Introduction Bellingcat is committed to respecting the right to privacy. We protect and maintain the confidentiality and security of personal data in accordance with applicable laws. We process personal data carefully and with integrity, and protect it against unauthorised and unintended processing.
All personal data you provide remains strictly confidential and will not be passed on to third parties. We process these data in accordance with the General Data Protection Regulation (GDPR).
Bellingcat understands personal data as all information about an identifiable natural person (the ‘data subject’). This means information that is directly about a person or can be traced back to this person.
This policy sets out how Bellingcat processes and uses personal data in accordance with applicable regulations and legal requirements, and explains what rights are available to data subjects.
Purpose of Data Collection
- Bellingcat collects and processes personal data only to the extent reasonably required and always adheres to applicable local laws and regulations.
- The personal data collected will only be used for the proper fulfilment of the business of the organisation (for example: conclusion of agreements, relationship management, registration of participants for training sessions, subscriptions to newsletter, response to questions or requests for information etc).
Keeping personal data may be necessary for the proper implementation of the organisation’s business or to comply with legal obligations. Personal data are not kept for longer than necessary. When you send us an e-mail or contact us in another way, we shall keep and process the personal data you send us for as long as this is necessary and only for the purposes necessary.
For the Bellingcat newsletter mailing list, your email address shall only be added to the list of subscribers with your consent. Each newsletter contains a clear link with which you can unsubscribe. We use the Mailchimp subscription system.
The data and documents that are provided by the applicant when responding to a vacancy are processed to determine whether the applicant qualifies for a position within Bellingcat. For the purposes of selection, the recruitment process may include comparing the data of the applicant with the vacancy requirements and contacting them if necessary to request additional information. Where applicable, we may also contact the mentioned reference persons.
Bellingcat processes personal data that may be relevant to the recruitment and selection procedure. In any event, this concerns the information provided by the applicant, including name and address details or other contact details provided. Other relevant data, such as education, courses followed, internships and employment history of the applicant will also be processed for the purposes of the selection procedure.
If it is necessary for the position, applicants may be subjected to a (pre) screening and an assessment. In that case, the persons responsible for carrying the (pre) screening will be given access to the personal data necessary for that process.
Special Personal Data
Bellingcat does not process sensitive personal data (including information relating to race, ethnicity, religion, sexual orientation, political affiliations, trade union memberships, financial situation, medical history) unless this is necessary for legitimate work-related reasons and only to the extent that this is permitted under applicable laws.
Bellingcat has the necessary safeguard and control systems to protect personal and sensitive data against loss, unauthorised copying, modification or disclosure. Additionally, we have technical and organisational measures to protect and secure personal data, for example, by limiting access rights to authorised persons only. Access to sensitive data is always strictly on a need-to-know basis (compartmentalisation).
Under the General Data Protection Regulation (GDPR) your rights include the right to access personal data we have collected and in certain cases to modify or remove the personal information. If you subscribed to our newsletter, each newsletter contains a clear link which you can use to unsubscribe.
To exercise your rights, you may send a request to firstname.lastname@example.org. To address your request, we may ask you for further information to check your identity. More information about your rights under the GDPR can also be found at https://gdpr-info.eu/.
If you feel it is necessary, you may also file a complaint with the Data Protection Authority about how we use your personal data.
When we process the personal data of EU citizens in a non-EU country, we will ensure that it remains compliant with the applicable privacy regulations.
We will strive to respond to such a request without undue delay. Any relevant data breach will be reported to the relevant data protection authorities within the timelines stipulated by applicable law, in accordance with the internal process for incident management.