Introduction
This privacy policy relates to services provided and activity relating to Fix the Status Quo’s business activity, which is primarily the Proca platform. Fix the Status Quo is a limited liability company registered in Harju maakond, Tallinn, Kristiine linnaosa, A. H. Tammsaare tee 47, 11316, Tallin, Estonia, under the registration number 14614272.
If you would like to contact us about the processing of your personal data or relating to any security concerns, please contact support+privacy@fixthestatusquo.com
Proca is built to protect the privacy and security of supporters and users. Proca widgets do not set cookies nor collect personal information before explicit consent. Proca’s core has been audited by independent organisations and certified by the German Federal Office for Information Security (BSI), because it is used to power European Citizens’ Initiatives. It is easy for organisations using Proca to encrypt the data they collect, with the effect that collected supporter data is only accessible by the organisations who run that campaign.
We value movement generosity, no vendor lock-in and transparency of our code, and our platform is Free Software. We welcome anyone studying the code and improving it further.
Data we Collect
Data we collect falls into three different categories.
- Supporters, who take part in actions using Proca widgets, and their personal data is collected on behalf of Users.
- Users, using the Proca platform to install widgets on their websites and run campaigns.
- Visitors to our website, forum, etc.
The primary basis for data we collect is consent, based on users voluntarily submitting data to us and with knowledge of this privacy policy. Some data may also be collected based on legitimate interest, so we can provide the service or for security purposes, or if an organisation we work with provides us with data they have collected for us to process.
We have made our best efforts to list all the data we collect in this privacy policy.
Supporters
Data processing of supporters of your campaign is detailed in the Data Processing Agreement available here:
- Data Processing Agreement – the main document
- Locations and Sub-processors – what companies we are working with to process data, and where are they located
- Technical and Organisational Measures – what we do to make sure the data is processed securely
Users and Visitors
You are a visitor when you visit our websites and webapps in domains and subdomains of fixthestatusquo.com, fixthestatusquo.org and proca.app. You are a user when you actually use our services and tools to run campaigns, as paid or free service.
Processing goals and purposes
Our websites provide:
- Promotion, information and help about our services (Visitors)
- Tools to acquire and install campaign widget, manage campaign and coalition, export collected data (Users)
- Campaign performance analytics dashboard (Users)
This data is collected, kept and processed by us and processors in EU.
The data is processed for purposes:
- Authentication and authorisation to provided services (Users)
- Providing technical support and answering inquiries (Users, Visitors)
- Business related: running the sales and delivery process of our services – from inquiry, through planning, implementation, launch, support to invoicing (Users, Visitors)
- Provide insights to our team about service usage (Users)
- Provide insights to our team to run marketing of our services (Visitors)
Data collection and categories
Most of this data is provided voluntarily by users when they register or otherwise submit information when interacting with the dashboard (or some other part of the system). The basis for collecting it is (a) consent (by users submitting the data and agreeing to the privacy policy) and (b) legitimate interest (the data is needed to run the service and provide the support).
Visitors data is collected by passive tracking mechanism (such as website conversion tracking), in which cases you are presented with an option to opt out (click “Do not track me” on the banner at the bottom of the page).
The data we collect includes:
- Name
- Email address
- Organisation membership
- Associated campaigns which the user or their organisation is involved in
- Profile picture
- Interactions with websites and webapps (eg buttons clicked, settings changed, widget generation, etc)
- IP Address, browser data and other metrics are tracked for security and monitoring reasons and stored as standard server logs and not associated with other personal data
- IP Address, browser data and other web tracking metrics are tracked and stored in our CRM (based on consent).
Locations and processors
All user data is processed by websites and apps run and managed by us, and running on hosting/infrastructure providers in EU. These are:
- Hetzner (Germany) – Hetzner Privacy Policy
- UpCloud (Finland) – UpCloud Privacy Policy
- Aiven (Finland) – Aiven Privacy Policy
All user and visitor data processed for business and marketing purposes is processed by CRM provider:
- Zoho (Global company, servers for our data in EU) – Zoho Privacy Policy
Whenever we send transaction emails or newsletter, we use these email providers
- Mailjet (EU)
- Zeptomail by Zoho (company HQ in India, servers in EU) – Zoho Privacy Policy
Personal data related to running a business
As is normal for any business, we will store information about business contacts such as customers, partners, service providers, etc, based on the legitimate interest in doing so. We will also store personal data relating to people who apply to (or indeed do!) work or volunteer with us, based on the consent of the applicant and the legitimate interest in doing so.