Privacy policy

2. Data protection regulations: Which data protection regulations do we comply with?

Our privacy policy is in accordance with the EU General Data Protection Regulation (GDPR), which applies to all EU member states as of 25 May 2018. The GDPR aims to better protect the personal data of all EU citizens and therefore affects all EU organisations and non-EU organisations doing business in EU countries.
Regardless of whether you are an EU or a non-EU citizen: we will treat your personal data in the same, confidential manner.

3. Data protection responsible: Who deals with our data and privacy matters?

Some organisations and companies are required to appoint a Data Protection Officer. We are not. Instead, we put together a special team dealing with privacy issues within our Board.
You can reach the team at hello@culturesolutions.eu and information will be forwarded to our Board members.

4. Data we collect: What data do we collect, when and why? Where do we store it, and for how long? And who has access?

We may collect and process the following data about you:

• Online subscription:

When you fill-in a form on our website (www.culturesolutions.eu) to contact us, when you subscribe to receive news from culture Solutions, or when you register to attend our event, we ask you for your email address, name, organisation and position, which we will use to contact you. This information helps us to better identify our audience and deliver a better service.
We will store your personal data in our external email database, the access to which which is managed by our Board. Your data will be saved for a maximum period of twenty years; after that your data will be permanently deleted from our system.
We lawfully process this information on the basis of consent and performance of contract, meaning you have given us permission to process this data and you have requested a service which we deliver to you. In addition, we process your information on the basis of legitimate interests pursued by culture Solutions (personalisation and general audience analysis help us deliver a better service).
Our website developers also have access to that system, but we require that they comply strictly with our policy and prohibit the use of your personal information for their own business purposes.
We may also store the content of your comments on our website in our internal reporting systems, which is accessible to all culture Solutions staff. Your data will be saved for a maximum period of ten years; after that your data will be permanently deleted from our systems. We lawfully process this information on the basis of consent (you agree to submitting a comment) and legitimate interests pursued by culture Solutions (impact measurement needed for reporting to our funders).

• Surveys:

We may share the results of feedback surveys with our funders to meet our contractual reporting obligations. Feedback helps us determine the success of our work or point to areas for improvement. We will store your information on our cloud storage and potentially our internal reporting system, both of which are accessible only by culture Solutions staff, for a maximum period of five years.
We lawfully process this information on the basis of consent; meaning you have given us permission to process this data by participating in the survey. In addition, we process your information on the basis of legitimate interests pursued by culture Solutions (feedback collection and impact measurement needed for donor reporting).

• Applications and recruitments:

When you send us an open application via our website or by email or if you apply to any of our vacancies, we will store your personal details and CV. We ask you for the following personal information: name; date and place of birth; email address; phone number; your areas of interest; your position of interest; your availability; your employment history; your qualifications; and your motivation to work at culture Solutions. You may also choose to submit additional information, such as a CV or a photo.
We will store this information on a confidential section of our cloud storage, which is only accessible by our human resources and Board departments. They may forward your information to other culture Solutions colleagues in case a relevant position opens up. We will store your information for 24 months. We are often looking for policy staff with very specific areas of expertise, but no position may be open at the time of application. After 24 months, your data will be permanently deleted from our system.
We lawfully process this information on the basis of consent (by agreeing to this policy when submitting your application) and steps needed for potentially entering into a contract with culture Solutions, at your request.
Collection, storage and processing of personal data of our staff members, partners and third parties is outlined in our contracts.

• Correspondence:

If you contact culture Solutions or our staff members via email or phone, we may keep a record of your correspondence in our mail inbox and we may collect and add your name, phone number, organisation name and position, email address in our contacts database to ensure we can follow up on your request. We will keep a record of your correspondence in our email inbox for as long that particular email account exists.
Our staff may need to keep records of past correspondence for effective communication.
If you provide feedback about our work or staff in your correspondence, we may use that for internal reports or reports to funders, to meet our contractual reporting obligations. Feedback helps us determine the success of our work or point to areas for improvement. We will anonymise that feedback and will never use your name or other personal data that may identify you – unless you’ve given explicit permission. We will store feedback in our internal reporting system for a maximum period of five years.
We lawfully process this information on the basis of consent (you have contacted us), performance of contract (we may have to respond to a request made by you) and legitimate interests pursued by culture Solutions (feedback collection and impact measurement needed for donor reporting).

