Privacy Policy – Be Human asbl

Introduction
Be Human asbl is a nonprofit organization dedicated to cultivating the essential skills, confidence, and ambition needed for youth to drive meaningful change in society.

In line with this mission, Be Human asbl is committed to safeguarding the personal data entrusted to us. We ensure that all personal data is processed in compliance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons regarding the processing of personal data and the free movement of such data, repealing Directive 95/46/EC ("GDPR"), as well as any applicable national laws.

This privacy policy applies whenever you interact with our services, activities, publications, events, website visitor, donor…(this list is not exhaustive).

All data protection terms used throughout this policy have the meaning assigned to them in the General Data Protection Regulation (GDPR) unless a derogatory definition has been provided for them in the policy itself. 

Please read this policy carefully to understand how we collect, use, and manage your personal data.

Article 1: Data Controller and Contact Information

The data controller responsible for your personal data and your point of contact for privacy-related queries is Be Human asbl. If you have any questions regarding this privacy policy, please contact us at:

Email Address:
info@realimpact.lu

Article 2: Purposes, Legal Basis, and Categories of Data Processed

We collect your personal information from various sources, including directly from you (e.g., through forms, correspondence, or conversations) and, where applicable, from third parties (e.g., public sources). This is done to fulfill our obligations under applicable laws, provide our services effectively, and for other legitimate purposes. For example, we may collect personal data to comply with tax requirements, maintain accurate records, or meet regulatory obligations.

We process your personal data for the following purposes and based on the following legal bases under Article 6 of the GDPR:

  • Membership Administration (Performance of a contract that you are party or for pre-contractual measures): Name, address, email, and membership start date.

  • Cohort Registration (Performance of a contract that you are party or for pre-contractual measures): Name, address, CV, and email for communication.

  • Volunteer Administration (Legitimate Interest): Name, address, and email for communication purposes.

  • Supplier Management (Performance of a contract that you are party or for pre-contractual measures): Contact person’s name, address, email, and phone number.

  • Donation Management (Legitimate Interest): Donor’s name, bank account details, address, and email.

  • Newsletter Distribution (Consent): Name and email for informing about organizational activities.

  • Website Contact Form Management (Legitimate Interest): Name and email for inquiries.

  • Membership Fee Management (Contract Basis): Name, address, email, and bank account details.

We do not process personal data of individuals under 16 years of age without written consent from a parent or legal guardian.

In exceptional cases, we may process sensitive personal data (e.g., racial or ethnic origin, political opinions, religious beliefs, health data) strictly within the scope of our legitimate activities and with appropriate safeguards. Explicit consent will be obtained for any other purposes. The consent can be withdrawn at any time without affecting the lawfulness of the processing carried out before withdrawal.

Cookie Policy:
Be Human asbl only collects strictly necessary cookies that are essential for the functioning of our website. We do not collect non-essential cookies, such as those used for behavioral analysis or advertising.

Article 3: Recipients of Personal Data

We may share personal data with third parties only for specific purposes, such as:

  1. Internal Functions: Data may be shared with the governing board, secretary, treasurer, or other internal roles as needed, on a need-to-know basis.

  2. Project Monitoring: Personal data may be used to help make improvements or develop new services and therefore may sometimes be shared with project funders and management.

We commit to the following principles regarding data sharing:

  • We will not collect or share more data than is necessary for our legitimate activities and purposes.

  • We will not sell your data to third parties.

  • We will not use your data for purposes beyond those stated in this policy.

We do not transfer personal data outside the European Economic Area.

Article 4: Data Retention

We retain personal data for up to 1 year following specific events such as departure from the association. Data processed for membership fee management is retained for 2 months after the closure of annual financial accounts. Data may be retained longer in case of legal or regulatory obligations or ongoing disputes.

If you wish to request data deletion, please contact us using the contact details provided above.

Article 5: Newsletters

If you sign up to our newsletter, we will send you information about services and updates relating to our projects, events and other targeted communications. You may unsubscribe from our newsletters at any time by clicking the "unsubscribe" link at the bottom of our emails or send an email to (insert general email address)

Article 6: Your Rights

Under the GDPR, you have the right to:

  1. Access Your Data: Obtain a copy of the personal data we hold about you (Article 15 GDPR).

  2. Rectification: Request correction of inaccurate or incomplete data (Article 16 GDPR).

  3. Objection: Object to data processing unless the processing is necessary for the performance of a task carried out in the public interest, or for the purposes of legitimate interests pursued by Be Human asbl (Article 21 GDPR).

  4. Erasure: Request deletion of your data ("right to be forgotten") (Article 17 GDPR).

  5. Data Portability: Receive your data in a structured, commonly used, and machine-readable format (Article 20 GDPR).

  6. Restriction: Request restriction of processing under certain conditions (Article 18 GDPR).

To exercise these rights, please contact us using the email or postal address provided above.

Article 7: Complaints

If you have concerns or complaints about the way we handle, process, or protect your data, please contact us in the first instance using the contact details provided above.

If you believe your data has been processed in violation of the GDPR, you may lodge a complaint with the relevant data protection authority. For more information, visit: https://cnpd.public.lu.