Privacy Policy

Digital Action is passionate about upholding and protecting your rights in a digital age, and this includes your data rights. This privacy statement describes how we use, store and transport your data, and also how we meet the requirements of the latest data protection regulations – the European Union General Data Protection Regulation (GDPR) and the related UK GDPR (2018).

About this Statement

By using the Digital Action website, you consent to the data practices described in this statement. If you are asked to provide information when using this website, it will only be used in the ways described in this privacy statement.

We continually monitor changes to data legislation and will update this policy to reflect new legislation as it comes out. The latest version of this policy is published on this page. This privacy statement was updated on: 3rd March 2022.

For the purpose of the relevant data regulations, Digital Action (“We”) are the ‘data controller’.

If you have any questions about this statement or the data we hold about you, please email [email protected] or write to us at: Digital Action, C/O New Venture Fund, 1828 L Street NW, Suite 300 – A, Washington, D.C. 20036.

Our approach to using your data

To protect your rights and freedoms, and to abide by international data protection law, we only use your data in strict and specific ways.

We will:

  • Retain only the information we strictly need

  • Outline our purposes and approach to using your data

  • Help you understand your rights in relation to the data we hold about you

  • Only work with data processors (such as the tool we use to send emails) who have their own clear, rigorous data protection policies and procedures.

We will never lease or sell your personal information to third parties. We will never distribute personal information to third parties unless we have your consent or the law requires us to or in order to enforce or apply our terms and conditions.

Any personal information we hold about you is stored and processed under our data protection policy, in line with the GDPR and UK GDPR. To learn more about this legislation, and your rights as a ‘data subject’, visit the Information Commissioner’s Office (ICO), the European Data Protection Board, or the relevant data protection body for where you live.

Information we may collect from you

The type of the information we may collect about you falls into two categories:

1) Information about your visits and behaviour on our website, which is used to ensure that the website is meeting the needs of our visitors and help us improve our service to visitors

2) Personal information which you provide and give us explicit permission to collect and process in order to keep you informed about our work and services.

Information about your visits to the site

When you access our website, we may process certain information you provide automatically. This may include your IP address, browser type, where you visited on the site, how long you stayed there, when you left and where you visited the site from. This data is processed to understand how users use our site, to improve the experience on the website and, in the event of breach of security, may be used to aid detection.

We often link to other websites, such as websites of partners we are working with. Digital Action is not responsible for the privacy statements or other content on websites outside of We encourage you to review the privacy statements of any websites you choose to link to from Digital Action so that you can understand how those websites collect, use and share your information.

Our use of cookies (cookies policy)

Cookies are small pieces of data that websites store on a device. Cookies can improve your visitors’ browsing experience because they help websites remember preferences and understand how people use different features. Almost all websites use cookies.

We use the fewest possible cookies to ensure the site runs properly, and these ‘functional’ cookies do not allow us to identify you personally. They are only stored for the duration of each session and then are automatically deleted.

You can find out more information about the individual cookies we use and the purpose of each of them at the bottom of this section.

If you do not wish to accept cookies you are able to decline them by altering the settings in your browser. All browsers are different but the ‘Help’ section of your browser should explain what you need to do. You can access your browser’s help section by pressing the ‘F1’ key while browsing. If you choose to block essential cookies using your browser’s settings, your experience on our site may be affected.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit

  1. Crumb – session cookie – prevents cross-site request forgery (CSRF). CSRF is “an attack vector that tricks a browser into taking unwanted action in an application when someone’s logged in” (Source: Squarespace).

  2. Test – session cookie – investigates if the browser supports cookies and prevents errors.

Information you give us to stay in touch with you – newsletter sign-up form

If you choose to, you can sign up here to be added to our mailing list. The information you provide will only be used to send you a monthly newsletter and other occasional information we think you may be interested in. After you have signed up, you can unsubscribe or update your details at any time.

The information we request in the mailing list sign up form is:

  • First name

  • Email address

  • Country (optional field)

  • Organisation (optional field)

The legal basis for processing this information is your consent as the ‘data subject’ (as described in this Privacy Statement) and the data we collect falls under what is called in GDPR legislation the ‘legitimate interest’ of marketing communications.

If you were an existing contact of ours, we may have added you to our mailing list if you have shown an interest in Digital Action’s work in the past. The justification for this data processing is also the ‘legitimate interest’ of marketing communications.

Your right to have your data removed from our list

If you get in touch and ask us to update any details we hold for you, we will make a note of your request and the date on which your data was updated. If you get in touch and request to be ‘forgotten’, (deleted), we will deactivate you as a contact, and make note of the date this was requested and completed.

Where we store your personal data

Most of the data found online is stored in what are called ‘servers’. These servers can live anywhere around the world. The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us.

This process is regulated by the EU’s Standard Contractual Clauses, which means we ensure that if data is stored outside the European Economic Area, it is protected by equivalent legislation/policy in the relevant country.

We only entrust your data to data processors who have their own clear, rigorous data protection policies and procedures.

These systems are:

  • Mailchimp – used for sending emails – servers in United States of America

  • Salesforce – used for securely storing and managing customer/client/partner records – servers in United Kingdom

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, such as using secure online programmes.

How long we will store your data

We will store your data for as long as we operate this mailing list, and no longer.

If you wish to have your data deleted (using your rights under GDPR to ‘be forgotten’), please contact us at [email protected]. We will remove your data from our mailing list. The only way we will retain it is in a document that exists to provide evidence that we have complied with your ‘right to be forgotten’.