(Last updated: 20 May 2018)

Privacy Training Center is a learning hub about privacy and data protection. This is why we take your privacy super seriously even when you just visit our website.

We wrote this Data Usage Policy, and will update it as necessary, to let you know what data we collect about you and how we use it.

As a general rule, we collect as little personal data as possible and delete what we collect as soon as we can.

We never rent or sell your personal information to third parties. We will not transfer or share this information unless compelled by law, and we will vigorously challenge any demand by government or private organisations or individuals to access it.

This Data Usage Policy applies to the Privacy Training Center and all of our team members, board members, volunteers, interns, contractors, fellows, and others who are bound by confidentiality agreements with the Privacy Training Center (“we” or “us”).

What we collect

We strive to collect as little personal data as we need to do our work and further our mission. We collect information when you visit our site, make a donation to us, subscribe to our campaigns or mailing lists or sign up to one of our events. We’ll let you know what information is required for each action, and try to require the least amount of information necessary.

When you visit our website, we store your IP address for one week for internal debugging purposes (Art. 6, 1f GDPR). After that, it is automatically deleted. IP addresses are stored on our own servers, and will never be shared with others. We do not use Google Analytics or other tracking software to log your surfing behaviour on our website.

When you sign up to participate in one of our events (for example a PrivacyCafé), we ask you to provide an email address and a name or nickname. This information allows us to organise the event you signed up for and to correctly attribute the limited seats we can offer (Art. 6, 1f GDPR). Once the event is over, participant data is deleted within one week. In exceptional cases, we may use this data to once send participants additional information or content relating to the event they participated in. This will always be announced during the event (including the possibility to opt out). Never will we use this data to send you unrelated content. In particular, participating in our events will not automatically make you a newsletter subscriber. If you’d like to receive our newsletter, please sign up to it separately.

When you sign up for our newsletter, we will ask you for your e-mail address and to consent to us sending the newsletter to this address (Art. 6, 1a GDPR). You may also provide a name or nickname which we can use to address you in the newsletter. We store your e-mail address and (nick)name for as long as you would like to receive our newsletter. Every newsletter contains an unsubscribe link through which you can cancel your newsletter subscription. In this case, we will delete your related personal data right away.

For donations, we require a real name, address, and payment info such as credit card data. This data is stored as long as is required by Belgian tax laws (Art. 6, 1c GDPR) and afterwards deleted. Anonymous Bitcoin donations are possible as well.

Privacy Training Center’s website and services are not intended for, or designed to attract, individuals under the age of 18. We do not knowingly collect personally identifiable information from any person under the age of 18.

Cookies

We are not using any cookies apart from session cookies handled by our Content Management System. We won’t be storing any personal information in those cookies and they will be automatically deleted when closing your browser. If you are concerned about your privacy and the use of cookie technology you may set your web browser to notify you when you receive a cookie. You may also set your browser to refuse any cookies a site attempts to send you.

How we store and use your data

We take industry standard security measures to protect personal information under our control from loss, misuse, and breach, but like with every website, there are risks associated with uploading your information online.

You retain the right to view and request copies, deletion, and rectification of the personal data we collect from you. Please send any such requests to info@privacytraining.org or securely through our contact form.

We do not have a backup policy for our communications. Each employee, as they see fit, may retain the content of specific communications they receive and send, but we work to keep this information stored securely.

We do not have full credit card numbers available to us, displayable or downloadable. Credit card information is stored by the payment provider processing the payment.

The privacytraining.org website is hosted on servers of Hetzner Online GmbH in Germany. Find their policies and contact information here.

Social Media

We may use social media and social networking services to advance our mission. These platforms and applications are often provided by third party service providers. If you decide to use them, please see their privacy policies for more information, and let us know if you have specific concerns.

Updates and Contact

We will archive all versions of this Data Usage Policy and provide links on this page. Let us know any questions, comments, and concerns at info@privacytraining.org or securely through our contact form.

Previous versions of this policy

5 May 2016