Privacy Policy

GiroCircular explains how it collects, uses and protects personal and ESG data on its B2B2B platform.

Data controller

GiroCircular (girocircular.digital) is the data controller for personal data collected via contact forms, diagnostics and public triage. Contact: admin@girocircular.digital.

Data we collect

GiroCircular collects name, work email, company, contact messages and maturity instrument responses (SCM, Lean, SDL). On the authenticated platform, supplier ESG data is processed under contract with the anchor company.

Purpose and legal basis

GiroCircular uses data to schedule diagnostics, operate the SaaS platform, generate compliance evidence (EUDR, CBAM, CSRD, CSDDD) and improve the service. Legal basis: contract performance, B2B legitimate interest and consent on public forms.

Retention and security

GiroCircular retains data for the contractual relationship and applicable legal periods. Data is stored in Supabase (PostgreSQL) with Row Level Security per organization.

Your rights

You may request access, rectification, erasure or portability by emailing admin@girocircular.digital. GiroCircular responds within 30 days.