Privacy policy (GDPR)
Version as of
1. Who we are
This website (the “Site”) provides information, resources and a space to share testimonies about organized harassment. We process a limited set of personal data to operate the Site and provide its features.
Data controller: HarcelementRéseau / Organized Harassment. Contact: [email protected].
2. Data we process
- Testimonies: free‑text you submit (required), optional display name/pseudonym, optional city/country, optional contact field (email or social link), and creation date.
- Technical data: IP address and basic logs collected by our hosting providers (for security/anti‑abuse, availability, diagnostics).
- Donations: if you donate via a third‑party provider (e.g., Buy Me a Coffee / PayPal), payment data is handled directly by that provider. We do not receive your full card details. We may receive limited metadata (amount, time) for transparency.
Storage: Testimonies are stored in our database (MongoDB Atlas). Providers may store logs in their own infrastructure. Exact storage regions depend on our deployment configuration.
3. Purposes of processing
- Publish and display submitted testimonies on the Site.
- Moderate content to keep the platform safe and lawful.
- Prevent abuse, ensure availability and secure the infrastructure.
- Provide transparency on donations and support tool development.
4. Legal bases
- Consent for publishing your testimony and any optional data (e.g., contact field).
- Legitimate interests (GDPR art. 6(1)(f)) for security, moderation and diagnostics.
- Legal obligations where applicable (e.g., responding to valid legal requests).
5. Data retention
- Testimonies: kept while published and as needed for moderation/audit; removal on justified request.
- Logs: short‑term retention by hosting/security providers for diagnostics and abuse prevention.
- Donations: records retained as required by accounting and tax rules.
6. Your rights
Where applicable (e.g., EEA/UK), you may have rights of access, rectification, erasure, restriction, objection and data portability. To exercise your rights, contact us at [email protected]. You may also lodge a complaint with a supervisory authority (in France: CNIL).
8. Security
We implement reasonable technical and organizational measures (TLS, access controls, least privilege, basic monitoring). No internet service can be 100% secure.
9. Children
The Site is intended for adults. If content attributed to a minor is published, we may remove it on request. Contact [email protected].
10. Changes to this policy
We may update this policy from time to time. We will indicate the revision date above and, where changes are material, provide a clear notice on the Site.
11. Contact
Questions about this policy or your data? Contact us at [email protected].