We appreciate the trust you place in us when sharing your personal data. The security of that data is very important to us. Here we will explain how we collect, use, and protect your personal data. We will also explain what rights you have with regards to your personal data and how you can exercise those rights.
Descriptions for external sites, events, and surveys
- Register description for www.mydata.org
- Register description for MyData Global marketing and communications registry
- Register description for MyData Global community surveys
- Register description for Call for Proposals for various MyData events
- Register description for MyData Events programme team signup
- Register description for Invoice request form
- Register description for Membership Applications
- Register description for Membership fee payments form
- Register description for MyData Community Meetings registrations
- Register description for General Meeting sign up form
- Register description for the MyData Local Hubs and Thematic Groups
- Register description for Founding Meeting sign up form
1. Who we are
MyData Global is an international nonprofit, whose mission is to empower individuals by improving their right to self-determination regarding their personal data.
Our office address is:
MyData Global ry
Our website address is: https://www.mydata.org.
2. Websites within scope
The following websites are within scope for this privacy notice:
- MyData Global organisation: www.mydata.org
- Any subdomains of mydata.org, such as 2022.mydata.org, online2020.mydata.org
- Older conference sites: mydata2019.org, mydata2018.org, mydata2017.org, mydata2016.org
We consider these websites to be EU-based websites; see section 4 below for more information on non-EU data storage.
3. Collection of personal data
We collect personal data from you for one or more of the following purposes:
- To provide you with information that you have requested (such as conference updates through our newsletter);
- To initiate and complete commercial transactions with you, or the entity that you represent, for the purchase of products and/or services (such as conference passes);
- To fulfil a contract that we have entered into with you or with the entity that you represent (such as partnership agreements);
- To manage any communication between you and us (such as replying to contact form submissions).
4. Storage of personal data
MyData Global ry is an EU-domiciled organisation whose primary offices are in Finland. Personal data may be nevertheless transferred outside the European Union or the European Economic Area.
- Our websites are hosted in the EU. In addition to our EU-based staff, they may be accessed by staff and/or volunteers based outside of the EU if deemed necessary.
- This website and the member registry are hosted in Finland by Seravo Ltd.
- Other services used to process personal information of members: Google Workspace, Zapier, HubSpot, Slack, Airtable.
- Our local hubs may use their own tools to process member data that members have agreed to share with the hubs.
- Our payment processors and banking arrangements are provided by Holvi, Stripe and Transferwise.
- Individual register descriptions define how we collect, store and/or process personal information
- Data is stored for the minimum time necessary and at most, for 1 (one) year from last interaction with the collected data
5. Lawful basis for the processing of personal data
Our organisation’s infrastructure means that all personal data is processed on common platforms. We have processes in place to make sure that only those people related to the organisation (staff, board, steering group), who need to access your data can do so. By default, only the organisations’ staff have access to all collected personal data and others, such as board and steering group members, as well as our volunteers, are granted access on an as-needed basis.
Some data may be shared with third parties and, where this happens, this is always indicated in the relevant registry description.
Before we ask for your data, we always apply the following tests to determine whether it is appropriate:
- Purpose test – why are we collecting this data?
- Necessity test – is it essential that we collect this data?
We collect the following types of personal information on the legal grounds of legitimate interests, contractual performance, and/or consent where applicable:
Types of personal information collected
- City, country, and/or continent of residence
- Phone number
- Twitter ID
- Linkedin ID
- Facebook ID
- Job title
- Date of birth
- T-shirt size
- Dietary information
- Billing details
6. Your rights as a data subject
As a data subject whose personal information we hold, you have certain rights. If you wish to exercise any of these rights, please email datarequest(at)mydata.org or use the information supplied in the Contact us section on our website. In order to process your request, we will need to verify your identity.
Your rights are as follows:
The right to be informed
As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this privacy notice and any related communications we may send you.
The right of access
You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requester, we will provide access to the personal data we hold about you as well as the following information:
- Why we have your data
- What types of data we have
- Who can access your data
- For how long we foresee storing this data
If there are exceptional circumstances that mean we can refuse to provide the information, we will explain them. Otherwise, we will comply with all data requests. If answering requests is likely to require additional time, we will inform you.
The right to rectification
When you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.
The right to erasure (the ‘right to be forgotten’)
Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. We will take all reasonable steps to ensure erasure.
The right to restrict processing
You may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:
- The accuracy of the personal data is contested
- Processing of the personal data is unlawful
- We no longer need the personal data for processing but the personal data is required for part of a legal process
- The right to object has been exercised and processing is restricted pending a decision on the status of the processing
The right to data portability
You may request your set of personal data for yourself or to be transferred to another controller or processor, provided in a commonly used and machine-readable format.
The right to object
You have the right to object to our processing of your data where
- Processing is based on legitimate interest;
- Processing is for the purpose of direct marketing; or
- Processing is for the purposes of scientific or historical research.
7. Security measures
We have what we believe are appropriate security controls in place to protect personal data. Risk assessment, including assessing risks to the rights and freedoms of data subjects, is at the heart of our project. We do not, however, have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We accept no liability in respect of breaches that occur beyond our sphere of control.
Should you wish to discuss a complaint, please feel free to contact us using the details provided above. All complaints will be treated in a confidential manner.
Should you feel unsatisfied with our handling of your data, or about any complaint that you have made to us about our handling of your data, you are entitled to escalate your complaint to a supervisory authority within the European Union.
9. Contact us
Any comments, questions or suggestions about this privacy notice or our handling of your personal data should be emailed to hello(at)mydata.org
Alternatively, you can contact us at our office using the following postal address:
Data Protection Officer
MyData Global ry
Register description for this site
Registry description for www.mydata.org
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
Members, volunteers and staff: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Summary: Only strictly necessary cookies are used on this site.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
Members, volunteers and staff: If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
Members, volunteers and staff: When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
Volunteers and staff: If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Summary: Embedded content may collect tracking information about you. We try to minimize embeds and 3rd party cookies as much as possible.
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
Members, volunteers and staff: If you request a password reset, your IP address will be included in the reset email.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
Members, volunteers and staff: For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.