable evidence where appropriate. 11. International Transfers 11.1 Where ZeroBees transfers personal data outside the UK in connection with the Services, ZeroBees will ensure that appropriate transfer safeguards are in place as required by applicable data protection law.
Privacy & Cookies Policy
Privacy and Cookies Notice Last updated: 4 April 2026 1. Who we are This Privacy and Cookies Notice explains how Zero Bees Group Limited (“ZeroBees”, “we”, “us” and “our”) collects, uses and protects personal data when you visit our website, contact us, or otherwise interact with us. Zero Bees Group Limited is the controller of the personal data described in this notice. Company number: 13363837 Email: toby@zerobees.com If you have any questions about this notice or how we use your personal data, please contact us using the details above. 2. What this notice covers This notice applies to personal data we collect through our website and through related communications with prospective clients, clients, suppliers, partners and other business contacts. This notice does not apply to third-party websites we link to. Those websites have their own privacy notices and terms. 3. The personal data we collect We may collect and use the following categories of personal data: •identity and contact data, such as your name, job title, company name, email address, telephone number and postal address; •enquiry and correspondence data, such as information you include when you contact us, submit a form, email us or otherwise communicate with us; •business relationship data, such as information about the services you enquire about, proposals, projects, meetings and our communications with you; •technical and usage data, such as IP address, browser type, device information, pages viewed, referral source and website interactions; •cookie and preference data, including whether you have accepted or rejected non-essential cookies. We do not intentionally collect special category personal data through our website. Please avoid sending sensitive personal data through website forms unless it is genuinely necessary. 4. How we collect personal data We collect personal data: •directly from you, for example when you complete a contact form, email us, book a call, download a resource, sign up for updates, or otherwise contact us; •automatically when you use our website, through server logs, cookies and similar technologies; •occasionally from publicly available sources or through business introductions, referrals, event participation or networking activity, where relevant to a business relationship. 5. How we use your personal data and our lawful bases We use personal data for the following purposes: To respond to enquiries and manage communications We use your information to respond to messages, discuss potential work, send requested information and manage our relationship with you. Lawful basis: legitimate interests, and where relevant, taking steps at your request before entering into a contract. To provide services and manage our client and supplier relationships We use personal data to deliver services, manage projects, maintain records, administer contracts and carry out related business operations. Lawful basis: performance of a contract, legitimate interests, and compliance with legal obligations where applicable. To operate, secure and improve our website We use technical information and limited website usage data to keep the site functioning, maintain security, troubleshoot issues and understand how the site is used. Lawful basis: legitimate interests, and consent where non-essential cookies are used. To send business communications and relevant marketing We may send updates about our services, insights, events or content that we think may be relevant to you or your organisation. Lawful basis: legitimate interests or consent, depending on the type of communication and the legal rules that apply. To comply with legal and regulatory obligations and protect our business We may process personal data where necessary to comply with legal obligations, respond to lawful requests, exercise or defend legal claims, and protect our business from fraud, misuse or security threats. Lawful basis: legal obligation and legitimate interests. Where we rely on legitimate interests, we do so only where we have considered that our use of your personal data is fair, proportionate and does not override your rights and interests. 6. Marketing If you receive marketing communications from us, you can unsubscribe at any time by using the unsubscribe link in the message or by contacting us directly. We may send marketing emails to corporate email addresses in accordance with applicable data protection and electronic marketing rules. We keep suppression records where someone asks not to receive such communications. 7. Cookies and similar technologies Our website uses cookies and similar technologies. Some cookies are strictly necessary for the website to function properly. These may include cookies used for security, network management, accessibility, load balancing, form submission, or to remember basic site functionality. These cookies do not require consent. We may also use non-essential cookies through HubSpot or similar tools to help us understand how visitors use the website, improve performance, or support website functionality. We only use these non-essential cookies where you have given your consent through our cookie banner. You can accept or reject non-essential cookies when you visit the website. At present, you may not be able to change your cookie preferences through a persistent settings link at any time. If you want to change your choice later, you may be able to do so on a later visit when the cookie banner is shown again, or by adjusting your browser settings and clearing cookies. You can also control cookies through your browser settings, although disabling some cookies may affect how the website functions. 