Privacy

1. Introduction

Digital Self-Defence Collective (DSDC) protects your personal data.

This privacy and cookie policy (“Policy”) describes how we will process any personal information that we may collect about you as a supporter or volunteer, or as a visitor to our website. We do not and will not sell, rent or lease personal data, nor send marketing on behalf of third parties. 

This policy does not address other personal data processing operations, for example DSDC’s internal processing operations including, for example, human resources, logistics and administration. Information related to these processing operations is provided to data subjects at the point of data collection, or subsequently, as required by law.   

2. Who are DSDC?

DSDC (“we”, “us”, “our”) is a collective of technical professionals based in Britain working around computer systems in radical political spaces. Our aim is to provide up-to-date, practical and accessible information about digital rights, security, and tools.

3. Data Controller

DSDC is the data controller for data processing in accordance with this policy.

If you have any questions about this Policy, our data processing practices, or your rights, you can contact us (details provided below).  

4. The personal data we collect, how we use it and the legal basis for this

Set out below is an explanation of the ways we collect and use, or “process” your data and the legal basis for this in accordance with applicable data protection laws.  

If you attend our trainings:

If you sign up to a DSDC event, we collect the information you provide including your name, email address, phone number and postal address. We collect information required for the campaign action itself. The legal basis for this processing is your consent. 

If you subscribe to our emails: 

We collect the information you provide – your name, email address and signal username – in order to send you updates about our work, when you sign-up online to receiving emails from us. We also record which events you have participated in, and whether you have made a donation so we can send you relevant information about these events. The legal basis for this processing is your consent, which you may withdraw at any time by unsubscribing to our emails.  

If you donate to us: 

If you make an online donation to us, you are asked to provide your name, email address, telephone number and payment information this information is used to process your donation. The legal basis for this processing is entry into a contract with you to facilitate the donation and we retain this data on the basis of compliance with legal obligations related to taxation and finance that require us to maintain records of these transactions. 

If you contact us by phone, email or in writing: 

If you exchange emails, telephone conversations or other electronic communications with our staff members, our systems will record details of those conversations, sometimes including their content. We may monitor email traffic data and also the content of email for the purposes of volunteer admin, political advocacy and financial administration 

Work-related contacts: 

In the course of our work, we collect information such as the names, contact details and work-related information about individuals and organisations we work with and who contact us. We keep this information in order to invite you to collaborate on and participate in relevant work-related activities. 

This includes the details of those whose professional interests align closely with our own and individuals who participate directly in our activities, as well as those who we have current contractual obligations with or who we may in the future enter into an agreement with. We also keep the details of other professional contacts if you have consented to hearing from us for this purpose. 

We collect this information through personal contact or occasionally recommendations from partners. The legal basis for this processing is our legitimate interests in operating, managing and developing our organisation and our work.  

If you visit our website: 

We do not track you on our website.

If you respond to a survey from us:

From time to time we offer the option to engage in surveys to do with our work and campaign issues. We conduct these surveys on the legal basis of your consent. We generally anonymise answers so that they cannot be linked back to individual respondents.

A full information notice is provided when you begin a survey and before your consent to engage in it is collected.

5. Your data and third parties

DSDC works with third party service providers who perform certain data processing tasks on our behalf. We strongly value data protection and we therefore very carefully select the third parties we work with and ensure that they share our values around data protection. All third parties that we work with are contractually obligated to act on our instructions and in accordance with current data protection legislation.

We will never sell, rent or trade your personal data. We will refuse to comply with law enforcement requests for access to personal data concerning users of our online services that we believe to be unwarranted, and unless legally prohibited or unable to do so, will notify the data subjects concerned. Third party service providers may also be compelled to disclose data for purposes other than which it was collected. 

We are transparent about those third parties and we keep a list below of all that we use. Supporters will be given 14 days’ notice by email before any changes to this list in our Supporter Newsletter. 

• Stripe, for processing donations. You can read Stripe’s privacy policy here.

6. Cookies and tracking

While we do not utilise cookies on our website.

7. Jurisdiction

DSDC is based in the United Kingdom and the data we collect is process and stored within the UK and EU in accordance with applicable data protection laws. The UK currently remains subject to EU data protection laws, however as the UK has now left the EU, it may become subject to additional requirements around transfers of data into and out of the UK. Should this eventuate, these requirements will be met by us and this Policy will be updated accordingly.  

8. Retention and deletion of your information

We keep your data as long as is necessary in connection with the purpose it is collected for. We do not keep data longer than required in connection with that purpose. We will delete the information we hold about you as soon as we no longer need it or, where actionable, at your request (see “Your rights” section below). For further specific information about our retention policies, please contact us on the details provided below. 

9. The security of your information

We take the security of your information very seriously. We employ physical, electronic and organisational security measures to protect the information that we collect about you from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. For instance, we use SSL certificates on all websites we operate, and 2 factor authentication on services that store your personal information.

Although we do our best to protect personal data, information transmitted over the internet remains vulnerable to unauthorized access – for this reason the transmission of any personal data to our websites or via email to us is therefor at the data subjects’ own risk. 

10. Your rights

Individual’s whose personal data is processed by DSDC have the following rights: 

• The right to be informed as to whether we hold data about the individual; 
• The right of access to that information; 
• The right to have inaccurate data corrected; 
• The right to have their data deleted; 
• The right to opt out of particular data processing operations; 
• The right to receive their data in a form that makes it “portable”; 
• The right to object to data processing; 
• The right to receive an explanation about any automated decision-making and/or profiling and to challenge those decisions where appropriate. 

You can update your preferences or unsubscribe from our mailing list at any time by clicking on the links in the newsletter, by emailing privacy [at] digitalselfdefence.net.  

You can also contact us to opt-out of or withdraw your consent to data processing we undertake, however in some cases we may need to retain data where it is kept in compliance with a legal obligation (e.g. records of donations must be kept).  

You also have the right to bring concerns to your national data protection regulator if you feel that your personal data has been unlawfully processed. For example, data subjects covered by EU law may also be entitled to lodge complaints in regard to data processing or the handling of subject access requests with data protection supervisory authority in their country of residence.

Relevant supervisory authority names and contact details are listed here. The Data Protection Authority in the United Kingdom is the Information Commissioner’s Office (ICO). If you need any further information about your rights or want to lodge a concern or complaint, you may contact the ICO here. 

11. Contact us

If you have a query regarding this Policy, or if you would like to exercise your rights as a data subject, please contact privacy [at] digitalselfdefence.net

12. Changes to this policy

We keep this Privacy Policy under regular review and will place any updates on this page. This Privacy Policy was last updated on: [date updated]