Privacy Policy
Last Updated: June 9, 2026
1. Introduction
This Privacy Policy explains how VERDIO ("we", "us", "our") collects, uses, stores and protects personal data when operating the VERDIO regulatory readiness platform.
VERDIO operates from the Netherlands.
We are committed to handling personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Dutch data protection law.
2. Who We Are
VERDIO
Sole proprietorship
The Netherlands
Contact: verdio.info@gmail.com
For the purposes described in this Policy, VERDIO acts as:
- Data Controller for account and administrative data
- Data Processor for assessment content entered by customers
3. Data We Collect
3.1 Account Information (Controller Role)
When you create an account, we collect:
- Name
- Organisation name
- Business email address
- Login credentials
- Payment details (processed via third-party provider)
3.2 Assessment Data (Processor Role)
Customers are responsible for ensuring that assessment responses do not contain unnecessary personal data.
When you complete an assessment, we process:
- Assessment responses
- Organisational operational information voluntarily entered
- Framework selection data
- Timestamp data
- Generated report outputs
3.3 Technical Data
We may collect:
- IP address
- Browser type
- Device type
- Session data
- Log data necessary for platform security
4. Legal Basis for Processing
We do not rely on consent as the primary legal basis for core service delivery.
We process personal data on the following legal bases:
- Performance of a contract (Article 6(1)(b) GDPR)
- Legitimate interests (Article 6(1)(f) GDPR) for platform security and improvement
- Legal obligation where applicable
5. Purpose of Processing
We do not use assessment data for marketing profiling.
We process data to:
- Provide access to the platform
- Deliver purchased assessments
- Generate reports
- Maintain account records
- Ensure platform security
- Process payments
- Respond to inquiries
6. AI Processing
VERDIO uses AI services in a limited and controlled manner.
AI is used only to:
- Structure narrative summaries
- Clarify explanatory output
AI does not:
- Determine scoring
- Modify assessment responses
- Generate new obligations
Where third-party AI providers are used, appropriate safeguards are implemented.
7. Data Sharing
All third-party providers are bound by contractual data protection obligations.
We do not sell personal data.
We may share data with:
- Hosting providers
- Payment processors
- AI service providers
- Technical infrastructure providers
8. International Transfers
Where service providers are located outside the European Economic Area (EEA), transfers are conducted under:
- Standard Contractual Clauses (SCCs), or
- Other lawful GDPR mechanisms
9. Data Retention
Account data is retained while the account remains active.
Assessment records are retained to preserve documentation integrity and audit traceability.
Customers may request deletion in accordance with GDPR Article 17.
Certain records may be retained where legally required or necessary for legitimate business purposes.
10. Data Subject Rights
Requests may be submitted via the contact details above.
Where applicable, individuals have the right to:
- Access personal data
- Rectify inaccurate data
- Request erasure
- Restrict processing
- Object to processing
- Data portability
11. Security Measures
No online system can guarantee absolute security.
VERDIO implements appropriate technical and organisational measures to protect personal data, including:
- Secure authentication
- Encrypted transmission
- Access controls
- Logical separation of customer environments
- Monitoring and logging
13. Complaints
If you believe your data protection rights have been violated, you may lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
14. Changes to This Policy
We may update this Privacy Policy periodically.
The latest version will always be available on this page.