Virideed
Virideed
Ensuring your data is protected under GDPR with transparency and trust.
At Virideed, we champion the principles of data protection enshrined in the General Data Protection Regulation (GDPR) (EU) 2016/679, a landmark framework that safeguards personal data across the European Economic Area (EEA). As a pioneering platform in AI and sustainability compliance, we recognize that trust is the cornerstone of our relationship with users—whether you’re a business tracking AI responses and carbon emissions, a regulator verifying compliance, or an investor assessing environmental impact. This GDPR Statement reflects our unwavering commitment to processing your personal data lawfully, fairly, and transparently, ensuring that every interaction with our services upholds the highest standards of privacy and security. Learn more about GDPR.
Our Purpose: We collect and process personal data to empower you with tools for AI and sustainability compliance—delivering seamless account management, accurate emissions reporting, and robust regulatory verification. This statement outlines how we align these operations with GDPR, balancing innovation with your privacy rights.
From facilitating compliance with frameworks like the EU Emissions Trading System to securing your account details, Virideed ensures every data touchpoint is protected, auditable, and respectful of your autonomy.
This GDPR Statement applies to all individuals whose personal data we process within the EEA, including users of our platform, website visitors, and third-party stakeholders. It covers data collected through account registration, compliance submissions, support interactions, and website analytics. Whether you’re an EEA resident or a global user interacting with our EEA-based services, Virideed ensures GDPR compliance as a data controller, extending protections wherever applicable.
For inquiries, reach our Data Protection Officer at support@virideed.com.
At Virideed, we process your personal data only when we have a clear and lawful basis under the General Data Protection Regulation (GDPR) (EU) 2016/679. This ensures that every piece of information we collect—from account details to AI and sustainability metrics—is handled with purpose, accountability, and respect for your rights. Below, we outline the specific legal grounds that underpin our data processing activities, providing clarity on how we balance our mission of AI and sustainability compliance with your privacy.
We process your data when you explicitly agree to it. For example, opting into marketing emails or allowing cookies for enhanced website functionality relies on your clear, affirmative consent, which you can withdraw at any time by opting out or deleting your account.
Data processing is essential to fulfill our services to you. This includes collecting your name, email, and organization details during account creation or processing I/O or emissions data to generate compliance reports—actions necessary to deliver on our agreement with you.
We process data to comply with legal requirements, such as retaining records of compliance submissions for regulatory audits under frameworks like the EU ETS or providing data to authorities when mandated, ensuring adherence to applicable laws.
We process data for purposes that benefit both you and us, like improving platform security (e.g., fraud detection) or enhancing user experience, provided these interests do not outweigh your rights. You can object to this processing via our dpo support@virideed.com.
Our Commitment to Transparency: Each lawful basis is applied with care, documented in our internal policies, and reviewed regularly by our Data Protection Officer (DPO). We ensure you’re informed about how your data is used, with options to manage your preferences or seek clarification at any time. Contact us at support@virideed.com for details on our processing activities.
Empowering you with control over your personal data under GDPR.
As an EEA resident, you are entitled to a robust and far-reaching set of rights under the General Data Protection Regulation (GDPR) (EU) 2016/679, which governs how your personal data—whether it’s your name, email, AI or sustainability metrics—is managed by Virideed. These rights empower you to oversee, control, and protect the information we hold, reflecting the GDPR’s core mission to prioritize individual privacy in an increasingly digital world. At Virideed, we’re deeply committed to not only meeting these legal obligations but exceeding them by making your rights both accessible and actionable through intuitive tools and transparent processes. Our goal is to ensure you retain full sovereignty over your data, giving you confidence that your privacy is safeguarded as you engage with our compliance platform. Whether you’re getting I/O logs audited, submitting emissions data, managing your account, or interacting with our support team, we’ve designed our services to integrate these rights seamlessly into your experience. Explore each right detailed below to gain a clear understanding of what it means, how it applies specifically to your use of our platform—such as tracking AI safety risks, carbon footprints or ensuring regulatory compliance—and the practical steps you can take to exercise them.
You have the right to request a copy of the personal data we hold about you, such as your account details, submitted compliance data (e.g.,I/O reports, emissions reports), or website usage analytics. This allows you to verify what information we process and ensure its accuracy. We’ll provide this in a structured, commonly used format, typically within 30 days of your request.
How It Works: This right applies to data like your name, email, organization, and any I/O or sustainability metrics you’ve uploaded. We’ll include details on how we use it (e.g., for compliance reporting) and who we’ve shared it with (e.g., regulators, if applicable). No fees apply unless requests are excessive.
Exercise This Right: Visit our Settings page to submit a request directly from your account dashboard, where you can download your data securely.
If your personal data is inaccurate or incomplete—like an outdated email address or incorrect organization name—you can request corrections. This ensures our records reflect the truth, maintaining the integrity of your compliance submissions and communications with us.
How It Works: For example, if your company name changes due to a merger, you can update it or we’ll update it across your account and linked reports. We process rectification requests promptly, typically within 30 days, notifying you once completed.
Exercise This Right: Use our Account editor in your account settings to update your details instantly or contact us for assistance.
Known as the “right to be forgotten,” this allows you to request deletion of your personal data when it’s no longer needed for its original purpose, such as after closing your account, or if you withdraw consent for optional processing (e.g., marketing).
How It Works: We’ll erase data like your account profile or analytics history unless we’re required to retain it (e.g., for legal compliance records). Deletion occurs automatically or within 30 days, with confirmation provided. Note: anonymized compliance data may persist for aggregate reporting.
Exercise This Right: Initiate deletion via our Account Deletion Tool, accessible in your settings, for a streamlined process.
