Privacy Policy

Ruavira Collective Inc (“Ruavira Collective”, “we”, “our”, or “us”) is committed to protecting the privacy and personal data of everyone who interacts with our organisation — including visitors to our website, prospective and current clients, and any individuals whose data is shared with us in the course of our work.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, how long we keep it, and what rights you have in relation to it.

This Policy applies to all personal data collected through our website at ruavira.org (the “Site”), via our contact forms and email correspondence, and in the course of providing our services to clients.

Because Ruavira Collective Inc. is incorporated in Alberta, Canada, our primary data-protection regimes are Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and Alberta's Personal Information Protection Act (PIPA). Where we process personal data of individuals located in the United Kingdom or European Economic Area, we additionally comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU GDPR.

Please read this Policy carefully. If you do not agree with our practices, you should not use our website or services.

Ruavira Collective Inc is the data controller responsible for your personal data.

• Trading name: Ruavira Collective
• Email: support@ruavira.org
• Website: ruavira.org

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at the address above.

We collect personal data in the following circumstances:

We do not collect sensitive personal data (also known as “special category data” under GDPR) — such as health information, racial or ethnic origin, or religious beliefs — in the ordinary course of operating our website or enquiry process. If special category data becomes relevant to a specific client engagement, we will address it under a separate data processing agreement.

We do not collect personal data from individuals under the age of 18 via our website or contact forms. Please see Section 11 for more detail.

We use your personal data for the following purposes:

• To respond to your enquiry — when you contact us through the website or via email, we use the information you provide to understand your needs and respond appropriately.
• To schedule and conduct meetings and calls — including through third-party scheduling tools.
• To deliver our services — when you become a client, we use your contact and organisational information to manage our engagement and deliver agreed services.
• To manage our business operations — including record-keeping, invoicing, financial reporting, and compliance.
• To improve our website and services — we use aggregated, anonymised analytics data to understand how visitors use our site and how we can improve the quality of our content and user experience.
• To send relevant communications — where you have opted in, we may send you updates, insights, or news about our work and sector. You can opt out at any time.
• To comply with legal obligations — including responding to lawful requests from regulators or law enforcement agencies.

We will not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects without your explicit consent.

Under GDPR, we must have a lawful basis for processing your personal data. The bases we rely on are:

• Legitimate interests (Article 6(1)(f)): Processing your enquiry details and managing our client relationships is in our legitimate business interests, and we have assessed that this does not override your rights and interests.
• Contractual necessity (Article 6(1)(b)): Where we have a client relationship with you or your organisation, we process personal data as necessary to fulfil that contract.
• Consent (Article 6(1)(a)): Where we send you marketing communications or use non-essential cookies, we do so on the basis of your explicit consent. You may withdraw consent at any time.
• Legal obligation (Article 6(1)(c)): We may process data to comply with legal and regulatory obligations.

We do not sell, rent, or trade your personal data to third parties under any circumstances.

We may share your data with trusted third-party service providers who assist us in operating our business, under strict data processing agreements. These include:

• Email and communication tools — such as email service providers and scheduling platforms.
• Website hosting and analytics providers — including our hosting infrastructure and web analytics platforms.
• Customer relationship management (CRM) systems — to manage client and prospect records.
• Project management and collaboration tools — used by our team to deliver services.
• Professional advisers — including legal advisers, accountants, and auditors, bound by professional confidentiality obligations.

We may also disclose personal data where required by law, court order, or regulatory authority, or where necessary to protect the rights, property, or safety of Ruavira Collective, our clients, or others.

Our operations are international in nature, and some of the third-party tools and service providers we use may process data outside the United Kingdom or European Economic Area. Where this occurs, we take steps to ensure that appropriate safeguards are in place in accordance with UK GDPR and EU GDPR requirements. These safeguards may include:

• Adequacy decisions by the UK or EU authorities
• Standard Contractual Clauses (SCCs) approved by the relevant regulator
• Other appropriate transfer mechanisms as permitted by applicable law

If you would like further information about the specific safeguards we have in place for international transfers, please contact us at support@ruavira.org.

