Privacy policy
PRIVACY POLICY – LENS PLATFORM
(Last updated: 23 October 2025)
1. Introduction
LENS Experience Management Platform (“LENS”, “we”, “our”, or “us”) is developed and operated by ETEREO SOLUTIONS d.o.o., headquartered in Velika Gorica, Croatia.
LENS is committed to protecting the privacy and personal data of all users — including citizens, customers, employees, and organizations — who interact with our platform and its connected services.
This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and other applicable data protection laws.
For any questions regarding your personal data, you may contact us at:
📧 info@lens-platform.com
2. Data Controller
LENS acts as a Data Controller when managing data related to its platform users, partners, and visitors.
In cases where LENS operates in integration with other business systems (e.g., survey data for clients or municipalities), it may also act as a Data Processor, processing personal data solely under the instructions of the client (Data Controller).
3. Data Protection Officer
To ensure compliance and transparency, LENS has appointed a Data Protection Officer (DPO).
You can contact our DPO at:
dpo@lens-platform.com
or by mail to our registered address, marked “Attention: Data Protection Officer”.
4. What Data We Collect
Depending on how you interact with the LENS Platform, we may collect the following categories of data:
a) Account & Access Data
Name, surname, email address, organization, and login credentials.
Role and permissions within your organization’s LENS instance.
b) Experience & Feedback Data
Survey responses, comments, satisfaction ratings, and other feedback forms.
Contextual data linked to journey maps (e.g., touchpoints, pain points, opportunities).
c) Analytical & Technical Data
IP address, device type, browser, and session duration.
Data about platform usage, performance metrics, and interaction patterns.
d) Communication Data
Data you provide when contacting us via chat, email, or forms on the platform.
e) AI-Generated Insights
Aggregated and anonymized data used by AI models to generate automated insights, journey optimizations, and experience analytics.
5. Purpose and Legal Basis for Processing
LENS processes personal data exclusively for legitimate and transparent purposes, including:
Providing platform access and services;
Managing user accounts and permissions;
Collecting and analyzing feedback and experience data;
Improving service performance through AI-driven analytics;
Supporting municipalities in enhancing citizen engagement and public service quality;
Ensuring system security and preventing unauthorized access.
Processing is based on one or more of the following legal bases under GDPR:
Consent (Article 6(1)(a)) – e.g., when participating in surveys;
Contractual necessity (Article 6(1)(b)) – e.g., for registered users;
Legitimate interest (Article 6(1)(f)) – e.g., for platform analytics and improvement;
Legal obligation (Article 6(1)(c)) – when required by law.
6. Data Retention
We store personal data only for as long as necessary to fulfill its intended purpose or as required by law.
Survey data and analytics results: up to 36 months (anonymized thereafter).
Account and user data: retained while the user has an active LENS account.
Communication records: up to 12 months after resolution.
When the retention period expires, data is securely deleted or anonymized.
7. Data Sharing
LENS may share your data with:
Authorized processors providing infrastructure, hosting, and analytical services (e.g., data centers within the EU/EEA);
Municipal partners (for Citizen Experience projects) — only in anonymized or aggregated form;
Service providers required for platform operation (subject to confidentiality agreements).
No data is sold or shared for advertising purposes.
8. International Data Transfers
All personal data is primarily processed and stored within the European Union (EU).
If data is transferred outside the EU/EEA, such transfers are protected using Standard Contractual Clauses (SCCs)approved by the European Commission.
9. Your Rights
As a data subject, you have the following rights under the GDPR:
Right of access – to know what data we hold about you;
Right to rectification – to correct inaccurate data;
Right to erasure (“right to be forgotten”);
Right to restrict processing;
Right to data portability;
Right to object to certain processing activities;
Right to withdraw consent at any time (where applicable).
To exercise your rights, contact privacy@lens-platform.com.
You also have the right to lodge a complaint with your national Data Protection Authority.
10. Cookies
LENS uses cookies to ensure optimal performance and user experience.
Cookies are small text files stored on your device that help remember your preferences and analyze usage.
You can manage or disable cookies through your browser settings at any time.
For more details, see our Cookie Policy.
11. Data Security
LENS implements advanced technical and organizational security measures, including:
End-to-end encryption for data transmission and storage;
Access control and audit logs;
Regular security reviews and vulnerability assessments;
Anonymization and pseudonymization where appropriate.
Our infrastructure is hosted in GDPR-compliant data centers with continuous monitoring.
12. Changes to This Policy
This Privacy Policy may be updated periodically to reflect changes in our practices or legal requirements.
Any updates will be published on this website with the revised “Last Updated” date.
Last Updated: October 23, 2025
Contact: privacy@lens-platform.com
Website: www.lens-platform.com
