Privacy Policy

Last updated: March 21, 2026

Data Controller

NATO DIANA Programme

Contact: info@diana.nato.int

Phone: +1 info@diana.nato.int

Data We Collect

Contact information (voluntarily submitted via lead capture forms):

Name and email address (required)
Organization, phone number, and job title (optional)

Search queries -- to improve matching and connect you with relevant companies

Technical data (hashed IP address, browser type) -- for security and analytics

What we do NOT collect:

No tracking cookies
No third-party analytics
No advertising or remarketing data

Legal Basis (GDPR Article 6)

Consent (Article 6(1)(a)) -- for lead capture and sharing your contact information with NATO DIANA companies. You provide consent via the checkbox on our lead capture forms.
Legitimate interest (Article 6(1)(f)) -- for search analytics and site improvement. We have a legitimate interest in understanding how users interact with our matching engine to improve the service.

Data Retention

Lead capture data: 24 months from submission
Search logs: 12 months from creation

Data is automatically deleted after the retention period expires.

Your Rights (GDPR Articles 15-21)

If you are in the European Economic Area (EEA), you have the following rights:

Right of access -- request a copy of the personal data we hold about you
Right to rectification -- correct any inaccurate personal data
Right to erasure ("right to be forgotten") -- request deletion of your personal data
Right to data portability -- receive your data in a machine-readable format
Right to object -- object to processing based on legitimate interest
Right to withdraw consent -- at any time, without affecting the lawfulness of prior processing

How to exercise your rights: Email info@diana.nato.int with "Data Subject Request" in the subject line. We will respond within 30 days.

Data Sharing

Contact information is shared ONLY with relevant NATO DIANA portfolio companies, and ONLY with your explicit consent (checkbox on lead capture form).
We do not sell, rent, or trade your personal data.
No data is shared with advertising networks.

International Transfers

Data is stored on Google Cloud Platform (United States).
Transfers are covered by the EU-US Data Privacy Framework.
Google Cloud maintains SOC 2 Type II and ISO 27001 certification.

Security

All data transmitted over HTTPS (when configured)
IP addresses are hashed before storage
Database access is restricted to authorized personnel
Password-protected administrative access

No Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals. Our AI matching engine provides search results only and does not make decisions about individuals.

Updates to This Policy

This policy was last updated March 21, 2026. Changes will be posted on this page with an updated revision date.

Contact

NATO DIANA Programme

Email: info@diana.nato.int

Phone: +1 info@diana.nato.int

This site uses essential cookies for functionality. We collect search queries and contact information you voluntarily submit to connect you with relevant NATO DIANA companies.