01Controller
The controller for personal data of EU and UK data subjects is LENSCORP AI Private Limited (India). Where we act as a processor for an EU/UK customer, the customer is the controller and Article 28 data processing terms apply.
02EU & UK representatives (Art. 27)
LENS does not currently maintain an EU or UK establishment. Where Article 27 GDPR / UK GDPR requires the appointment of a representative for data subjects in the EU or UK, an Article 27 representative is in the process of being appointed; until that appointment is published, EU and UK data subjects can reach the controller directly via the Data Protection Officer below.
- Data Protection Officer
- dpo@lenscorp.ai
- Postal address
- DPO, LENSCORP AI Private Limited, 5152, 5th Floor, DLF Forum, DLF Cyber City, DLF Phase 3, Sector 24, Gurugram, Haryana 122002, India
03Lawful bases (Art. 6)
See the purposes table. Where processing relies on legitimate interests (Art. 6(1)(f)), our balancing assessment is available on request to the DPO.
04Your rights (Arts. 15–22)
| Right | Article |
|---|---|
| Access | Art. 15 |
| Rectification | Art. 16 |
| Erasure ("right to be forgotten") | Art. 17 |
| Restriction | Art. 18 |
| Portability | Art. 20 |
| Object | Art. 21 |
| Not be subject to solely automated decisions with legal effect | Art. 22 |
Send requests to dpo@lenscorp.ai. We respond within one month, extendable by two months for complex requests with notice.
05Transfers outside the EEA / UK
Our principal data processing happens in India. We rely on the 2021 EU Standard Contractual Clauses (Module 2) plus the UK International Data Transfer Addendum. A transfer impact assessment, dated April 2026, is available on request. Supplementary measures: encryption in transit and at rest, restricted access, and a published government-access transparency report.
Need a region-specific notice?
We publish supplemental notices for India, EU/UK, US health, California and Brazil.