Bits of Freedom stands for privacy and internet freedom. Obviously Bits of Freedom has a transparent privacy policy when it comes to its activities, websites and mailing lists, and no terms and conditions.

Privacy statement

Through this privacy statement Bits of Freedom would like to inform you about the (personal) data we collect and for what purposes.

(Version: December 13, 2019 / previous versions)

User statistics website (cookies)

To keep track of user statistics on our website we use open source software called Matomo. With Matomo we install two analytical (first party) cookies:

• _pk_id: generates a unique number to distinguish one visitor from other visitors. Retention period: 14 days after your last visit to our site.
• _pk_ref: registers the site that redirects visitors to our website. Retention period: 30 minutes after your last visit to our site.

We have taken the following measures to protect your privacy:

1. We mask the last five hextets of the IPv6 addresses and the last two octets of the IPv4 addresses that we collect of visitors (for instance 2001:db8:7bb:: or 198.51.0.0).
2. We store the data we collect on our own servers, which are located in the Netherlands and which we manage ourselves.
3. Visitor logs (containing the data below) are never retained for more than 32 days.
4. We never load third-party cookies or other trackers on our website(s).
5. We respect Do Not Track headers; what’s more, we encourage you to use Do Not Track headers and cookie blockers!

With the help of Matomo and analytical cookies we collect the following data:

• The unique number linked to the cookie _pk_id (see above).
• IP-address (masked).
• Pages visited (title and URL) and dates and times of visits.
• The URLs of the pages that redirected you to our website (Referrer URL).
• The links used on our website referring to external websites (Outlink).
• Downloaded files.
• Estimated location: Country, area, city (we do not collect the exact geolocation).
• Other data: Screen resolution, local time of visitor, speed of website, language of browser.
• User agent of the browser: Browser used, operating system, type of device (computer, smartphone, and so on).

We process those data only where necessary to analyze the use and performance of our website(s). We don’t ask you for permission as the impact on your privacy is limited because of the measures we take.

Donations

We process the personal data that you provide as a donor to handle one-time or recurring donations to Bits of Freedom and to provide you with an @freedom.nl email address, if you want one. In case of recurring donations those data include your bank account number, name and email address, the donation amount, start data and frequency of your donations. If you buy our merchandise, we will also collect your address details. We do not retain those data for longer than necessary to process the donation, or to provide you with the @freedom.nl email address or ship the merchandise, and to comply with our administrative obligations.

Recurring donations

We process recurring donations by means of (SEPA) direct debit. Our bank Triodos Bank will debit your account for the donation amount. To this end we give Triodos Bank only the data necessary to periodically debit the amounts due.

One-time donations

One-time donations are handled via the payment module Mollie. For this, Mollie must process personal data. That processing is subject to Mollie’s privacy policy, and Mollie is the controller. We recommend that you read Mollie’s privacy policy before using their payment module.

Donations in crypto

Bitonic is responsible for handling donations in bitcoin. For this Bitonic must process personal data. That processing is subject to Bitonic’s privacy policy, and Bitonic is the controller. Bitonic and likely third parties as well can easily link your donation to Bits of Freedom. Because of how bitcoin works, it is likely that your donation is not really anonymous.

Manual transfer

You can also transfer your donation to our bank account directly. In that case, your bank and our bank (Triodos Bank) will process the personal data necessary to transfer your donation.

Shop

If you buy merchandise from our shop, we also install some cookies to keep track of your cart. They include:

• woocommerce_cart_hash and woocommerce_items_in_cart: these cookies keep track of what’s in your cart, and what you add or remove. Retention period: for the duration of your shopping session (meaning they get deleted whenever you restart your browser).
• wp_woocommerce_session: this cookie contains a code that help sus link your visit to a stored cart in the database. Retention period: 2 days after your last visit to our site.

You don’t need an account to order from our shop (which means that you will have to fill out your details every time you order something). After you order we will store the following data for a period of six weeks:

• Your first and last names and your company’s name, if applicable
• Your shipping address
• Your email address
• Any notes you may have added to your order
• The items you ordered, what you paid and whether you used a discount coupon

In case of unpaid or incomplete orders we retain your data for one week. If you cancel your order, the data will be deleted within a day.

Payments in the shop are handled by the Mollie payment module, our payment service provider. For this Mollie must process your personal data. Mollie is the data controller, and its privacy policy applies. We recommend that you read Mollie’s privacy policy before using their payment module.

Tracking-free, private email address

Donors who support us with EUR 10 per month or more can get a tracking-free email address, if they want. This service is provided by Soverin, and Soverin’s terms and conditions and privacy statement apply.

My Data Done Right

The following paragraphs are applicable only if you use the tool My Data Done Right:

Your contact details

The contact details you provide when you use My Data Done Right are temporarily stored in the browser on your own device for as long as it takes to generate your request(s). We do not store your contact details on our own servers. If you provide your email address because you choose to get a reminder by email of the request you filed, we will store the following data on our servers in the Netherlands:

• Your email address;
• The type of request (for example: access request);
• The organization to which the request was addressed; and
• The date when your request was generated.

We use this information to send you a reminder when the time has come. After we have sent our last reminder, the data are deleted.

Feedback form

If you fill out our feedback form, we do not ask you for personal data like your contact details or name. The only data we collect, are:

• Your answers to the questions (like: “did you get a response?” Yes/No);
• The type of request (for example: “access request”); and
• The organization to which the request was sent.

We aggregate those data and use them to establish whether organizations handle requests correctly and comply with their legal obligations.

