Privacy Policy

Privacy Policy

Effective Date: May 14th, 2026
Website: VerdaLynx

1. Introduction

VerdaLynx d.o.o. (“VerdaLynx”, “we”, “our”, or “us”) is committed to protecting your personal data and respecting your privacy.

This Privacy Policy explains how we collect, use, process, store, and protect personal data when you visit our Website, contact us, use our services, or interact with our digital tools and platforms.

This Policy is intended to comply with applicable European Union and Slovenian data protection legislation, including the General Data Protection Regulation and applicable Slovenian privacy laws.

2. Data Controller

The controller responsible for processing personal data is:

VerdaLynx d.o.o.
Ljubljanska cesta 24G
4000 Kranj, Slovenia
Email: hq@verdalynx.com
Website: VerdaLynx

3. Personal Data We Collect

Depending on your interaction with the Website or our services, we may collect the following categories of personal data:

a) Information You Provide Voluntarily

This may include: name and surname, company name, job title, email address, telephone number, business inquiry details, appointment requests, uploaded documents or submitted sustainability-related information, and any information voluntarily provided through contact forms or communications.

b) Technical and Usage Data

When you visit the Website, we may automatically collect: IP address, browser type and version, device information, operating system, referral source, pages visited, date and time of access, language preferences, cookie identifiers, and Website interaction data.


c) Cookies and Analytics Data

The Website may use cookies and similar technologies to improve functionality, analyze usage, and support security and performance. Further information is available in the Cookie Policy.

4. Purposes of Processing

We process personal data for the following purposes: responding to inquiries and communication requests, scheduling meetings or consultations, providing sustainability-related services and information, improving Website functionality and user experience, maintaining Website security, analyzing Website traffic and performance, complying with legal obligations, protecting legal rights and legitimate interests, and developing sustainability benchmarking, digital tools, or analytical services. Where applicable, we may also process data to provide AI-assisted benchmarking, sustainability assessments, or automated analytical outputs requested by users.

5. Legal Basis for Processing

We process personal data based on one or more of the following legal grounds under the GDPR:

a) Consent

Where users voluntarily provide consent, including: cookie consent, marketing communications, or optional data submissions. Users may withdraw consent at any time.

b) Contractual Necessity

Processing necessary to: respond to requests, provide services, prepare proposals, or fulfill contractual obligations.


c) Legitimate Interests

Processing necessary for legitimate business interests, including: Website security,
service improvement, fraud prevention, business communication, analytics,
and operational management, provided such interests do not override user rights and freedoms.

d) Legal Obligations

Processing necessary to comply with: tax, accounting, regulatory, or legal obligations.
6. AI, Sustainability Benchmarking, and Analytical Tools. VerdaLynx may provide sustainability-related digital tools, assessments, benchmarking systems, or AI-assisted analytical services.

Where users voluntarily submit company- or sustainability-related information, outputs are generated based on the submitted inputs and predefined methodologies; results are indicative and informational; automated outputs do not constitute legal or regulatory advice; and users remain responsible for independently verifying compliance decisions.

VerdaLynx aims to process submitted information responsibly and with appropriate confidentiality safeguards.

7. Data Sharing and Recipients

We may share personal data with: IT and hosting providers, analytics providers, cloud infrastructure providers, professional advisers, legal or regulatory authorities where legally required, and carefully selected service providers supporting Website operations or business services. 

Personal data is not sold to third parties.

All processors are expected to implement appropriate technical and organizational safeguards.

8. International Data Transfers

Some service providers may process personal data outside the European Economic Area (EEA).

Where international transfers occur, VerdaLynx aims to ensure appropriate safeguards are implemented, including: adequacy decisions, Standard Contractual Clauses (SCCs), or equivalent GDPR-compliant mechanisms.


9. Data Retention

Personal data is retained only for as long as reasonably necessary for: the purposes described in this Policy, legal compliance, dispute resolution, security, and legitimate business operations.

Retention periods may vary depending on the type of data, legal obligations, contractual requirements, and operational necessity.


10. Data Security

VerdaLynx implements reasonable technical and organizational measures intended to protect personal data against unauthorized access, misuse, loss, destruction, alteration, or disclosure.

However, no online transmission or storage system can be guaranteed to be completely secure.

11. User Rights Under GDPR

Subject to applicable law, users may have the right to: access personal data, request correction of inaccurate data, request deletion of personal data, restrict processing,
object to processing, withdraw consent, request data portability, and lodge a complaint with a supervisory authority.

In Slovenia, the competent supervisory authority is the Information Commissioner of the Republic of Slovenia

12. Third-Party Websites

The Website may contain links to third-party websites or services.

VerdaLynx is not responsible for the privacy practices or content of third-party websites. Users are encouraged to review the privacy policies of those external services.

13. Children’s Privacy

The Website and services are not intended for children under the age of 16.

VerdaLynx does not knowingly collect personal data from children without an appropriate legal basis or parental authorization where required.

14. Changes to This Privacy Policy

VerdaLynx may update this Privacy Policy periodically to reflect: legal developments,
operational changes, technological updates, or service improvements.

The latest version will always be published on this page with an updated effective date.

15. Contact Information

For questions regarding this Privacy Policy or personal data processing, please contact:

VerdaLynx d.o.o.
Ljubljanska cesta 24G
4000 Kranj, Slovenia
Email: hq@verdalynx.com
Website: VerdaLynx