Which data do we collect?
Website visitors: IP-addresses and information about your web browser, operating system and/or device.
ECI signatories: your full first and last names, country of residence and date of signature. Depending on the signatory’s nationality, we will also collect a combination of the following data: residence (street, number, postal code, city, country), date of birth, national identity document type and national identity document number.
For staying informed about the campaign and other related digital rights issues (ECI supporters): your first name and email address.
Optionally, you may also provide your last name, country, and a statement of support.
Who controls your data?
Website visitors: European Digital Rights (EDRi)
ECI signatories: The Head of Policy at EDRi.
EDRi will have no access to this signatory data. National signature verification authorities will be the only entity with access to the signatory data. The full list of authorities is available here. The only exception to this is when the signature collection has finished: the Head of Policy at EDRi shall have temporary access to the data in order to send them to the national authorities via the European Commission’s secure file transfer system. The Head of Policy will have no access to the data after this point.
Upon submission to the European Commission of the signatures, the Head of Policy of EDRi and the European Commission become joint controllers of the signatures. This means that you exercise your rights through contacting either of them.
ECI supporters: The organization you provide your consent to keep you updated (either EDRi or a third organisation or both).
Why do we process your data?
- To operate our webserver and keep it secure (legitimate interest)
- To submit the signatures to the European Commission (legal obligation), based on your consent
- To keep you updated on the ECI news and relevant campaigns (based on your consent)
How long and where do we keep your data?
- For website visitors maximum for 24 hours, in secure servers provided by Spectre Operations
- For ECI signatories, we keep your data for a maximum of one month after the submission of the initiative to the European Commission or 21 months after the beginning of the collection period, whichever is the earlier. It might be retained beyond these time limits in the case of administrative or legal proceedings, for a maximum of one month after the date of conclusion of these proceedings, encrypted in FTSQ secure servers in Germany.
- For those willing to staying informed: Until they withdraw consent, in secure servers provided by Spectre Operations. Supporters of EDRi may withdraw their consent to be contacted further by EDRi at at any time by emailing firstname.lastname@example.org or by self-managing their newsletter settings as per EDRi’s newsletter policy by unsubscribing from the Campaign mailing list.
What are your rights?
Access your data and request a copy
Correct your data if they are wrong
Request to erase your data
Request to limit your data’s processing
Object to the processing of your personal data
Receive your data, in a structured, widely used and readable form and transmit it to another processor
Withdraw your consent, if you have provided it
How can you exercise your rights?
We are governed by the Belgian data protection authority. You may exercise your rights anytime by contacting the ECI’s Data Protection Officer at email@example.com. We will respond within 30 days.
If the European Commission acts as joint data controller, you may exercise your rights by contacting the Commission.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge at any time a complaint with the European Data Protection Supervisor or with a data protection authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that your data is unlawfully processed.
For more information on ECI signatories’ data, please check the Privacy Statement as per Regulation EU/2019/788 Annex III
In accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation), your personal data provided on this form will only be used for the support of the initiative and made available to the competent national authorities for the purpose of verification and certification. You are entitled to request from the group of organisers of this initiative access to, rectification of, erasure and restriction of processing of your personal data.
Your data will be stored by the group of organisers for a maximum retention period of one month after the submission of the initiative to the European Commission or 21 months after the beginning of the collection period, whichever is the earlier. It might be retained beyond these time limits in the case of administrative or legal proceedings, for a maximum of one month after the date of conclusion of these proceedings.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge at any time a complaint with a data protection authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that your data is unlawfully processed.
The representative of the group of organisers of the initiative or, where appropriate, the legal entity created by it, is the controller within the meaning of the General Data Protection Regulation and can be contacted using the details provided on this form.
The contact details of the data protection officer (if any) are available at the web address of this initiative in the European Commission’s register, as provided in point 4 of this form.
The contact details of the national authority which will receive and process your personal data and the contact details of the national data protection authorities can be consulted at: http://ec.europa.eu/citizens-initiative/public/data-protection.
Changes to this policy
In the event that this policy is changed at any time, the date and nature of the change will be clearly indicated in this document. In the event that the change has a material impact on the handling of your personal information, we will contact you to seek your consent.
[Last updated on 15 February 2021]