• Contacts database:

We may store your business contact details in our contact database, provided you give explicit permission for that. If you have been in touch with or provide your business card to our staff members, we may contact you via email to ask for your permission to store your business contact details in our contact database.
Our contact database helps us store all business-related contact details of people in our network in one place. It is basically like a phonebook, which can be consulted by our staff members if they need the contact details of a specific member of our network. We also use the database to send invitation for events or specific publications to targeted groups.
We ask you for your email address, title, name, organisation name, address and telephone number be able to identify and contact you. Not all of these details are required. You may also add your organisation, function, department and sector. These details help our staff members identify the right person for projects or events. Additionally, your organisation name, sector and country help us identify broadly which people belong to our network.
That database is accessible to all culture Solutions staff members. The data we store in our contact database will be saved for a maximum period of twenty years; after that your data will be permanently deleted from our system.

• Interviews:

We may store personal information when conducting interviews. When you take part in an interview we are conducting for a study, podcast, or other project, we may record your personal data. Those data may may include your name, email address, phone number, organisation name, job function and the country and global region you come from or work in, alongside the notes of your interview. The exact personal data we collect may depend on the specific study, but before you take part in an interview, we will clearly communicate to you which data we collect.
We may use parts of your interview in our studies, podcasts, or other projects, to be able to answer our research questions.
We will store your information on our cloud storage, which is accessible by all (or a selected group of) culture solutions staff, for a maximum period of twenty years. After that period, your details will be permanently deleted from our system. The studies we publish online cannot be deleted.

• Website tracking:

We may track which parts of our website you visit and the resources you access. When you visit our website, our analytics system may collect information about your device, operating system, browser type, language and location.
The first time you visit our website you will be asked to accept or refuse cookies. Cookies allow our analytics system to identify your computer as you view different pages on our website. They also allow our system to see how many people use the website and what pages they visit.
This is statistical data about our website visitors’ browsing actions and patterns when using our site, and does not identify any individual. It helps us identify who our audience is broadly and deliver a better and more personalised service. This information is stored in our analytics system for a maximum period of five years. This system is only accessible by our Board and communications departments. We may extract reports from that system which we will store on our internal cloud storage, accessible to all culture Solutions staff, for a maximum period of five years.
The information collected for the purpose of analytics on our website is not shared with external parties. We rely on the software developed by Matomo, an ethical alternative to Google Analytics, which gives us 100% ownership over the data and ensures full compliance with GDPR.
We lawfully process this information on the basis of consent (by accepting cookies) and legitimate interests pursued by culture Solutions (general audience analysis).

• Social media:

We may store and use messages or interactions addressed to us from your social media account.
If you follow us on social media (Facebook, Twitter, Instagram, LinkedIn), we may collect statistical information about your age, country, language, gender or any other publicly available information from your profile. That data collection does not identify any individual. This information helps us broadly identify our audience and deliver a better and more personalised service.
This information is stored on our social media accounts, which are only accessible to our Board and communications departments. We may extract reports which we will store on our internal cloud storage, accessible by all culture solutions staff, for a maximum period of five years.
We lawfully process this information on the basis of consent (by agreeing to Facebook, Twitter, Instagram, LinkedIn policies and by choosing to follow our accounts) and on the basis of legitimate interests pursued by culture Solutions (general audience analysis).
If you interact with us or our staff members on social media, we may use your interactions in internal reports and reports to our funders, to meet our contractual reporting obligations. We do that to indicate the level of engagement or discussion that our blogs or publications stimulated, which serves as an impact measurement of our work to indicate the level of engagement or discussion that our posts or work stimulated. We will anonymise to the maximum possible extent, meaning we will not include your name or other personal data that may identify you.
This information is stored on our, or our staff members’ social media accounts, which are only accessible to our Board and communications departments or to individual staff members. We may extract reports which we will store on our our internal cloud storage, accessible by all culture Solutions staff, for a maximum period of five years.

• Public relations:

If you are a journalist, policy-maker, or practitioner in the field of international cultural relations, we may send you press releases or invitations. To be able to do that, we may collect your business email address, name, organisation, and position. We legally process this information on the basis of legitimate interest pursued by culture Solutions and interested parties: meaning we are interested in getting some of our work to the media for maximum outreach and they may want to be informed about our work for professional purposes.

