Privacy Policy
This site belongs to GEN Europe, with the legal seat at:
ZEGG
Rosa-Luxemburg-Straße 89
14806 Bad Belzig,
Germany
Privacy Policy
The Global Ecovillage Network of Europe (GEN Europe) is committed to maintaining all personal data on individuals within the networks and supporters in a secure manner, within the framework of the General Data Protection Regulation (2018) (GDPR). All data subjects who have consented for their information to be held on the data storage systems outlined in this policy, are held in accordance with this privacy policy. This policy outlines the GDPR policy of GEN Europe. For all requests regarding GDPR, please contact us on secretariat (at) gen-europe.org
1) What Data We Collect
1.1) Newsletter and other communication updates: You may actively opt-in to receive communications by either 1) becoming a member of GEN Europe; 2) signing up to our newsletter and/or other communications using an online form; 3) signing up to e-communications at an offline event. You may receive mailings from our public newsletter, our member newsletter, and our member announcements lists.
If you give us your details, we will ask you to provide only the minimum amount of information required so we can keep in contact and/or provide the service/s we have promised. Usually, the information we ask for will consist of name, country, email address. However, when you decide to donate to GEN, we will also ask for relevant banking information and address. At some of our offline events you will have the option to give us your phone number if this is appropriate. We do not share your information, and never would. We would never sell your information to any third party and consider it exploitative to profit from your personal data.
1.2) Payment details
If you set up a recurring payment with us – for a donation, for example – we will need to store the account details linked to your gift. We will always store this information securely with one of the financial data processors we use. If you make a cash donation using your card, we will not store your full account details. You can read more about donating securely in section 9 below.
1.3) Ecovillage Map: By passing GEN Europe any personal contact information under the auspices of publicity for the European Ecovillage Map, we assume through legitimate interest that you are consenting to have that data accessible by the public so you can share your project. Such data will be stored in the cloud internally on our website’s WordPress site.
If possible, when uploading project information we recommend uploading generic contact details that are not associated with individuals. If at any time, you find your details connected with a project that you did not consent to, or you need your project’s information updated, please contact us at secretariat@gen-europe.org.
1.4) Events: We will collect registration data in order to provide the best service for the participants/registrants/data subjects such as correct accommodation, special food needs and to enable the coordinators to plan around the needs of the participants.
We will collect contributor data to ensure effective and caring coordination of contributors and with the general purpose of creating meaningful events.
1.5) Membership: When you apply to become a GEN Europe Member, we will store your initial expression of interest form on our internal servers. Should you become a Member, we will store your information on our servers so that you may receive the benefits of being a Member, such as regular email communication. We store your data for as long as you remain a member of GEN EU. If membership lapses without informing us of your wish to no longer be a member, we retain your information for two years afterwards as part of a ‘grace period’ in case membership is reactivated. If you request to no longer be a member we will remove your data from our membership database. If you no longer wish to be a member, please contact us on membership@gen-europe.org.
1.6) Forum: To sign up for a forum account, GEN EU collects your name, a user name, and an e-mail address. We use your account data to identify you on the forum and to create pages specific to you, such as your profile page. We use your e-mail address to notify you about posts and other activity on the forum, reset your password and help keep your account secure.
We store your account data as long as your account remains open.
1.7) Other Financial Details: When you pass any financial data to GEN Europe- outside of those instances included in section 9 – including for Programme and Project based needs, we will keep these for 6 months, unless this contravenes other legislation.
1.8) Photographs: It is possible that if you attend a GEN Europe event you will be photographed. We will clearly communicate when this is the case. If you do not wish photos of yourself to be taken or published, please be sure to notify the event management as soon as possible.
We often work with photographers outside GEN Europe staff so we can collect beautiful photos of events and moments unseen by ourselves. We are sure to store agreements with each of these third party photographers that they have sought consent from the subjects in their photos.
It is possible that we may still use a photo you are in if it was taken in a public space. We will however of course uphold your right to privacy should you notify us. If you see a photo of yourself that was taken in such a space in our communications, please contact us on secretariat[at]gen-europe.org so we can immediately remove them.
2) Your Data, Your Rights
The Global Ecovillage Network believes that data sovereignty and control are fundamental in the digital age. All data will be collected based on the consent of the data subject. No data will be collected unless consent is given. Children under 13 can only give consent with permission from their parent/guardian. In line with GDPR, we encourage you to exercise your rights to data control, which include:
● Right to rectification: you can ask us via postal mail or electronically to update or ‘rectify’ any inaccurate data that we hold on you. We will fulfill your request within 31 days.
