This Privacy Policy explains how VerifiedClimate™ Limited (“VerifiedClimate™”, “we”, “us”, or “our”) collects, uses, stores, shares, and protects information in connection with the use of our services, systems, and digital infrastructure, including but not limited to the website accessible at https://www.verifiedclimate.com and all related subdomains, services, tools, features, software, integrations, and associated platforms (collectively, the “Services”).

By accessing or using the Services, the user (“User”, “you”, “your”) consents to the practices described in this Privacy Policy. If you do not agree with the terms of this Policy, do not use the Services.

1. Scope and Purpose

This Policy applies to all personal and non-personal data collected by VerifiedClimate™ through the Services. VerifiedClimate™ operates a compliance-grade infrastructure intended for timestamping and archiving climate-related declarations. This infrastructure is neutral, automated, and does not act as a regulator, validator, or certifier.

2. Controller Information

VerifiedClimate™ Limited. Company Registration Number: 788557. Registered Office: Corporate Financial Solutions, Middle Third Terrace, Block 6, Killester, Dublin. D05 WC86. Ireland

VerifiedClimate™ is the data controller for the purposes of GDPR.

3. Categories of Data Collected

A. Information Provided by Users:

• Organization name

• Contact email address(es)
  

• Submitted climate declarations and supporting materials
  

• Region, sector, and summary information
  

• All submitted files are handled through a secure, automated upload and storage pipeline backed by enterprise-grade infrastructure.
  Files are stored using a cloud-based system that leverages ISO 27001-certified, SOC-audited, and AWS-powered architecture, with built-in redundancy and disaster recovery protocols to ensure long-term reliability.
  ‍
  ‍Encryption in transit and at rest
  All files are encrypted using AES‑256 encryption at rest, and TLS/HTTPS during transfer, aligning with modern security standards for sensitive content transmission and storage.
  
  ‍No human handling
  Files are processed and stored without any human access or manual intervention. VerifiedClimate™ staff and third-party personnel do not have the ability to view or retrieve submitted materials.
  
  ‍Submitter‑exclusive control
  Only the original submitter determines whether supporting documents are visible or kept private. Records and materials are never made public unless the submitter explicitly enables visibility.
  
  ‍Global compliance alignment
  The underlying storage infrastructure complies with leading international data protection and sustainability disclosure frameworks, including the General Data Protection Regulation (EU) 2016/679 (GDPR), the California Consumer Privacy Act of 2018 (CCPA), and the Data Protection Act 2018 (Ireland). It also aligns with the transparency and accountability standards introduced by the Corporate Sustainability Reporting Directive (Directive (EU) 2022/2464), where applicable. All user-submitted content is handled in accordance with the highest standards of lawful processing, data integrity, and disclosure reliability
  
  ‍Resilience & reliability
  All stored files benefit from redundant replication and automated failover, preserving availability and integrity even in the event of isolated infrastructure failures.
  

B. Automatically Collected Data:

• IP address and device metadata
  

• Browser type and settings
  

• Operating system
  

• Date/time of access
  

• Referring URL and on-site behavior logs
  

• Metadata associated with submission timestamps
  

C. Optional and Supplementary Fields (when enabled):

• "Declared by" field (e.g., name, role, or department)
  

• Purpose selection dropdown metadata
  

• Visibility settings (e.g., document access control)
  

4. Legal Basis for Processing

VerifiedClimate™ processes personal data under one or more of the following lawful bases:

• Contractual Necessity: To perform the Services as requested by the User;
  

• Legitimate Interests: Including system integrity, legal compliance, and platform improvement;
  

• Consent: When the User opts to make supporting documents or metadata publicly visible;
  

• Legal Obligation: Where required by applicable law or regulatory directive.
  

5. Use of Data

VerifiedClimate™ uses collected data for the following purposes:

• To provide, operate, and maintain the Services;
  

• To create, timestamp, and archive Verified Records;
  

• To display non-personal activity summaries on public-facing infrastructure (e.g., feed or ticker);
  

• To maintain audit trails, detect fraud, and ensure system integrity;
  

• To respond to legal requests or comply with statutory obligations;
  

• To improve and adapt platform performance and functionality.
  

