You are the data controller. Daemae Strategy is the data processor when we handle personal data to deliver consulting/advisory services and optional implementation support (if contracted).
We process personal data only on documented instructions you provide in the SOW, service briefs, or written approvals, and solely for research, planning, documentation, and operational support where applicable.
We use vetted subprocessors for research support, documentation, secure communications, and analytics. A current list is available on request. We bind subprocessors to equivalent confidentiality and security obligations.
We will promptly assist you in responding to access, correction, deletion, or objection requests. If we receive a request directly, we will notify you and not respond without your instruction unless legally required.
In the event of a confirmed personal-data breach, we will notify you without undue delay with details, impact assessment, and remediation steps.
Cross-border transfers rely on appropriate safeguards (e.g., SCCs). You can request details of hosting regions and subprocessors involved in your engagement.
We use minimal tracking pixels/cookies for service delivery and performance measurement. You may opt out; doing so may reduce reporting accuracy. Where required by law, cookie consent is requested.
Personal data processed on your behalf is retained only for the engagement duration and agreed reporting period, then deleted or returned upon request unless law requires longer retention.
Data protection questions? Email us at contact@daemaestrategy.com.