Contact data (names, emails, roles), enrichment results, engagement metrics, and operational metadata required to provide agreed services. Depending on engagement scope, this may support research, planning, advisory work, and implementation support. We collect only what is necessary for agreed services.
Depending on jurisdiction, processing is based on legitimate interests in client acquisition support, contract performance, and, where required, consent. You are responsible for ensuring a lawful basis for lists you provide.
We share data only with vetted subprocessors essential to deliver services (e.g., research support, planning documentation tools, and analytics). A current list is available on request. We do not sell personal data.
Access is role-based; data in transit is encrypted (TLS). We limit retention to what is necessary for the engagement and delete or return data upon request unless retention is legally required.
Where data moves across borders, we use appropriate safeguards such as SCCs or equivalent mechanisms and ensure subprocessors offer adequate protection.
Subject to law, individuals may request access, correction, deletion, or objection to processing. We will assist you in fulfilling such requests as the controller. Contact us to initiate a request.
We use only performance and deliverability-related tracking (e.g., open/click pixels) where relevant to agreed service delivery. These can be disabled on request; note that reporting accuracy may decrease. We use minimal tracking. Where required by law, cookie consent is requested.
We retain personal data only for the duration of the engagement and a short audit window, unless longer retention is required by law or explicitly agreed in writing.
Privacy questions? Email us at contact@daemaestrategy.com.