☂️Privacy policy

Effective Date: version June 2025 Owner: All For Climate ASBL Implementer: All For Climate Back Office supports person or team Data protection officer: Antonios Triantafyllakis Reviewed: Annually or as needed

🎯 Purpose

🔍 Scope

This policy applies to:

• All members and users of All For Climate platforms

• Visitors to our website and message boards

• Users of collectives hosted by All For Climate via Open Collective

🧾 What data we collect

🔐 How we protect your data

We take appropriate technical and organizational measures to protect your data, including:

• Secure servers and encrypted connections

• Access controls and role-based permissions

• Minimization of data collected

Access to your personal data is restricted to prevent unauthorized access, modification, or misuse, and is only permitted to employees who need it to perform their job. These employees are obligated to handle the data discreetly and comply with all technical regulations to ensure the secure processing of the data.

🤝 Third parties

We use several applications or programs to process your data. Some of these applications are hosted by external service providers specializing in this area. Some of these providers developed the application and manage it for us. They act as processors on behalf of All For Climate. We have entered into necessary data processing agreements with these providers. This means they also handle your personal data carefully and correctly, and we monitor this. The providers we work with are:

• Open Collective (platform & fiscal hosting infrastructure), privacy policy

• Ghost (for newsletters)

• Discord (for internal coordination)

• Zoom (for internal and partner communication)

• Google Workspace (for team communication and storage)

We only share your data when necessary to deliver our services, and never sell or monetize it.

Any transfer of personal data to a third country or international organization will only occur if an adequacy decision by the European Commission exists regarding that third country or if one of the following safeguards is in place:

• A data transfer agreement that includes model contract clauses, as referred to in the "European Commission Decision of 5 February 2010 (Decision 2010/87/EC)"; and/or,

• Binding corporate rules; and/or,

• The recipient is certified under a certification mechanism in accordance with Article 42 of the GDPR.

🌍 International data transfers

Some of our tools (like Google) may store data outside the EU. We ensure they offer adequate safeguards (e.g., Standard Contractual Clauses) in line with GDPR requirements.

🙋 Your rights under GDPR

In summary, you have the right to:

• Access your personal data

• Correct or update your data

• Request deletion ("right to be forgotten")

• Object to certain processing

• Withdraw consent at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

What Are Your Rights?

As a data subject, you have certain rights, and All For Climate aims to ensure that you can easily exercise them. However, keep in mind that not all of these rights can be invoked automatically. For a detailed overview of your rights, please refer to the appendix at the bottom of this privacy statement.

Under the European General Data Protection Regulation (GDPR) of 25 May 2018, exceptions are provided. If we cannot comply with requests for access, correction, erasure, restriction of processing, data portability, or objection to processing, we will always provide justification.

For certain processing activities, as a data subject, you always have the right to withdraw your consent free of charge. This applies to newsletters, where you can unsubscribe via a link in the newsletter. For event invitations, you will also always have the option to unsubscribe from future invitations via a link in the message.

How to Exercise Your Rights?

If you wish to exercise your rights under the Privacy Legislation, you can reach us through the following channels:

• By email: send your request to [email protected].

Note: In case of reasonable doubt about your identity, we may require proof of your identity to process your request. In that case, we may ask for a copy or scan of the front of your identity card or other proof of your identity. We will only use the proof to verify that you are indeed the data subject whose personal data is being processed, or the parent/guardian in the case of minors under 16 years of age. Once we are both satisfied with the response to your request, we will destroy the proof.

Where Can You Turn if You Are Not Satisfied with How We Handle Your Data?

We do our utmost to handle your personal data correctly. However, if you are not satisfied with how we work, please contact our Data Protection Officer.

Data Protection Officer of All For Climate

Antonios Triantafyllakis

Email: [email protected]

You can also file a complaint with the competent supervisory authority. This could be the supervisory authority of (i) your usual residence, (ii) your workplace, or (iii) the location of the alleged violation of the Privacy Legislation. The contact details for the Belgian Data Protection Authority are:

Data Protection Authority

Rue de la Presse 35, 1000 Brussels

Tel.: +32 (0)2/ 274 48 00

Email: [email protected]

Cookies

We use cookies on the All For Climate websites to improve our services, ensure optimal website functionality, efficiently run campaigns, and for purposes outlined in our privacy statement.

Cookies are small text files placed on your PC, tablet, or mobile phone by a web page. On your first visit to the All For Climate websites, your consent will be requested for the placement of cookies. You always have the right to withdraw previously granted consent for the use of non-essential cookies by clicking on "manage cookies" at the bottom of the site.

