This Privacy Policy explains how VerifiedClimate™ Limited (“VerifiedClimate™”, “we”, “us”, or “our”) collects, uses, stores, shares, and protects information in connection with the use of our services, systems, and digital infrastructure, including but not limited to the website accessible at https://www.verifiedclimate.com and all related subdomains, services, tools, features, software, integrations, and associated platforms (collectively, the “Services”).

By accessing or using the Services, the user (“User”, “you”, “your”) consents to the practices described in this Privacy Policy. If you do not agree with the terms of this Policy, do not use the Services.

1. Scope and Purpose

This Policy applies to all personal and non-personal data collected by VerifiedClimate™ through the Services. VerifiedClimate™ operates a compliance-grade infrastructure intended for timestamping and archiving climate-related declarations. This infrastructure is neutral, automated, and does not act as a regulator, validator, or certifier.

2. Controller Information

VerifiedClimate™ Limited. Company Registration Number: 788557. Registered Office: Corporate Financial Solutions, Middle Third Terrace, Block 6, Killester, Dublin. D05 WC86. Ireland

VerifiedClimate™ is the data controller for the purposes of GDPR.

3. Categories of Data Collected

A. Information Provided by Users:

• Organization name

• Contact email address(es)
  

• Submitted climate declarations and supporting materials
  

• Region, sector, and summary information
  

• Supporting documents and how VerifiedClimate™ secures submitted files / documents with enterprise‑grade cloud infrastructure.
  ‍
  All documents are stored on AWS‑backed, ISO 27001‑certified, SOC‑audited infrastructure with built‑in redundancy and disaster recovery.
  Files are delivered via a globally distributed content delivery network (CDN) to ensure both security and performance.
     
  Encryption in transit and at rest
  Every document is encrypted using industry‑standard AES‑256 while at rest, and protected with TLS/HTTPS during transfer.
     
  No human handling
  All documents remain within an automated, access‑controlled storage layer. No VerifiedClimate™ staff or third parties have access to view or handle submitted files.
     
  Submitter‑exclusive control
  Only the original submitter determines document visibility. Supporting materials and issued records are never made public or shared unless explicitly enabled by the submitter.
     
  Global compliance alignment
  VerifiedClimate™ infrastructure aligns with GDPR, CCPA, and other major data protection standards, ensuring lawful, transparent, and secure handling of submitted content.
     
  Resilience & reliability
  Storage is redundantly replicated with automated failover, ensuring documents remain safe even in the unlikely event of infrastructure failure.
  

B. Automatically Collected Data:

• IP address and device metadata
  

• Browser type and settings
  

• Operating system
  

• Date/time of access
  

• Referring URL and on-site behavior logs
  

• Metadata associated with submission timestamps
  

C. Optional and Supplementary Fields (when enabled):

• "Declared by" field (e.g., name, role, or department)
  

• Purpose selection dropdown metadata
  

• Visibility settings (e.g., document access control)
  

4. Legal Basis for Processing

VerifiedClimate™ processes personal data under one or more of the following lawful bases:

• Contractual Necessity: To perform the Services as requested by the User;
  

• Legitimate Interests: Including system integrity, legal compliance, and platform improvement;
  

• Consent: When the User opts to make supporting documents or metadata publicly visible;
  

• Legal Obligation: Where required by applicable law or regulatory directive.
  

5. Use of Data

VerifiedClimate™ uses collected data for the following purposes:

• To provide, operate, and maintain the Services;
  

• To create, timestamp, and archive Verified Records;
  

• To display non-personal activity summaries on public-facing infrastructure (e.g., feed or ticker);
  

• To maintain audit trails, detect fraud, and ensure system integrity;
  

• To respond to legal requests or comply with statutory obligations;
  

• To improve and adapt platform performance and functionality.
  

6. Data Storage and Retention

• All data is securely stored using advanced encryption and access control protocols.
  

• Data is hosted in secure environments compliant with European and Irish data protection standards.
  

• Records are retained only as long as necessary for operational, legal, or archival purposes.
  

• Immutable VerifiedClimate Records are stored permanently; however, visibility of supporting files is governed by user-controlled settings.
  

7. Data Sharing and Transfers

VerifiedClimate™ does not sell, lease, or share personal data with third parties for marketing purposes.

Data may be shared under strict limitations:

• With infrastructure partners and subprocessors (e.g., hosting providers, email processors) under GDPR-compliant data processing agreements;
  

• With competent legal authorities when required by law or court order;
  

• Internally within VerifiedClimate™ for compliance and system integrity purposes;
  

• Publicly only when the User explicitly selects visibility settings allowing for document sharing.
  

8. International Transfers

If personal data is transferred outside the European Economic Area (EEA), such transfers are safeguarded using appropriate legal mechanisms, including:

• Standard Contractual Clauses (SCCs);
  

• Adequacy decisions issued by the European Commission;
  

• Binding corporate rules (if applicable).
  

9. Data Security

VerifiedClimate™ implements robust technical and organizational measures to protect data against unauthorized access, alteration, disclosure, or destruction, including but not limited to:

• End-to-end encryption;
  

• Role-based access controls;
  

• Immutable record timestamping;
  

• Regular integrity checks and security audits.
  

10. User Rights Under GDPR

Users have the right to:

• Access their personal data;
  

• Request correction of inaccurate or incomplete data;
  

• Request erasure of personal data, subject to legal exceptions;
  

• Object to processing based on legitimate interests;
  

• Request data portability;
  

• Withdraw consent for processing at any time (where applicable);
  

• Lodge a complaint with the Irish Data Protection Commission.
  

To exercise any rights, contact: privacy@verifiedclimate.com

11. Automated Decision-Making and Profiling

VerifiedClimate™ does not perform profiling or automated decision-making that produces legal or similarly significant effects. Automated workflows relate exclusively to the structured issuance of immutable records and do not affect legal status or third-party relationships.

12. Cookies and Tracking Technologies

VerifiedClimate™ uses minimal cookie technology strictly necessary for:

• Security and authentication;
  

• Submission continuity;
  

• Analytics (aggregate, non-identifiable);
  All optional cookies are disabled by default. Users may manage cookie settings in their browser.
  

13. Children’s Privacy

The Services are not intended for individuals under the age of 18. VerifiedClimate™ does not knowingly collect personal data from children. If you believe that a child has submitted data, contact: privacy@verifiedclimate.com

14. Amendments to this Privacy Policy

VerifiedClimate™ may amend this Policy at any time to reflect updates in law, platform functionality, or operational practices. Updated versions will be posted to the website with a clearly indicated effective date. Continued use of the Services after any update constitutes acceptance of the revised Policy.

15. Contact

For privacy inquiries, data access requests, or exercise of rights, contact:

Privacy Officer
VerifiedClimate™
Email: privacy@verifiedclimate.com