Mailing lists

We include your email address in the list of subscribers to any of our mailing lists only with your prior consent. Every email we send to the people on our mailing lists contains a link that you can use to unsubscribe immediately. We ourselves manage, administer and secure the software used for our mailing lists.

Response to blog posts

Whenever visitors respond to blogs on our website, their IP addresses are stored, and where provided by visitors, email addresses and names. IP addresses are stored only to prevent spam. Only the users of Bits of Freedom’s WordPress (our permanent staff and some strictly selected volunteers) have access to those data. The data are stored for as long as the response in question is visible on the website.

Forms, website visits, emails and customer relation management

If you fill out a (contact) form on our website or send us an email (@bof.nl), we will process and store the personal data you provide for as long as necessary for responding or processing, depending on the nature of the form or the content of your email. We may furthermore keep emails we receive for as long as necessary to properly do our regular work.

If you take part in a poll on our website, your IP address will be logged only to determine that just one vote is cast for every IP address. The collection of IP addresses for a poll will be permanently deleted when the poll in question is closed.

If you visit our website(s) our servers must process your IP address to show you the pages you’d like to view. In that case we do not store your IP address in a log file.

If you provide your contact details voluntarily because you want us to reach you using those contact details, for example by giving us your business card or because you volunteer for Bits of Freedom, we may store those data if necessary for our regular activities, including customer relation management.

To manage the contact details of our relations we use open source software CiviCRM. Our own staff runs this software on our own servers. Email addresses and PGP keyrings of relations may be stored locally in the personnel address books of staff of Bits of Freedom. Upon request we will of course delete your contact details from our systems.

Other activities

For all other activities organized Bits of Freedom, like the Big Brother Awards ceremony, or other events to which interested parties are asked to contribute, we will ask you for as few personal data as possible. In campaigns where we work together with other organizations, for example in a European context, Bits of Freedom will insist on a transparent privacy policy.

Provision to third parties

We will never provide your personal data to third parties if provision to third parties does not follow explicitly from our privacy statement. The only two exceptions are:

• If we explicitly ask your prior consent for provision to third parties; or
• If we are required by law, and then only after we have made every effort to avoid provision under a legal obligation.

Your rights

Under the General Data Protection Regulation (GDPR) you have the right to access the personal data we collect from you, or to have those data rectified or even erased in certain cases. In some cases you also have the right to ask us to stop using your data or ask us for a copy of your data in a machine-readable format.

To exercise you rights you can send us a request by email or by regular mail, at the addresses stated below. We may ask you for more information to confirm your identity before complying with your request.

For more information about your rights under the GDPR, go to the website of the regulator, the Dutch Data Protection Authority. This is also the organization where you can file a complaint about how we use your personal data, if necessary.

Changes in privacy statement

We may make changes to this privacy statement. Major changes will be announced on our website. Previous versions of our privacy statement are filed online.

Our contact details

Unless explicitly stated otherwise, the foundation Bits of Freedom is the controller that processes personal data as set out in this privacy statement. Did you read this text to the end? Then we will send you a free webcam cover, if you like. Send us an email at info@bitsoffreedom.nl and state in the subject line “privacy statement, please send me a webcam cover”. We will then send you a code that you can use to order the cover in our shop free of charge.

Questions about our privacy statement, or would you like to exercise a right under the GDPR? Contact us by mail: Bits of Freedom, Prinseneiland 97hs, 1013LN Amsterdam. Or by email: info@bitsoffreedom.nl or by telephone: +31 20 261 8350.

No general terms and conditions

Yes, you read that right – no general terms and conditions. We could write a lengthy piece about the legal terms you agree to when visiting our website. Or that Dutch law applies to your visit to our website. And so on and so forth. But we don’t believe that you can agree to our terms and conditions just by visiting our website. That takes more, like clicking on an “I accept” button before going to our site. But we don’t want to ask you to click one of those buttons.

Still, some of the organizations we work with would like us to summarize all information on Bits of Freedom in one place. That is why you can find the main facts about Bits of Freedom here. If you have any questions, please feel free to contact us at info@bitsoffreedom.nl.

Stichting Bits of Freedom (Bof) is located at Prinseneiland 97hs, 1013 LN Amsterdam, the Netherlands. Bits of Freedom is listed in the trade register of the Chamber of Commerce under number 34121286. Our VAT number is: NL808804169B01.

You can donate to Bits of Freedom via transfers to our bank account: IBAN NL73TRIO0391107380. Or you can authorize Bits of Freedom to periodically debit your account for a donation. You can revoke that authorization at any time. Cancelling a recurring donation is easiest via our website donateurs.bitsoffreedom.nl. Or if you prefer, by email to info@bitsoffreedom.nl stating your name, address and account number. We’d appreciate it (but don’t feel you have to) if you could tell us why you want to cancel your donation. The Dutch Tax Authorities have designated Bits of Freedom as a public benefit organization (in Dutch: “ANBI”).

We are very much in favor of sharing knowledge and free speech and for that reason our site gives you the opportunity to respond. Read here the house rules for responding to our blogs.

Bits of Freedom makes every effort to only include correct information on our website. Should you find an error, please let us know at info@bitsoffreedom.nl.

The texts and designs on our website are published under a Naamsvermelding-NietCommercieel-GelijkDelen 4.0 Internationaal (CC BY-NC-SA 4.0) Creative Commons license. If you’d like to use our trademark or our house style, or want to use the texts of our website on terms other than those of the applicable Creative Commons license, please contact us at info@bitsoffreedom.nl.