Privacy Policy

1. Introduction

EuroTech Federation ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services, in accordance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller:
EuroTech Federation
Email: contact@eurotech-federation.com

2. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

• Consent (Art. 6(1)(a) GDPR): When you provide explicit consent for specific processing activities
• Contractual necessity (Art. 6(1)(b) GDPR): To provide services you request
• Legal obligation (Art. 6(1)(c) GDPR): To comply with legal requirements
• Legitimate interests (Art. 6(1)(f) GDPR): For analytics, security, and service improvement

3. Information We Collect

3.1 Information You Provide

• Account Information: Name, email address, LinkedIn profile (via OAuth)
• Profile Information: For Fellows - name, country, city, photo URL, university, batch
• Application Data: Information submitted through our Google Forms
• Communications: Messages or inquiries you send to us

3.2 Automatically Collected Information

• Usage Data: Pages visited, time spent, interactions (via Vercel Analytics)
• Device Information: Browser type, IP address, device identifiers
• Cookies: See our Cookie Policy section below

4. How We Use Your Information

• To provide and maintain our platform services
• To authenticate users via LinkedIn OAuth
• To manage Fellow profiles and community directory
• To communicate about events, opportunities, and updates
• To analyze and improve our services (anonymized analytics)
• To ensure security and prevent fraud
• To comply with legal obligations

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

• Service Providers: Vercel (hosting), Supabase (database), LinkedIn (authentication)
• Community Members: Fellow profiles are visible to authenticated members
• Legal Requirements: When required by law or to protect rights and safety

All third-party processors are GDPR-compliant and have appropriate data processing agreements in place.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. We ensure adequate safeguards are in place through:

• EU-US Data Privacy Framework compliance
• Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission

7. Your Rights Under GDPR

As an EU resident, you have the following rights:

• Right to Access (Art. 15): Request a copy of your personal data
• Right to Rectification (Art. 16): Correct inaccurate or incomplete data
• Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
• Right to Restriction (Art. 18): Limit how we use your data
• Right to Data Portability (Art. 20): Receive your data in a machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interests
• Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time

To exercise your rights, contact us at: contact@eurotech-federation.com
We will respond within 30 days as required by GDPR.

8. Data Retention

We retain your personal data only as long as necessary:

• Active accounts: Until account deletion or 2 years of inactivity
• Applications: 1 year after processing
• Analytics data: Anonymized after 90 days
• Legal records: As required by law (typically 6-10 years)

9. Cookies and Tracking Technologies

We use the following types of cookies:

• Essential Cookies: Required for authentication and core functionality (no consent needed)
• Analytics Cookies: Vercel Analytics for anonymized usage statistics (consent required)
• Third-party Cookies: LinkedIn OAuth, Google Forms embeds

You can manage cookie preferences through our cookie banner or your browser settings. Note that disabling essential cookies may limit functionality.

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

• HTTPS encryption (TLS 1.3) for all data transmission
• Strict Content Security Policy (CSP) headers
• Role-based access control (RBAC) for admin functions
• Regular security audits and updates
• Secure authentication via LinkedIn OAuth
• Database encryption at rest (Supabase PostgreSQL)

11. Children's Privacy

Our services are intended for individuals aged 16 and above. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us immediately.

12. Data Breach Notification

In the event of a data breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Article 33 and 34.

13. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority in your EU member state. For France (our primary jurisdiction):

CNIL (Commission Nationale de l'Informatique et des Libertés)
Website: www.cnil.fr

14. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or a prominent notice on our website. The "Last Updated" date will reflect the most recent revision.

15. Contact Us

For any questions about this Privacy Policy or to exercise your GDPR rights:

Email: contact@eurotech-federation.com