Privacy policy

[Update 15 February 2019]

This policy is applicable to all personal data processed by European Digital Rights (EDRi), registered at 12 Rue Belliard, 1040 Brussels, Belgium. We strictly limit the processing of your personal information, and work only with other organisations who do the same. EDRi only collects your personal information on the basis of your explicit consent, according to Article 6.1 (a) GDPR to provide you with the information you requested (see below) or to comply with any other legal basis (i.e. in case you have a contractual obligation with us).

Any attempt by government agencies or private sector organisations to gain access to any information that you give us will be vigorously challenged.



Emails received through brussels(at) and other general addresses (e.g., are reviewed by two staff members and only forwarded when necessary to other staff members. We use the email service Zarafa hosted on EDRi’s servers in the Netherlands. As a result, our emails are susceptible to lawful access under that jurisdiction. Our current service provider is Vigilo (see below).

We do not have a back-up policy for our communications. Each employee is responsible for managing and enforcing data minimisation with regard to the communications that s/he receives or sends, but we endeavour to keep this information stored securely through the use of encrypted emails.

We do not solicit information on political and religious beliefs or medical information. When such sensitive personal information is provided to us through our email or postal address, we delete or anonymise this information as soon as possible.

EDRi staff members also use PGP to encrypt emails. Please request further information if you want to sign or encrypt emails with PGP so we can exchange keys.


Telephone calls received on our number are serviced by Sync Solutions and are beyond our control. As a result, the traffic data for these calls may be retained in accordance with Belgian laws for the retention of communications data.

Snail mail

Information we receive by post is collected by one staff member, reviewed, and forwarded when necessary to other staff members. We do not disclose the names of senders to third parties, and we endeavour to keep files secure.

Mailing lists

We run a variety of open and closed mailing lists. The membership of closed mailing lists is kept confidential, though this information is shared with our mail service providers for the purpose of list-management.

Traffic data of emails we send and receive through the services of Vigilo is subject to the Netherlands data retention legislation. We only log details of the email addresses and mailservers involved in delivery.


If you subscribe to EDRi-gram, your e-mail address will only be used by the editor to the EDRi-members to send you the newsletter. Subscriber information will not be provided, given, rented or sold to any third party. Information about subscribers is only provided in a general, aggregate form, for example the amount of subscribers.

EDRi commonly uses (‘double’) confirmed opt-in for subscribers to any mailinglist unless you email us, call us or orally tell us to add you to a given mailinglist. In any of those cases  the legal ground for the collection and processing is Article 6.1 (a) GDPR. By using professional mailinglist software (Mailman), EDRi minimises the abuse risk of email addresses by third parties. Subscribers can subscribe or unsubscribe themselves, without any intervention from EDRi. Maintenance, system operation and security of the mailinglists are delegated to Vigilo From time to time, subscribers may also be added via an opt-in system attached to a campaign website (as happened with our “save the internet” net neutrality campaign, for example).

EDRi-gram is a closed mailinglist. Only the editor can send mail to the subscribers.


We honour encrypted browsing (https) by default. Our website is managed by our service provider, Vigilo, based in the Netherlands. Vigilo acts as a processor of data whereas EDRi is the data controller. We have signed an agreement with Vigilo that stipulates, amongst other things, that all data relating to our website will remain confidential unless legal exceptions apply. Vigilo will only use the logs and any other information for troubleshooting the supplied services and for monitoring usage patterns for security purposes.

Our website does not use cookies or web beacons. We have no control over tracking technologies used by sites and services to which we link. The processing of web usage data is kept to a minimum.

We collect some statistics on the visits and downloads on our website with AWStats. All data collected is anonymised, and we do not share it with third parties. Our website management software AWStats only presents us with aggregate numbers of downloads of each document. The server software retains access logs (which contain individual IP addresses and pages visited) for the purposes of troubleshooting and generating aggregate statistics. We use this information to provide an indication of faults and to identify peak usage times so that we can decide when to make major site modifications.

We collect some statistics on the visits and downloads on our website with AWStats. All data collected is anonymous, is not merged with any other data that could serve to de-anonymise it.

Social Media

European Digital Rights uses social media and social networking services to advance our work. These applications require the use of third party service providers. Notably, we have a YouTube, Facebook, and a Twitter account. Please note that these services engage in extensive data collection and processing practices that are governed by their own terms of service.

Employee information

Occasionally, we receive employment information from prospective interns and employees. This information is shared internally until that individual becomes a candidate for employment. At that point we may share the CV with our advisers and trustees. We only file unsuccessful applications for two years with the consent of the individual applicant.

Your rights

European Digital Rights will endeavour to keep your personal information accurate. However, you have the right to access to the information that we might have collected from you (Article 15 GDPR), to request the correction or deletion of your personal data (Articles 16 and 17 GDPR). In this case, please contact the data controller at brussels(at)

Changes to this policy

In the event that this policy is changed at any time, the date and nature of the change will be clearly indicated in this document. In the event that the change has a material impact on the handling of your personal information, we will contact you to seek your consent. The previous version from January 2014 can be found here (in tracked changes).


If you have any questions regarding our privacy policy or require any clarifications, please contact brussels(at)

About European Digital Rights

European Digital Rights AiSBL is registered as an international not-for-profit organisation in Belgium – and our address is European Digital Rights, 12 Rue Belliard, 1040 Brussels.