Privacy Policy

Last updated: March 23, 2026

Introduction

Veridian ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website (veridian.id) or use our services.

Veridian operates from Portugal within the European Union and processes personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Portuguese data protection law.

Data Controller

The data controller responsible for your personal data is:

Veridian Lisbon, Portugal Email: privacy@veridian.id

What Data We Collect

Data You Provide Directly

When you interact with our website, you may provide us with personal data, including:

  • Contact form submissions — first name, last name, work email, organization, role, country, the nature of your inquiry, and a description of what you are working on
  • Newsletter subscriptions — email address
  • Email correspondence — any information you include when contacting us directly

Data Collected Automatically

When you visit our website, we may automatically collect certain technical data:

  • Device and browser information — browser type, operating system, screen resolution
  • Usage data — pages visited, time spent on pages, referral source, navigation paths
  • Network data — IP address (anonymized where possible), approximate geographic location
  • Cookie data — see our Cookie Policy for full details

Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6 of the GDPR:

  • Consent (Article 6(1)(a)) — for analytics cookies and marketing communications. You can withdraw consent at any time.
  • Contractual necessity (Article 6(1)(b)) — to respond to your inquiries and provide requested services
  • Legitimate interests (Article 6(1)(f)) — to improve our website, ensure security, and understand how our services are used. We have balanced these interests against your rights and determined that processing is proportionate.

How We Use Your Data

We use the data we collect for the following purposes:

  • Responding to inquiries — to follow up on contact form submissions and provide information about our services
  • Service delivery — to provide and improve our identity infrastructure services
  • Website improvement — to analyze usage patterns and optimize the user experience
  • Security — to protect our website and services from unauthorized access, abuse, or fraud
  • Legal compliance — to comply with applicable laws, regulations, and legal processes
  • Communications — to send newsletters and updates if you have opted in

Data Storage and Protection

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/HTTPS
  • Access controls limiting data access to authorized personnel only
  • Regular security assessments and monitoring
  • Secure hosting infrastructure within the European Economic Area (EEA)

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Contact form submissions — retained for 24 months after the last interaction, then deleted
  • Newsletter subscriptions — retained until you unsubscribe
  • Analytics data — anonymized and aggregated data is retained for up to 26 months
  • Server logs — automatically deleted after 90 days

When data is no longer needed, it is securely deleted or anonymized so that it can no longer be associated with you.

Third-Party Sharing

We do not sell your personal data. We may share your data with the following categories of third parties, only as necessary:

  • Service providers — hosting providers, email delivery services, and analytics tools that process data on our behalf under data processing agreements
  • Professional advisors — legal, accounting, or consulting professionals bound by confidentiality obligations
  • Legal authorities — when required by law, regulation, or legal process

All third-party service providers are required to protect your data in accordance with applicable data protection laws and our instructions.

International Data Transfers

Your data is primarily stored and processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other appropriate safeguards as required by the GDPR

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Article 15) — request a copy of the personal data we hold about you
  • Right to rectification (Article 16) — request correction of inaccurate or incomplete data
  • Right to erasure (Article 17) — request deletion of your personal data, subject to legal obligations
  • Right to restrict processing (Article 18) — request that we limit how we use your data
  • Right to data portability (Article 20) — receive your data in a structured, commonly used, machine-readable format
  • Right to object (Article 21) — object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent — withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal

To exercise any of these rights, please contact us at privacy@veridian.id. We will respond to your request within 30 days.

Cookies

We use cookies and similar technologies on our website. For detailed information about the types of cookies we use, how they work, and how to manage your preferences, please see our Cookie Policy.

Children's Privacy

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@veridian.id and we will take steps to delete the information.

Data Protection Officer

For questions or concerns about how we handle your personal data, you can contact our data protection team at:

Email: privacy@veridian.id

Right to Lodge a Complaint

If you believe that we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with a supervisory authority. In Portugal, the relevant authority is:

Comissão Nacional de Proteção de Dados (CNPD) Website: cnpd.pt Lisbon, Portugal

You may also lodge a complaint with the supervisory authority in your country of residence or place of work.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

For significant changes that affect how we process your personal data, we will make reasonable efforts to notify you directly.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Veridian Lisbon, Portugal Email: privacy@veridian.id Website: veridian.id/contact