PRIVACY POLICY

Effective date: May 12, 2025
Last updated: May 12, 2025
Document Version: 1.0

Introduction

Circle Economy Foundation (“we”, “us” or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose and safeguard your information when you visit our website https://www.circle-economy.com or any other websites that are offered by us (the “Website”), use any of our products or services, communicate with us through any channel, participate in surveys, feedback, marketing events or campaigns in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable privacy laws and regulations.

About us

Circle Economy Foundation

Company registration number: 52051048

Haarlemmerweg 331 1051 LH, Amsterdam, the Netherlands

info@circle-economy.com

Data Protection Officer (DPO): Mihail Bashev, mihail@circle-economy.com

WHAT DATA DO WE COLLECT?

We may collect and process the following categories of personal data:

  • Personal Identification Information
    • a. Full name
    • b. Email address
    • c. Company name
    • d. Company type and/or industry
    • e. Your company role
    • f. Your region
    • g. Your gender
    • h. Preferred language
    • i. Learning objectives
    • j. Inquiry details
  • Technical Data
    • a. IP address
    • b.User Agent (e.g. browser type and version, device type, operating system)
  • 3. Usage Data
    • a. Pages visited
    • b. Time spent on pages
    • c. Click-through data
    • d. Navigation paths
    • e. Downloads
  • 4. Marketing & Communication Preferences
    • a. Opt-in status
    • b. Communication preferences
    • c. Interaction history with emails and campaigns
    • d. Language preferences
  • 5. Cookies and Tracking Technologies
    • a. We use cookies and other similar tracking technologies. Please, refer to our Cookie Policy for more information
  • 6. Special Category Data
    • a. We do not collect any special categories of data (e.g. racial or ethnic origin, health status, biometric data, etc.) unless explicitly required for legal reasons or with explicit consent.

HOW DO WE COLLECT YOUR DATA?

We collect data in the following ways:

  1. Direct interactions – when you fill out forms, contact us, register on any of our websites, or subscribe to our services
  2. Automated technologies – via cookies and other analytic tools
  3. Third-party sources – such as advertising networks, analytic providers and social media platforms

We ensure data minimisation principles apply to all our processing operations.

Lawful basis for collecting and processing personal data

We only process your personal data where a lawful legal basis applies, including: 

  1. Consent – when you have given your explicit consent for processing
  2. Contractual necessity – to fulfill a pre-contractual request 
  3. Legal obligation – to comply with applicable legal requirements
  4. Legitimate interest – for purposes such as improving our services, delivering a more personalised experience, preventing fraud and marketing, unless these are not overridden by your rights

If we rely on consent for processing your data, you may withdraw it at any time without affecting the lawfulness of prior processing. 

Cookies and similar technologies

We use cookies in compliance with the GDPR with a lawful basis of either consent or legitimate interest. Types of cookies we use:

You can manage or withdraw cookie consent via our Cookie Consent Banner or through your browser’s settings. You can find the full cookie details in our Cookie Policy.

How we use your personal data

We process personal data for the following purposes: 

  1. To provide services: Authenticate users, manage subscriptions and deliver requested features, allow you to download our reports, troubleshoot problems, and for other customer service purposes.
  2. To communicate: Communicate with you about your use of our websites, respond to inquiries, provide support and connect with you on social media.
  3. To improve our services: Aggregate usage data, monitor performance, fix bugs and other research and analytical purposes.
  4. To market and promote: Send news and newsletters, promotions or to otherwise contact you about projects, opportunities or information we think may interest you provided you have opted into receiving such communications from us; to administer surveys and questionnaires (only if consented). 
  5. To comply with legal requirements: Financial and legal audits, law enforcement requests 
  6. To protect our interests: Detect fraud, protect cyber threats, check compliance.  

No profiling or automated decision making that significantly affects users is conducted without explicit notification. 

Sharing and disclosure of personal data

We may share your data with: 

  1. Processors: Hosting providers (AWS, TransIP, Webflow, Digital Ocean), email delivery service providers (Mailchimp, Node mailer, Bird), analytics tools (Google Analytics, Microsoft Clarity, Hotjar, Google Tag Manager)
  2. Legal authorities: Only when legally obliged or lawfully required to do so
  3. Business transfer: In the even of a merger, acquisition or asset transfer
  4. Affiliates and Partners: Subject to the appropriate agreements and compliance

International data transfer

If we transfer your data outside of the European Economic Area (EEA), such transfers are subject to:

  1. Adequacy decisions from the European Commission
  2. Standard Contractual Clauses
  3. Binding Corporate Rules where applicable 

We assess transfer risks and maintain documentation per Schrems II guidance.

Data retention and deletion

We retain your personal data only for as long as necessary for the purposes set out in this policy and to meet legal, regulatory, tax, accounting or reporting requirements. After the retention periods, your data is securely deleted or anonymised.

Your GDPR rights

Under the GDPR, you have the following rights: 

  1. Access – Request access to your personal data
  2. Rectification – Request correction of inaccurate data
  3. Erasure – Request deletion of your data if it is no longer needed 
  4. Restriction – Limit processing under certain conditions 
  5. Data Portability – Receive your data in structured and commonly used format 
  6. Object – Object to processing for direct marketing or legitimate interests 
  7. Withdraw Consent – At any time, where consent is used as the legal basis 
  8. Lodge Complaint – With the relevant Data Protection Authority (DPA)

To exercise your rights, email: mihail@circle-economy.com 

Data security

Your data matters to us, which is why we apply strict data minimization across our organisation. We collect and retain only the essential personal information required. Our information security policy is built around compartmentalization and the principle of least privilege, with regular access log auditing of our technical infrastructure.

In the event of a data breach, we will notify affected individuals and regulators within 72 hours, as required by Articles 33–34 GDPR.

Supervisory Authority Contact

If you believe your rights under the GDPR have been violated, you may contact: 

AP - Autoriteit Persoonsgegevens

Website: https://www.autoriteitpersoonsgegevens.nl/en 

Telephone:  (+31) - (0)88 - 1805 250

Visiting address: Hoge Nieuwstraat 8, 2514 EL The Hague

Policy updates

We may update this policy from time to time to reflect changes in law or operations. Any changes will be posted on this page and where appropriate, notified by email 

Last updated: May 12, 2025

Previous versions: Available upon request

Contact

For any questions, concerns or complaints regarding this Privacy Policy, contact our DPO:

Name: Mihail Bashev 

Email: mihail@circle-economy.com

Phone: +359877190323 | +31642699788

© 2008-Present
Circle Economy Foundation
RSIN 850278983
Contact usAboutVacancies
Privacy policyTerms of useNews