8. Who we share personal data with We may share personal data with trusted third parties where necessary for the purposes described in this notice, including: •website hosting, IT and security providers; •CRM, form handling, website analytics or communication platform providers, including HubSpot where used on the site; •professional advisers such as lawyers, accountants, insurers and auditors; •regulators, courts, law enforcement agencies or government authorities where required by law or to protect our legal rights; •potential buyers, investors or advisers in connection with a business sale, merger or reorganisation, where appropriate. We do not sell personal data. 9. International transfers Some of our service providers may process personal data outside the UK. Where personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place as required by data protection law. These may include transfers to countries recognised as providing adequate protection, or the use of approved contractual safeguards. You can contact us if you would like more information about any international transfers and the safeguards we use. 10. Data retention We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, regulatory, tax, accounting or reporting requirements. Retention periods vary depending on the type of information and the reason we hold it. Where we do not have a fixed retention period, we determine retention by considering the nature of the data, the purpose for processing, legal requirements, and whether we need the information to establish, exercise or defend legal claims. For example: •contact form and enquiry data: typically up to 24 months after the last meaningful contact, unless it becomes part of an active client or supplier relationship; •client and contractual records: typically up to 6 years after the end of the relationship, unless a longer period is required; •cookie preference records: in line with the relevant cookie duration or until preferences are refreshed. 11. Your rights Depending on the circumstances, you have the right to: •request access to the personal data we hold about you; •request correction of inaccurate or incomplete personal data; •request erasure of your personal data; •request restriction of processing; •object to processing based on legitimate interests; •request transfer of your personal data in a portable format, where applicable; •withdraw consent at any time where we rely on consent. To exercise any of these rights, please contact us using the details in section 1. 12. Complaints If you have concerns about how we use your personal data, please contact us first and we will try to resolve the issue. You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters. 13. Security We take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure and unauthorised access. No method of transmission over the internet or method of electronic storage is completely secure, but we work to maintain appropriate safeguards. 14. Changes to this notice We may update this Privacy and Cookies Notice from time to time to reflect changes in our website, services, legal obligations or the way we process personal data. When we make material changes, we will update the “Last updated” date above and, where appropriate, take additional steps to bring the changes to your attention.
Anti Slavery & Human Trafficking Statement
Anti-Slavery and Human Trafficking Statement Last updated: 4 April 2026 This statement is made by Zero Bees Group Limited (“ZeroBees”, “we”, “us” or “our”). Although ZeroBees is not currently within the turnover threshold requiring a statement under section 54 of the Modern Slavery Act 2015, we choose to publish this statement voluntarily because we believe businesses of all sizes should take steps to prevent modern slavery and labour exploitation in their operations and supply chains. The UK Government’s updated guidance encourages smaller organisations to do the same. This statement relates to the actions taken by ZeroBees during our most recently completed financial year, 1 May 2024 to 30 April 2025. Our business ZeroBees is a UK-based sustainability consultancy and digital services business. We support organisations with carbon measurement, sustainability strategy, impact, reporting and related advisory work. Our operations are predominantly office-based and professional in nature. Our supply chain is comparatively limited and is made up mainly of professional services, software and technology providers, and a small number of contractors or specialist associates where needed. Our approach We are committed to acting ethically and to preventing modern slavery, forced labour, servitude, human trafficking and other forms of labour exploitation in our business and supply chain. We recognise that no sector or supply chain is entirely free from risk, and that a lower-risk profile does not remove the need for vigilance. Current UK guidance emphasises that businesses should be proactive in identifying and addressing risks, rather than assuming they do not exist. Policies and controls The policies and practices most relevant to this area include: •our employment and contractor arrangements; •our recruitment and onboarding practices; •our supplier selection and review processes; •our whistleblowing, grievance and reporting routes where applicable; •our broader ethical, legal and compliance standards. We aim to work only with suppliers and partners whose conduct is consistent with our values and with applicable law. Risk assessment Based on the nature of our business, we consider our direct operational risk of modern slavery to be relatively low. We do not operate in sectors typically associated with the highest prevalence of forced labour, and we do not run labour-intensive operations or complex manufacturing supply chains. However, we recognise that risk can still arise indirectly, including through: •outsourced services; •contracted labour; •technology and infrastructure supply chains; •cleaning, facilities, hospitality or other support services procured through third parties; •providers operating across multiple jurisdictions. Our approach is therefore not to assume zero risk, but to take proportionate steps to identify and manage it. Due diligence and supplier approach During the period covered by this statement, our approach included proportionate due diligence when