Privacy notice
ActivityInfo.org is operated by BeDataDriven B.V., a limited liability corporation registered in the Netherlands. We are registered with the Dutch Chamber of Commerce with number 61548278 and located on Binckhorstlaan 36, in the Hague.
As the operator of the ActivityInfo.org Service, we have roles as both a Data Controller and as Data Processor as defined by the EU General Data Protection Regulation (GDPR) and similar legislation outside the EU, such as the California Consumer Privacy Act of 2018 (“CCPA”), the Kenya Data Protection Act of 2019, and many others.
Our role as a Data Processor
Our most important role is as a Data Processor. When a Customer, or a User they have invited, uploads data to the Service, we call this “Customer Data.”
As part of our contract with our Customers, we commit to only processing Customer Data, whether or not this includes Personal Data, according to our Customer’s instructions. Customers retain all rights and ownership of this data, and can export a complete archive at any time. If a Customer chooses to terminate their contract with us, we commit to irrecoverably deleting their Customer Data from our servers.
We never use Customer Data for any other purpose, in any shape or form.
At our Customer’s option, we can also sign a Data Processing Agreement (DPA) to help our Customers meet their obligations as a Data Controller under the GDPR and similar legislation. It is our Customer’s responsibility to ensure that they have a legal basis for collecting and storing personal information, and for responding to data subject requests.
If your Personal Data has been submitted to us by or on behalf of an ActivityInfo Customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the Customer directly.
In order to deliver the Service, we have contracted with two sub-processors:
We do not disclose Customer Data to any other third party.
Our role as a Data Controller
As a business operating ActivityInfo.org, we also collect and process a limited amount of personal data of our website Visitors, Users, and Customers necessary to operate the Service.
The information we collect and process
When you visit our website
When you visit our website without logging in or signing up for a Webinar, we do not collect any Personal Data about you. We use the privacy-friendly Plausible service to analyze our website traffic, which does not store any cookies on your browser.
When you register for a webinar
We record and store the following information about you when you register for a webinar.
- Your name
- The organization you work for
- Your job title
- Your email address
- The country you are working in
- Your preferred language
We process this information on the basis of our legitimate interest to monitor the effectiveness of our webinars in reaching our target audience, assess interest over time, and improve the quality of the webinars. Our subprocessors for this data and purposes are Pipedrive, Zoom, and Google Cloud EMEA Ltd.
When you open an ActivityInfo User account
When you accept an invitation from one of our Customers to open an ActivityInfo User account, we collect the following information from you:
- Your name
- Your email address
Additionally, while you are logged in, we automatically collect additional information about your use of the service, including:
- Your IP address and its associated location
- Browser type, date and time of access, operating system, mobile device manufacturer and mobile network information. We include these in our log files to understand more about visitors to our websites.
- Your actions on the platform, such as your interactions with databases, forms, records, and reports.
- The ActivityInfo databases to which you have been granted access and your permissions
- The documentation articles you view
We process this information on the basis of our legitimate interest to monitor the usage of our product, to detect and respond to abuse, and to improve the product by understanding how you are using different features. Our subprocessors for this data and purposes are Pipedrive and Google Cloud EMEA Ltd.
When you create an ActivityInfo database
We strictly protect Customer Data and our staff is not permitted to access Customer Data without permission from the Customer, or in rare cases, to address a problem that can only be resolved through direct access to the underlying Cloud Datastore service.
Our staff does have access to the following metadata to support the purposes listed below:
- The names of databases
- The names of database roles
- The names and email addresses of users you invite to your databases
- The number of records in your database
For this reason, Customers should ensure that database names do not contain sensitive information.
The processing of data for this purpose is necessary for the performance of our contracts with our Customers, and to satisfy our legitimate interests as the operator of the Service.
When you contact us by email or by our website support form
When contacting us using our website form or by email, we will retain the following information:
- Your name
- Your email address
- Your job title (if provided)
- Your organization (if provided)
- Your message and any other details you provide
We retain and process this information on the basis of our legitimate interest to provide a high quality of customer service and to analyze trends in questions from our users and customers. Our subprocessors for this data are Pipedrive, Atlassian (Jira), Google Workspace, and Google Cloud Platform.
When you opt into communications
When registering for webinars or activating your ActivityInfo account, we give you the opportunity to opt-in to automated communications from us about “Education resources on M&E”, “ActivityInfo news and training” and other topics.
When you opt into this communication, we will send you automated emails. You can withdraw your consent at any time by using the “Unsubscribe” link found in the footer of the email, or by visiting activityinfo.org/contact/preferences.
How long we keep your data
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required by law (such as tax, accounting, or other legal requirements).
When we have no ongoing legitimate interest in processing your personal information, we will either delete or anonymize such information.
How we keep your data safe
At ActivityInfo, we take data security very seriously. We have taken steps to implement appropriate administrative, technical & physical safeguards to prevent unauthorized access, use, modification, disclosure or destruction of the information you entrust to us. These measures have been audited and certified to industry standards, including ISO-27001.
Read our overview of Data Security for more information.
Your rights
When we collect data about you as described above, you always have the right to access this data and rectify it if the data is incorrect. You also have the right to object to our processing of your data if you believe we have not struck the correct balance between our legitimate interests and your right to privacy.
To exercise these rights, contact us at privacy@bedatadriven.com.
Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system by confirming that you control the email address associated with the data. We will only use personal information provided in your request to verify your identity or authority to make the request.
Submitting a complaint
You always have the right to submit a complaint to the Dutch Data Protection Authority at any time using their complaint form.
Appendix: Third Party Service Providers / Subprocessors
In order to support our operations we rely on several Service Providers. They help us with various services such as payment processing, web audience analysis, cloud hosting, marketing and communication, etc.
Our full list of sub-processors is available at https://www.activityinfo.org/about/third-party.html.
Appendix: Cookies
When you log into the platform, we store cookies in your browser to record details about your session in the browser. We do this so you do not have to log in again whenever you navigate to another page in the platform or open a page in a new tab within the same browser session. These cookies are therefore essential for the functioning of the platform.
ActivityInfo.org sets the following cookies:
| Name | Expires | Purpose |
|---|---|---|
locale |
60 days | Remember the user's selected locale for login page and application |
oidccrsf |
End of browser session | Random token to protect against Cross Site Request Forgery (CSRF) when using Single Sign On (SSO) |
GCLB |
End of browser session | Random token issued by the load balancer to ensure that a user's requests are routed consistently to the same backend server. This improves performance. |
userId |
End of browser session | Logged in user's user id |
auth |
End of browser session | Logged in user's secret session token |