RippleCore - Transform Kindness Into Compliance

GDPR Compliance

RippleCore is committed to protecting your personal data and complying with the EU General Data Protection Regulation (GDPR).

Last updated: 11/30/2025

Our commitment to GDPR

RippleCore takes the protection of your personal data seriously. We are committed to complying with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws. This page explains how we collect, use, and protect your personal data.

What is GDPR?

The General Data Protection Regulation (GDPR) is a European Union regulation that came into effect on May 25, 2018. It establishes rules for the collection, processing, and protection of personal data of individuals within the EU/EEA.

Data controller and processor

For the purposes of GDPR, RippleCore acts as both a data controller and data processor:

  • Data Controller: When we determine the purposes and means of processing your personal data
  • Data Processor: When we process personal data on behalf of our customers (organizations using RippleCore)

What personal data do we collect?

We collect and process the following categories of personal data:

Account Data

  • Name and contact information (email address)
  • Professional information (job title, department)
  • Account credentials and authentication data

Usage Data

  • Platform usage statistics and analytics
  • IP addresses and device information
  • Cookies and similar technologies

Evidence Data

  • Kindness and recognition activities
  • Volunteer participation records
  • Donation information
  • Wellbeing survey responses

Legal basis for processing

We process your personal data based on the following legal grounds:

  • Consent: When you explicitly agree to data processing
  • Contract: To provide our services and fulfill contractual obligations
  • Legitimate Interest: To improve our services and ensure platform security
  • Legal Obligation: To comply with applicable laws and regulations

Your rights under GDPR

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and access to that data.

Right to Rectification

You have the right to have inaccurate personal data rectified, or incomplete personal data completed.

Right to Erasure ("Right to be Forgotten")

You have the right to obtain the erasure of personal data concerning you without undue delay.

Right to Restriction of Processing

You have the right to obtain restriction of processing where certain conditions apply.

Right to Data Portability

You have the right to receive the personal data concerning you in a structured, commonly used format, and to transmit those data to another controller.

Right to Object

You have the right to object to processing of personal data concerning you at any time.

How to exercise your rights

To exercise any of these rights, please contact our Data Protection Officer at dpo@ripplecore.co.uk. We will respond to your request within 30 days.

Data retention

We retain your personal data only as long as necessary for the purposes outlined in this policy, or as required by law. Specific retention periods include:

  • Account data: Retained while your account is active and for 3 years after account closure
  • Evidence data: Retained according to your organization's data retention policies
  • Analytics data: Anonymized after 24 months

International data transfers

RippleCore uses industry-standard security measures and may transfer data to countries outside the EU/EEA. When we do so, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

Data security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Regular backups and disaster recovery procedures

Data breaches

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay if the breach poses a risk to individuals' rights and freedoms.

Cookies and tracking

For information about how we use cookies and similar technologies, please see our Cookie Policy.

Changes to this policy

We may update this GDPR compliance information from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date.

Contact information

If you have any questions about this GDPR compliance information or wish to exercise your rights, please contact:

Data Protection Officer

Email: dpo@ripplecore.co.uk

Address: RippleCore GmbH, Data Protection Office, [Company Address]

You also have the right to lodge a complaint with a supervisory authority in your country or region if you believe we have not complied with GDPR requirements.