1. Introduction
Riveran ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website (www.riveran.org), engage with our marketing communications, or interact with us during the ordinary course of business.
This policy is designed to comply with the General Data Protection Regulation (GDPR) and applicable local data protection laws. For the purposes of the GDPR, Riveran acts as the Data Controller.
If you have any questions or wish to exercise your data protection rights, please contact us at: hello@riveran.org.
2. The Data We Collect
We may collect, use, store, and transfer different kinds of personal data about you, categorized as follows:
- Identity Data: Name, surname, professional title, and company name.
- Contact Data: Email address, telephone number, business address, and social media handles.
- Technical Data: Internet Protocol (IP) address (anonymized), browser type and version, time zone setting and location, browser plug-in types, operating system and platform, and other technology on the devices you use to access this website.
- Usage Data: Information about how you use our website and services.
- Marketing and Communications Data: Your preferences in receiving marketing from us and your selected topics of interest.
3. How We Collect Your Data
We use different methods to collect data from and about you, including:
- Direct Interactions: You provide your Identity and Contact Data by filling out forms on our website (such as "Contact Us" or newsletter sign-ups), exchanging business cards, or corresponding with us by email.
- Automated Technologies: As you interact with our website, we may automatically collect Technical and Usage Data. We collect this personal data by using cookies, server logs, and similar tracking technologies (subject to your explicit consent).
4. Legal Bases and Purposes for Processing
We will only use your personal data when the law allows us to. Most commonly, we rely on the following legal bases under Article 6 of the GDPR:
| Purpose / Activity | Type of Data | Lawful Basis for Processing |
|---|---|---|
| To administer and protect the website (troubleshooting, data analysis, system maintenance, security) | Identity, Contact, Technical | Legitimate Interests (Art. 6(1)(f) GDPR) — ensuring our IT services and website remain secure and functional. |
| To deliver relevant website content and measure the effectiveness of our online presence | Technical, Usage | Consent (Art. 6(1)(a) GDPR) — via our cookie management banner. |
| To respond to inquiries, send requested proposals, or manage our relationship with potential clients | Identity, Contact, Marketing | Performance of a Contract (Art. 6(1)(b) GDPR) or Legitimate Interests to foster professional business relationships. |
| To send newsletters and marketing updates | Identity, Contact, Marketing | Consent (Art. 6(1)(a) GDPR) — obtained via explicit opt-in forms. |
5. Cookie Management and Tracking Technologies
Our website uses cookies and web beacons to distinguish you from other users and analyze aggregate metrics.
- Strictly Necessary Cookies: Processed under Legitimate Interest to run the site securely.
- Analytical/Performance Cookies (Google Analytics): We use Google Analytics with IP Anonymization enabled. These tools track behavior anonymously. They are only activated if you click "Accept All" or opt in via our cookie consent banner.
You can change your cookie preferences at any time through our website's consent tool or by adjusting your browser settings to reject cookies.
6. Data Retention
We will retain your personal data only for as long as reasonably necessary to fulfill the purposes for which we collected it, including satisfying any legal, regulatory, tax, accounting, or reporting requirements.
- Marketing Leads and Subscribers: We retain your Contact Data until you withdraw your consent or unsubscribe. In the absence of active engagement, your data will be safely archived or deleted after 3 years from the last documented interaction.
- Technical Logs: Website access logs are automatically overwritten or deleted within 30 days, unless required for a security investigation.
7. International Data Transfers
To provide our services and manage our website, we utilize third-party platforms whose infrastructure may be located outside the European Economic Area (EEA), such as Google and GitHub in the United States.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We transfer data to countries deemed by the European Commission to provide an adequate level of protection for personal data.
- We utilize specific transfer mechanisms approved by the European Commission, alongside supplementary technical and organizational security measures, to ensure that data subjects enjoy enforceable rights and effective legal remedies.
8. Data Security
We have implemented appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, contractors, and partners who have a legitimate business need to know.
9. Your Legal Rights
Under the GDPR, you have rights you can exercise completely free of charge regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of incomplete or inaccurate data.
- Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data under specific conditions.
- Right to Restrict Processing: Request that we suspend the processing of your data.
- Right to Data Portability: Request the transfer of your data to you or a third party in a structured, machine-readable format.
- Right to Object: Object to the processing of your data where we rely on Legitimate Interest or use it for direct marketing.
- Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time (e.g., via the "Unsubscribe" link in our emails).
To exercise any of these rights, please contact us at hello@riveran.org.
If you feel your data has not been handled correctly, you have the right to lodge a complaint with your local Data Protection Supervisory Authority within the EU. We would, however, appreciate the opportunity to address your concerns before you approach the authority, so please contact us first.
10. Changes to This Policy
We reserve the right to update this Privacy Policy to reflect operational, legal, or regulatory changes. The "Last Updated" date below will indicate the latest revision. We encourage you to review this policy periodically.