Privacy policy -
European Center for Digital Action
1. Data controller
Name: European Center for Digital Actions
Address: Rue Gachard 88 box 8, 1050 Ixelles
Association registration number: 0792.915.711
VAT number: BE792.915.711
2. Relevant statutory laws serving as the legal basis for data handling
Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) and the Belgian Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data.
3. Scope of data handled and the aim of data handling
Generally, our intent is to collect only the Personal Data that is provided voluntarily by Visitors, Subscribers, and Registrants so that we can offer information and services to them.
We may collect and process Personal Data, including the following:
(a) contact information that allows us to communicate with you in direct messages or online ads, such as your name, e-mail or mailing address, telephone numbers, Facebook Messenger ID, or other addresses that allow us to send you messages;
(b) service information that allows us to recommend you from our offerings, such as the types of products and services that may interest you, information on the organization you represent, geographic locations, and demographics. We collect this information from the forms you filled in and from the interactions you had with us on our social media channels (Facebook, Messenger);
(c) any additional information you may provide us in the context of applications or surveys to enroll in our programs and training courses, such as your organization, role in the organization, and information related to your activities needed to evaluate your application.
Your Personal Data is not used for other purposes unless we obtain your permission, or unless otherwise required or permitted by applicable law.
4. Legal basis of data handling
We only manage your Personal Data only if we have your agreement on it. Your opt-in can have several formats. For example, you can push the “Get Started” button on our Messenger channel or you can fill in a form on our Website.
5. Duration of data handling
We may store your data for 5 years after your last check-in to our IT services. We chose 5 years because of the usual length of political cycles in the EU / EEA area.
6. Data processor and sub-processors
We use a third-party database managing, mass e-mailer, and direct messaging software stack. We, ECDA, are the only data controllers, the below listed data processors only store and manage our data:
Estratos Digital GmbH (98 Sommerhaidenweg, 1190 Wien) is a software-as-a-service company, we use their own digital tools and those that are re-sold by them for data processing and database building.
Estratos Digital GmbH uses Google Cloud Platform service to store and access personal data provided by data processor/subprocessor Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The Data Processing and Security Terms of the firms are available at: https://cloud.google.com/terms/data-processing-terms
Estratos Digital GmbH uses the Cloud Functions for Firebase, the Firebase Realtime Database, the Cloud Storage for Firebase services to store and access personal data provided by data processor/subprocessor Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google usually operates these services from a Google server in the USA and stores the data there. Google is certified under the Privacy Shield agreement and thus provides a safeguard in adherence to European data privacy laws: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Estratos Digital GmbH uses Action Network (1900 L St NW, Suite 900, Washington DC 20036; Privacy Policy: https://actionnetwork.org/privacy) as a comprehensive CRM solution, integrated emailer, action pages platform.
Estratos Digital GmbH uses Segment (100 California Street, Suite 700, San Francisco, CA 94111 USA; Privacy Policy: https://segment.com/docs/privacy/complying-with-the-gdpr/#opting-into-the-data-processing-agreement-and-standard-contractual-clauses) to sync Estratos’ systems, send data from a webpage, application or CRM to another application or CRM.
7. Access to data and measures ensuring safe data handling
We maintain adequate administrative, technical, and physical safeguards designed to protect the Personal Data you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
When processed as part of a hosted service, the information may be processed and stored on the servers of third-party providers hired to provide the hosting (www.wix.com), and our agreements with such parties require that they not use, disclose, or share such information.
8. Rights of data holder and legal remedies
If we manage your Personal Data, in this context you are a Data Subject. As a Data Subject, you have certain rights. We are doing our best effort to help you exercise these rights. Please contact us through our e-mail address privacy@centerfodigitalaction.eu.
You can get information and help to exercise the following rights:
(a) The data subject’s right of access which means 1) the right to know whether data concerning you are being processed and 2) if so, access it with loads of additional stipulations (GDPR Article 15).
(b) The data subject’s right to rectification. When Personal Data are inaccurate, then we need to correct them if you ask us to do so (GDPR Article 16).
(c) The right to erasure, if Personal Data has been made public and you want us to remove it, we must do so. However, we never make your Personal Data public without your explicit consent to do so. (GDPR Article 17).
(d) The data subject’s right to restriction of processing. You have the right to limit the processing of your Personal Data (GDPR Article 18).
(e) The data subject’s right to data portability. With the right to data portability, you can ask us to transfer your stored Personal Data to an entity you specify in a machine-readable format (GDPR Article 20).
(f) The data subject’s right to object. You can say you don’t want the Personal Data processing to be done or going on (GDPR Article 21).