Data Privacy

Introduction Bellingcat is committed to respecting the right to privacy. We protect and maintain the confidentiality and security of personal data in accordance with applicable laws. We process personal data carefully and with integrity, and protect it against unauthorised and unintended processing. 

All personal data you provide remains strictly confidential and will not be passed on to third parties. We process these data in accordance with the General Data Protection Regulation (GDPR). 

This data privacy policy applies to collecting and processing of personal data provided by job applicants, funders, individual donors, volunteers, staff members, consultants, training participants, partner organisations and all other stakeholders in our regular course of business. In addition, we may process the personal data of third parties who deal with our stakeholders, partners or consultants. 

Bellingcat understands personal data as all information about an identifiable natural person (the ‘data subject’). This means information that is directly about a person or can be traced back to this person. 

This policy sets out how Bellingcat processes and uses personal data in accordance with applicable regulations and legal requirements, and explains what rights are available to data subjects. 

Purpose of Data Collection

  • Bellingcat collects and processes personal data only to the extent reasonably required and always adheres to applicable local laws and regulations. 
  • The personal data collected will only be used for the proper fulfilment of the business of the organisation (for example: conclusion of agreements, relationship management, registration of participants for training sessions, subscriptions to newsletter, response to questions or requests for information etc). 

Retention Period 

Keeping personal data may be necessary for the proper implementation of the organisation’s business or to comply with legal obligations. Personal data are not kept for longer than necessary. When you send us an e-mail or contact us in another way, we shall keep and process the personal data you send us for as long as this is necessary and only for the purposes necessary. 

Bellingcat Newsletter 

For the Bellingcat newsletter mailing list, your email address shall only be added to the list of subscribers with your consent. Each newsletter contains a clear link with which you can unsubscribe. We use the Mailchimp subscription system. 

Job Applications 

The data and documents that are provided by the applicant when responding to a vacancy are processed to determine whether the applicant qualifies for a position within Bellingcat. For the purposes of selection, the recruitment process may include comparing the data of the applicant with the vacancy requirements and contacting them if necessary to request additional information. Where applicable, we may also contact the mentioned reference persons. 

Bellingcat processes personal data that may be relevant to the recruitment and selection procedure. In any event, this concerns the information provided by the applicant, including name and address details or other contact details provided. Other relevant data, such as education, courses followed, internships and employment history of the applicant will also be processed for the purposes of the selection procedure. 

If it is necessary for the position, applicants may be subjected to a (pre) screening and an assessment. In that case, the persons responsible for carrying the (pre) screening will be given access to the personal data necessary for that process. 

Special Personal Data 

Bellingcat does not process sensitive personal data (including information relating to race, ethnicity, religion, sexual orientation, political affiliations, trade union memberships, financial situation, medical history) unless this is necessary for legitimate work-related reasons and only to the extent that this is permitted under applicable laws. 


Bellingcat has the necessary safeguard and control systems to protect personal and sensitive data against loss, unauthorised copying, modification or disclosure. Additionally, we have technical and organisational measures to protect and secure personal data, for example, by limiting access rights to authorised persons only. Access to sensitive data is always strictly on a need-to-know basis (compartmentalisation). 

We may share personal data with third parties or contractors that deliver services to Bellingcat. We are committed to ensuring that those third parties receiving personal data will also process and secure the personal data in accordance with this data privacy policy and applicable laws and regulations. 

Your Rights 

Under the General Data Protection Regulation (GDPR) your rights include the right to access personal data we have collected and in certain cases to modify or remove the personal information. If you subscribed to our newsletter, each newsletter contains a clear link which you can use to unsubscribe. 

To exercise your rights, you may send a request to To address your request, we may ask you for further information to check your identity. More information about your rights under the GDPR can also be found at  

If you feel it is necessary, you may also file a complaint with the Data Protection Authority about how we use your personal data. 

Changes to the Data Privacy Policy 

We reserve the right to revise this data privacy policy. Important changes will be announced on our website. 

Final Provisions 

When we process the personal data of EU citizens in a non-EU country, we will ensure that it remains compliant with the applicable privacy regulations. 

A data subject can request access, correction, restriction, portability, objection or removal of his or her personal data at any time by submitting a request to Bellingcat Data Privacy Policy 

We will strive to respond to such a request without undue delay. Any relevant data breach will be reported to the relevant data protection authorities within the timelines stipulated by applicable law, in accordance with the internal process for incident management. 

Bellingcat encourages its staff members and other stakeholders to report any violations or suspected violations of this privacy policy to 

Contact Details 

Unless otherwise explicitly indicated, Bellingcat is the Data Controller for the processing of personal data as described in this data privacy policy. In case you have any questions about this data privacy policy, you can contact us at