Privacy Policy
Last updated: December 2, 2024
1. Introduction
Welcome to Youth Partners Collective ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.
By using Youth Partners Collective, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access the platform.
2. Information We Collect
2.1 Personal Information
We collect personal information that you voluntarily provide to us when you register on the platform, including:
- Name and surname
- Email address
- Organization information (name, type, country)
- Contact details
- Documents uploaded for verification purposes
2.2 Automatically Collected Information
When you access our platform, we automatically collect certain information, including:
- Log data (IP address, browser type, pages visited)
- Device information
- Usage data and analytics
- Cookies and similar tracking technologies
3. How We Use Your Information
We use the information we collect for the following purposes:
- To create and manage your account
- To verify your organization and process your onboarding
- To facilitate partnerships and collaboration within the Erasmus+ network
- To send you administrative information, updates, and notifications
- To improve our platform and user experience
- To monitor and analyze usage patterns and trends
- To detect, prevent, and address technical issues or security concerns
- To comply with legal obligations
4. Information Sharing and Disclosure
We may share your information in the following situations:
- With other partners: Your organization profile may be visible to other verified partners in the network to facilitate collaboration
- With service providers: We may share your data with third-party service providers who perform services on our behalf (hosting, email delivery, analytics)
- For legal reasons: We may disclose your information if required by law or in response to valid legal requests
- With your consent: We may share your information with your explicit consent
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
4.1 Data Processors
We use the following third parties to process your personal data on our behalf:
- Google Firebase: We use Google Firebase for database hosting, cloud storage, and authentication services. Firebase is certified for SOC 2 compliance and implements industry-standard security measures. For more information, see Firebase Data Processing Terms.
- Google Analytics: We use Google Analytics with IP anonymization enabled to understand how users interact with our platform. You can opt-out via the Google Analytics opt-out browser add-on.
- Email Service Providers: For transactional emails (password resets, notifications), we use third-party email delivery services that comply with GDPR requirements.
All data processors have Data Processing Agreements (DPAs) in place ensuring compliance with GDPR and applicable data protection laws.
5. Data Security
We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit and at rest
- Regular security assessments
- Access controls and authentication
- Secure cloud infrastructure (Firebase/Google Cloud Platform)
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
6. Data Retention and Deletion
We retain your personal information based on the following schedule:
- Active accounts: Personal data is retained while your account is active and in use.
- Deleted accounts: Account data is permanently purged within 30 days of your deletion request.
- Inactive accounts: We automatically delete accounts that have had no activity for 24 months. You will receive a notification 30 days before deletion.
- Billing and tax records: Financial transaction records are retained for 7 years as required by tax and financial regulations, then securely deleted.
- Backup copies: Deleted data may remain in backup systems for up to 90 days before being permanently removed.
When your data is no longer needed, we will securely delete or anonymize it using methods that prevent recovery.
7. Your Rights and Response Times
Depending on your location, you may have the following rights regarding your personal information:
- Right to access: You can request access to the personal information we hold about you. We will respond within 30 days.
- Right to rectification: You can request that we correct inaccurate information. We will respond within 30 days.
- Right to erasure: You can request that we delete your personal information. We will respond within 30 days and delete your data within 30 days of approval.
- Right to restriction: You can request that we restrict the processing of your data. We will respond within 30 days.
- Right to data portability: You can request a copy of your data in a structured format. We will provide this within 30 days.
- Right to object: You can object to our processing of your personal information. We will respond within 30 days.
To exercise these rights, please contact us using the information provided in the "Contact Us" section. We may request additional information to verify your identity before processing your request.
8. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to track activity on our platform and store certain information. Cookies are files with a small amount of data that may include an anonymous unique identifier.
8.1 Types of Cookies We Use
- Essential cookies: Required for authentication, security, and platform functionality. These cannot be disabled.
- Analytics cookies: We use Google Analytics with IP anonymization to understand usage patterns and improve our platform. No personally identifiable information is collected through analytics.
- Preference cookies: Used to remember your settings, such as language and theme preferences.
8.2 Managing Cookies
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept essential cookies, you may not be able to use important features of our platform.
To opt out of Google Analytics data collection, install the Google Analytics opt-out browser add-on.
9. Third-Party Services
Our platform uses third-party services that may collect information used to identify you:
- Google Firebase (authentication, database, hosting)
- Google Analytics (usage analytics)
- Email service providers (transactional emails)
These third parties have their own privacy policies, and we encourage you to review them.
10. Children's Privacy
Our platform is designed for organizations and individuals involved in Erasmus+ programs. We do not knowingly collect personal information from children under the age of 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete it.
11. International Data Transfers and Data Location
Your information may be transferred to and maintained on computers located outside of your country, where data protection laws may differ. We take steps to ensure that your data is treated securely and in accordance with this Privacy Policy and applicable law.
11.1 Data Storage Location
Personal data is primarily stored in Google Cloud Platform (GCP) regions in the United States via Firebase. This includes user profiles, documents, and communications.
For European residents, we rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards to ensure that your data receives an adequate level of protection equivalent to that provided in the EEA.
If you have concerns about international data transfers, please contact our Privacy Officer (see Section 13).
12. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes are effective when posted on this page.
13. Contact Us and Privacy Officer
If you have any questions about this Privacy Policy or our data practices, please contact us:
General Inquiries: contact@youthpartnerscollective.com
Privacy Officer: hello@futureseed.tech
Data Protection Inquiries: For specific data protection requests and GDPR-related questions, please email our Privacy Officer. We will acknowledge your request within 3 business days.
14. GDPR Compliance and Legal Basis
If you are located in the European Economic Area (EEA), we are committed to complying with the General Data Protection Regulation (GDPR). This includes providing you with the rights outlined in Section 7 and ensuring we have a lawful basis for processing your personal data.
14.1 Legal Basis for Processing
We process your personal data on the following legal bases:
- Contractual Necessity: Processing required to provide you with our services, such as account creation, document management, and partnership coordination.
- Consent: For optional services such as marketing communications, promotional emails, and non-essential analytics where you have explicitly opted in.
- Legitimate Interests: For analyzing anonymized usage patterns to improve our platform, detecting fraud and security threats, and maintaining platform stability.
- Legal Obligation: Compliance with applicable laws, regulations, and tax requirements.
14.2 Data Breach Notification
In the event of a data breach affecting your personal information, we will:
- Notify relevant supervisory authorities within 72 hours of discovering the breach (unless it poses no risk to your rights).
- Notify all affected individuals without undue delay.
- Provide you with details of the breach, its potential impact, and measures taken to mitigate harm.
You can contact our Privacy Officer (see Section 13) for more information about our data breach response procedures.