📜 Privacy Policy — The Collective Company
Effective Date: May 4, 2025
1. Introduction
At The Collective Company (“we,” “us,” or “our”), protecting your privacy is central to our values. We are a privately owned, client-facing consultancy that does not engage in mass data operations, tracking, or data monetization. This Privacy Policy describes how we collect, use, store, and protect your personal information when you engage with our services or contact us via our website, email, or other channels.
This policy is designed to meet the expectations of our global clientele, including individuals, organizations, and institutions operating under U.S., EU, and other international privacy regimes. By choosing to contact us, you agree to the practices described in this policy.
2. Scope of This Policy
This Privacy Policy applies to:
- Visitors who contact us through our website, email, or social platforms.
- Prospective and current clients engaging our services.
- Any person whose information is submitted voluntarily through a form, inquiry, or digital communication.
This policy does not apply to third-party websites, embedded links, or platforms not controlled by The Collective Company.
3. What We Collect
We collect only the minimum personal data necessary to fulfill your request or provide services. This includes:
- Identity Information: Name, title, organization, affiliation
- Contact Information: Email address, phone number (if provided)
- Contextual Details: Message content, project-related information, areas of concern or interest
- Communication Metadata: Dates of contact, method of contact (e.g., email, form submission)
We do not collect:
- Cookies or analytics
- Device data or IP addresses
- Geo-location data
- Behavioral or psychographic profiling
- Sensitive personal data (e.g. political views, health, racial origin, religious beliefs)
We never collect information passively. You are always in control of what you choose to share.
4. Legal Basis for Processing (For EU/UK Residents)
For individuals subject to the General Data Protection Regulation (GDPR) or the UK GDPR, our legal bases for processing are:
- Consent – when you voluntarily submit information to us.
- Contractual necessity – when we need to process your information to fulfill a service.
- Legitimate interest – when storing data briefly for operational follow-up or dispute prevention, in a manner that does not override your rights.
We do not rely on “performance of a task in the public interest” or “automated decision-making.”
5. How We Use Your Information
We use your personal data for the following purposes:
- To acknowledge and respond to your inquiry.
- To engage in pre-contractual discussions.
- To deliver the services you have requested.
- To follow up regarding scope clarification, scheduling, or project deliverables.
- To retain minimal correspondence records as part of internal accountability or compliance.
We do not use your information for:
- Marketing emails or newsletters
- Ad retargeting
- Lead scoring or demographic segmentation
- Cold outreach unless you initiated contact
6. Data Retention
We retain personal data under the following conditions:
- Active Clients: Information is retained for the duration of the project and up to 24 months post-engagement for archival, follow-up, or accounting purposes.
- Unconverted Leads: If no project is initiated, we retain your information for no more than 30–90 days, unless we receive permission or further engagement from you.
- Data Deletion Requests: If at any time you request your information be deleted, we will do so promptly unless legally required to retain it (e.g., for tax or dispute purposes).
We never retain data to “build a list,” nor do we reuse prior inquiries for marketing campaigns or predictive modeling.
7. Data Storage & Security
We apply rigorous technical and organizational measures to protect the confidentiality, integrity, and availability of your data. These include:
- TLS/SSL encryption for all web-based communications
- AES-256 encryption on all stored local data
- Multi-factor authentication (MFA) for all internal access
- Zero-trust access controls — only essential personnel can view correspondence
- No third-party cloud services used to manage inquiries unless explicitly stated and vetted
Our digital systems are hosted in data centers that meet internationally recognized security standards (such as ISO 27001).
8. Data Sharing & Third Parties
We do not disclose your personal data to third parties except in the following limited circumstances:
- Email Infrastructure Providers: We may use secure and compliant services (e.g., ProtonMail, Google Workspace) to receive your messages. These providers do not access your message content unless legally compelled.
- Legal Obligations: If compelled by court order, subpoena, or regulatory inquiry, we may share data to comply with applicable laws.
- Professional Services: In rare cases, internal personnel (e.g., legal counsel, accountants) may access limited data for compliance purposes.
We do not sell, rent, broker, or license any information to any third party—ever.
9. Your Rights (Depending on Jurisdiction)
Depending on your location, you may have the following rights:
Under GDPR:
- The right to access, correct, or delete your data
- The right to restrict or object to processing
- The right to data portability
- The right to withdraw consent at any time
- The right to lodge a complaint with a supervisory authority
Under CCPA (California):
- The right to know what data is being collected
- The right to request deletion
- The right to opt out of sale (not applicable—we don’t sell data)
- The right to non-discrimination
To exercise any of these rights, please contact us at [email protected]. Requests will be addressed within 10 business days.
10. Children’s Privacy
The Collective Company does not knowingly collect or solicit personal data from children under the age of 16. If we become aware that we have inadvertently received such information, we will delete it immediately.
11. International Data Transfers
We are based in the United States. By interacting with our site or services from outside the U.S., you acknowledge that your information may be processed and stored in U.S. jurisdictions, which may not have equivalent data protection laws. We take appropriate measures to ensure safe cross-border transfers, including limiting storage duration and scope.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in legal requirements or our practices. All updates will be posted on this page with the revised effective date.
13. Contact
For questions, requests, or complaints regarding your data or this Privacy Policy, please contact:
The Collective Company
📧 Email: [email protected]
🌐 Website: www.thecollective.company