Privacy Policy






Privacy Policy

ReclaimYourFace.eu is a website for the ReclaimYourFace campaign, run by European Digital Rights (EDRi).

Which data do we collect?

Website visitors: IP-addresses and information about your web browser, operating system and/or device.

ECI signatories: your full first and last names, country of residence and date of signature. Depending on the signatory’s nationality, we will also collect a combination of the following data: residence (street, number, postal code, city, country), date of birth, national identity document type and national identity document number.

For staying informed about the campaign and other related digital rights issues (campaign supporters): your first name and email address.

Optionally, you may also provide your last name, country, and a statement of support.

Who controls your data?

Website visitors: European Digital Rights (EDRi)

ECI signatories submitted via the online form: The Head of Policy at EDRi.

EDRi will have no access to this signatory data. National signature verification authorities will be the only entity with access to the signatory data. The full list of authorities is available here. The only exception to this is when the signature collection has finished: the Head of Policy at EDRi shall have temporary access to the data in order to send them to the national authorities via the European Commission’s secure file transfer system. The Head of Policy will have no access to the data after this point.

Upon submission to the European Commission of the signatures, the Head of Policy of EDRi and the European Commission become joint controllers of the signatures. This means that you exercise your rights through contacting either of them.

ECI signatories submitted on paper: The Head of Policy at EDRi.

EDRi will be able to access this signatory data solely for the purpose of collecting and administering the signatory data. This will be governed by a signed data processing agreement between the Data Controller and EDRi, and a series of organisational safeguards.

National signature verification authorities will have access to the signatory data. The full list of authorities is available here. When the signature collection has finished, the Head of Policy at EDRi shall have temporary access to the data in order to send them to the national authorities via the European Commission’s secure file transfer system. The Head of Policy will have no access to the data after this point.

Upon submission to the European Commission of the signatures, the Head of Policy of EDRi and the European Commission become joint controllers of the signatures. This means that you exercise your rights through contacting either of them.

Campaign supporters: The organization you provide your consent to keep you updated (either EDRi or a third organisation or both).


Why do we process your data?

  • To operate our webserver and keep it secure (legitimate interest)
  • To submit the signatures to the European Commission (legal obligation), based on your consent
  • To keep you updated on the ECI news and relevant campaigns (based on your consent)

How long and where do we keep your data?

  • For website visitors maximum for 24 hours, in secure servers provided by Spectre Operations
  • For ECI signatories, whether online or on paper, we keep your data for a maximum of one month after the submission of the initiative to the European Commission or 21 months after the beginning of the collection period, whichever is the earlier. It might be retained beyond these time limits in the case of administrative or legal proceedings, for a maximum of one month after the date of conclusion of these proceedings, encrypted in FTSQ secure servers in Germany (for online signatures); held in a locked cabinet in the EDRi office (for signatures submitted on paper in Belgium); or held securely on Spectre Operations servers in the Netherlands (for signatures submitted on paper outside of Belgium or as a PDF attachment to an email from the signatory).
  • For those willing to staying informed: Until they withdraw consent, in secure servers provided by Spectre Operations. Supporters of EDRi may withdraw their consent to be contacted further by EDRi at at any time by emailing info@reclaimyourface.eu or by self-managing their newsletter settings as per EDRi’s newsletter policy by unsubscribing from the Campaign mailing list.

What are your rights?

Access your data and request a copy 

Correct your data if they are wrong

Request to erase your data

Request to limit your data’s processing

Object to the processing of your personal data

Receive your data, in a structured, widely used and readable form and transmit it to another processor 

Withdraw your consent, if you have provided it

How can you exercise your rights?

We are governed by the Belgian data protection authority. You may exercise your rights anytime by contacting the ECI’s Data Protection Officer at info@reclaimyourface.eu. We will respond within 30 days.

If the European Commission acts as joint data controller, you may exercise your rights by contacting the Commission.

If you have provided a third organization with your consent to stay informed on the ECI, you may exercise your rights by contacting this organisation as indicated in its Privacy Policy.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge at any time a complaint with the European Data Protection Supervisor or with a data protection authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that your data is unlawfully processed.


For more information on ECI signatories’ data, please check the Privacy Statement as per Regulation EU/2019/788 Annex III

In accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation), your personal data provided on this form will only be used for the support of the initiative and made available to the competent national authorities for the purpose of verification and certification. You are entitled to request from the group of organisers of this initiative access to, rectification of, erasure and restriction of processing of your personal data.

Your data will be stored by the group of organisers for a maximum retention period of one month after the submission of the initiative to the European Commission or 21 months after the beginning of the collection period, whichever is the earlier. It might be retained beyond these time limits in the case of administrative or legal proceedings, for a maximum of one month after the date of conclusion of these proceedings.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge at any time a complaint with a data protection authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that your data is unlawfully processed.

The representative of the group of organisers of the initiative or, where appropriate, the legal entity created by it, is the controller within the meaning of the General Data Protection Regulation and can be contacted using the details provided on this form.

The contact details of the data protection officer (if any) are available at the web address of this initiative in the European Commission’s register, as provided in point 4 of this form.

The contact details of the national authority which will receive and process your personal data and the contact details of the national data protection authorities can be consulted at: http://ec.europa.eu/citizens-initiative/public/data-protection.


Changes to this policy

In the event that this policy is changed at any time, the date and nature of the change will be clearly indicated in this document. In the event that the change has a material impact on the handling of your personal information, we will contact you to seek your consent.

[Last updated on 02 July 2021. These updates have solely introduced new information for signatories who choose to sign the ECI on paper after this date. This has no material impact on anyone who has signed the ECI before this date, which was conducted exclusively via the online form.]