Privacy Policy

Your privacy is important

At the Circulate Initiative, we are committed to protecting and respecting your privacy. This privacy policy (Policy) explains when, why and which personal data we collect about people who visit our website, how we use it, the conditions under which we may disclose it to others, and how we keep it secure.

We may change this Policy from time to time, so please check this page occasionally to ensure that you are happy with any changes. To access and use our website and resources, you must agree to this Policy.

 

GDPR

The General Data Protection Regulation (as amended from time to time, GDPR) is an important piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union. The regulation became effective and enforceable on the 25th of May 2018. The Circulate Initiative is fully committed to compliance with the GDPR.

 

Who are we?

The Circulate Initiative is a non-profit organization that works to solve the plastic pollution challenge and build circular and equitable economies across emerging markets. It delivers cutting-edge research, builds high-impact programs, and drives collective action with industry stakeholders including businesses, investors, and policymakers.

The controller of data processing is Circulate Initiative, Inc., a U.S. Registered 501(3)(c) organization with its registered address at 60 East 42nd Street, Suite 3130, New York, NY 10165.

Any questions and requests regarding this Policy, your rights and our privacy practices should be sent by email to hello@thecirculateinitiative.org.

 

Personal Data

“Personal data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

How do we collect personal data from you?

We obtain information about you when you use our website.

In particular, we obtain your personal data when you register on our website to use our resources or when you contact us about our programs and initiatives.

 

Which personal data do we collect?

For technical reasons, we are required to process certain data when you visit our website. This includes in particular:

  • IP address from which access was made
  • Date and time of access
  • Accessed URL
  • Name of the website from which you entered our website
  • Operating system and browser type (user-agent)
  • Type of your (mobile) device

 

We use all of this information to analyze trends among our users to help improve our website.

The use of our resources requires personal registration. The following personal data is collected at the sign up:

  • Email address
  • Password for the system login (stored encrypted)
  • First Name
  • Last Name
  • Organization
  • Job Title

 

Use of ‘cookies’

Our website uses “cookies” to identify the areas of our website that you have visited. A cookie is a small piece of data stored on your computer or mobile device by your web browser.

We use cookies to personalize the content that you see on our website. It is your decision whether you accept or reject the cookies.

  • Our website uses the following cookies. Please note their scope and functionality below: First-party cookies to track website usage data for Google Analytics (GA4);
  • Auth0 to identify registered users;
  • Cookie to obtain user session data for Microsoft Clarity’s tracking code.

 

Consent to cookies can be withdrawn at any time (see also our Cookie Policy). Please note that if you reject cookies, some functions of the website may not work as intended.

 

How is your personal data used?

We may use your personal data to:

  • carry out our obligations arising from any contracts entered into by you and us;
  • deal with entries into a competition;
  • seek your views or comments on the services we provide;
  • ask you to provide a testimonial for the services we provide;
  • notify you of changes to our services;
  • send you communications which you have requested and that may be of interest to you;
  • monitor for further analysis;
  • carry out marketing activities.

 

These may include information and updates on The Circulate Initiative or promotions of our associated companies’ goods and services.

 

How long do we store your personal data?

We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.

Personal data collected during registration (e.g. e-mail, name, job title) will be stored until you delete your account. You can delete your account (including all data) here at any time. By ticking the box with the option “I wish to discontinue my access to The Circulate Initiative’s tools and resources” and confirming, your account and data is deleted from our system.

 

On which legal basis do we process personal data?

Consent: Apart from the technically necessary personal data collected, the data is processed solely on the basis of your consent. You have the right to withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

Legitimate interests: The collection of certain personal data (e.g. the IP address or the access protocol) and the setting of technically necessary cookies and the associated processing of personal data is carried out to preserve our legitimate interest in offering a technically appropriate presentation and use of our website.

 

Security precautions in place to protect the loss, misuse or alteration of your information

When you are on a secure page, a lock icon will appear at the top of common web browsers.

Please note that security can never be 100% guaranteed. As a result, while we strive to protect your personal information (e.g. by providing a secure connection and using common protection against malware and hacking attacks), we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.

Where we have given (or where you have chosen) a password that enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

 

Who has access to your information?

We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.

Third-party service providers working on our behalf: We may pass your information to our third-party service providers, agents, subcontractors, and other associated organizations for the purposes of completing tasks and providing services to you on our behalf (for example to send you mailings). However, when we use third-party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties beyond Achieve Unlimited for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.

