GDPR POLICY

GDPR Policy

Effective Date: February 28, 2025

At NeuroThinking Institute ("NeuroThinking", "we", "our", or "us"), we are committed to protecting the privacy and personal data of our users. This General Data Protection Regulation (GDPR) Policy outlines our commitment to compliance with the GDPR and how we collect, process, and safeguard personal data.

1. Scope

This policy applies to all personal data processed by NeuroThinking Institute, including data collected from visitors to our website (Neuro-thinking.com), clients, partners, and service providers located in the European Union (EU) or the European Economic Area (EEA).

2. Principles of Data Processing

NeuroThinking Institute adheres to the following principles when processing personal data:

  • Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and transparently.
  • Purpose Limitation: We collect data for specified, explicit, and legitimate purposes.
  • Data Minimization: We collect only the data necessary for the intended purpose.
  • Accuracy: We keep data accurate and up to date.
  • Storage Limitation: We retain data only for as long as necessary for the purposes for which it was collected.
  • Integrity and Confidentiality: We use appropriate security measures to protect personal data.

3. Legal Basis for Processing

We process personal data based on one or more of the following legal grounds:

  • Consent: When users provide explicit consent to process their data.
  • Contractual Necessity: When data processing is necessary for contract performance.
  • Legal Obligation: When processing is required to comply with legal requirements.
  • Legitimate Interests: When processing is necessary for our legitimate business interests, provided it does not override the individual’s rights and freedoms.

4. Data We Collect

We may collect the following types of personal data:

  • Contact details (name, email, phone number)
  • Account information (username, password)
  • Payment details (processed securely through third-party providers)
  • Website usage data (IP address, cookies, analytics tracking)

5. Data Subject Rights

Under GDPR, users have the following rights:

  • Right to Access: Request a copy of personal data we hold.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of personal data under certain conditions.
  • Right to Restriction: Request limitation on data processing.
  • Right to Data Portability: Request transfer of data to another service provider.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time when processing is based on consent.

To exercise any of these rights, please contact us at info@neuro-thinking.com.

6. Data Transfers

If personal data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or other approved mechanisms.

7. Data Security

We implement industry-standard security measures, including encryption, access controls, and regular security assessments, to protect personal data from unauthorized access, alteration, or destruction.

8. Data Retention

We retain personal data only as long as necessary for business purposes and legal compliance. Once the retention period expires, data is securely deleted or anonymized.

9. Complaints and Contact Information

If you believe your data protection rights have been violated, you have the right to file a complaint with the relevant Data Protection Authority. For inquiries or concerns about this GDPR Policy, please contact:

Cogito Nonprofit Fundraising Consulting
Email: info@neuro-thinking.com
Phone: +27772717025
Website: neuro-thinking.com

10. Updates to This Policy

We may update this GDPR Policy periodically to reflect legal, regulatory, or operational changes. We encourage users to review this policy regularly for updates.