Privacy Policy

How we collect, use, and protect your personal data.

Last updated: March 2026  |  Version 1.0

The Loki Foundation is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share information about you when you visit our website or contact us, and sets out your rights under applicable data protection law.

This policy applies to residents of Ireland, the United Kingdom, and the European Union. It is written in compliance with the EU General Data Protection Regulation (EU GDPR 2016/679), the UK General Data Protection Regulation (UK GDPR), and the Data Protection Act 2018.

1. Who we are

The data controller responsible for your personal data is:

If you have any questions about this policy or how we handle your data, please contact us at the email address above.

2. What personal data we collect

We may collect and process the following categories of personal data:

2.1 Data you provide directly

When you use our contact or get-involved form, we collect:

  • Full name
  • Email address
  • Phone number (optional)
  • Company or organisation name (optional)
  • Any information you choose to include in your message or description of how you wish to get involved

2.2 Data collected automatically

When you visit our website, certain technical data may be collected automatically by our hosting provider (Microsoft Azure), including:

  • IP address
  • Browser type and version
  • Pages visited and time spent
  • Referring website
  • Date and time of your visit

We do not use tracking cookies or third-party analytics services on this website. No advertising or profiling takes place.

3. How we use your personal data

Purpose Data used Lawful basis (GDPR Art. 6)
Responding to your enquiry or get-involved request Name, email, phone, message content Legitimate interests (Art. 6(1)(f)) - responding to direct contact from you
Keeping you informed about Loki Foundation developments (where you have opted in) Name, email Consent (Art. 6(1)(a))
Maintaining records of partnership and research enquiries Name, organisation, email Legitimate interests (Art. 6(1)(f)) - managing our relationships and activities
Ensuring the security and performance of our website Technical/access data Legitimate interests (Art. 6(1)(f)) - operating a secure website
Complying with legal obligations Any relevant data Legal obligation (Art. 6(1)(c))

We will never use your data for automated decision-making or profiling.

4. How long we keep your data

We retain personal data only for as long as necessary for the purpose it was collected:

  • Enquiry and contact form data: Up to 2 years from last contact, unless an ongoing relationship requires longer retention.
  • Newsletter or update opt-in data: Until you withdraw your consent.
  • Website access logs: Up to 90 days, as retained by our hosting provider.

After the applicable retention period, personal data is securely deleted or anonymised.

5. Who we share your data with

We do not sell, rent, or trade your personal data. We may share data with the following categories of third parties, only to the extent necessary:

  • Microsoft (Azure / Power Automate): Our website is hosted on Microsoft Azure Static Web Apps. Contact form submissions are processed via Microsoft Power Automate. Microsoft acts as a data processor under a data processing agreement. Data may be stored in European data centres.
  • Legal and regulatory bodies: Where required by law or to protect our legal rights.

We require all third parties to respect the security of your data and to treat it in accordance with applicable law.

6. International data transfers

Your data is primarily stored and processed within the European Economic Area (EEA) or the United Kingdom. Where data is transferred outside these areas (for example, via Microsoft's global infrastructure), appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission and equivalent UK mechanisms.

7. Cookies

Our website does not use cookies for tracking, analytics, or advertising purposes. We do not set any non-essential cookies. The only data stored in your browser relates to the technical operation of the site (such as security tokens managed by Azure).

If this changes in future, we will update this policy and request your consent where required by law.

8. Your rights

Under EU GDPR and UK GDPR, you have the following rights in relation to your personal data:

  • Right of access - to request a copy of the personal data we hold about you.
  • Right to rectification - to request correction of inaccurate or incomplete data.
  • Right to erasure - to request deletion of your data where there is no compelling reason for its continued processing.
  • Right to restriction - to request that we limit how we use your data in certain circumstances.
  • Right to data portability - to receive your data in a structured, machine-readable format where processing is based on consent or contract.
  • Right to object - to object to processing based on legitimate interests, including for direct marketing.
  • Right to withdraw consent - where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at info@loki-foundation.com. We will respond within one month. We will not charge a fee for reasonable requests.

We may need to verify your identity before fulfilling a request.

9. How to complain

If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the relevant supervisory authority:

Ireland - Data Protection Commission (DPC)

  • Website: www.dataprotection.ie
  • Phone: +353 57 868 4800
  • Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

United Kingdom - Information Commissioner's Office (ICO)

  • Website: ico.org.uk
  • Helpline: 0303 123 1113
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would, however, appreciate the opportunity to address your concern directly before you approach a supervisory authority. Please contact us first at info@loki-foundation.com.

10. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. Our website is served over HTTPS and hosted on Microsoft Azure, which maintains ISO 27001 and SOC 2 certifications.

No method of transmission over the internet is entirely secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security.

11. Links to other websites

Our website may contain links to external websites. We are not responsible for the privacy practices or content of those sites and encourage you to read their privacy policies.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The date at the top of this page shows when it was last revised. We encourage you to review this policy periodically.

13. Contact us

For any questions, requests, or concerns relating to this Privacy Policy or the way we handle your personal data, please contact: