DEAL's Privacy Notice

How DEAL collects, stores and processes your personal information

Company details 

Doughnut Economics Action Lab is a registered Community Interest Company, our offices are at 1a Aristotle Lane, OX2 6TP, Oxford. For more information on us, please see our ‘About DEAL’ page which can be found here. If you have any questions about our use of your personal data or any aspect of this privacy notice, please contact us here and select the ‘Privacy’ category.

Our principles and your privacy

We take your privacy very seriously and we are committed to protecting your information and respecting your rights under data protection laws. This Privacy Notice applies to all visitors to our website, recipients of our newsletters, and those who have signed up for membership to our community platform.

We process your personal information in accordance with our privacy principles:

  • We comply with data privacy laws when processing your personal information.
  • We will always be transparent with you about the ways in which we process your personal information. 
  • We will limit our collection of your personal information to the minimum we need, or that which you have opted to provide.
  • We will not retain your personal information for longer than we need it.
  • We respect your personal data protection rights and will make it easy for you to exercise them. 
  • We will always put your privacy and security first by choosing the least intrusive option when reviewing our internal processes and third party providers.
  • We will not sell your personal information.

We keep this privacy notice under regular review and we will notify you of any material changes we make via the email address you have registered with us either by becoming a member of our platform, or by subscribing to our newsletter. If you keep using your account after we notify you of material changes we have made, we will assume that you have consented to the updates communicated. If not, you may cancel your account at any time via the process outlined later in this document. If you have any questions or queries about our privacy notice or any material changes we have notified you of, please do not hesitate to get in touch with us here and select the ‘Privacy’ category for your message.
What Data Do We Collect?

We don’t receive any personal data about you other than what you provide to us, either by creating an account, signing up to receive our newsletters or by contacting us via our contact form. We also collect anonymised data through your use of our website.

When you create an account with us, we will collect some basic contact details, including your name, location and email address. We will also ask you for a password so you can gain secure access to your account in the future.

While setting up your account, and at any point during your membership, we will encourage you to upload a profile picture and write a short personal biography, so that other community members can learn a little more about you, but this is completely optional. You can also choose to include a link to any other social media profiles you may have (i.e. Instagram/Twitter etc) as well as any other personal information you think may be interesting.

As a member of our platform, you are asked to share tools and other content based on Doughnut Economics which you have developed yourself alongside the wider community. Please note that we collect any content you upload, as well as comments that you post on other member’s public content. 

While you may contact other community members directly if they choose to provide their contact information, we do not oversee or facilitate private sharing of messages or resources between users and you should only share resources which you are happy to share with the wider community.

When you sign up to receive our personalised newsletters, we collect your name and email address so that we can manage your contact preferences.
In addition to this, if you chose to make contact with us using our contact form, we will also collect any personal information you provide within the free text section (i.e. any comments / queries you may have). If your comment includes a question, you will receive a response from a member of the DEAL team and we will store a record of our communications with you.

If you apply to work with us, we will collect data such as; your name, home address, references and employment history so that we can process your application. If we need to contact those you have listed as referees, we will tell you beforehand.

How Do We Use Your Data?

If you become a member of our community, we will use your personal data to create and maintain your profile, to personalise and improve your experience while using our platform. If you have consented to receiving our newsletter, we will use your personal information to send you updates about our community. We may also invite you to participate in surveys or research (although this will always be voluntary).

We will also use your information to detect, investigate and prevent any content or activities that may violate our community code of conduct or be illegal.

If you choose to support DEAL financially, we will use your personal information to process your donation and to meet our legal, tax and accountancy requirements.

We may also process your personal data for administration purposes (for example, we may contact you regarding the content you have uploaded, a comment you have posted or a donation you have made), recruitment purposes and selection of staff, and also internal management (such as record keeping for enquiries, feedback or complaints we receive).

Posting and uploading onto our platform 

One of the key principles of our community and purposes of our platform is to provide you with the opportunity to share any tools and stories about the Doughnut and connect with other Doughnut Economics practitioners. Please be aware that when you choose to share content publicly, we cannot stop the wider distribution of your content and your content may become accessible through search engines such as Google. You should also be aware of our licensing rules before posting any content to the platform.

If you choose to delete content, tools or posts that you have uploaded, these may not be erased entirely if they have been previously downloaded or shared externally. Please make sure that you are completely comfortable with the wider community and general public being able to view and make use of your content before uploading onto our platform.

Lawful processing

EU data protection law requires us to have a lawful basis for the processing of all personal information, and there are several lawful bases available. We will only process your personal information in line with the lawful bases outlined below:

Lawful basis Explanation of this lawful basis When we use this lawful basis
Contract This is where we need to use your personal information to enter into or fulfil a contract with you Using our platform: when you sign up as a member of our community and use our platform

Processing your information during employment
Consent This is where we use your personal information with your clear and unambiguous consent and you can change your mind at any time. Newsletter records: When you sign up to receive our newsletters and we keep a record of your communication preferences

Processing donations: enabling you to donate to us on a one off or continual basis

Contacting you: about future job opportunities with us for which you have expressed an interest
Legitimate interests This is where we have another good and lawful reason for using your personal information which is in line with the reasons you have already consented to or have been made aware of. Using our platform: When you upload content into our platform and we make it available for use to other participants

Analytics: we de-identify and aggregate the metrics information we get from users to understand how our website and our communications are performing, to identify bugs, and to identify where we need to focus our efforts for improvement.