NB: culture Solutions does not collect data on minors. If we learn that personal information from users less than 18 years of age has been collected, we will take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under age of 18, please contact us at hello@culturesolutions.eu.

5. Security measures: How do we secure your personal data?

In section 4 of our privacy policy we outline the places where we store your data and who has access and the conditions under which you personal data may be collected. In all those cases, we take great care in holding your information securely.
Our contact database is stored with business security measures, on-site and off-site encrypted backups and internal guidelines for staff are in place to protect your data.
Other data that we collect from you may be transferred to and stored in external systems, some of which are outside the European Economic Area (EEA). Examples are our email database, our social media platforms, our website content management system and our shared cloud storage. These are all GDPR-compliant. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps necessary to ensure that your data is treated securely and in accordance with this privacy policy.
Please note that transmission of information via the internet is never completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the sites where we host your data – so any transmission is at your own risk. Once we have received your information, strict procedures and security features are in place to prevent unauthorised access.

6. Third parties: Will you share my information with other parties?

In principle not. We do not share your personal information with our partners, funders or third parties – unless we have your explicit permission or disclosure is required by law. We may share statistic report and feedback that was given by you in reports to our funders.
We do that to indicate the level of engagement or discussion that publications stimulated – which is necessary to be able to show the impact of our work. We will never include your name or any other personal details in those messages or feedback.

7. Your data protection rights 

• Can you check if we hold any information on you?

Yes, you can. If you want to know whether we hold any information on you, please email us at hello@culturesolutions.eu.

• Can you get a copy of the information we hold on you?

Yes, you can. You can request access to the information we hold on you by emailing hello@culturesolutions.eu. We will then submit a full copy of your details to the email address you provide to us within 30 days after your request. You may also ask us to send a copy of those details to another party. In both cases, no fees will be charged to you.
If you are subscribed to one or more of our newsletters, you can view your subscription details by clicking the link at the bottom of any of the newsletter issues you have received from us.

• Can we change or update your information?

Yes, of course. If any information we hold on you is incomplete or incorrect, please inform us by contacting hello@culturesolutions.eu.

• Can we remove your data from our systems?

Yes, you have the right to be removed from our data systems. If you want to be removed from our systems, please contact us at hello@culturesolutions.eu. We will answer your request for removal within 30 days after you have contacted us.
Please note that we will take utmost care of deleting your details everywhere, but that we may need to keep some of your data in (parts of) our systems if we are legally obliged to or if other legal grounds apply, such as legitimate interests.

• Can you object to us processing your data?

Yes, you can. If you feel our grounds for processing your data are not legitimate, you have the right to object. You can contact us at hello@culturesolutions.eu.

• Can I contact you for more information about this privacy policy?

Of course. If you have any questions or comments regarding our privacy policy, please contact us at hello@culturesolutions.eu.

• What can you do in case your privacy rights are violated?

If you feel we do not respect your privacy rights, please contact us at hello@culturesolutions.eu.
If we haven’t adequately addressed your request to respect your privacy rights, or if you become aware that there is a data breach (see next section) on our end, you may notify the French Data Protection Authority or the data protection authority in your country. In case of a data breach, we would of course be happy if you would notify us too, by contacting hello@culturesolutions.eu.

• What are data breaches, and how do we deal with them?

A data breach is an incident where the confidentiality, integrity or availability of personal data has or may have been compromised.
If we encounter a data breach on our end that poses a risk to the personal data we store, we must notify the French Data Protection Authority of becoming aware of the data breach.
In case the data breach poses a serious threat to the safety of your personal data, we will notify you too – provided the contact details we hold on you are correct and up-to-date.

9. Links: What about links to and from our site?

On our website (www.culturesolutions.eu) you may find links to other websites, or you may have been referred to our website via another website.
Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. We recommend you to check the privacy policies of these websites before you submit any personal data on those websites.

10. Privacy policy updates: Can you see the updates of our privacy policy?

Yes, you can see any changes we may make to our privacy policy after 7 June 2020 (version 1.0).
This is version 2.0 from 4 September 2023. The changes consisted in correction of typos, addition of graphic representation for easier understanding, addition of ethical website analytics tool, and clarification of certain provisions.
Unless we make fundamental changes, we reserve the right to change our privacy policy without prior notice.