PRIVACY POLICY

EFFECTIVE DATE: JANUARY 1, 2026 JURISDICTION: GLOBAL / EU-27 CONTROLLER: 10060.ORG CONSORTIUM

1. INTRODUCTION & SCOPE

This Privacy Policy governs the processing of personal data by 10060.org (the "Controller") through its websites (10060.org, TreeFree.app), its Member Portal, and its Digital Proof Unit (DPU) verification services.

We are committed to protecting the privacy and security of your personal data in strict accordance with the General Data Protection Regulation (GDPR).

2. DATA CONTROLLER CONTACT DETAILS

Identity: 10060.ORG CONSORTIUM (A Division of GreenCore Solutions Corp.)

EU Representative Office: Taunusanlage 8, 60329 Frankfurt am Main, Germany

Data Protection Officer (DPO): privacy@10060.org

3. WHAT DATA WE COLLECT & WHY

A. FOR RETAILERS & OEM MEMBERS (B2B)

When you apply for membership or log in to the Member Portal:

Data Types: Business Email, Full Name, Job Title, IP Address, Login Credentials.

Purpose: To verify your status as an Authorized Economic Operator (AEO), manage Chain of Custody access, and generate compliance certificates.

Legal Basis: Performance of Contract (Article 6(1)(b) GDPR) – providing the agreed standard verification services.

B. FOR CONSUMERS (B2C via TreeFree.app)

When you scan a QR code on product packaging:

Data Types: IP Address, Geolocation (Country/City level only), Device Type, Time of Scan, Batch ID Scanned.

Purpose: To serve the correct localized verification data (DPU) and to prevent counterfeit/fraudulent product distribution (Security Logging).

Legal Basis: Legitimate Interest (Article 6(1)(f) GDPR) – ensuring the integrity of the compliance network and preventing fraud. We do not track individual user behavior for advertising.

C. FOR WEBSITE VISITORS

Data Types: Cookies (Strictly Necessary & Functional).

Purpose: Site security, load balancing, and session management.

Legal Basis: Legitimate Interest (Strictly Necessary) and Consent (Analytics/Functional).

4. HOW WE USE YOUR DATA (PROCESSING ACTIVITIES)

Verification Services: To authenticate users and grant access to the TreeFree Passport® ledger.

Compliance Audits: To maintain an immutable record of who accessed specific batch data (Chain of Custody).

Security Monitoring: To detect unauthorized scanning patterns indicative of "Grey Market" diversion or counterfeit manufacturing.

Regulatory Reporting: To aggregate anonymized data for EUDR and CSRD compliance reporting.

5. DATA SHARING & TRANSFERS

We do not sell your data. We share data only when strictly necessary:

Service Providers: Cloud hosting (AWS/Azure) processing data within the EU or under valid Adequacy Decisions (Data Privacy Framework).

Regulatory Authorities: If compelled by law (e.g., EUDR audit request by a Competent Authority).

International Transfers: Data transfers to our Canadian Headquarters are protected under the EU-Canada Adequacy Decision.

6. YOUR RIGHTS (GDPR)

Under the GDPR, you have the right to:

Access: Request a copy of your personal data.

Rectification: Correct inaccurate data.

Erasure ("Right to be Forgotten"): Request deletion of your data (subject to our legal obligation to maintain Chain of Custody records for regulatory purposes).

Restriction: Limit how we process your data.

Portability: Receive your data in a structured format.

Object: Object to processing based on Legitimate Interest.

To exercise these rights, contact: privacy@10060.org.

7. DATA RETENTION

Member Data: Retained for the duration of the Membership + 5 years (statutory limitation period for commercial contracts).

Scan Logs (Consumer): Retained for 12 months for security analysis, then anonymized.

Compliance Records: Retained indefinitely where required by EUDR/CSRD audit trails.

8. SECURITY MEASURES

We implement state-of-the-art technical and organizational measures (TOMs) including encryption (TLS 1.3), multi-factor authentication (MFA) for Members, and role-based access control (RBAC) to protect your data.

9. COOKIES

We use strictly necessary cookies to ensure the website functions. For analytics cookies, we request your granular consent via our Cookie Banner. You can manage your preferences at any time via the "Cookie Settings" link in the footer.

10. UPDATES

This policy was last updated on January 1, 2026. We reserve the right to amend this policy to reflect changes in law or our data processing practices.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.