Newsletter records: we keep information so we know who we sent our newsletter to and when.

Contact records: we keep a record of all completed ‘contact us’ forms for the purposes of website and service improvement.

Conducting research: to better understand our community, our supporters and to improve our community.

Employee management: processing your personal information while you are employed by us to manage all essential employee matters, such as payroll, holiday administration and sick leave

Staff recruitment: taking and processing applications for available roles, contacting potential and past applicants for suitable roles and onboarding of new staff.
Legal obligation This is where we must use your personal information to comply with the law, or a court order request. Managing your contact preferences: If you no longer want to hear from us, we are obliged by law to stop contacting you. To meet this legal obligation we will add your details to a suppression list so you no longer hear from us.

To detect, investigate and prevent any content or activities that may violate our community guidelines or be illegal.

To meet our legal, accounting and tax requirements including donor transaction details for Gift Aid. Conducting due diligence on high value donations to ensure compliance with money laundering law and to ensure that there are no reputational or ethical risks associated with the donor or the donation.
Public interest This is where we need to use your personal information for an official purpose, or for a reason in the public interest for the greater public good, like cooperating voluntarily with an official police investigation. To detect, investigate and prevent any content or activities that may violate our community guidelines or be illegal (i.e making a fraudulent donation in support of our community).
Vital interests This is where we need to use your personal information in an emergency situation where we are required to protect you or someone else from death or serious harm. To protect our community members and employees from serious harm. If we have reason to believe that you may be in danger, we can share your personal information with the emergency services.
We care deeply about safeguarding your personal information while you visit our website, receive our newsletter and/or join our community platform. We will take all reasonable steps to make sure that your data is treated securely and in accordance with this privacy notice. The information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access, disclosure, use, and modification. Your personal information is accessed only by those who are authorised to access it while carrying out their duties. 

We regularly review our security procedures to consider appropriate new technology and methods. Please be aware that, despite our best efforts, no security measures are perfect or impenetrable.

Where we use other organisations to support us, we ensure that we have contract terms in place that contain obligations on the other organisation to safeguard your information. Some of these organisations have their servers in other countries. Wherever possible, we try to ensure that your data will not be processed outside of the EU but where this is not possible, we ensure that we have controls in place that protect your personal information at all times.

Third party content

Our website contains links to external websites, which are posted by us and other members of the community. If you follow such a link, please note that these websites have their own privacy and cookies policies and we cannot accept any responsibility or liability for these third party websites.

We may also embed third party content, such as videos, directly into our website. We will not show you this content until you have consented to see it. If you are a member of the platform you can update your consent preferences at any time from your profile. If you are a guest we will create a temporary cookie to remember your preferences (see the cookies policy for more information).
Under data protection law, you have rights including:

  1. Your right of access - You have the right to obtain confirmation from us as to whether or not personal data that concerns you is processed, and, ask us for copies of your personal information. However, we do have to take into account the rights and freedoms of others, so this is not an absolute right.
  2. Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate or incomplete. If you think that any of the information in your DEAL account is not accurate, you can take steps to correct it. You can manually change your email, edit your biography, photo and social media handles . You can also delete your account and set up a new one.
  3. Your right to erasure - You have the right to ask us to erase your personal information. where your information is being processed by a third party on our instruction, we will pass on your erasure request to ensure your right is fully met. 
  4. Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances. 
  5. Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
  6. Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

If you wish to exercise any of the rights listed above, you should contact us here and select the ‘Privacy’ category, providing evidence of your identity. You will not be required to pay any charge for exercising your rights and if you make a request, and we will respond to you within one month of confirming your Identity.

In case you have a complaint about the processing of your personal data, you have the right to lodge a complaint with your local competent supervisory authority.

If you are based in the UK, your supervisory authority is the Information Commissioner’s Office (ICO), they can be contacted by visiting; https://www.ico.org.uk alternatively, you can write to them: 

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

If you’re not based in the UK, please contact your local Data Protection Supervisory Authority in the first instance.
We are committed to safeguarding your privacy, and so, we have carefully vetted and selected our third party data processors and the data centres and services they provide us with, to ensure that they meet our privacy and security standards.

DigitalOcean (https://www.digitalocean.com/) host our website and community platform and, if you’re a DEAL community member, all of your account data and any content you choose to upload is hosted within their data centres which are situated within London and Amsterdam.

Google (https://about.google/) provide our contact form functionality. Data submitted within these forms is stored within Google’s data centres, which are located in the UK and the US.

Moosend (https://moosend.com/) provide and deliver our newsletters to you and while doing so, store your personal information within their EU data centre based in the Netherlands.

Data Retention

It is our standard practice to only hold your personal information for as long as we need it. This will vary depending on the activity for which the data is being used. However, we are wholly aware of our obligations under the data protection laws, and we make every effort to ensure that we only hold on to your data for as long as it is required.

