Privacy Policy

We appreciate the trust you place in us when sharing your personal data. The security of that data is very important to us. Here we will explain how we collect, use, and protect your personal data. We will also explain what rights you have with regards to your personal data and how you can exercise those rights.

Last update to this privacy policy: 2023-03-30.

Register descriptions

Descriptions for external sites, events, and surveys

1. Who we are

MyData Global is an international nonprofit, whose mission is to empower individuals by improving their right to self-determination regarding their personal data.

Our office address is:
MyData Global ry
Maria 01
Lapinlahdenkatu 16
00180 Helsinki
Finland

Our website address is: https://www.mydata.org.

2. Websites within scope

The following websites are within scope for this privacy notice:

MyData Global organisation: www.mydata.org
Any subdomains of mydata.org, such as 2022.mydata.org, online2020.mydata.org
Older conference sites: mydata2019.org, mydata2018.org, mydata2017.org, mydata2016.org

We consider these websites to be EU-based websites; see section 4 below for more information on non-EU data storage.

3. Collection of personal data

We collect personal data from you for one or more of the following purposes:

To provide you with information that you have requested (such as conference updates through our newsletter);
To initiate and complete commercial transactions with you, or the entity that you represent, for the purchase of products and/or services (such as conference passes);
To fulfil a contract that we have entered into with you or with the entity that you represent (such as partnership agreements);
To manage any communication between you and us (such as replying to contact form submissions).

4. Storage of personal data

MyData Global ry is an EU-domiciled organisation whose primary offices are in Finland. Personal data may be nevertheless transferred outside the European Union or the European Economic Area.

Our websites are hosted in the EU. In addition to our EU-based staff, they may be accessed by staff and/or volunteers based outside of the EU if deemed necessary.
This website and the member registry are hosted in the Netherlands by Greenhost BV.
Other services we use to process personal information of members: Google Workspace (privacy policy), Slack (privacy policy), Airtable (privacy policy), Typeform (privacy policy).
We use an ethical analytics tool, Matomo Analytics Ethical Stats (more information), to understand how visitors are accessing our website so that we can improve the user experience. This is installed within our website and does not use external hosting. All analytics data is stored within our own website and no data is shared with any third parties under any circumstances. You can opt out using the form at the bottom of this page.
Our local hubs may use their own tools to process member data that members have agreed to share with the hubs.
Our payment processors and banking arrangements are provided by Nordea, Procountor, Holvi, Stripe and Transferwise.
Individual register descriptions define how we collect, store and/or process personal information.
Data is stored for the minimum time necessary and at most, for 1 (one) year from last interaction with the collected data.

5. Lawful basis for the processing of personal data

Our organisation’s infrastructure means that all personal data is processed on common platforms. We have processes in place to make sure that only those people related to the organisation (staff, board, steering group), who need to access your data can do so. By default, only the organisations’ staff have access to all collected personal data and others, such as board and steering group members, as well as our volunteers, are granted access on an as-needed basis.

Some data may be shared with third parties and, where this happens, this is always indicated in the relevant registry description.

Before we ask for your data, we always apply the following tests to determine whether it is appropriate:

Purpose test – why are we collecting this data?
Necessity test – is it essential that we collect this data?

We collect the following types of personal information on the legal grounds of legitimate interests, contractual performance, and/or consent where applicable:

Types of personal information collected

Name
Email
City, country, and/or continent of residence
Gender
Phone number
Twitter ID
Linkedin ID
Facebook ID
Address
Job title
Date of birth
T-shirt size
Dietary information
Photo
Billing details

6. Your rights as a data subject

As a data subject whose personal information we hold, you have certain rights. If you wish to exercise any of these rights, please email datarequest(at)mydata.org or use the information supplied in the Contact us section on our website. In order to process your request, we will need to verify your identity.

Your rights are as follows:

The right to be informed

As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this privacy notice and any related communications we may send you.

The right of access

You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requester, we will provide access to the personal data we hold about you as well as the following information:

Why we have your data
What types of data we have
Who can access your data
For how long we foresee storing this data

If there are exceptional circumstances that mean we can refuse to provide the information, we will explain them. Otherwise, we will comply with all data requests. If answering requests is likely to require additional time, we will inform you.

The right to rectification

When you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.

The right to erasure (the ‘right to be forgotten’)

Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. We will take all reasonable steps to ensure erasure.

The right to restrict processing

You may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:

The accuracy of the personal data is contested
Processing of the personal data is unlawful
We no longer need the personal data for processing but the personal data is required for part of a legal process
The right to object has been exercised and processing is restricted pending a decision on the status of the processing

The right to data portability

You may request your set of personal data for yourself or to be transferred to another controller or processor, provided in a commonly used and machine-readable format.

The right to object

You have the right to object to our processing of your data where

Processing is based on legitimate interest;
Processing is for the purpose of direct marketing; or
Processing is for the purposes of scientific or historical research.

7. Security measures

We have what we believe are appropriate security controls in place to protect personal data. Risk assessment, including assessing risks to the rights and freedoms of data subjects, is at the heart of our project. We do not, however, have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We accept no liability in respect of breaches that occur beyond our sphere of control.

8. Complaints

Should you wish to discuss a complaint, please feel free to contact us using the details provided above. All complaints will be treated in a confidential manner.

Should you feel unsatisfied with our handling of your data, or about any complaint that you have made to us about our handling of your data, you are entitled to escalate your complaint to a supervisory authority within the European Union.

9. Contact us

Any comments, questions or suggestions about this privacy notice or our handling of your personal data should be emailed to hello(at)mydata.org

Alternatively, you can contact us at our office using the following postal address:

Data Protection Officer
MyData Global ry
Maria 01
Lapinlahdenkatu 16
00180 Helsinki
Finland

10. Analytics Opt-out

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

Register description for this site

Registry description for www.mydata.org

This description is subject to the general privacy policy outlined above.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

Media

Members, volunteers and staff: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

Summary: Only strictly necessary cookies are used on this site.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

Members, volunteers and staff: If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

Members, volunteers and staff: When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Volunteers and staff: If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Summary: Embedded content may collect tracking information about you. We try to minimize embeds and 3rd party cookies as much as possible.

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Members, volunteers and staff: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

Members, volunteers and staff: For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.