We retain personal data only for as long as is necessary for the purposes for which it was collected, taking into account our legal and regulatory obligations. Our general retention periods are as follows:

• Website enquiry data: Retained for up to 24 months from the date of your last contact, unless a client relationship has been established.
• Client project data: Retained for 7 years following the conclusion of the relevant engagement, in accordance with our legal and financial record-keeping obligations.
• Website analytics data: Retained in aggregated, anonymised form for up to 26 months.
• Marketing communications: Until you opt out or withdraw consent, and then for a further 12 months to record the opt-out.

When data is no longer needed, we delete it securely or anonymise it so that it can no longer be associated with any individual.

Our website uses cookies and similar technologies to improve your browsing experience and help us understand how our site is being used.

Strictly necessary cookies: These are required for the website to function and cannot be switched off. They do not store any personally identifiable information.

Analytics cookies: We use analytics tools (such as Google Analytics or a privacy-first alternative) to collect anonymised data about how visitors navigate our site. This helps us understand page performance, traffic sources, and user behaviour in aggregate. We do not use this data to identify individuals.

Marketing and preference cookies: Where relevant, we may use cookies to remember your preferences or to display content relevant to your interests. We will only set these cookies with your explicit consent.

You can manage your cookie preferences via your browser settings. Most browsers allow you to refuse or delete cookies. Please note that if you disable cookies, certain features of our website may not function as intended.

Our site may also contain embedded content from third-party platforms (such as video embeds or social sharing buttons). These third parties may set their own cookies when you interact with their content, and their privacy policies apply.

Under GDPR and applicable data protection law, you have the following rights in relation to your personal data:

• Right of access: You have the right to request a copy of the personal data we hold about you.
• Right to rectification: You have the right to ask us to correct any inaccurate or incomplete personal data we hold about you.
• Right to erasure: In certain circumstances, you have the right to request that we delete your personal data.
• Right to restrict processing: You have the right to ask us to limit the way we use your personal data in certain circumstances.
• Right to data portability: Where we process your data on the basis of consent or contract, you may have the right to receive a copy of your data in a structured, machine-readable format.
• Right to object: You have the right to object to our processing of your personal data where we rely on legitimate interests as our legal basis. You may also object to direct marketing at any time.
• Right to withdraw consent: Where we process your data on the basis of consent, you may withdraw that consent at any time.

To exercise any of these rights, please contact us at support@ruavira.org. We will respond to your request within one calendar month. In some cases, we may need to verify your identity before processing your request.

You also have the right to lodge a complaint with a supervisory authority. In Canada, this is the Office of the Privacy Commissioner of Canada: priv.gc.ca. Alberta residents may additionally contact the Office of the Information and Privacy Commissioner of Alberta at oipc.ab.ca. UK and EU residents may complain to their local supervisory authority or, in the UK, the Information Commissioner's Office (ICO) at ico.org.uk.

Our website and services are directed exclusively at business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 18.

If you believe that a child under 18 has provided us with personal data, please contact us immediately at support@ruavira.org and we will take steps to delete that information promptly.

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, alteration, or disclosure.

These measures include:

• Encryption of data in transit (HTTPS/TLS)
• Access controls limiting data access to authorised personnel only
• Regular review of our security practices and third-party supplier security posture
• Secure deletion of data that is no longer required

While we implement robust safeguards, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of data transmitted to us via the internet, and any such transmission is at your own risk.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach and, where required, will notify affected individuals without undue delay.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email or through a prominent notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Your continued use of our website following any changes constitutes your acknowledgement of those changes.

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

We take all privacy enquiries seriously and aim to respond within 5 business days. If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca, the Alberta OIPC at oipc.ab.ca, or with the relevant data protection authority in your country of residence.