If you have an account with us, we will retain your personal information for as long as your account is active. If you decide to deactivate your account, your profile will be permanently erased. If you have created and shared tools with us and the wider community, these will be retained indefinitely.

If you have consented to receive our newsletter, we will retain your personal information until you decide to opt-out. You can opt out of receiving our newsletters at any time by clicking on the ‘unsubscribe’ link in any of the emails you receive, or by contacting us here.

Our newsletters are delivered to you via a third party, Moosend who will retain your personal information within a separate suppression list if you have opted out of receiving our newsletters. If you would like to be removed from this suppression list, please contact us in the first instance. 

If you have contacted us via our contact form, we will retain all queries / complaints for a period of one year post closure, unless your query / complaint remains unresolved. 

If you have applied to work with us and are unsuccessful in your job application, we may retain your personal information for a period of 6 months after we have finished recruiting. If you have expressed an interest in hearing about similar roles that we may have in the future, we will retain your information for a further period of 18 months, however, you can change your mind at any time.

Deleting your account 

You can delete your account by editing your account and selecting ‘Cancel my account and delete all my data’ at the bottom of the page. It is important to note that if you delete your account, we will not be able to recover your account and you will need to set up a new account. If you choose to delete your account, any resources you have shared with the community will remain indefinitely on our platform.

Third Party Data Processors

We take your privacy very seriously and therefore, we will not sell your personal information to other organisations for profit. We may, however, share your personal information with our trusted third party data processors to help us to provide you with the services which you expect to receive:


We ensure that all of these data processors meet the requirements of GDPR, including those which are based outside of the European Economic Area.
What are cookies?

Cookies are small text files placed on your computer, phone or other device by websites that you visit. Almost all websites, including this one, use cookies to provide personalised content, analyse traffic and to enable you to have an enhanced experience when you visit our website. They also allow you to make full use of our platform, to view, download, share and upload content and to provide you with personalised features, such as a ‘remember me’ function to aid your login to your profile.

We do not use cookies to collect or record any personal information such as your name, address or financial details, or if you make a financial donation. This policy refers to both 'cookies' and 'similar technologies' as cookies. If you would like to learn more about cookies and the types of cookies used by websites, you can find more information here.

Types of cookies

We use different types of cookies on this website for the following purposes: 

Strictly essential cookies
These cookies are necessary for our website to function and therefore cannot be switched off. They are only set in response to actions made by you such as logging into our website. You can set your browser to block these cookies, however this will inevitably mean that some parts of our website will not work properly.

Functional & performance cookies
These cookies allow our website to operate at its best and remember choices you make when you set up your account with us (such as your user name).

How do we use cookies?

Your privacy is very important to us and so, the cookies we have enabled on our website are used to make sure the site works the way you expect – that it loads quickly, remembers your settings, and makes it easy to share tools and content with our community.

None of the cookies we use on our website:

  • Collect any personally identifiable information (without your express permission)
  • Pass your personal data to advertising networks

We need your permission to use all non essential cookies. You don’t have to give us permission, but if you do it’ll make sure you get the best experience and to help us improve our website. If you do consent to receive cookies, you can change your decision at any time.

You can enable or disable cookies or be alerted when cookies are sent to your device by changing your website browser settings. How to do this will depend on the browser you are using. You can use the following links to learn more about how to adjust or modify your browser settings if you are using Internet Explorer, Google Chrome, Safari, or Firefox.

In addition to our standard cookies, which are listed below, if you consent to see embedded third party content then those third parties may create additional cookies. As such, you will be provided with a link to the relevant terms and conditions, privacy notice or cookie policy before you give your consent.

Our cookies

Cookie name Type of cookie Purpose of cookie Retention period
_deal_session Essential This is the single necessary cookie that we create to ensure the correct functioning of the website. Session
remember_user_token Functional & performance If you tick the ‘Remember me’ option when you log into your account this cookie is created so you don’t have to log in during your next session. It remains until you log out of your account. Until sign out
MATOMO_SESSID Functional & performance If you use Matomo Analytics' opt-out feature (described below) this cookie is created temporarily to prevent CSRF security issues. See the Matomo FAQ for more information. Session
third_party_consent Functional & performance When we embed third party content (e.g. videos) we will ask for your consent to show the content and, if you are not signed into an account, create a temporary cookie to remember your choice. One month
We use the services provided by Matomo Analytics to analyse the traffic on our website (you can read their full privacy policy here). This service has been configured to avoid tracking and sharing of any personally identifiable data. This means that you can be assured that the analytical data we collect will not be used for any other purposes than for our website improvement. In addition to this, we have implemented the following controls to secure your personal data:

  • We automatically anonymise your IP Addresses so that your precise location is never tracked
  • Static IP addresses cannot be tracked across multiple devices or sessions. 
  • We erase any raw data that we collect from our tracking logs every 3 months. 

We respect your preference to enable DoNotTrack technology and, even though data is always anonymous, you can also opt out of all analytics tracking below:

Join the DEAL Community!

Get inspired, connect with others and become part of the movement. No matter how big or small your contribution is, you’re welcome to join!