selecting and reviewing suppliers and external partners, taking account of factors such as: •the nature of the service provided; •the location of operations; •the use of subcontracting or outsourced labour; •the supplier’s reputation and conduct; •whether the supplier has relevant modern slavery, human rights, employment or ethical policies in place, where appropriate. For higher-dependency or more material suppliers, we may request additional information or assurances where proportionate to do so. We also reserve the right to reconsider or end supplier relationships where conduct falls materially short of our expectations. People and reporting concerns We are committed to fair treatment, lawful working arrangements and respectful working relationships. We expect employees, contractors and partners to raise concerns where they believe exploitation, coercion, abuse or unethical labour practices may be taking place. Concerns raised in good faith will be taken seriously and reviewed appropriately. Where a concern is identified, we aim to respond proportionately and responsibly. This may include further investigation, engagement with the relevant supplier or partner, and, where necessary, escalation or termination of a relationship. Training and awareness Given our size and risk profile, we take a proportionate approach to training and awareness. This includes ensuring that relevant team members understand: •what modern slavery and labour exploitation can look like in practice; •where risks may arise, even in lower-risk business models; •what warning signs to look for in supplier relationships; •how to raise concerns. Monitoring and next steps We view this as an area for ongoing review rather than a one-off compliance exercise. Over time, we intend to continue strengthening our approach in proportion to the size and complexity of the business. Our priorities for the coming period are to: •keep this statement under annual review; •maintain proportionate supplier screening and oversight; •ensure relevant internal policies remain current; •continue building awareness of modern slavery risk in our business relationships. Approval This statement has been approved by Zero Bees Group Limited and is published in the spirit of transparency and continuous improvement.
Data Security Policy
ZeroBees Security policy Last updated: 15 February 2024 1. Purpose To establish guidelines for securing the cloud-based SaaS application and its associated data. To ensure that data in the cloud is protected against unauthorized access, disclosure, alteration, and destruction. 2. Scope This policy applies to all employees, contractors, and third-party service providers with access to the cloud-based SaaS environment. 3. Responsibilities The Information Security Team is responsible for implementing, monitoring, and enforcing this policy. All users are responsible for adhering to this policy. 4. User Access Control Access to the SaaS application will be controlled through secure authentication mechanisms (e.g., multi-factor authentication). Access levels and permissions will be based on the principle of least privilege, ensuring users have only the access necessary for their role. Regular audits will be conducted to review access rights and adjust them as necessary. 5. Data Encryption All data stored in the cloud, including backups, will be encrypted at rest and in transit using industry-standard encryption algorithms. Encryption keys will be managed securely, with periodic rotation and strict access controls. 6. Incident Response An Incident Response Plan (IRP) will be developed and regularly updated to address potential security incidents. All users must report suspected security incidents immediately to the Information Security Team. The IRP will outline procedures for response, investigation, mitigation, and recovery from security incidents. 7. Data Privacy and Compliance The SaaS application will comply with applicable data protection laws and regulations (e.g., GDPR, CCPA). Data processing activities will be documented, and data subject rights will be respected and facilitated. 8. Network Security Network security controls, such as firewalls and intrusion detection/prevention systems, will be implemented to protect the SaaS environment. Regular vulnerability assessments and penetration testing will be conducted to identify and remediate potential security weaknesses. 9. Cloud Environment Configuration The cloud environment will be configured according to best practices for security, including the use of security groups, secure APIs, and logging and monitoring services. Configuration changes will be tracked and audited. 10. Business Continuity and Disaster Recovery A Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) will be established to ensure service availability in the event of a disaster or significant disruption. Regular backups of data will be performed, and the ability to restore from backups will be tested periodically. 11. Training and Awareness All users will receive regular training on cybersecurity threats, safe online behaviours, and adherence to this security policy. Security awareness campaigns will be conducted to keep security at the forefront of users' minds. We have policies on best practices such as password policy, removable media policy to ensure staff are well trained in the best practises on cyber security 12. Policy Review and Update This security policy will be reviewed and updated annually or in response to significant changes to the threat landscape or business operations. 13. Enforcement Violations of this policy may result in disciplinary action, up to and including termination of employment or contract and legal action. 14. Suppliers Suppliers will be vetted for security compliance and a log of critical suppliers will be maintained Where applicable/appropriate suppliers will be asked to complete security compliance to ensure that they fit Zerobees’s standards. 15. Assets We will keep and maintain an asset register of critical assets to the business including software, hardware and virtual. We will be responsible for removing physical hardware at end of life.