GDPRhub:Privacy policy
In brief
Hi, this is noyb! As administrator of the GDPRhub and of the GDPRtoday newsletter, we are processing some personal data. This privacy policy is meant to provide you with information regarding the processing of personal data that is taking place on the GDPRhub and if you subscribe to our GDPRtoday newsletter.
In a nutshell, these are our main data processing activities:
- if you just visit our page: we just show you the page. That's it.
- if you edit a page on the GDPRhub: if you edit a page, data will be stored about your edit and your IP address. Some cookies are technically necessary in this case. If you have an account with the GDPRhub and you edit a page while being logged in, data will be stored about both your edit and the relevant account ID.
- if you subscribe to our newsletter: we keep your email in a list and if you unsubscribe we delete it. That's it.
- in all cases: we run anonymized statistics.
If you have a problem or question, send us a message at info@noyb.eu and we’ll take care of things!
In detail
About us
You can find all details about us here: About us
When you browse GDPRhub
- Purpose: we only process the personal data that is necessary to provide the GDPRhub to you (mainly, "transactional data" such as your IP address) and to ensure the security of the page.
- Storage: transactional data is not stored. Security log data (e.g. when the software identifies an "incident") are deleted within 6 months, unless there is a specific and individual reason to keep information for a longer period of time (e.g. when individual IP addresses are blocked).
- Legal Basis: your consent to send you the page you asked us for. Our legitimate interests in the security of our page, specifically your IP address, as well as our legal duty under the GDPR to ensure the security of processing.
- Processors: we may use trustworthy processors that only process your personal data on our behalf ("processors"), who may be subject to change. Currently GDPRhub is hosted on our own servers and we do not use any processors.
- Other Recipients: usually none. The only exception can be our external backend support (nycro UG, Hütten 118, 20355 Hamburg, Germany) that can have unavoidable access to information when solving technical issues.
- Third Country Transfers: none. We store your data within the EEA/EU.
- Statistics: we run a statistics system on our pages that only uses anonymous data.
- Cookies: when you visit a page the wiki sometimes stores a technical cookie.
cpPosIndex | Technical cookie | Expires after 20s |
...in addition, when you sign up to the GDPRtoday newsletter
- Personal Data: we only process your email and technical data (e.g. information that your server did not accept our emails) as well as the voluntarily provided details that you have submitted at the time you subscribed to our newsletter (location, profession, etc).
- Purpose: delivery of the GDPRtoday newsletter. We may also use the data you have voluntarily provided on the sign-up page and the TLD of your email (like ".de") for non-personalized aggregated statistics (reader numbers per country) and to show country-specific elements (calls for editors in a country or sponsorship).
- Storage: we store your email address and any voluntarily provided details until you unsubscribe. It may take up to 24 hours until all your personal data is deleted from our systems.
- Legal Basis: your consent to receiving the newsletter and to voluntarily provide details.
- Processors: we only use trustworthy processors that only process your personal data on our behalf (“processors”) – for our newsletters, we are currently using dialog-Mail eMarketing Systems GmbH, Nussgasse 31, 3434 Wilfersdorf, Austria.
- Other Recipients: usually none. The only exception can be our external backend support (nycro UG, Hütten 118, 20355 Hamburg, Germany) that can have unavoidable access to information when solving technical issues.
- Third Country Transfers: none. We store your data within the EEA/EU.
- Statistics: We may run a statistics system in our emails that only uses anonymous data.
...in addition, when you edit GDPRhub, create a GDPRhub account or use the GDPRhub submission form
When you edit the wiki using a GDPRhub account (including your own user page), these edits will be associated with your user name and be visible on your user page. You may optionally add your email when you create an account.
If you do not have an account, we will store your IP address with each edit.
You can choose to additionally add your name or a pseudonym (author name) as the original contributor for new decisions via our case submission form. If you choose to add a name or pseudonym, it will appear on GDPRhub and in the corresponding article of our GDPRtoday newsletter, and can be connected to the associated IP address or account name of the person that added the information.
If you have a GDPRhub user page and added an author name, we will link this user page with your name in the GDPRtoday newsletter.
- Personal data: your IP address, your user name (optional), author name (optional) or email (optional), as well as any edits you make on GDPRhub, as well as comments or changes that others may make on your edits.
