Bellingcat is committed to respecting the right to privacy. We protect and maintain the confidentiality and security of personal data in accordance with applicable laws.
We process personal data carefully and with integrity, and protect it against unauthorised and unintended processing. All personal data you provide remains strictly confidential and will not be passed on to third parties. We process these data in accordance with the General Data Protection Regulation (GDPR).
Bellingcat understands personal data as all information about an identifiable natural person (the ‘data subject’). This means information that is directly about a person or can be traced back to this person.
This policy sets out how Bellingcat processes and uses personal data in accordance with applicable regulations and legal requirements, and explains what rights are available to data subjects.
Purpose of Data Collection
- Bellingcat collects and processes personal data only to the extent reasonably required and always adheres to applicable local laws and regulations.
- The personal data collected will only be used for improving the quality of our services and informing the publication strategy.
Keeping personal data may be necessary for the proper implementation of the organisation’s business. Personal data is not kept for longer than necessary. When you send us an e-mail or contact us in another way, we shall keep and process the personal data you send us for as long as this is necessary and only for the purposes necessary.
Bellingcat has the necessary safeguard and control systems to protect personal and sensitive data against loss, unauthorised copying, modification or disclosure. Additionally, we have technical and organisational measures to protect and secure personal data, for example, by limiting access rights to authorised persons only. Access to sensitive data is always strictly on a need-to-know basis (compartmentalization).
Under the General Data Protection Regulation (GDPR) your rights include the right to access personal data we have collected and in certain cases to modify or remove the personal information. If you’ve subscribed to our newsletter, each newsletter contains a clear link which you can use to unsubscribe.
To exercise your rights, you may send a request to email@example.com. To address your request, we may ask you for further information to check your identity. More information about your rights under the GDPR can also be found at https://gdpr-info.eu/.
If you feel it is necessary, you may also file a complaint with the Data Protection Authority about how we use your personal data.
When we process the personal data of EU citizens in a non-EU country, we will ensure that it remains compliant with the applicable privacy regulations.
A data subject can request access, correction, restriction, portability, objection or removal of his or her personal data at any time by submitting a request to firstname.lastname@example.org. We will strive to respond to such a request without undue delay.
Any relevant data breach will be reported to the relevant data protection authorities within the timelines stipulated by applicable law, in accordance with the internal process for incident management.