Below you will find a list of commonly used browsers and a link to how you can manage your cookies in that browser:

• Chrome

• Safari

• Firefox

• Internet Explorer

Below is an overview of the cookies placed and their functions:

Google Analytics

• Cookie: _gat | Purpose: Used to measure request speed

• Cookie: _gid | Purpose: Used to distinguish users

• Cookie: _ga | Purpose: Analytical cookie that measures website visits and is used to differentiate between users (anonymously)

With Google Analytics cookies, website usage is analyzed to optimize it. A permanent cookie is placed on your computer or mobile device for this purpose. This gives All For Climate insight into how and how often the website is used, allowing for necessary adjustments to be made based on that data.

All For Climate processes statistics about visits to its website. This is done through a web analysis system. The following data, among others, are stored in the web analysis system via cookies:

• IP address

• Technical details such as the browser you use (like Chrome, Safari, Internet Explorer, etc.) and your computer screen resolution

• The page you came from before visiting the website

• When and how long you visit or use the website

• Whether you use functionalities of the website

• Which pages you visit on the website

Facebook Cookies

• Cookie: Facebook; Act, c_user, csm, fr, lu, s, presence, p, xs | Purpose: Cookies that provide insight into the effectiveness of media deployed by Facebook. With these cookies, after visiting All For Climate’s website, you may see ads tailored to your preferences on other websites (interest-based targeting).

Advertising

• Cookie: Google Doubleclick | Purpose: These cookies allow you to see ads tailored to your preferences on other websites after visiting the All For Climate website (interest-based targeting).

Annex: Rights of Each Individual under the GDPR Legislation

Under the new GDPR regulations regarding the processing of personal data, every individual has acquired new rights since May 25, 2018.

Below is an overview of these rights.

Right to Access Your Personal Data

The individual has the right to access and review the personal data processed by the organization. If requested, the organization will provide a copy of this personal data.

Right to Correct Your Personal Data

The individual always has the right to have inaccurate, incomplete, inappropriate, or outdated personal data corrected or removed.

Right to Erasure of Your Personal Data

The individual has the right to request the erasure of their personal data if:

• The processing is no longer necessary for the purposes for which it was processed.

• The data was processed unlawfully.

• The individual validly objects to the processing.

Right to Restrict Certain Processing

The individual has the right to restrict the processing of their personal data if:

• They contest the accuracy of the data for a period allowing the organization to verify its accuracy.

• The processing is unlawful, and the individual opposes the erasure of the personal data and instead requests the restriction of its use.

• The organization no longer needs the personal data for processing purposes, but the individual needs it for establishing, exercising, or defending a legal claim.

• They have objected to the processing, pending the decision on whether the objection is justified.

Right to Data Portability

The individual has the right to obtain the personal data processed by the organization in a structured, commonly used, and digital format, allowing them to store this data for personal (re)use or to directly transfer it to another data controller. This right applies as long as it is technically feasible for the data controller.

Right to Object to Certain Processing Activities

The individual has the right to object to the processing of their personal data for reasons related to their specific situation. The data controller must immediately cease processing the personal data unless there are compelling legitimate grounds for the processing that override the individual’s interests, rights, and freedoms, or if the processing is related to the establishment, exercise, or defense of legal claims.

Right to File a Complaint with the Supervisory Authority

If the individual believes that the processing of their personal data is not in compliance with the law, they may file a complaint with the supervisory authority. This is the authority responsible for (i) the individual's usual place of residence, (ii) the workplace, or (iii) the location where the alleged breach of Privacy Laws occurred. For Belgium, this is the Data Protection Authority (Drukpersstraat 35, 1000 Brussels, tel.: +32 (0)2/ 274 48 00; email: [email protected]).

Exercising Privacy Rights

To exercise the aforementioned privacy rights, the individual must date and sign their written request (if there is reasonable doubt about the individual's identity, additional proof of identity will be requested). This request should be sent via email to the data processing officer of All For Climate ASBL at [insert relevant email], or to the data protection officer at [insert DPO email].

This request is free of charge unless the data controller considers the request to be manifestly unfounded or excessive (as may be the case with repeated requests). For any additional copies requested, the data controller may also charge a reasonable fee based on administrative costs.

The request for a copy of the data will be processed within one month. This period may be extended by two additional months, taking into account the complexity and number of requests. If the period is extended, the individual will be informed of the reasons for the extension.

The data controller will notify third parties to whom the data has been communicated of any rectification, erasure, or limitation performed, unless this is impossible or requires a disproportionate effort.