version dated January 23rd, 2022
Stichting CollAction (“CollAction”) is the controller of the data collected and processed, as is defined in EU Regulation 2016/679 (“GDPR”). Our contact details can be found further below.
This Policy applies to our website and mobile application. It does not apply to other companies or organizations that for example advertise our website, initiatives/projects or services, or to other (social) websites, networks and platforms that you can connect to through our website. We are not responsible or liable for any processing of your personal information via these (social) websites, networks and platforms. We also advise you to read their privacy and cookie policies carefully before using their websites.
Why does CollAction collect and process my Personal Information?
We collect and process your Personal Information in order to:
- create a CollAction account for you at your request;
- verify your identity (e.g., by way of sending a code to your phone number)
- sign you up for initiatives/projects or enable you to start your own initiative/project at your request;
- create community feeling by showing your initiative/project commitments and participation to other users of the platform;
- contact you and update you on the progress of initiatives/projects you have registered to or that may be of interest to you;
- advertise and promote initiatives/projects, activities and other services to you, for example by sending you newsletters if you opted in to receive our newsletters; and
- further develop and improve our website and services.
What Personal Information do we collect?
Our processing of your Personal Information is based on one or more of the following legal grounds:
- you have consented to the processing of your Personal Information (Article 6 (1) sub a GDPR);
- the processing of your Personal Information is necessary for the performance of a contract between you and us or for taking any pre-contractual steps upon your request (Article 6 (1) sub b GDPR). If this Personal Information is not processed, we will not be able to execute the contract with you, i.e., provide you certain services you requested;
- the processing is necessary for us to comply with a legal obligation (Article 6 (1) sub c GDPR); and/or
- the processing is necessary for the purposes of our legitimate interests (i.e., to improve our services, and to detect fraud) (Article 6 (1) sub f GDPR).
How long does CollAction store my Personal Information?
CollAction does not store your Personal Information longer than necessary for the purposes for which the Personal Information was processed, which is five years past the users last activity on the platform. Nevertheless, you have the right to change how we use/collect your Personal Information at any time (see how to opt-out further below), unless we are required to retain this Personal Information by law or to comply with our regulatory obligations.
Does CollAction share my Personal Information with third parties?
CollAction is a non-profit organization dedicated to making the world a better place with the help of individuals like you. In accordance with our mission, CollAction will not sell to or share with third parties your Personal Information. As a non-profit organization that uses open source, we do however have a team of volunteers located all over the world that help us in providing the best service possible. In doing so, your Personal Information may be exchanged, transferred, or otherwise made available to these volunteers. Appropriate agreements will be made with these volunteers to ensure the safeguarding of your Personal Information.
Given that our volunteers are located all over the world, your Personal Information may also be transmitted to and/or made accessible to countries outside the European Economic Area, in some cases to countries that do not provide an adequate level of data protection according to the European Commission. In that case, Personal Information will only be transferred under the following conditions:
- you have consented to the proposed transfer of your Personal Information (Article 6 (1) sub a GDPR);
- the transfer of your Personal Information is necessary for the performance of a contract between you and us or for taking any pre-contractual steps upon your request (Article 6 (1) sub b GDPR). If this Personal Information is not transferred, we will not be able to execute the contract with you, i.e., provide you certain services you requested;
- the transfer is necessary for us to comply with a legal obligation (Article 6 (1) sub c GDPR); and/or
- the transfer is necessary for the purposes of our legitimate interests (i.e., to improve our services, and to detect fraud) (Article 6 (1) sub f GDPR).
We may provide your Personal Information to a relevant third party when we reasonably believe that is necessary in order to comply with applicable law, enforce the website’s policies, protect CollAction’s legal rights, property, or safety, or those of third parties. Information that is not personally identifiable or has been rendered such, may also be shared publicly, for example for statistical purposes.
CollAction uses the cloud server services of Amazon (Amazon Web Services) and authentication login services of Google Firebase. Therefore, your Personal Information may be transferred to and stored in servers located in the United States. The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. Pursuant to Article 46 of the GDPR, CollAction is providing for appropriate safeguards by entering binding, standard data protection clauses, enforceable by data subjects in the EEA. To this end, CollAction uses the standard contractual clauses adopted by the European Union Commission Implementing Decision 2021/914/EU.
What are cookies?
Cookies are text files placed on your device to collect standard Internet log information and visitor behaviour information. CollAction uses the following types of cookies:
Strictly necessary/ functional cookies
These are cookies that are necessary for the (basic) operation of our website, for example to keep you logged in.
Social media buttons
We have placed ‘social media buttons’ on our website an mobile application which allow you to connect to various social media platforms such as Facebook and Twitter to, for example, share a link. This is made possible by codes that are delivered by the relevant social media platforms. These codes place cookies when a user clicks on one of the buttons. We are not responsible for these cookies. We encourage you to read the privacy policies of the relevant social media platforms for more information on how they treat your Personal Information.
If you wish to disable the use and placement of cookies, we advise you to amend your internet browser settings. You can manage your CollAction.org cookies on our Manage Cookies page. We do however note that disabling or deleting certain cookies may mean that you can no longer access or use certain features of our website or mobile application or will reduce the overall functioning of our website and/or mobile application. For more information on how to disable the use of Google Analytics specifically, please see here.
How to opt-out
You may revoke any consent given to us with regard to the collection, processing and use of your Personal Information at any time for the future and also generally request that CollAction stop using and collecting your Personal Information (“opt out”). In addition, you may do so by deleting your account.
To opt out, please submit a request to CollAction via email or by post with the subject “Opt-Out request CollAction”. CollAction’s contact details can be found below. Upon receipt, verification, and confirmation of your request, CollAction will process your request as soon as possible. Note that this does not automatically include opting-out from our newsletters.
To opt-out from our newsletters only, click on ‘unsubscribe from the mailing list’ at the bottom of the newsletter. This opt-out does not apply to communications that are pertinent to the services you have requested or participate in or where we are required to provide you with notifications (such as a notice of an update to our Policy).
What other rights do you have?
Subject to certain legal limitations, you can at all times submit a request to CollAction to do the following:
- gain access to your Personal Information (the right to access);
- rectify or erase your Personal Information (the right to rectification and the right to erasure);
- restrict processing of your Personal Information or object to such processing (the right to restrict processing and the right to object to processing); and
- transfer your Personal Information to another controller by receiving this in a structured and standard format (the right to data portability).
Participants also have the right to lodge a complaint against CollAction with the Dutch supervisory authority (Autoriteit Persoonsgegevens) regarding the processing of your Personal Information.
CollAction is committed to protecting your Personal Information and will take all reasonable precautions to do so. Though we can never guarantee full protection, we do regularly review our information collection, storage, and processing practices to see if additional safeguarding measures should be taken.
Changes to our Policy
We may need to amend or update our Policy from time to time. This will replace any previous Policy. Should we make any material changes to our Policy, we will notify you accordingly by posting them to the website and to other places that we deem appropriate. We also encourage you to read our Policy regularly in order to stay updated. This Policy was last updated on January 23rd, 2022.
Would you like to contact us? Please email us at firstname.lastname@example.org or send a letter to:
2015 BA Haarlem
We will respond to your request in a reasonable timeframe, and in any event within 30 days after receipt.
How to contact the appropriate authority
Should you wish to report a complaint or if you feel that CollAction has not addressed your concern in a satisfactory manner, you may contact the Dutch Data Protection Authority (Dutch DPA).
Telephone number: +3170 - 888 85 00
(only by appointment)
2594 AV Den Haag