Legal

GDPR Data Processing Policy

Our commitment to data protection and privacy in AI-powered climate solutions · Last updated: June 9, 2025

This policy outlines how GenAI Climate SPA processes data in compliance with the General Data Protection Regulation (GDPR) for our AI-powered climate analytics and UN SDG solutions.

1. Data Collection & Processing Principles

Lawfulness & Transparency

All processing is conducted lawfully, fairly, and with complete transparency.

Purpose Limitation

Data is collected for specified, explicit purposes related to climate action and SDGs.

Data Minimisation

We process only the data necessary for our stated purposes.

Accuracy

We maintain accurate data and rectify or delete inaccurate records promptly.

Storage Limitation

Data is retained only as long as necessary for its stated purpose.

Integrity & Confidentiality

Data is processed securely, protected against unauthorised access and accidental loss.

2. Types of Data Processed

🌡️
Climate & Environmental

Temperature records, emissions data, satellite imagery

📊
Socioeconomic Indicators

Population statistics, economic metrics, energy usage

🔧
Technical Metadata

Dataset versions, processing timestamps, quality metrics

Note: Our platform is designed to work with non-personal data. When personal data is inadvertently included, our systems automatically anonymise or pseudonymise it before processing.

3. Legal Basis for Processing

Legitimate Interest

Processing is necessary for advancing climate action and sustainable development.

Consent

Where applicable, we obtain explicit consent for specific processing activities.

Public Interest

Processing supports environmental protection and climate action in the public interest.

4. AI-Specific Safeguards

🔍 Algorithmic Transparency

AI decision-making processes are documented and explainable.

⚖️ Bias Prevention

Regular audits identify and mitigate potential biases.

👤 Human Oversight

Critical decisions always involve human review and validation.

✅ Data Quality Controls

Automated and manual checks ensure data quality and relevance.

5. Your Rights Under GDPR

⚡ Right to Access
⚡ Right to Rectification
⚡ Right to Erasure
⚡ Restrict Processing
⚡ Data Portability
⚡ Right to Object
⚡ Automated Decisions

To exercise these rights, contact our Data Protection Officer at dpo@genai-climate.org.

6. Data Retention

Raw climate data

Historical analysis and trend identification

Indefinitely
Derived analytics

Policy impact assessment

5 years
Processing metadata

Audit and compliance

2 years
User-generated content

Impact statements and policy drafts

1 year

7. International Transfers

When transferring data outside the EEA, we use:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Binding Corporate Rules

8. Security Measures

  • Encryption at rest and in transit
  • Regular security assessments
  • Access controls & authentication
  • Staff data protection training
  • Incident response procedures

Questions about this policy?

Contact our DPO →

© 2026 GreenAgileEco · All rights reserved