Data Protection Policy and Notices

We process personal data in the following contexts:

• to run this website
• to make announcements
• to respond when you contact us

In all these instances, Stichting Data Rights will be a data controller. Recipients of your personal data may generally include, as applicable in the context: trustees, advisors, employees, and volunteers who have agreed to comply with this Policy and, as applicable, who are bound to confidentiality obligations.

Data protection principles

• Keeping it simple: we will not engage with a gazillion of processors, or implement gadgets and trackers and whatnot. We will keep it simple, and use standardized methods and formats as much as possible. We will periodically review our practices to ensure we stay true to this principle.

  “The worst enemy of security is complexity.”
  – Bruce Schneier

• Data Minimisation: we will collect personal data if necessary in relation to specified, explicit and legitimate purposes, and as only as adequate and relevant. To the reasonable extent that is technically feasible with our capabilities, we will ensure our systems work without the need to retain directly-identifiable information, e.g. by applying pseudonimisation or other measures under data protection by design and by default principles.

• Third Parties: we will never sell personal data to third parties. Sometimes, we will need to provide personal data to third parties. We will always ensure third parties have adequate data protection and security policies, and we will enter into contract arrangements with them for any systematic or wide provision of personal data (whether they are acting themselves as recipient, controller, or processor on our behalf).

Your rights

You have the right to request access to and rectification or erasure of personal data or restriction of processing concerning you, or to object to processing as well as the right to data portability.

Address your request to: inbox+dataplegalrequest@datarights.ngo

You may also have the right to lodge a complaint with the Dutch data protection authority: Autoriteit Persoonsgegevens, or a data protection authority in your country.

International transfers of personal data

We will provide an overview of the international transfers of personal data made by us or on our behalf, and the tools and legal bases to safeguard your rights and protect transferred data. This overview will not include further transfers by others.

Access by public authorities

We have not received any request or order of access to personal data controlled or processed by us, by any public authorities, in relation to an investigation or specific law enforcement, intelligence or police operation.