We use the following third-party services (please also see the section “third party tracking tools” below):

  • Auth0 is a cyber security and authentication application provided by Auth0, LLC 100 First Street, Floor 6 San Francisco, CA 94105, San Francisco, CA 94107, a subsidiary of Okta, Inc. We use Auth0 to securely manage user authentication and login processes. While using this service, personal data such as email address, IP address, and login information may be processed and transmitted to Auth0. Data transfer to the USA is possible and cannot be ruled out.
  • SendGrid is a tool we use to send automatic emails, such as confirmations, notifications, or password resets. Therefore personal data such as your email address, name (if provided), and technical metadata (e.g. IP address, time of delivery, open and click rates) are transmitted and processed; data transfer to the USA is possible and cannot be ruled out. SendGrid is provided by Twilio Inc., 101 Spear St FL 5, San Francisco, CA 94105.

 

Please note that the European Court of Justice does not consider the USA to have an adequate level of data protection. Although we commit ourselves and strive to comply fully with the GDPR, you may not have any effective legal remedies as defined in the GDPR if your data is subject to access by US authorities for monitoring and surveillance purposes.

We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganization, or if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our supporters and customers. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.

 

Third-party tracking tools

We also use third-party tracking tools to improve the performance and features of our website. These third-party tracking tools are designed to collect mainly technical Information about your use of our website, such as your IP-Address, date and time of access etc. However, you understand that such tools are created and managed by parties outside our control. As such, we are not responsible for what information is actually captured by such third parties or how such third parties use and protect that information.

We use the following third-party tracking tools:

  • Google Analytics is a web analytics service that monitors and analyzes the usage of our website in order to improve it. For users with usual residence in the European Economic Area or Switzerland, Google Analytics is offered by Google Ireland Limited, based in Gordon House, Barrow Street, Dublin 4, Ireland, otherwise (including for the UK) the service is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In any case, data transfer to the USA is possible and cannot be ruled out.
  • Microsoft Clarity is an application we use to capture how people are using our website. Microsoft Clarity records the interactions on our website, e.g. how the page is rendered, interactions such as mouse movements, clicks, scrolls, etc. The application is provided by Microsoft Corporation, 1 Microsoft Way, Redmont WA 98052. Data transfer to the USA is possible and cannot be ruled out.

 

You can opt-out of Google Analytics for display advertising by visiting the Google Ads settings page. Google also recommends installing the Google Analytics Opt-out Browser Add-on for your browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.

 

Your choices

You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about our products and services or you prefer that we not hold certain types of information, then you can select your choices by ticking the relevant boxes situated on the form on which we collect your information.

We will not contact you for marketing purposes by email, phone, or text message unless you have given your prior consent. You can change your contact preferences at any time by contacting us by email: hello@thecirculateinitiative.org.

 

How you can access and update your information

The accuracy of your information is important to us. We are working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change your email address or any of the other information we hold is inaccurate or out of date, please email us.

 

Links to other websites

Our website may contain links to other websites run by other organizations. This privacy policy applies only to our website, so we encourage you to read the privacy statements on those other websites.

In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third-party site.

 

Children under the age of 16

We are also concerned about protecting the privacy of children below the age of 16. If you are below the age of 16‚ consent must be given or authorised by the holder of parental responsibility.

 

Your rights under the GDPR

As a subject of this data processing, you have the following rights:

  • Right of access (Art 15 GDPR): You have the right to obtain confirmation as to whether or not your personal data is being processed, and, where that is the case, access to the personal data and to further information, such as: the purposes of the processing, the categories of personal data concerned or the recipients or categories of recipient to whom the personal data have been or will be disclosed.
  • Right to rectification (Art 16 GDPR): You have the right to obtain the rectification of your personal data if it is inaccurate.
  • Right to erasure (‘right to be forgotten’) (Art 17 GDPR): You have the right to obtain the erasure of your personal data if they are no longer necessary for the purposes for which they were collected or otherwise processed, if you withdraw your consent to the processing, if the data processing was unlawful or if the erasure is necessary for other legal reasons.
  • Right to restriction of processing (Art 18 GDPR): You have the right to obtain restriction of processing if the accuracy of your personal data is contested, if the processing is unlawful and you request restriction instead of erasure, if we do not need your personal data for the purposes of processing, but you may require the personal data for the establishment, exercise or defense of legal claims.
  • Notification obligation regarding rectification or erasure of personal data or restriction of processing (Art 19 GDPR): We will communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
  • Right to data portability (Art 20 GDPR): You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller under certain legal circumstances.
  • Right to object (Art 21 GDPR): You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Art 6(1) (processing carried out in public interest or for purpose of our legitimate interests), including profiling based on those provisions.
  • Right to lodge a complaint with a supervisory authority (Art 77 GDPR).

 

Review of this policy

We keep this Policy under regular review. This Policy was last updated in December 2025.