Legal · GDPR · v1.0

Privacy Policy.

How ClimateLenz collects, uses, stores, and protects personal data when you use our website or engage our CSRD & ESRS reporting services.

last updated1 May 2026
version1.0
applies toEU + EEA
jurisdictionIndia + EU client
Section 01

Overview

This Privacy Policy describes how ClimateLenz ("we", "us", "our") processes personal data in connection with the website at climatelenz.com (the "Site") and the CSRD & ESRS reporting services we provide (the "Services"). It is written to align with the EU General Data Protection Regulation (Regulation (EU) 2016/679, the "GDPR") and applicable national implementing laws.

By using the Site or engaging the Services, you confirm that you have read and understood this Policy. If you do not agree with any part of it, please do not use the Site or the Services.

Section 02

Data controller

The data controller for personal data processed in connection with the Site and the Services is ClimateLenz, a sole proprietorship operated by Shishir Tambe, based in Mumbai, India, serving clients in the European Union.

For privacy-related enquiries, contact us at shishirtambe@climatelenz.com.

2.1 EU representative (Article 27 GDPR)

ClimateLenz is established outside the EU/EEA. We are in the process of appointing a representative in the European Union in accordance with Article 27 of the GDPR. Until that appointment is finalised, data subjects in the EU/EEA may contact us directly at shishirtambe@climatelenz.com for any matter that would otherwise be addressed to our EU representative, and we will respond within the timelines required by the GDPR. This page will be updated with the representative's details once the appointment is complete.

Section 03

Information we collect

We collect personal data that you provide voluntarily, data we receive automatically when you visit the Site, and data we obtain from your organisation in the course of delivering the Services.

3.1 Information you provide

  • Contact details (name, business email, phone number, company name, role)
  • Information you share in our intake forms or readiness-check questionnaire
  • Documents you upload for the purposes of preparing a CSRD or ESRS report — for example, annual reports, utility bills, HR headcount data, and value-chain information
  • Correspondence with us by email, chat, or otherwise

3.2 Information collected automatically

  • Device and browser information (browser type, language, operating system)
  • Log data (IP address, access times, pages viewed, referring URL)
  • Cookies and similar technologies — see our Cookie Notice
Section 04

How we use your information

We process personal data for the following purposes:

  • To respond to your enquiries and provide the Services you request
  • To prepare, review, and deliver CSRD and ESRS reports
  • To manage the contractual relationship, including invoicing and payment
  • To improve, secure, and maintain the Site and the Services
  • To comply with our legal and regulatory obligations
  • To send service updates and, where you have opted in, marketing communications
Section 06

Sharing & disclosure

We do not sell personal data. We share personal data only with carefully selected processors who help us deliver the Services — for example, hosting, secure document storage, email, and accounting providers — under written data-processing agreements.

We may also disclose personal data where required by law, regulation, or competent authority, or to protect our rights and the safety of our users.

Section 07

Data retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Typical retention periods are described in our internal retention schedule; specific periods can be provided on request.

Section 08

Your rights under the GDPR

Subject to the conditions set out in the GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request erasure ("right to be forgotten")
  • Restrict or object to certain processing
  • Receive your data in a portable format
  • Withdraw consent at any time, where processing is based on consent
  • Lodge a complaint with your local data protection authority
How to exercise your rights. Send a written request to shishirtambe@climatelenz.com. We will respond within one month of receipt, in line with Article 12 of the GDPR.
Section 09

International transfers

Personal data may be transferred outside the EU/EEA, including to India, where ClimateLenz is established. Where this occurs, we rely on appropriate safeguards under Chapter V of the GDPR — typically the European Commission's Standard Contractual Clauses — and apply additional technical and organisational measures where required.

Section 10

Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include access controls, encryption in transit and at rest, audit logging, and regular review of our processors.

Section 11

Changes to this policy

We may update this Policy from time to time. Material changes will be communicated through the Site or by email. The "Last updated" date at the top of this page reflects the latest revision.

Section 12

Contact us

For questions about this Policy or the processing of your personal data, write to shishirtambe@climatelenz.com.

Back to ClimateLenz Terms of Service Cookie Notice