Privacy Policy

1. Introduction

This Privacy Policy explains how effectiveactivism.com ("we", "us", "our") processes personal data when acting as a data controller under the General Data Protection Regulation (GDPR).

This Policy does not cover personal data processed by organisations using our email engagement tracking tool. In those cases, the relevant organisation acts as data controller and is responsible for that processing.

2. Categories of Personal Data We Process

We may process the following personal data in our capacity as controller:

2.1 Client & Partner Contacts

• Name
• Email address
• Organisation
• Role / title
• Communication history

2.2 Internal Administrative Data

• Contract records
• Vendor contact information

2.3 Engagement Tracking (Internal Use)

When we use our own tool for communications, we may process:

• Email addresses
• IP addresses
• Device type
• Email open and click behaviour
• Reply interactions

2.4 Website Contact Data

• Contact form submissions
• Email correspondence

We do not intentionally process special category data.

3. Lawful Basis for Processing

We rely primarily on Legitimate Interest (Art. 6(1)(f) GDPR), including:

• Managing client relationships
• Improving our services
• Operating our organisation
• Communicating with partner organisations

Where required by law, we rely on consent (e.g., non-essential cookies).

4. Data Retention

Personal data is retained only as long as necessary for the purposes described above. Administrative and operational data is retained for 2 years. Backups of system data are retained for 7 days on a rolling basis.

5. International Transfers

Our systems are hosted using infrastructure located in the United States. Where personal data is transferred outside the EU/EEA, we rely on:

• European Commission Standard Contractual Clauses (2021/914)
• Appropriate technical and organisational safeguards

6. Subprocessors & Service Providers

We may use trusted service providers to support operations, including:

• DigitalOcean (Hosting)
• Google Workspace (Internal communications)
• Google Gemini Pro API (AI functionality)
• IP2Location (Geolocation services)

These providers are contractually bound to process data in accordance with applicable data protection requirements.

7. Security Measures

We implement appropriate technical and organisational measures to protect personal data, including:

• Secure hosting infrastructure
• Encrypted transmission (HTTPS)
• Access controls for administrative access
• Restricted internal access
• Encryption of sensitive data at rest

8. Data Subject Rights

Under GDPR, you have the right to:

• Access your personal data
• Request rectification
• Request erasure
• Restrict processing
• Object to processing
• Data portability
• Lodge a complaint with a supervisory authority

To exercise your rights, contact us at: gdpr@activeforanimals.com

9. Supervisory Authority

As a Denmark-based organisation, our supervisory authority is Datatilsynet (Denmark).

10. Updates to This Policy

We may update this Privacy Policy to reflect changes in legal requirements or operational practices. The latest version will always be available on our website.

Contact

Questions about this policy can be directed to contact@activeforanimals.com.