Privacy policy
Last Updated: June 15, 2026
At The Ecofeminist Institute, we are committed to protecting your privacy and processing your personal data in a transparent, secure manner.
This Privacy Policy outlines how we collect, use, store, and share your personal data in strict compliance with the EU General Data Protection Regulation (GDPR) and applicable local data protection laws.
By using our educational programs, consultancy services, and website, you acknowledge the data practices described in this policy.
1. Data Controller and Contact Information
The Ecofeminist Institute acts as the Data Controller for the personal data processed under this policy.
Data Protection Contact: For any queries regarding your data rights, please contact [email protected]
2. Personal Data We Collect, Purposes, and Lawful Basis
In accordance with Article 6 of the GDPR, we only process your personal data when we have a valid legal basis. We collect and process the following categories of information:
Identity & contact data
Data Points: Name, email address, telephone number, and professional organization or affiliation.
Purpose of Processing: To respond to your direct inquiries, process registration for educational modules, and manage ongoing consulting agreements.
Usage & Technical Data
Data Points: IP address, browser type, operating system, localized time zone, browsing history, and engagement metrics with our web content.
Purpose of Processing: To analyze website performance, optimize user interfaces, diagnose server issues, and maintain data security systems.
Marketing & communications data
Data Points: Newsletter preferences, email subscription status, and explicit opt-in preferences for research publications.
Purpose of Processing: To deliver educational updates, institute insights, and event notifications.
3. Data Sharing and Third-Party Transfers
We do not sell, rent, or trade your personal data. We only share your information with trusted third parties under the following strict conditions:
Service providers: We engage trusted processors (such as secure cloud storage hosts, newsletter dispatch systems, and internal IT infrastructure applications) who handle data strictly under our documentation and are bound by Data Processing Agreements (DPAs) pursuant to Article 28 GDPR.
Legal Obligations: We may disclose data if legally required to do so by EU law or member state judiciary mandates.
International Data Transfers
If personal data must be transferred outside the European Economic Area (EEA), we guarantee an equivalent level of security. This is achieved by ensuring at least one of the following criteria is met:
The target country is officially recognized by the European Commission as providing an adequate level of data protection.
The transfer is protected by standard contractual clauses (SCCs) approved directly by the European Commission.
4. Data Security
We implement technical and organizational security protocols to safeguard your data against accidental loss, unauthorized access, altering, or disclosure. These metrics include:
Enforced data encryption protocols in transit (SSL/TLS) and at rest.
Strict internal access controls, ensuring data is only visible to authorized personnel who need it to execute their professional responsibilities.
Regular functional testing and performance reviews of our digital security infrastructure.
5. Data Retention
We retain your personal data only for as long as necessary to fulfill the processing purposes outlined above, including the satisfaction of any legal, administrative, accounting, or reporting guidelines.
Consultancy & Educational Client Data:
Retained for the active duration of the contract, plus the standard statutory limitation period for local legal claims.
Marketing & Subscription Data:
Retained continuously until you actively withdraw your consent, opt out, or unsubscribe.
Technical Server Logs:
Retained for a brief operational window, typically between 30 to 90 days, before being systematically overwritten or anonymized.
6. Cookies and Tracking Technologies
Our website uses cookies to distinguish you from other visitors, ensuring smooth site performance and data metrics analysis.
Essential Cookies: Required for basic site navigation and core security features (processed via Legitimate Interest).
Analytics Cookies: Used to observe user traffic patterns and structural interactions (processed only if you give explicit Consent via our web cookie banner).
You retain full authority to modify your browser configurations to systematically decline cookies, though this may restrict certain website capabilities.
7. Your Statutory Rights Under the GDPR
As a data subject located within the European Union, you possess comprehensive rights regarding your personal information under Articles 15-22 of the GDPR:
Right of Access (Art. 15): Request an itemized statement and copy of the personal data we hold on your profile.
Right to Rectification (Art. 16): Request immediate modification or corrections of inaccurate or incomplete information.
Right to Erasure / "Right to be Forgotten" (Art. 17): Request total deletion of your personal data when processing is no longer required by law or contract.
Right to Restriction of Processing (Art. 18): Request that we halt active processing of your data while keeping it securely archived.
Right to Data Portability (Art. 20): Request the extraction and transfer of your data to yourself or a separate vendor in a structured, machine-readable format.
Right to Object (Art. 21): Object directly to processing tasks built on legitimate interests or direct marketing workflows.
Right to Withdraw Consent (Art. 7(3)): Revoke your consent at any time for tasks where consent was the baseline legal reason.
To exercise any of these permissions, please send a written request to our privacy desk. We are legally bound to address and complete your request within one calendar month of validation.
Right to Lodge a Complaint: If you believe our data handling methods infringe upon modern data regulations, you maintain the legal right to file a formal complaint with a competent supervisory authority, notably within the EU Member State of your permanent residence, your primary place of work, or the exact region of the alleged data infringement.
8. Changes to This Policy
We review and refine this Privacy Policy periodically to maintain alignment with changing operational models and EU legal landscapes. Any structural modifications will be updated on this page with an adjusted revision timestamp.
