Privacy Notice and Terms of Use

We recognise the importance of personal data protection and consider preserving the confidentiality of your personal data as one of our main objectives. In this Privacy Notice we explain how European Legal Support Center (hereinafter, “we” /“us” /“our” /“ELSC”) collects and uses your personal data when you visit our website. Below, you will find: 

• Information on the Data controller and Data Protection Officer 
• What type of personal data we collect 
• How we obtain your personal data 
• Why we process your personal data and the applicable legal basis for our data processing 
• Who will your personal data be shared with 
• How we store your personal data 
• How long we retain your personal data 
• Your rights 
• How to contact the supervisory authority 
• Information on changes to this privacy notice 

This privacy notice (the “Privacy Notice“) provides information, for the purposes of the General Data Protection Regulation (EU) 2016/679 (“EU GDPR”), the EU GDPR as implemented into UK law by the European Union (Withdrawal) Act 2018 (the UK GDPR), and supplemented by the UK Data Protection Act 2018 (the DPA) and other applicable national data protection laws, concerning how the ELSC processes and protects your personal data that we may receive as part of your interactions with ELSC. 

1. Data Controller and Data Protection Officer 

ELSC is the data controller of the processing activities carried out through the website. You can contact us via info@elsc.support. 

2. What type of personal data we collect 

We collect, store and process the following personal data about you.

• When you subscribe to our newsletter: Personal identification information: name, surname, e-mail address, country, organisation name and position in the organisation. 

• Contact us via our Contact Form: Personal identification information: first name, last name and email address.

• Report an incident by filling our Incident Report Form: (1)The information included in the Incident Report Form, such as name, surname, organisation name, country and details about the incident (time, place, actor). (2)Other written information related to your enquiry or incident details that you provide.

• Make donations: Personal identification information: first name, last name and email address.

3. How we obtain your personal data

Your personal data is provided by you.

4. Why we process your personal data and the applicable legal basis for our data processing

Please find below an overview of each of the purposes for which we process your personal data as set out in paragraph 2 and the legal basis relied upon. 

Purpose	Legal basis
To send direct communications (such as newsletters)	Consent
To contact you in response to your contact request, including responding to your request for legal support or inquiry	Performance of Contract; Necessary for our legitimate interest, namely to respond to your contact request.
To collect information on a specific incident you report	Consent; and Necessary for our legitimate interest, namely documenting incidents in the field of our activities.
To process and receive donations	Necessary for our legitimate interest, namely to receive donations. We only rely on legitimate interests where we have considered that, on balance, our legitimate interests are not overridden by your interests, fundamental rights or freedoms.

5. With whom we share your personal data

We may share your personal data with any third parties that help us provide services, with legal or other professional advisors and with regulators, prosecutors and law enforcement authorities which regulate us. We may also share your personal data with our affiliates in order to provide these services. 

Any such transfers will be in compliance with our obligations as a controller under the EU GDPR, the UK GDPR, the DPA and other applicable national data protection laws. Some of these persons may process your personal data in accordance with our instructions and others will themselves be responsible for their use of your personal data. 

To the extent applicable, we will disclose or share your personal data to / with the following third parties: 

Mailchimp

If you subscribe to our newsletter, the personal data you provide will be processed by Mailchimp, which we use to manage the newsletter subscriber list and send newsletters to our subscribers. You can read Mailchimp’s privacy policy here. 

Donorbox

The ELSC uses social media and social networking services to advance our work. On our website, plugins of social media networks such as Facebook, Twitter and LinkedIn are integrated. When you visit our website, the plugin establishes a direct connection between your browser and the social networks. Through the plugins, you can directly visit our social media accounts. For more information, please see the privacy notice of the social media networks.   

The disclosures described in this Privacy Notice may involve transferring your personal data to countries outside the UK and EEA which may not have similarly strict data privacy laws. When this occurs, we will ensure that any such transfers are carried out in compliance with applicable law, including, where necessary, being governed by data transfer agreements designed to ensure that your personal data is protected, on terms approved for this purpose by the UK or EU. 

We will never sell your personal data and in all cases, we will ensure that your personal data is only disclosed for the purposes set out above and in compliance with applicable data protection laws. 