● Right of access: you can apply in writing for copies of all the information we hold on you. We will send this to you via the same means you applied i.e. via either if by postal mail or electronically. We will send you this information within 31 days of your request.
● Right to erasure: you have the right to be forgotten which means you can apply to us in writing or verbally to delete all of your data from our servers and data processor services. We will comply within 31 days of your request.
All requests for rectification, access and erasure should be directed to secretariat(at)gen-europe.org
3) What are cookies and do we use them?
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the site owners about how people are using their site. There is one main type of cookie used by this website, relating to temporarily storing information on your use of gen-europe.org for analytic purposes (so we can improve our services).
● _gid, _ga – Google Analytics – Supports us to improve the interaction with our website
4) Technical Security The majority of the processors and service providers we use are based in the cloud, and include: Financial Services (e.g Paypal); Communications and mailing service; Website / WordPress plug-ins; Databasing services (such as Google Drive). GEN Europe’s websites and forms are certified encrypted with HTTPS.
4.1. Server. The dedicated server of GEN Europe is located in Helsinki, Finland. The server is administered by Hetzner.com
Privacy policy Hetzner: https://www.hetzner.com/legal/privacy-policy
Information security certification: https://www.hetzner.com/unternehmen/zertifizierung/
4.2. Website. On top of the server we run a website with WordPress with the newest version 5.9.2. Through our HTTPS we have certifications that ensure our websites are secure and that data sent in any form is encrypted.
Security note on WordPress: https://wordpress.org/about/security/
4.3. Forms. On top of the website we run Ninja forms newest version 3.6.7
Note on security for Ninja Forms: https://ninjaforms.com/docs/ninja-forms-secure/
GDPR on ninja forms: https://ninjaforms.com/docs/gdpr-compliance-ninja-forms/
4.4. Money Transfers. Both of the payment processors we use – Paypal and Stripe – are PCI compliant (Payment Card Industry Data Security Standard). This means we only store the last four digits of your card details electronically, and once your donation has been processed, we destroy any record of the 3 digit security number on the back of the card.
5) Who can access your data collected by GEN Europe
5.1 Data collected by GEN Europe will only be accessible to individuals within the organisation, who need the data to perform the services requested by the data subjects.
5.2. Events data.
Events registration data may be shared with select individuals outside of the organization falling under one of the following specifications: Events IT Team, Events Registration Team, Events Coordination Team, GEN Europe Membership Officers and assistants. The data will only be used for purposes strictly necessary for the organisation of the event.
6) Data Sharing
Data will only be shared with other organisations if strictly necessary to fulfill the request or service consented to by the data subject and only the data relevant to the services will be shared.
During the organision of the European Ecovillage Gathering data will be shared with the Gathering partners including the host community and National Network involved in organising the Gathering. Data sharing will only happen across the relevant teams, outlined above.
7) Confidentiality and Operational Securities
GEN Europe maintains strict confidentiality requirements and regulation in compliance with Article 5 of the European Union’s General Data Protection Regulation (GDPR) as outlined in our Confidentiality Agreement with employees.
8) Procedure in case of any request from Data Subject:
8.1. Any requests from data subjects will be answered within 30 days. Requests regarding rectification, access and erasure will be fulfilled within 30 days.
9) Storage Limitation / Data erasure
GEN Europe will only store personal data for as long as the purpose of the data processing, as consented to by the data subject as outlined in section 2.
10) High Risk Data
GEN Europe will not handle high risk data, unless specifically requested to in the event of:
- Health problems or allergens of participants or contributors to our events that organisers need to be aware of to protect their health and safety.
11) Data breaches
If, in the unlikely circumstance, we detect a data breach or misuse of your information that is our responsibility, we are required under GDPR to report this to the ICO within 72 hours. We will also notify you so that you can take appropriate measures to protect yourself
12) Help us improve
We are always looking for new ways to improve our services and what we can offer our supporters. If you have a complaint please do contact us We will treat your complaint seriously and confidentially and resolve it as soon as possible. You can lodge a complaint by emailing secretariat[at]gen-europe.org. If you are not happy with our response to your complaint, you can take it further by contacting the Agencia Española de Protección de Datos.