Last updated 6 March 2020
We appreciate the trust you place in us when sharing your personal data. The security of that data is very important to us. Here we will explain how we collect, use, and protect your personal data. We will also explain what rights you have with regards to your personal data and how you can exercise those rights.
You can see the list of our register descriptions here
- Register description for MyData Global marketing and communications registry
- Register description for MyData Global community surveys
- Register description for Call for Proposals for various MyData events
- Register description for MyData Events programme team signup
- Register description for Invoice request form
- Register description for Membership Applications
- Register description for Membership fee payments form
- Register description for MyData Community Meetings registrations
- Register description for General Meeting sign up form
- Register description for the MyData Local Hubs and Thematic Groups
- Register description for Founding Meeting sign up form
MyData Global is an international nonprofit, whose mission is to empower individuals by improving their right to self-determination regarding their personal data.
Our office address is:
MyData Global ry
The following websites are within scope for this privacy notice:
We consider these websites to be EU-based websites; see section 4 below for more information on non-EU data storage.
We collect personal data from you for one or more of the following purposes:
MyData Global ry is an EU-domiciled organisation whose primary offices are in Finland. Personal data may be nevertheless transferred outside the European Union or the European Economic Area.
Our organisation’s infrastructure means that all personal data is processed on common platforms. We have processes in place to make sure that only those people related to the organisation (staff, board, steering group), who need to access your data can do so. By default, only the organisations’ staff have access to all collected personal data and others, such as board and steering group members, as well as our volunteers, are granted access on an as-needed basis.
Some data may be shared with third parties and, where this happens, this is always indicated in the relevant registry description.
Before we ask for your data, we always apply the following tests to determine whether it is appropriate:
We collect the following types of personal information on the legal grounds of legitimate interests, contractual performance, and/or consent where applicable:
As a data subject whose personal information we hold, you have certain rights. If you wish to exercise any of these rights, please email datarequest(at)mydata.org or use the information supplied in the Contact us section on our website. In order to process your request, we will need to verify your identity.
Your rights are as follows (click on the + sign to read more):
As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this privacy notice and any related communications we may send you.
You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requester, we will provide access to the personal data we hold about you as well as the following information:
If there are exceptional circumstances that mean we can refuse to provide the information, we will explain them. Otherwise, we will comply with all data requests. If answering requests is likely to require additional time, we will inform you.
When you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.
Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. We will take all reasonable steps to ensure erasure.
You may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:
You may request your set of personal data for yourself or to be transferred to another controller or processor, provided in a commonly used and machine-readable format.
You have the right to object to our processing of your data where
We have what we believe are appropriate security controls in place to protect personal data. Risk assessment, including assessing risks to the rights and freedoms of data subjects, is at the heart of our project. We do not, however, have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We accept no liability in respect of breaches that occur beyond our sphere of control.
Should you wish to discuss a complaint, please feel free to contact us using the details provided above. All complaints will be treated in a confidential manner.
Should you feel unsatisfied with our handling of your data, or about any complaint that you have made to us about our handling of your data, you are entitled to escalate your complaint to a supervisory authority within the European Union.
Any comments, questions or suggestions about this privacy notice or our handling of your personal data should be emailed to hello(at)mydata.org
Alternatively, you can contact us at our office using the following postal address:
Data Protection Officer
MyData Global ry
Here’s a short summary of them:
Mainly we’ve simplified the language, clarified some points and removed parts that were redundant. Of important note is the inclusion of an explicit mention of the fact that we use Google services for a) our email messaging (G Suite) and b) file hosting (Google Drive). We manage our membership registry and contact details of partners, collaborators, and community in the services Airtable and Pipedrive. Please follow the links provided to their privacy policies.
The basis of MyData Global’s online activity is to respect user’s privacy and we don’t gather any unnecessary personal data.
Please contact email@example.com with any questions you might have. Also if you notice any mistakes or unclarities, please reach out. We always seek out to improve our activity!