Data Use Policy
Lea nuestra política de uso de datos en español.
Lisez notre politique d'utilisation des données en français.
Tactical Tech (or “we” and “our”) is the operator of our websites including tacticaltech.org, and is the controller of the personally identifiable data of the users ("You").
Our mission is to address how data and digital technologies impact human rights, social justice, power structures and accountability. Our approach is that everyone has a right to privacy and this is reflected in the way that we deal with data.
What personal data do we collect and process?
We may collect and process personal data from the following people: employees, volunteers, partners, contractors and consultants, applicants, individuals who signed up to our newsletter, donors, individuals who contact Tactical Tech directly, research subjects and project contributors.
The personal data we collect from these people my include: name, email address, home address, nationality, age (if under 18 years), phone number and financial information.
Why do we collect and process personal data?
We collect personal data for a number of reasons: to administer our websites; to respond to communications; to receive and process financial contributions; for recruitment purposes; for auditing purposes; to carry out partnerships; and for research and project development.
We do not use this data for any other purpose other than that for which it has been provided and we will only process and access personal data when we have a legal basis for doing so.
The legal basis for us accessing and collecting your data include: when you have provided consent for us to use your data; when you are entering into a contract with us e.g. employment contract or partnership contract; and when we are accessing that data for legitimate interests, for example to administer a website or for the purpose of research or project development in line with our mission.
How do we protect personal data
We will take steps to ensure that your personal data is treated safely and securely. We use encryption where possible in transit and storage of personal data. We also use open source software and take care that all software we use complies with our data use policy and standards.
We only store data for as long as is necessary for the above purposes.
When you visit this site, we collect information about your visit of the sort that web browsers and servers typically make available. This is information like: what kind of device you are using (phone or computer); which browser you are using; the language preference of your browser; the site that linked you here, if one did; and the date and time of each visit.
We do this to better understand how people use the site and so that we can fix problems with the site when they arise. From time to time, we also release reports that include very general information about who visits this site, like the total number of visitors or which countries or other websites comprise the most visits.
This information is accessed using open source analytics software that we host ourselves. This means that even the people who wrote the software do not see any of your information.
We do not collect your IP address, which is a type of data that can identify you personally.
When applying for a job or to take part in one of our events, we occasionally collect applicant information. These applications may include CV information, nationality, age, photograph, place of work, place of residence. This information is shared with the relevant staff e.g. the interviewers, HR and project staff, so that a decision can be made on who to invite for interview. Your CV/application will be deleted once it is no longer necessary.
We may collect personally identifiable information (according to Article 4 GDPR) through workshops, trainings or other events we deliver. This data could may include your name, country of origin, age (when under 18), and contact information. This data is collected for the purpose of running the event, or for development and research of a project or specific output. We will never publicly share personally identifiable information unless consent has been provided, for example crediting a contributor. When sharing data publicly we aggregate it and make it anonymised to include no personally identifiable information.
Research and project development
Occasionally we work with people and partners to carry out research and investigations for the development of a project. For example, we may conduct a workshop or focus group with people from a specific country or age group so that they can contribute to our work in line with our mission. This data may include: name, age (if under 18), nationality, political views or opinions and religious or philosophical beliefs.
When publicly releasing project outputs or research we will take care to ensure that any data is aggregated and anonymised so that it no longer includes any personally identifiable information. Parental consent will be obtained from the data subject in cases where the data subject is under 18 years.
We use social media platforms to promote our work and the work of our partners. Our social media accounts are: Twitter, Facebook Mastadon and Instagram. We also use content sharing platforms: Medium and Vimeo.
Occasionally we use direct messaging services e.g. Twitter or Facebook direct message. However, we always try to switch to email communication as soon as possible.
Sharing personal data with third parties
We do not partner with third parties to collect any information, nor do we share information with third parties, for any of the above. For the purpose of funding reports, we may occasionally share non-personally identifying information such as the number of people who attended an event, or number of visitors to a website in any given year.
We always anonymise data that we use externally, even in the context of evaluation, research and reports. Occasionally, internal data is not anonymised, however it is securely kept and used for a specific purpose, and only used for the amount of time that it is needed.
Your rights as a data subject
Under data protection law, you have rights over your personal data as the data subject.
- The right to access – you are entitled to request access to your personal data.
- The right to rectification – you have the right to request that we correct any information we hold that you believe is inaccurate. You also have the right to request that we complete any information that you believe is incomplete.
- The right to erasure – you are entitled to request the erasure of your personal data
- The right to restrict processing – you have the right to restrict our processing your personal data under certain conditions.
- The right to object to processing – you have the right to object to our processing your personal data under certain conditions.
- The right to data portability – you have the right to request that we transfer the data that we have collected to another organisation or directly to you, under certain conditions.
How to contact us
If you have comments, questions or requests regarding the processing of your personal data, please contact email@example.com or write to:
Tactical Tech, Brunnenstraße 9, 10119 Berlin, Germany.
Tactical Tech has a number of other project websites. Some of them are archived and some of them are still actively updated. This Data Use Policy applies to all other Tactical Tech websites.
Policy last updated: 5th July 2021