This privacy policy tells you what to expect us to do with your personal information when you contact us, sign up to be a Rebel or use one of our services.

We’ll tell you:

• What your data protection rights are
• How we collect your data
• What purposes we are using it for
• Where your data is stored
• How the data is protected
• Who has access to your data
• When your data is removed from our systems
• How changes to this policy are handled

Contact information

If you have any questions regarding how we handle your data or if you would like to make a request, please send an email to privacy@extinctionrebellion.nl mentioning the email address you used to sign up.

Summary (a.k.a. what you are probably looking for)

The personal information you provide us with is mainly used to help us integrate you into the movement. To facilitate this, the personal data you provide us is stored centrally in our self-hosted server we rent from Hetzner. Your data is then accessed by local integrators: the people responsible for contacting you and integrating you into the movement.

Your name and email address is also copied to our mailing system: Action Network, a company that is based in the United States. This system is used to send national newsletters to everyone interested in XR NL.

If you provided it, your phone number may also be used to contact you personally and integrate you into the movement, or for mass mobilisation campaigns.

Your Data Protection rights

Under data protection law, you have rights you should be aware of. Your rights depend on our reason for processing your data. Compliance to data protection laws such as the GDPR in NL is supervised by the “Autoriteit gegevensbescherming”. You can read more about it on their website (mostly in Dutch).

You are not required to pay any charge for exercising your rights. We have one month to respond to you.

Please contact us at privacy@extinctionrebellion.nl if you wish to make a request.

Your right of information

You have the right to know what personal information we process and why we do so. Specifically, you have the right to know with which third parties we share this information. This right always applies. This document should provide you with all of this information, but do not hesitate to ask us if you have any questions. You can read more about this here.

Your right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can read more about this here.

Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this here.

Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances. You can read more about this here. Also see the section “When is your data deleted’.

Your right to restriction of processing

You have the right to ask us to restrict the processing of your data in certain circumstances. You can read more about this here.

Your right to object to processing

You have the right to object to the use of your data for direct marketing or because of a specific personal situation. You can read more about this here.

Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us to another organisation, or give it to you. The right only applies if we are processing information based on your consent or under a contract. You can read more about this here.

Your right to complain

You have the right to complain about the way we process your personal information to the authorities. Please let us try to resolve the issue first and contact us.

If you remain dissatisfied, you can follow this link to see how to file a complaint.

How we collect information

• We collect your personal information through digital forms that you fill in on our website extinctionrebellion.nl
• The person integrating you into the movement, after communicating with you via email or phone,  might store some personal information that will facilitate your integration, such as your interests or experience. Once this information is no longer needed (because you are already integrated) this information is deleted. The person coordinating the group that you are active in might store what role or tasks you have in the group, so that it is easier for you and others in the group to coordinate and collaborate.
• If you are participating in an action with a risk of arrest, we collect your information in a physical or digital arrestee form. This data is only kept for a short time until after the action is completed and the personal information is no longer needed
• If you donate to extinctionrebellion.nl, we collect donation information through the donation platform that we use: iRaiser https://doneren.extinctionrebellion.nl
• We use Matomo (an ethical analytics platform) to gain insights into how the website is used.

All this information that we ask of you and you provide us is on the grounds of legitimate interest. This information helps us help you, and help the functioning of the organisation.

In addition, we protect your privacy the following ways:

• We request only a small amount of data
• Your data is used only for the stated purposes
• Your data is stored encrypted
• You have the right to object to the use of your data at any time.

What data is collected

• Via de form on the website: https://extinctionrebellion.nl/meld-je-aan/
  • What are you interested in?
  • First name
  • Pronouns (optional)
  • Email
  • Municipality
  • Phone number (optional)
  • Anything else you want to share (optional)
• On our donation platform
  • Amount donated
  • date donated
  • name
  • email address
• In Arrestee forms. Only if you are participating in an action with risk of arrest (As this is data is more sensitive than the rest, we have a special policy regarding it’s retention (see the “When is your data deleted” section)).
  • your personal details to contact you
  • contact information of your contact person, and what we should tell them
  • information to identify you in the cell
  • EU / non-EU citizen?
  • are you over 18?
  • do you need any medication?
  • do you have any dietary requirements?
  • Any special circumstances we should be aware of. This might include medical information, for which we ask explicit permission to process.
• Website analytics (matomo): The tracking is performed based on anonymised IP-address, the operating system and browser you are using, installed browser extensions, configured browser language and/or any of the information listed here. No cookies are used. This data is retrieved when you visit the website, but not stored. It is only used to calculate a number by which subsequent actions may be recognized. This number is deleted after 24 hours.

Where is the data stored

• All data you submitted through the website, our donation platform, or stored by your integrator, is stored in our self-hosted server rented from Hetzner and located in Finland.
• The email address and phone number you provided us is stored in Action Network’s servers in the United States. See Action Networks privacy notice.

How your data is protected

Your data is encrypted with industry standard technologies in rest (on disk) and in transit (when sent over the internet). We also keep all software we use up to date so any known vulnerabilities are patched before they become a threat.

For what purposes is the data used

We only process your data based on legitimate interest. We do not sell your data in any way, shape or form. We do not do any automatic decision-making or profiling based on your data. Here is how we use your various personal data:

• email address:
  • to send you our national newsletters
  • for your nearest local groups to send you relevant information about their group
  • for integrators to personally contact you and integrate you into the movement
• first name: only used to facilitate friendly and personal communication.
• pronouns: to address you with the correct gender and not misgender you.
• municipality: to link you to your nearest local group
• phone number: by integrators, to send you a direct message or call you to talk with you and integrate you into the movement
• any information collected in the arrestee form: to support you during and after your arrest, and to inform your contact person.
• donation information: to know how much we are receiving and if and how we need to adapt our financing and fundraising work.
• website analytics: to improve our website.

Who has access to the data

• administrators: have access to all your data because they must operate the server where your data is stored. people in this role go through a thorough a lengthy process before they ever get into this position.
• integrators from local groups: have access to your personal data after you submit it through the website, so that they can contact you and integrate you. each integrator of each local group only have access to the personal data of people in that local group, and no other local groups.
• people in the national newsletter group: have access to your first name and email address.
• people in the fundraising group: have access to the data you provided through our donation platform.
• some people doing the legal work and arrestee support work in an action: have access to all the data you provided in arrestee forms. people in these positions are also carefully selected.
• some people in the website group: have access to website analytics.

When is your data deleted

At the moment, we have no policy about removing data after a fixed period of time, except for the data from arrestee form. This information is deleted soon after the action is over and the information is not needed anymore to support your arrest or the work of the legal team.

You can unsubscribe from out emails by clicking the “Unsubscribe” link in our emails, but this does not remove your data from our systems. To do this, please send an email with your name and the email address you used to sign up to privacy@extinctionrebellion.nl.

Changes to this Privacy Policy

We keep our privacy policy under regular review to make sure it is up to date and accurate. We will notify you by email when there are changes.