- Purpose: we only process the personal data that is necessary so you can edit the page and so that we can prevent abusive edits. In addition, others may make changes and give publicly visible comments and feedback on edits. We may use any provided information to contact you regarding your edits on GDPRhub.
- Storage: all changes and associated metadata are stored permanently.
- Legal Basis: your consent to store the edits and our legitimate interest to prevent abusive edits.
- Recipients: Usually none. However your username and edits are publicly visible and your summaries and your (optional) author name. Also, our external backend support (nycro UG, Hütten 118, 20355 Hamburg, Germany) can have unavoidable access to information when solving technical issues.
- Cookies: if you edit a page, the wiki stores necessary data in cookies:
gdprwiki_session | Technical cookie | Session |
gdprwikiUserID | User ID as number | 6 Months |
gdprwikiUserName | User name is text | 6 Months |
gdprwikiToken | Keep me logged in function | 6 Months |
VEE | Choice visual or text editor | 1 Month |
UseCDNCache | Technical cookie | Instant deletion |
UseDC | Technical cookie | Instant deletion |
...in addition, when you become a GDPRhub Country Reporter
If you join as a GDPRhub Country Reporter we keep the information you provided and keep lists to manage Country Reporters, in addition to the other information we process when you edit GDPRhub (see above). In more detail this means the following:
- Personal Data: the data you provided to our team (like name, user name, spoken languages, countries, etc) as well as user management data, and comments and feedback by the noyb team (for example about your language skills, the quality of your summaries, your availability and the total number of submitted summaries).
- Purpose: we use the data you have provided and we have generated for (1) communication between GDPRhub Country Reporters and the noyb team, (2) case distribution and feedback, (3) managing our status system (Silver / Gold / Purple) and (4) publishing case summaries.
- Storage: we keep your personal data until you resign as a GDPRhub Country Reporter. You then have the choice to have your accounts deactivated or all your account data deleted (which may take a couple of days for organizational reasons).
- Legal Basis: your consent.
- Processors: we may use trustworthy processors that only process your personal data on our behalf ("processors"), who may be subject to change. Currently GDPRhub is hosted on our own servers and we do not use external processors.
- Other Recipients: usually none. Remember, however, that other users of our internal chat system are able to see your username and your messages in the relevant channels. Also, our external backend support (nycro UG, Hütten 118, 20355 Hamburg, Germany) that can have unavoidable access to information when solving technical issues.
- Third Country Transfers: none. We store your data within the EEA/EU.
- Statistics: we run anonymous statistics system on summaries and case distribution, based on countries.
- Communication Providers: if you provide us with relevant contact details or join a call we suggest, we may contact you via third party communication providers like messaging apps or online meeting software that you use. We do not control these third parties and any personal data you share with them.
...in addition, when you fill out a GDPRhub Survey
We may do voluntary surveys on GDPRhub, which helps us to provide a better service to you. If you participate in a survey, the following information may be useful:
- The survey tool does not process personal data, unless you enter personal data into a text response box (e.g. your email or an answer that identifies you).
- Each survey participation will be stored together with your other answers, allowing to link answers that contain personal data with other responses that themselves do not contain personal data.
- The responses will not be shared with third parties. Aggregated information may be used in the form of reports or graphics. No such result will contain personal data.
- Any personal data that you provided will be deleted as soon as the responses are fully processed by our team, but no later than six months from the end of the survey.
In all cases, you have the following rights
As a data subject, you have the right to:
- information about the processing of your personal data;
- obtain access to the personal data held about you;
- ask for incorrect, inaccurate or incomplete personal data to be corrected;
- request that personal data be erased (for example, if you unsubscribed from our newsletter, or if you want to quit being a country reporter for the GDPRhub and ask us to delete your profile);
- object to the processing of your personal data on grounds relating to your particular situation;
- request the restriction of the processing of your personal data in specific cases;
- receive your personal data in a machine-readable format and send it to another controller (‘data portability’);
- withdraw your consent (when you have given us your consent, e.g; when subscribing to our newsletter); and
- submit a complaint with your local data protection authority.
We are governed by the Austrian data protection authority (Datenschutzbehörde).