Privacy Policy

Back to Home
Privacy Policy - Circular Retail Group
Effective Date: June 8, 2026
Last Updated: June 22, 2026Circular Retail Group (“Company,” “we,” “us,” or “our”) is committed to protecting the privacy, confidentiality, and security of personal data and business information entrusted to us. This Privacy Policy explains how we collect, use, disclose, and safeguard information in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”), as amended by the CPRA.By accessing our website or engaging our services, you acknowledge the terms of this Privacy Policy.1. Scope of This PolicyThis Privacy Policy applies to:Our website(s), landing pages, and digital propertiesConsulting, advisory, and operational engagementsResearch, benchmarking, audits, and assessmentsCommunications via email, forms, or electronic systemsEvents, reports, and client interactionsThis Policy applies to clients, prospective clients, vendors, partners, and website visitors.2. Information We CollectWe collect information necessary to deliver consulting, operational, and analytical services.2.1 Business and Operational DataOrganization name and structureStore-level operational data (sales, inventory flow, donations, processing metrics)Supply chain, logistics, and sourcing dataWorkforce and staffing data (non-sensitive business context)Financial and performance KPIs shared during engagements2.2 Personal DataName, title, and professional roleBusiness email address and phone numberEmployer and organizational affiliationCommunication history and engagement records2.3 Technical DataIP address and device identifiersBrowser type and operating systemWebsite usage data and analyticsCookies and tracking technologiesWe do not intentionally collect “special categories of personal data” (GDPR Art. 9) unless explicitly required and consented to in a contractual engagement.3. Legal Bases for Processing (GDPR)Where GDPR applies, we process personal data under the following lawful bases:Contractual Necessity – to perform consulting and advisory servicesLegitimate Interests – to operate, improve, and secure our businessConsent – where explicitly obtained (e.g., marketing communications)Legal Obligation – compliance with applicable laws and regulationsWe ensure that legitimate interests do not override data subject rights.4. How We Use InformationWe use collected data for the following purposes:Delivery of consulting and advisory servicesOperational benchmarking and performance analysisDevelopment of industry insights and research reportsClient communication and relationship managementProcess optimization and system design supportWebsite analytics and service improvementLegal, regulatory, and compliance obligationsWe do not sell personal data.5. Disclosure of InformationWe disclose information only under limited and controlled circumstances:5.1 Service Providers (Processors)We may share data with third-party processors (e.g., cloud providers, CRM platforms, analytics tools) strictly for service delivery under contractual confidentiality obligations.5.2 Client AuthorizationData may be shared with explicit client consent for benchmarking, reporting, or collaborative initiatives.5.3 Legal RequirementsWe may disclose data if required by law, subpoena, regulatory request, or legal process.5.4 Aggregated / De-Identified DataWe may use anonymized and aggregated data for:Industry benchmarkingMarket researchCircular economy insightsSuch data cannot reasonably identify individuals or organizations.6. Data RetentionWe retain data only for as long as necessary to:Fulfill contractual and advisory obligationsMaintain operational records and benchmarking continuityComply with legal, tax, and regulatory requirementsUpon request, and where legally permissible, data may be deleted or anonymized.7. International Data Transfers (GDPR Compliance)Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards, including:Standard Contractual Clauses (SCCs) approved by the European CommissionData processing agreements with vendorsReasonable technical and organizational safeguards8. Your Rights Under GDPRIf you are located in the European Economic Area, you have the right to:Access your personal dataRequest correction of inaccurate dataRequest deletion (“Right to be Forgotten”)Restrict or object to processingData portabilityWithdraw consent at any time (where applicable)Lodge a complaint with a supervisory authorityTo exercise these rights, contact us using the details in Section 14.9. Your Rights Under CCPA/CPRA (California Residents)If you are a California resident, you have the following rights:9.1 Right to KnowYou may request disclosure of:Categories of personal information collectedSources of personal informationBusiness purposes for collectionCategories of third parties with whom data is shared9.2 Right to DeleteYou may request deletion of personal information, subject to legal exceptions.9.3 Right to CorrectYou may request correction of inaccurate personal information.9.4 Right to Opt-Out of Sale or SharingWe do not sell personal information or share it for cross-context behavioral advertising.9.5 Right to Non-DiscriminationWe will not discriminate against you for exercising your privacy rights.To exercise CCPA rights, contact us via Section 14.10. Data SecurityWe implement industry-standard safeguards, including:Role-based access controlsEncryption of data in transit and at rest where applicableSecure cloud infrastructureEmployee confidentiality obligationsInternal governance and audit proceduresNo system is fully secure; users acknowledge inherent risks in digital communications.11. Cookies and Tracking TechnologiesWe use cookies and similar technologies to:Improve website functionalityAnalyze usage patternsSupport performance optimizationUsers may disable cookies in browser settings, though some functionality may be affected.12. Data Ownership and Client ConfidentialityClients retain ownership of all proprietary business data. Circular Retail Group acts as a data processor and advisory partner unless otherwise specified in contractual agreements.We treat all client data as confidential and subject to strict internal access controls.13. Children’s PrivacyOur services are not directed to individuals under 18. We do not knowingly collect personal data from minors.14. Contact Information (Data Protection Requests)For privacy inquiries, rights requests, or data protection concerns:Circular Retail Group – Privacy Office
Email: [Insert Email Address]
Website: [Insert Website URL]We will respond to verified requests within the timeframes required under applicable law (typically 30–45 days depending on jurisdiction).15. Changes to This PolicyWe may update this Privacy Policy periodically. Updates will be posted on this page with a revised “Last Updated” date. Continued use of our services constitutes acceptance of any changes.