6. Data Storage and Retention

• All data is securely stored using advanced encryption and access control protocols.
  

• Data is hosted in secure environments compliant with European and Irish data protection standards.
  

• Records are retained only as long as necessary for operational, legal, or archival purposes.
  

• Immutable VerifiedClimate Records are stored permanently; however, visibility of supporting files is governed by user-controlled settings.
  

7. Data Sharing and Transfers

VerifiedClimate™ does not sell, lease, or share personal data with third parties for marketing purposes.

Data may be shared under strict limitations:

• With infrastructure partners and subprocessors (e.g., hosting providers, email processors) under GDPR-compliant data processing agreements;
  

• With competent legal authorities when required by law or court order;
  

• Internally within VerifiedClimate™ for compliance and system integrity purposes;
  

• Publicly only when the User explicitly selects visibility settings allowing for document sharing.
  

8. International Transfers

If personal data is transferred outside the European Economic Area (EEA), such transfers are safeguarded using appropriate legal mechanisms, including:

• Standard Contractual Clauses (SCCs);
  

• Adequacy decisions issued by the European Commission;
  

• Binding corporate rules (if applicable).
  

9. Data Security

No Use of Artificial Intelligence in Processing
VerifiedClimate™ does not deploy any form of artificial intelligence (AI), machine learning (ML), or algorithmic decision-making systems in the processing, storage, analysis, or evaluation of user-submitted content.
‍
All submissions are handled using deterministic backend logic, with no profiling, predictive modeling, or automated inference applied at any stage.
This deliberate exclusion of AI ensures full compliance with the transparency and accountability principles enshrined in the General Data Protection Regulation (EU) 2016/679 (GDPR), including Articles 5, 22, and related provisions of the Data Protection Act 2018 (Ireland).

In particular, no automated decision-making or content interpretation occurs that could affect the rights, obligations, or standing of the submitter or any third party.By avoiding AI-driven processes entirely, the VerifiedClimate™ infrastructure preserves the clarity, auditability, and human-legible traceability of all records issued through the platform.

VerifiedClimate™ implements robust technical and organizational measures to protect data against unauthorized access, alteration, disclosure, or destruction, including but not limited to:

• End-to-end encryption;
  

• Role-based access controls;
  

• Immutable record timestamping;
  

• Regular integrity checks and security audits.
  

10. User Rights Under GDPR

Users have the right to:

• Access their personal data;
  

• Request correction of inaccurate or incomplete data;
  

• Request erasure of personal data, subject to legal exceptions;
  

• Object to processing based on legitimate interests;
  

• Request data portability;
  

• Withdraw consent for processing at any time (where applicable);
  

• Lodge a complaint with the Irish Data Protection Commission.
  

To exercise any rights, contact: privacy@verifiedclimate.com

11. Automated Decision-Making and Profiling

VerifiedClimate™ does not perform profiling or automated decision-making that produces legal or similarly significant effects. Automated workflows relate exclusively to the structured issuance of immutable records and do not affect legal status or third-party relationships.

12. Cookies and Tracking Technologies

VerifiedClimate™ uses minimal cookie technology strictly necessary for:

• Security and authentication;
  

• Submission continuity;
  

• Analytics (aggregate, non-identifiable);
  All optional cookies are disabled by default. Users may manage cookie settings in their browser.
  

13. Children’s Privacy

The Services are not intended for individuals under the age of 18. VerifiedClimate™ does not knowingly collect personal data from children. If you believe that a child has submitted data, contact: privacy@verifiedclimate.com

14. Amendments to this Privacy Policy

VerifiedClimate™ may amend this Policy at any time to reflect updates in law, platform functionality, or operational practices. Updated versions will be posted to the website with a clearly indicated effective date. Continued use of the Services after any update constitutes acceptance of the revised Policy.

15. Contact

For privacy inquiries, data access requests, or exercise of rights, contact:

Privacy Officer
VerifiedClimate™
Email: privacy@verifiedclimate.com