Global Data Protection Policy

  1. Overview
  2. Ecosystem Compliance
  3. Global Policies
  4. Global Data Protection Policy

Last Updated: January 20, 2026

1. Purpose and Scope

This policy sets out the data protection principles and procedures followed by fortheworld OÜ (registrikood 16780980) to ensure the secure processing of personal data across our entire ecosystem, including Sustainable Support (meet.sustainable.day) and Sustainable Testimonials. We are committed to "Engineering Radical Transparency" by embedding privacy into our organizational culture.

2. Our Data Protection Principles

In accordance with Article 5 of the GDPR and the Estonian Personal Data Protection Act (PDPA), we adhere to the following:

  • Lawfulness, Fairness, and Transparency: We process data only on a valid legal basis (consent, contract, or legal obligation) and provide clear information to users.

  • Purpose Limitation: Data is collected for specific, explicit, and legitimate purposes and never used for incompatible secondary tasks.

  • Data Minimization: We collect only the minimum amount of data necessary to provide our white-label and support services.

  • Accuracy: We take every reasonable step to ensure inaccurate data is erased or rectified without delay.

  • Storage Limitation: Personal data is kept in an identifiable form for no longer than necessary for its original purpose.

  • Integrity and Confidentiality: We use robust technical and organizational measures, including encryption and access controls, to protect against unauthorized processing or loss.

3. Organizational Roles and Accountability

  • Data Controller: fortheworld OÜ is the primary decision-maker regarding the "why" and "how" of data processing.

  • Data Protection Compliance: Management is responsible for regular internal audits, maintaining records of processing activities (ROPA), and ensuring that all white-label partners (Processors) sign a Data Processing Agreement (DPA).

  • Privacy by Design: We evaluate the privacy impact of every new platform feature before it is released to the ecosystem.

4. Data Subject Rights

We provide a centralized method for all users to exercise their rights:

  • Right of Access: Users can request a copy of their personal data.

  • Right to Rectification: Users can request correction of inaccurate information.

  • Right to Erasure: Also known as the "Right to be Forgotten".

  • Right to Data Portability: Users can request their data in a structured, machine-readable format.

5. Incident Management and Breach Notification

In the event of a personal data breach, fortheworld OÜ will:

  1. Immediately identify and contain the breach.

  2. Assess risks to affected individuals.

  3. Notify the Estonian Data Protection Inspectorate (DPI) within 72 hours if the breach is likely to result in a risk to rights and freedoms.

  4. Communicate the breach to affected users without undue delay if it poses a high risk to them.

6. Contact and Grievances

Requests or concerns regarding data protection should be sent to:

Was this article helpful?