Circular Intelligence Association - Privacy Policy

Effective Date: 1 January 2026 | Version 1.0

1. Introduction

The Circular Intelligence Association ("CIA", "we", "us", or "our") is a not-for-profit organisation (A.S.B.L.) registered in Belgium, headquartered at 35 rue du Congrès, 1000 Brussels. We are committed to protecting the privacy and personal data of all individuals who interact with our website, services, and membership programmes.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights as a data subject under the EU General Data Protection Regulation (GDPR) and applicable Belgian data protection law.

By using our website at www.circularintel.org or engaging with our services, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

• Circular Intelligence Association (A.S.B.L.)

• 35 rue du Congrès, 1000 Brussels, Belgium

• Email: info@circularintel.org

• Website: www.circularintel.org

3. Personal Data We Collect

We collect the following categories of personal data:

3.1 Data You Provide Directly

• Contact information: name, email address, phone number, job title, and organisation name, provided via our contact form or membership application.

• Membership data: details submitted during registration, including organisational type, size, and sector.

• Payment information: billing details processed for membership fees (handled via secure third-party payment processors; we do not store full payment card data).

• Correspondence: emails, enquiries, or other communications you send to us.

3.2 Data Collected Automatically

• Technical data: IP address, browser type and version, operating system, referring URL, and pages visited on our website.

• Usage data: time spent on pages, links clicked, and navigation patterns.

• Cookies and similar technologies: as described in Section 8 of this Policy.

4. Legal Bases for Processing

We process your personal data on the following legal bases under GDPR Article 6:

• Contractual necessity (Art. 6(1)(b)): to manage your membership, deliver services, and fulfil obligations under our membership agreement.

• Legitimate interests (Art. 6(1)(f)): to operate and improve our website, communicate relevant updates, and facilitate network activities — where these interests are not overridden by your rights.

• Consent (Art. 6(1)(a)): where you have explicitly opted in to receive newsletters, intelligence briefings, or marketing communications. You may withdraw consent at any time.

• Legal obligation (Art. 6(1)(c)): where processing is required to comply with applicable law, including Belgian non-profit law and EU regulations.

5. How We Use Your Personal Data

We use your personal data for the following purposes:

• Processing and managing membership applications and renewals.

• Delivering services including compliance support, intelligence briefings, and participation in projects and events.

• Facilitating networking and collaboration within the CIA member community.

• Sending relevant communications including news, event invitations, regulatory updates, and intelligence briefings (where consented).

• Processing payments and maintaining financial records.

• Improving our website, services, and member experience.

• Responding to enquiries and providing support.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We may share your data with trusted third parties only in the following circumstances:

• Service providers: IT and hosting providers, payment processors, email platforms, and analytics services that support the operation of our website and services. These processors act under data processing agreements and may not use your data for their own purposes.

• Partner organisations and EU-funded projects: where you have joined a collaborative project or pilot (e.g., under Horizon Europe), relevant contact details may be shared with project partners for coordination purposes.

• Legal and regulatory authorities: where required by law, court order, or to protect the rights and safety of CIA or its members.

• Member directory: your organisation name and sector may be visible to other members on the CIA collaboration platform, unless you request otherwise.

7. International Data Transfers

CIA is based in Belgium and primarily processes data within the European Economic Area (EEA). Where data is transferred outside the EEA — for example, through international project partners or cloud service providers — we ensure appropriate safeguards are in place, such as the European Commission's Standard Contractual Clauses (SCCs) or an adequacy decision.

8. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. These include:

• Essential cookies: required for the basic functioning of the website (e.g., session management, shopping cart for membership payments).

• Analytics cookies: used to understand how visitors use our site (e.g., pages visited, traffic sources). These are only activated with your consent.

• Preference cookies: to remember your settings and preferences across visits.

You can manage or withdraw your cookie consent at any time via your browser settings or our cookie consent tool. Disabling non-essential cookies will not affect your ability to use our website.

9. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy, or as required by law:

• Membership data: retained for the duration of membership and for up to 5 years after termination for legal and accounting purposes.

• Contact enquiries: retained for up to 2 years unless the relationship develops into membership or a service engagement.

• Website analytics: aggregated data retained for up to 26 months.

• Marketing communications: retained until you unsubscribe or withdraw consent.

10. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

• Right of access: to obtain a copy of the personal data we hold about you.

• Right to rectification: to request correction of inaccurate or incomplete data.

• Right to erasure: to request deletion of your data where there is no legitimate reason for us to continue processing it.

• Right to restriction: to request that we limit processing of your data in certain circumstances.

• Right to data portability: to receive your data in a structured, machine-readable format.

• Right to object: to object to processing based on legitimate interests or for direct marketing purposes.

• Right to withdraw consent: at any time where processing is based on consent, without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at info@circularintel.org. We will respond within 30 days. You also have the right to lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit) at www.dataprotectionauthority.be.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. These include encrypted data transmission (HTTPS), access controls, and regular security reviews. However, no method of internet transmission is completely secure, and we cannot guarantee absolute security.

12. Children's Privacy

Our website and services are intended for professionals and organisations. We do not knowingly collect personal data from individuals under the age of 16. If you believe we have inadvertently collected such data, please contact us immediately and we will take steps to delete it.

13. Third-Party Links

Our website may contain links to external websites, including those of partner organisations or EU-funded projects. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party websites you visit.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify members of material changes via email and will update the effective date at the top of this document. We encourage you to review this Policy periodically.

15. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact:

• Circular Intelligence Association