Privacy Policy

This policy is applicable to and all personal data processed via publicly available digital services provided by European Digital Rights (EDRi), AISBL registered at 12 Rue Belliard, 1040 Brussels, Belgium.



We use data to provide you with the page, make sure it remains secure and use anonymous data for reporting and evaluation purposes.

We honour encrypted browsing (https) by default. Our websites are managed by our trustworthy service provider, Spectre Operations, based in the Netherlands. Spectre Operations acts as a processor of data whereas EDRi is the data controller. We have signed a data processing agreement with Spectre Operations. Spectre Operations will only use the logs and any other information for troubleshooting the supplied services and for monitoring usage patterns for security purposes.

Our website does not use cookies or web beacons. We have no control over tracking technologies used by sites and services to which we link. The processing of web usage data is kept to a minimum.

For reporting and evaluation purposes, we collect some statistics on the visits and downloads on our website with Matomo, a web analytics platform that gives us 100% data ownership . All data collected is anonymised, and we do not share it with third parties. The server software retains access logs (which contain individual IP addresses and pages visited) for the purposes of troubleshooting and generating aggregate statistics. We use this information to provide an indication of faults and to identify peak usage times so that we can decide when to make major site modifications.

Mailing lists

We run a variety of open and closed mailing lists hosted on our servers at Spectre Operations. If you subscribe to one of our public mailing lists, the membership of these mailing lists is kept confidential, and only available to selected EDRi staff members for the purpose of list management.
Traffic data of emails we send and receive through the services of Spectre Operations is subject to the Netherlands data retention legislation. We only log details of the email addresses and mail servers involved in delivery.

Newsletters and press releases

If you subscribe to EDRi’s campaigns newsletters (or any other EDRi’s newsletter) the information you provide, such as your e-mail address, names and background will be stored and processed on our self-hosted CRM. It will only be used by EDRi’s team to send you the mailings you subscribed to. The information will never be shared with third parties of any kind. Aggregate information about subscribers such as the number of subscribers can be used for other publications.

EDRi commonly uses (‘double’) confirmed opt-in for subscribers to any mailinglist unless you email us, call us or orally tell us to add you to a given mailinglist. In any of those cases the legal ground for the collection and processing is Article 6.1 (a) GDPR. By using professional, self-hosted mailinglist software like Mailman and CiviCRM, EDRi aims at minimising the abuse risk of email addresses by third parties. Subscribers can subscribe or unsubscribe themselves, without any intervention from EDRi. Maintenance, system operation and security of the mailinglists are delegated to Spectre Operations and subscribers may also be added via an opt-in system attached to a campaign website

Social Media

European Digital Rights uses social media and social networking services to advance our work.
These applications require the use of third party service providers. Notably, we have a YouTube,
Facebook, and a Twitter and Linkedin account. Please note that these services engage in extensive
data collection and processing practices that are governed by their own terms of service.

Your rights

If you have any questions regarding our privacy policy or require any clarifications, please contact
brussels(at) You have the right to access, to rectify, to erasure, to object, to restrict
processing, to data portability, to withdraw your consent and to launch a complaint with your local
data protection authority. We are governed by the Belgian data protection authority

Changes to this policy

In the event that this policy is changed at any time, the date and nature of the change will be clearly
indicated in this document. In the event that the change has a material impact on the handling of
your personal information, we will contact you to seek your consent.

[Last updated on 28th of October 2021]