Generation Climate Europe Privacy Policy

Introduction

This document outlines how our organisation, Generation Climate Europe (GCE), uses the personal data that we collect from you when you use our website and any other services, including our newsletter. It outlines how we comply with the General Data Protection Regulation (GDPR) and other relevant data-protection legislation.

About Us

Generation Climate Europe (“we”, “us”, “our”, “GCE”) is the largest coalition of youth-led networks at the European level, pushing for stronger action from the EU on climate and environmental issues.

Definitions

‘Data Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. For the purposes of this newsletter the Data Controller of your data is Generation Climate Europe, of Rue des Deux Eglises 14-16 1000 Brussels.

‘Personal data’ means any information relating to an identified or identifiable natural person which can be used to identify that person.

‘Processing’ means any operation which is performed on personal data such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

You” or “your” refers to those who interact with our website or subscribe to our newsletter.

What data do we collect, and how do we collect it?

GCE collects data that you give to us about yourself, for example when you subscribe to our newsletter through our sign-up form, fill in one of our surveys, post a comment on our website, sign up for an event, or apply for a volunteering position.

GCE collects data from other sources, including when you interact with social networks, and third-party service providers. Please see the section on Third Party Services for more information.

We collect the following information:

  • We collect and process the data that you provide us, for example, by signing up to our newsletter, filling in one of our surveys, signing up for an event or applying for a volunteering position. Examples include your name and your email address.
  • Data relating to your engagement with our services, including:
    • whether you click on links on our website or in our newsletter;
    • whether you open our newsletter.

How do we use your data?

GCE collects your data so that we can:

  • Deliver content on our website and through our newsletter.
  • Personalise our content and communications with you
  • Respond to your inquiries.
  • Comply with applicable laws.

We will not:

  • sell your data to third parties;
  • transfer your data to third parties, other than those outlined within this Privacy Policy, or unless to the relevant public authorities if required by law.

We do not use automated decision-making technology in relation to your personal data.

How do we store your data?

Data provided to us for our newsletter is stored by EmailOctopus in Ireland, within the European Economic Area (“EEA”), on the secure servers of Amazon Web Services (“AWS”). Your data will also be temporarily available to the  email service providers (ESPs) that EmailOctopus uses. ESPs will only have access to your data when we are sending an email to you. Once the email is sent, the ESPs no longer have access to your data. EmailOctopus’ ESPs are Mailgun, SendGrid, Sparkpost and Elastic Email.

Who has access to your data?

Within GCE, the following people have access to the data stored on EmailOctopus’ servers through our EmailOctopus account: Director, Communications Coordinators, Newsletter Taskforce. EmailOctopus and its ESPs have access to the data provided to them in relation to the newsletter.

Personal data given through one of our surveys can be accessed by the lead coordinators of our working groups.

Third Party Services

We are not responsible for data provided to third parties, or how third parties use data if you follow external links on our website or newsletter. Our privacy policy only applies to our services, so please read any external privacy policies.

We explicitly use the following third parties in order to provide you with our services:

  • EmailOctopus
  • EmailOctopus is an online marketing platform; we use it as a service provider for our newsletters.
  • EmailOctopus collects data provided directly by you in sign up forms for our newsletter.
  • Please see EmailOctopus’ Privacy Policy for information on how they protect your data: https://emailoctopus.com/legal/privacy 
  • Google  Forms
    • Google Forms is an online questionnaire service which we use to create surveys.
    • Google Forms collects data provided directly by you in our surveys. This data is only collected with your explicit consent.

Legal basis for processing your data

We rely on several legal bases for the collection and use of your personal data:

  • Explicit Consent: We will always rely on your explicit consent to process your personal data. Where we do so, you have the right to withdraw your consent at any time. When receiving a newsletter, your consent can be withdrawn by unsubscribing at the bottom of each newsletter communication. You can also update your profile at any time through the link at the bottom of the newsletter. You have the right to request that we delete all your information
  • Legal obligation: In some cases, we may have to process personal data in order to comply with the law. 
  • Legitimate Interests of the Organisation: We process the personal data that you give us for legitimate business purposes. Our legitimate interests do not override your interests and your fundamental rights and freedoms. You have the right to object to our use of your personal data for our legitimate interests. These purposes include:
  • Providing you with our newsletter and website, including personalisation.
  • Communicating with you.
  • Understanding audience engagement with our newsletter and website.
  • Security and fraud prevention, and to ensure that our services are safe and secure.
  • Responding to queries or complaints from our audience.
  • Everyday internal business needs such as auditing and accounting.

Data Retention

We will retain your personal data as long as it is needed to fulfil the purposes for which it was collected (see Legal basis) or until you withdraw your consent for us to process that data. 

You may unsubscribe from our newsletter or other mailing lists at any time through the unsubscribe link provided at the bottom of our emails. When you unsubscribe from our newsletter or mailing list, we no longer need your data and we will delete it.

Your Rights

You have a number of rights with regard to the personal data that we hold about you, and you can contact us if you have questions about the following rights:

  • The right to be informed: You have the right to be informed about any processing that we undergo in relation to your personal data.
  • The right to access: You have the right to receive a copy of the personal data we hold about you and where applicable receive a machine-readable copy of your personal data.
  • The right to rectification: You have the right to rectify any inaccuracies in relation to the personal data we hold about you.
  • The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to erasure: You have the right to request that we erase your personal data, under certain conditions.
  • The right to object: You have the right to object to the processing of your personal data, under certain conditions.
  • The right to withdraw consent at any time: Where you have provided us with consent to use your personal data, you can withdraw this at any time.
  • The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

Newsletter

This service is provided through Email Octopus (as detailed above). We use a double opt-in, whereby you will receive an email containing a link by which you can confirm that you own your email address and wish to subscribe to our newsletter.

Changes to our privacy policy

GCE keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 26/08/2021.

Complaints

If you would like to lodge a complaint about how we process your data, please do so with your national Data Protection Authority.

How to contact us

If you have any questions about GCE’s privacy policy, the data we hold about you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us, with the subject ‘GDPR Query’.

Email us at: agata.meysner@gceurope.org

Call us: +44 07385 909514

Or write to us at: Rue des Deux Eglises 14-16 1000 Brussels Belgium