Skip to content

Privacy Policy

Effective date: 16 March 2026

1. Data Controller

ClimaHQ is a culture analytics platform operated within the European Union.

For the purposes of Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR"), the data controller is the entity identified above.

2. Data We Collect

We collect and process the following categories of personal data:

2.1 Account information

When you register, we collect your name, email address, and organization name. This data is necessary to create and manage your account.

2.2 Survey responses

When employees complete pulse surveys, responses are collected anonymously and stored in aggregate form. Individual responses cannot be traced back to specific employees. Demographic data (department, gender, ethnicity) is collected only if provided via HRIS import and is encrypted at rest.

2.3 Usage data

We automatically collect technical information when you use the service, including IP addresses, browser type, pages visited, and timestamps. This data helps us maintain security and improve the service.

3. Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 GDPR:

  • Contract performance (Art. 6(1)(b)): Processing account data and survey responses is necessary to provide the ClimaHQ service under our terms of service.
  • Legitimate interest (Art. 6(1)(f)): We process usage data for security, fraud prevention, and service improvement. Our legitimate interest does not override your fundamental rights.
  • Consent (Art. 6(1)(a)): Where required, we obtain explicit consent before processing, for example, for optional demographic data collection. You may withdraw consent at any time.

4. Data Retention

  • Account data: Retained for the duration of your account and up to 30 days after deletion, unless longer retention is required by law.
  • Survey data: Aggregated survey scores are retained for the duration of your account. Raw survey responses are retained for 24 months, after which they are automatically deleted.
  • Usage and security logs: Retained for up to 90 days.

5. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15): Obtain confirmation of whether your data is being processed and request a copy.
  • Right to rectification (Art. 16): Request correction of inaccurate personal data.
  • Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interest.
  • Right to restriction (Art. 18): Request restriction of processing in certain circumstances.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

6. International Transfers

Your data is processed and stored within the European Economic Area (EEA). We do not transfer personal data outside the EEA. If this changes, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Cookies

ClimaHQ uses strictly necessary cookies to maintain your session and authenticate you. These cookies are essential for the service to function and do not require consent.

We do not use third-party tracking or advertising cookies.

8. Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS), encryption at rest (AES-256-GCM), access controls, and regular security reviews. For full details, see our Security page.

9. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by email or by posting a prominent notice on the service. The "effective date" at the top of this page indicates when the policy was last revised.

11. Contact

For any questions about this privacy policy or our data practices, contact us at [email protected].