You can limit how we process your data under specific conditions—e.g., if you contest its accuracy (pending verification) or if processing is unlawful but you prefer restriction over erasure. This pauses further use while preserving your data.
How It Works: For instance, if you dispute an I/O audit, we’ll restrict its use in reports until resolved. Restrictions are applied within 30 days, and we’ll notify you before lifting them.
Exercise This Right: Request restriction through our Support Center, where you can flag data for review.
You can receive your personal data in a structured, machine-readable format (e.g., CSV, JSON) to transfer it to another service or keep for your records. This applies to data you’ve provided, like account info or uploaded compliance metrics.
How It Works: Download or request your profile data, I/O logs or emissions history, and we’ll deliver it securely within 30 days. This right enhances your control, letting you reuse data elsewhere without hassle.
Exercise This Right: Use our Data Export Tool in your dashboard to download your data effortlessly.
You can object to processing based on legitimate interests (e.g., analytics for platform improvement) or direct marketing. We’ll stop unless we demonstrate compelling grounds overriding your objection.
How It Works: For example, object to marketing emails, and we’ll cease immediately. For legitimate interests, we’ll review your request within 30 days, balancing it against our needs (e.g., security).
Exercise This Right: Manage objections via our Privacy & Security page, where you can opt out of specific processing activities.
Need Assistance? Exercising your rights is simple with Virideed. If you have questions or need support, contact our Data Protection Officer at support@virideed.com. We’re here to ensure your privacy is respected every step of the way.
At Virideed, our AI and sustainability compliance platform operates globally, which may involve transferring your personal data outside the European Economic Area (EEA). Under the General Data Protection Regulation (GDPR) (EU) 2016/679, we ensure these transfers meet stringent safeguards to protect your privacy, whether your data is processed by our servers, shared with partners, or accessed by regulators. Below, we outline the mechanisms we employ to secure your data during international transfers, ensuring GDPR-level protection wherever it goes.
For transfers to countries without an EU adequacy decision (e.g., the U.S.), we use SCCs approved by the European Commission. These legally binding agreements ensure recipients—like our cloud providers or compliance auditors—apply GDPR-equivalent protections to your data, such as encryption and access controls.
Example: Your emissions data might be processed by a U.S.-based analytics partner under SCCs, guaranteeing its confidentiality and security.
We transfer data to countries recognized by the EU as having adequate data protection laws, such as Canada, Japan, or Switzerland. These adequacy decisions simplify compliance, ensuring your data—e.g., account details or support queries—receives protections comparable to those within the EEA.
Example: If your compliance report is stored on a Canadian server, it benefits from Canada’s adequacy status, requiring no additional safeguards beyond local law.
Regardless of destination, all data transfers are secured with state-of-the-art encryption (e.g., AES-256 in transit and at rest) and access controls. This protects your information—such as sustainability metrics or personal identifiers—from unauthorized access during cross-border movement.
Example: When your data moves from an EEA server to a non-EEA processor, encryption ensures it remains unreadable to interceptors, complemented by strict authentication protocols.
Our Global Commitment: Virideed continuously monitors international data transfer regulations, adapting to changes like post-Schrems II requirements or new adequacy rulings. For transparency, you can review our transfer policies or inquire about specific safeguards by contacting our Data Protection Officer at support@virideed.com.
At Virideed, our commitment to GDPR compliance is overseen by our designated Data Protection Officer (DPO), a key figure ensuring your personal data is handled with the utmost care and in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679. The DPO serves as your advocate, our internal guardian of privacy, and a liaison with regulatory authorities, bridging the gap between our AI safety and sustainability mission and your data protection rights. Below, we detail the DPO’s role and how you can engage with them to address your privacy needs.
Our DPO is tasked with overseeing all aspects of data protection within Virideed. This includes monitoring compliance with GDPR, advising on data processing activities (e.g., emissions reporting or account management), conducting internal audits, and ensuring our policies align with evolving privacy standards. They also manage risk assessments to safeguard your data against breaches or misuse, maintaining the integrity of our platform.
Beyond internal duties, the DPO represents Virideed in communications with supervisory authorities, such as the European Data Protection Board (EDPB), ensuring we respond effectively to regulatory inquiries or investigations.
The DPO is your direct point of contact for all GDPR-related matters. Whether you have questions about how we process your data (e.g., AI safety and sustainability metrics or account details), need assistance exercising your rights, or wish to raise a concern, our DPO is here to assist you promptly and transparently.
Example: If you’re unsure how your I/O logs and emissions data are shared with regulators, the DPO can explain the process and address any concerns, ensuring clarity and trust.
Our Pledge: The DPO embodies Virideed’s dedication to privacy as a core value. By fostering an open dialogue with you and upholding GDPR’s rigorous standards, we ensure your data supports our AI safety and sustainability goals without compromising your rights. Reach out anytime—your peace of mind is our priority.
To reiterate, at Virideed, we strive to handle your personal data with care under the General Data Protection Regulation (GDPR) (EU) 2016/679. If you’re ever dissatisfied with how we process your information, we’re here to address your concerns quickly and fairly. You have options to resolve issues directly with us or escalate them if needed.
How to File a Complaint: Contact our Data Protection Officer (DPO) at support@virideed.com or use our Contact Form. We’ll acknowledge your complaint within 72 hours and aim to resolve it within 30 days, keeping you informed throughout the process.
Escalation: If you’re not satisfied with our response, you can lodge a complaint with your local supervisory authority, such as the Information Commissioner’s Office (ICO) in the UK or the Commission Nationale de l’Informatique et des Libertés (CNIL) in France. We’ll provide assistance if you need help identifying the appropriate body.
View more policies.
Privacy Policy Compliance Policy Terms of UseWe are here to assist you with any questions or issues related to sustainability compliance.
Contact Us