Social Media

The ELSC uses social media and social networking services to advance our work. On our website, plugins of social media networks such as Facebook, Twitter and LinkedIn are integrated. When you visit our website, the plugin establishes a direct connection between your browser and the social networks. Through the plugins, you can directly visit our social media accounts. For more information please see the privacy notice of the social media networks.  

6. How we store your personal data

The personal data you provide via our Contact Form and Incident Report Form are temporarily stored by Netlify servers in the United States, which then are sent to us. Your personal data is securely stored in our database located in Canada. 

The personal data you provide for subscription to our newsletter is stored by Mailchimp located in the US and the personal data you provide for donating to our organisation is stored by the Donorbox and Stripe located in the United States. 

7. How long we retain your personal data

We will process your personal data only for the duration necessary to achieve the purposes described in the section “Why do we process your personal data and what is the applicable legal basis for our data processing?”. As a general principle, we do not retain your personal data for longer than we need it. 

The personal data you provide to fill the Contact Form and Incident Report Form is retained as long as required for our organization to do our work and provide the requested assistance. The personal data you provide for the subscription to our newsletter is retained until you withdraw your consent by using the “unsubscribe” functionality. The personal data following from the donations are retained until you have informed us that you will no longer be a donator or once you have not donated for 5 years. Further information regarding the period of retention of your personal data and the criteria used to determine such period could be requested from the DPO. 

If we are subject to a statutory retention period, we will retain your personal data for the period specified by the law. 

Notwithstanding the above, we may retain your personal data for the length of any applicable limitation period for claims that might be brought against us later. 

8. Your rights

The EU and UK GDPR provide you (as the data subject) a number of absolute or qualified legal rights in relation to the processing of your personal data. These rights include (with some exceptions): 

• Request access to your personal data: You are entitled to ask us if we are processing your personal data and, if we are, you can request access to your personal data. This enables you to receive copies of your personal data. If your request is clearly unfounded or excessive we reserve the right to charge a reasonable fee or refuse to comply in such circumstances. 
• Rectification of your inaccurate personal data: You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 
• Erasure of your personal data: You have the right to ask us to erase your personal data, under certain conditions. There are certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with legal claims. 
• Restriction of the processing concerning your personal data: You have the right to ask us to suspend the processing of your personal data, under certain conditions. 
• Object to relevant processing activity: Where we are processing your personal data based on our legitimate interest (or those of a third party; see section 4), you have the right to object to the processing of your personal data, under certain conditions. However, we may be entitled to continue processing your personal data based on our legitimate interests. 
• Data portability: You have the right to ask that we transfer the personal data concerning you to another organisation, or to you, in a structured, commonly used and machine-readable format, under certain conditions. 

In the limited circumstances where you may have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Please note that the withdrawal of your consent does not affect the lawfulness of the processing based on your consent prior to its withdrawal. 

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you but have the right to extend this period by two months. If we extend the response period, we will let you know within one month of your request. 

You can change your news preferences by clicking on the unsubscribe option at the bottom of our newsletter’s emails. 

9. How to contact ELSC 

If you wish to exercise your rights listed above or have any concerns about our data collection practices, you can contact us by email at info@elsc.support. 

When exercising any of your rights, we may request specific information from you to prove your identity to our satisfaction so that we can safeguard your personal data from unauthorised access by someone impersonating you. 

We exercise particular care when receiving a request to exercise these rights on your behalf by a third party. We will ensure that the third party is correctly authorised by you to receive the requested information on your behalf. 

10. How to contact the supervisory authority 

You can lodge a complaint about our processing of your personal data with a supervisory authority in the country of your residence, where you work or where an alleged infringement of the applicable data protection law took place.  

The competent supervisory authority for the Netherlands is the Dutch Data Protection Authority (“DPA”). You can contact the Dutch DPA (‘Autoriteit Persoonsgegevens’) at +31 88 1805 250 or https://autoriteitpersoonsgegevens.nl/nl/meldingsformulier-klachten. 

The competent supervisory authority for the United Kingdom is the Information Commissioner’s Office (“ICO”). You can contact the ICO at +44 (0)303 123 1113 or https://ico.org.uk/make-a-complaint/.  

Changes to this Privacy Notice 

ELSC may change this Privacy Notice from time to time. 

At all times, we will publish the up-to-date version on our website. You should check this page occasionally to ensure you are familiar with any changes.