Privacy Notice and Terms of Use
We recognise the importance of personal data protection and consider preserving the confidentiality of your personal data as one of our main objectives. In this Privacy Notice we explain how European Legal Support Center (hereinafter, “we“/”us“/”our“/“ELSC”) collects and uses your personal data when you visit our website. Below, you will find:
- Information on the Data controller and Data Protection Officer
- What type of personal data we collect
- How we obtain your personal data
- Why we process your personal data and the applicable legal basis for our data processing
- With whom we share your personal data
- How we store your personal data
- How long we retain your personal data
- Your rights
- How to contact the supervisory authority
- Information on changes to this privacy notice
- Data Controller and Data Protection Officer
ELSC is the data controller of the processing activities carried out through the website. You can contact us via info@elsc.support. ELSC has appointed a data protection officer (“DPO”) who is freely contactable for any information relating to the processing of your personal data by the ELSC at the following address: info@elsc.support
- What type of personal data we collect
We collect, store and process the following personal data about you.
- When you subscribe to our newsletter:
- Personal identification information: name, surname, e-mail address, country, organisation name and position in the organisation.
- Contact us via our Contact Form:
- Personal identification information: first name, last name and email address.
- Report an incident by filling our Incident Report Form:
- The information included in the Incident Report Form, such as name, surname, organisation name, country and details about the incident (time, place, actor).
- Other written information related to your enquiry or incident details that you provide.
- Make donations:
- Personal identification information: first name, last name and email address.
- How we obtain your personal data
Your personal data is provided by you.
- Why we process your personal data and the applicable legal basis for our data processing
Please find below an overview of each of the purposes for which we process your personal data as set out in paragraph 2 and the legal basis relied upon.
Purpose | Legal basis |
To send direct communications (such as newsletters) | Consent |
To contact you in response to your contact request | Necessary for our legitimate interest, namely to respond to your contact request |
To collect information on a specific incident you report | Consent; and Necessary for our legitimate interest, namely documenting incidents in the field of our activities. |
To process and receive donations | Necessary for our legitimate interest, namely to receive donations. |
- With whom we share your personal data
To the extent applicable, we will disclose or share your personal data to / with the following third parties:
Mailchimp
If you subscribe to our newsletter, the personal data you provide will be processed by Mailchimp, which we use to manage the newsletter subscriber list and send newsletters to our subscribers. You can read Mailchimp’s privacy policy here.
Donorbox
If you donate to our organisation via the Donate button, the personal data you provide will be processed by Donorbox, which we use to handle your donations. You can read Donorbox’s privacy policy here. Additionally, we use Stripe as our payment service provider to process your online payments. You can read Stripe’s privacy policy here.
Social Media
The ELSC uses social media and social networking services to advance our work. On our website, plugins of social media networks such as Facebook, Twitter and LinkedIn are integrated. When you visit our website, the plugin establishes a direct connection between your browser and the social networks. Through the plugins, you can directly visit our social media accounts. For more information please see the privacy notice of the social media networks.
- How we store your personal data
The personal data you provide via our Contact Form and Incident Report Form are temporarily stored by Netlify servers in the United States, which then are sent to us. Your personal data is securely stored in our database located in Canada.
The personal data you provide for subscription to our newsletter is stored by Mailchimp located in the US and the personal data you provide for donating to our organisation is stored by the Donorbox and Stripe located in the United States.
In case of transfers of personal data to countries outside the EEA, we ensure appropriate safeguards are in place to guarantee the continued protection of your personal data, particularly by signing the Standard Contractual Clauses of the European Commission (article 46(2)(c) GDPR). For more information on these Standard Contractual Clauses, please see here.
- How long we retain your personal data
We will process your personal data only for the duration necessary to achieve the purposes described in the section “Why do we process your personal data and what is the applicable legal basis for our data processing?”.
The personal data you provide to fill the Contact Form and Incident Report Form is retained as long as required for our organization to do our work and provide the requested assistance. The personal data you provide for the subscription to our newsletter is retained until you withdraw your consent by using the “unsubscribe” functionality. The personal data following from the donations are retained until you have informed us that you will no longer be a donator or once you have not donated for 5 years. Further information regarding the period of retention of your personal data and the criteria used to determine such period could be requested from the DPO.
If we are subject to a statutory retention period, we will retain your personal data for the period specified by the law.
Notwithstanding the above, we may retain your personal data for the length of any applicable limitation period for claims that might be brought against us later.
- Your rights
Pursuant to Chapter III of the GDPR, you have the right to:
- Request access to your personal data: You are entitled to ask us if we are processing your personal data and, if we are, you can request access to your personal data. This enables you to receive copies of your personal data. If your request is clearly unfounded or excessive we reserve the right to charge a reasonable fee or refuse to comply in such circumstances.
- Rectification of your inaccurate personal data: You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Erasure of your personal data: You have the right to ask us to erase your personal data, under certain conditions. There are certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with legal claims.
- Restriction of the processing concerning your personal data: You have the right to ask us to suspend the processing of your personal data, under certain conditions.
- Object to relevant processing activity: Where we are processing your personal data based on our legitimate interest (or those of a third party; see section 4), you have the right to object to the processing of your personal data, under certain conditions. However, we may be entitled to continue processing your personal data based on our legitimate interests.
- Data portability: You have the right to ask that we transfer the personal data concerning you to another organisation, or to you, in a structured, commonly used and machine-readable format, under certain conditions.
In the limited circumstances where you may have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Please note that the withdrawal of your consent does not affect the lawfulness of the processing based on your consent before its withdrawal.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you but have the right to extend this period by two months. If we extend the response period, we will let you know within one month of your request.
If you wish to exercise your rights listed above or have any concerns about our data collection practices, you can contact us by email at info@elsc.support.
- How to contact the supervisory authority
Should you be unhappy with the way we deal with your personal data or address your concerns, pursuant to Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority in the country of your residence, where you work or where an alleged infringement of the applicable data protection law took place. The competent supervisory authority for the Netherlands is the Dutch Data Protection Authority (“DPA”). You can contact the Dutch DPA (‘Autoriteit Persoonsgegevens’) at tel. +31 88 1805 250 or https://autoriteitpersoonsgegevens.nl/nl/meldingsformulier-klachten.
- Changes to this privacy notice
ELSC may change this Privacy Notice from time to time.
At all times, we will publish the up-to-date version on our website. If we make any important changes to this Privacy Notice (e.g. with regard to the personal data we collect, how we use it or why we use it), we will notify you.