Privacy Policy

Personal Data We Collect

• Contact Information: Name, email address, phone number, company name, and job title when provided through contact forms or consultation requests
• Communication Data: Messages, inquiries, and correspondence related to our services and support interactions
• Technical Data: IP address, browser type, device information, and website usage patterns for analytics and security purposes
• Project Data: Information about business requirements, goals, and challenges shared during consultation and project planning phases

How Data is Collected

• Contact Forms: Information voluntarily provided when submitting consultation requests or inquiries through our website
• Cookies and Analytics: Website usage data collected through Google Analytics and similar technologies with your consent
• Direct Communication: Information shared during phone calls, video conferences, email exchanges, and project meetings
• Project Documentation: Business information and requirements gathered during service delivery and consulting engagements

Legal Basis for Data Processing

• Consent: Processing based on explicit consent for marketing communications and non-essential cookies
• Contract Performance: Processing necessary for delivering requested services and fulfilling contractual obligations
• Legitimate Interest: Processing for business development, service improvement, and fraud prevention purposes
• Legal Compliance: Processing required to comply with applicable laws, regulations, and professional standards

Data Retention Periods

• Contact Inquiries: Retained for 24 months from last contact or until consent is withdrawn
• Project Data: Retained for 7 years after project completion for professional record-keeping requirements
• Analytics Data: Anonymized and aggregated data retained for statistical analysis and service improvement
• Marketing Communications: Retained until unsubscribe request or consent withdrawal

How Personal Data is Used

• Service Delivery: Providing consultation, project management, and revenue operations services as requested
• Communication: Responding to inquiries, providing project updates, and maintaining professional correspondence
• Business Development: Understanding client needs, developing service offerings, and improving our expertise
• Quality Assurance: Monitoring service quality, gathering feedback, and implementing improvements

Data Sharing with Third Parties

• Service Providers: Cloud hosting, email services, and analytics platforms that support our operations under strict data processing agreements
• Professional Partners: Specialized consultants or technology providers when necessary for project delivery, with your explicit consent
• Legal Requirements: Government authorities or legal entities when required by applicable laws or court orders
• No Commercial Sale: We never sell, rent, or trade personal data to third parties for commercial purposes

Marketing Communications

• Consent-Based: Marketing emails and newsletters are sent only with explicit consent and include easy unsubscribe options
• Educational Content: Industry insights, best practices, and service updates relevant to revenue operations professionals
• Frequency Control: Reasonable communication frequency with options to customize preferences or opt out entirely
• Segmentation: Targeted communications based on expressed interests and professional relevance

Analytics and Website Improvement

• Usage Analytics: Understanding website traffic patterns, popular content, and user behavior to improve our online experience
• Performance Monitoring: Tracking website performance, loading times, and technical issues to ensure optimal functionality
• Content Optimization: Analyzing which resources and information are most valuable to our visitors
• Security Monitoring: Detecting and preventing potential security threats and unauthorized access attempts

Security Measures in Place

• Technical Safeguards: SSL encryption, secure hosting infrastructure, and regular security updates to protect data in transit and at rest
• Administrative Controls: Limited access to personal data on a need-to-know basis, staff training on data protection principles
• Physical Security: Secure facilities, protected workstations, and controlled access to systems containing personal data
• Vendor Management: Due diligence on service providers, data processing agreements, and regular security assessments

Data Encryption and Storage

• Encryption Standards: Industry-standard encryption protocols for data transmission and storage, including TLS 1.3 for web communications
• Secure Storage: Personal data stored in secure, access-controlled environments with regular backup and recovery procedures
• Data Minimization: Collection and retention of only necessary personal data for specified, legitimate business purposes
• Geographic Controls: Data processing within the EU/EEA region with appropriate safeguards for any international transfers

Access Controls and Monitoring

• Role-Based Access: Personal data access limited to authorized personnel based on job responsibilities and project requirements
• Authentication: Multi-factor authentication and strong password policies for all systems containing personal data
• Activity Logging: Comprehensive logging of data access and processing activities for audit and security monitoring purposes
• Regular Reviews: Periodic access reviews, security assessments, and updates to protection measures

Breach Notification Procedures

• Detection Systems: Monitoring tools and procedures to detect potential security incidents and data breaches promptly
• Response Protocol: Documented incident response procedures including containment, assessment, and remediation steps
• Regulatory Reporting: Notification to supervisory authorities within 72 hours of breach discovery, where required by law
• Individual Notification: Direct notification to affected individuals when breach poses high risk to their rights and freedoms

Right to Access Personal Data

You have the right to request confirmation of whether we process your personal data and, if so, to receive a copy of that data along with information about how it is being used. We will respond to access requests within 30 days of receipt.

Right to Rectification and Erasure

You can request correction of inaccurate personal data or completion of incomplete data. You also have the right to request deletion of your personal data under certain circumstances, including when it is no longer necessary for the original purpose or when you withdraw consent.

Right to Data Portability

Where technically feasible, you can request to receive your personal data in a structured, commonly used, and machine-readable format, or request that we transmit this data directly to another controller.

Right to Object to Processing

You have the right to object to processing of your personal data for direct marketing purposes or where processing is based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

How to Exercise These Rights

To exercise any of these rights, contact us using the details provided at the top of this policy. We may request additional information to verify your identity before processing your request. There is no fee for most requests, unless they are manifestly unfounded or excessive.