PRIVACY POLICY

PRIVACY POLICY

Regulation (EU) 2016/679 — GDPR

www.gendergaze.com

Last updated: April 2026

 

1. Identity of the Data Controller

Controller: GenderGaze

Website: www.gendergaze.com

Email: info@gendergaze.com

Registered address: Fernada Nissens 3F OSLO NORWAY

GenderGaze is a consultancy specialising in gender equality, diversity, and inclusion in professional and organisational environments. This Privacy Policy explains how we collect, use, store, and protect your personal data, in full compliance with Regulation (EU) 2016/679 (“GDPR”) and applicable national legislation.

 

2. Personal Data We Collect

Depending on the way you interact with our Website, we may collect the following categories of personal data:

2.1 Data you provide directly

  • Full name
  • Email address
  • Phone number
  • Organisation or job title (if provided)
  • Content of messages submitted via contact forms or enquiry requests

2.2 Data collected automatically

  • IP address and approximate geolocation
  • Browser type and operating system
  • Pages visited and time spent on the Website
  • Referring URLs

We do not collect special categories of personal data (such as health data, ethnic origin, or biometric data) through this Website. If any such data is shared voluntarily in a message, it will be treated with the highest level of protection.

 

3. Purposes and Legal Bases for Processing

We process your personal data only for specified, explicit, and legitimate purposes, in accordance with Article 5 GDPR. The table below sets out each processing activity, its purpose, and the corresponding legal basis under Article 6 GDPR:

Responding to enquiries — Legal basis: Consent (Art. 6(1)(a)) and/or Legitimate interest (Art. 6(1)(f))

Managing service requests and proposals — Legal basis: Pre-contractual measures / performance of a contract (Art. 6(1)(b))

Sending professional information about our services — Legal basis: Consent (Art. 6(1)(a)) — only where you have opted in

Compliance with legal obligations — Legal basis: Legal obligation (Art. 6(1)(c))

Improving Website performance and security — Legal basis: Legitimate interest (Art. 6(1)(f))

Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.

 

4. Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, in accordance with Article 5(1)(e) GDPR:

  • Contact enquiries: retained for up to 2 years from the date of last communication, unless an ongoing professional relationship exists
  • Client data: retained for the duration of the contractual relationship and for up to 5 years thereafter, or as required by applicable legal or tax obligations
  • Newsletter subscriptions: retained until you withdraw consent or unsubscribe
  • Website usage data (analytics): retained in anonymised or aggregated form in accordance with the applicable tool’s retention settings

At the end of the applicable retention period, data will be securely deleted or anonymised.

 

5. Recipients and Data Transfers

5.1 Internal access

Access to personal data is restricted to GenderGaze staff and authorised collaborators who require it to perform their professional duties, bound by confidentiality obligations.

5.2 Third-party processors

We may share your data with trusted service providers who act as data processors on our behalf, including:

  • Hosting and cloud infrastructure providers
  • Email delivery and communication platforms
  • Analytics tools (where applicable and subject to your cookie consent)
  • CRM or client management software

All processors are engaged under GDPR-compliant Data Processing Agreements (Art. 28 GDPR).

5.3 International transfers

Where personal data is transferred outside the European Economic Area (EEA), GenderGaze ensures that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) adopted by the European Commission, or that the transfer is to a country with an adequacy decision under Article 45 GDPR.

5.4 Disclosure required by law

We may disclose personal data to competent authorities or courts where required to do so by applicable law, regulation, or court order.

 

6. Your Rights Under GDPR

Under Articles 15–22 of the GDPR, you have the following rights with respect to your personal data:

  • Right of access — to obtain a copy of the personal data we hold about you (Art. 15)
  • Right to rectification — to request correction of inaccurate or incomplete data (Art. 16)
  • Right to erasure (“right to be forgotten”) — to request deletion of your data where there is no longer a lawful basis for processing (Art. 17)
  • Right to restriction of processing — to request that we limit how we use your data in certain circumstances (Art. 18)
  • Right to data portability — to receive your data in a structured, machine-readable format (Art. 20)
  • Right to object — to object to processing based on legitimate interests or for direct marketing (Art. 21)
  • Right to withdraw consent — where processing is based on consent, to withdraw it at any time without retroactive effect
  • Right not to be subject to solely automated decisions — including profiling, where it produces significant effects (Art. 22)

To exercise any of these rights, please contact us at:

Email: info@gendergaze.com

We will respond within 30 days of receiving your request. No fee applies unless the request is manifestly unfounded or excessive.

If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection supervisory authority. In Spain: Agencia Española de Protección de Datos (AEPD) — www.aepd.es

 

7. Security Measures

GenderGaze implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 GDPR. These include:

  • Encrypted data transmission via HTTPS/TLS
  • Access controls and authentication for internal systems
  • Regular review of data handling procedures
  • Staff confidentiality obligations

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, GenderGaze will notify the competent supervisory authority within 72 hours and, where required, will inform affected individuals without undue delay.

 

8. Cookies

Our use of cookies and similar technologies is governed by our Cookie Policy, available at: www.gendergaze.com/cookie-policy

Non-essential cookies are only activated with your prior, freely given, specific, informed, and unambiguous consent, in accordance with the ePrivacy Directive and GDPR.

 

9. Children’s Privacy

This Website is not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a child, please contact us at info@gendergaze.com and we will delete it promptly.

 

10. Changes to This Privacy Policy

GenderGaze reserves the right to update this Privacy Policy at any time to reflect changes in applicable legislation, regulatory guidance, or our data processing activities. The date of the latest revision appears at the top of this document.

For material changes, we will provide notice on the Website. Continued use of the Website following notification of changes constitutes acceptance of the updated Policy.

 

11. Contact

GenderGaze — Data Controller

Email: info@gendergaze.com

Website: www.gendergaze.com/contact-us

 

© 2026 GenderGaze — All rights reserved.