Privacy Notice

How we collect, use, and protect your personal data.

Last updated: 17.03.2026

This Privacy Notice explains how the CORDA Democracy Fellowship ("we", "us", or "our") collects, uses, and protects your personal data in connection with your participation in our educational programs, community events, fellowships, and digital spaces such as Slack communities.

We are a collective of student organizers and run this pilot educational program focused on strengthening democratic resilience through research, building, and scaling democracy-supporting work. Until we establish formal institutional status, Clara Kummerer, based in Vienna, Austria, is the individual responsible for data protection matters and can be contacted at hello@cordademocracy.org.

We are committed to handling your data responsibly and in compliance with applicable privacy laws, including the EU General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (nFADP), and other relevant privacy regulations.

Please also read our Terms & Conditions and Fellows Guide before participating in our programs.

What Data We Collect and Why

As the "data controller," we're the ones who decide how and why your personal data is used. We collect the minimum personal data necessary to deliver our mission and community services.

1. Program Applications & Participation

When you apply to one of our programs (whether it's a fellowship, workshop, retreat, or recurring course), we may collect:

Your name, email, and basic contact info;
Your background or affiliation (e.g. student, researcher, professional);
Your responses to application questions, including motivation statements or CVs;
Your preferences for program topics (e.g. technical alignment, governance);
Your general availability for calls, mentoring, or events (via tools like Calendly or Zoom).

Why we collect this: So we can select participants fairly, coordinate logistics, and tailor our programs to your needs and goals.

2. Event & Community Participation

If you attend our events or join our online spaces, we may collect:

Your RSVP and attendance for events like meetups, hackathons, or retreats;
Your Slack username and activity metadata;
Feedback you give in post-event surveys or check-ins;
Details about your progression in Democracy Resilience roles.

Why we collect this: To manage logistics, understand what's working, and improve inclusivity and community engagement.

3. Ongoing Career Support & Referrals

If you're receiving career advice or ongoing support from us, we may keep track of:

Notes from 1:1 conversations or mentoring calls (always with your consent);
Your stated interests, skills, and long-term career goals;
A record of any introductions we've made to other organisations, job boards, or funding opportunities.

Why we collect this: So we can support your career journey more effectively, and — if you've agreed — refer you to relevant people, organisations, or opportunities in the Democracy Resilience ecosystem.

4. Grants and Funding

If we receive grants or sponsorship to support our work, we will collect and maintain records as required, including details about funding sources, amounts, and dates; records of how funds are used; and participant data required for funder reporting (always in aggregated, non-identifying form).

Lawful Basis for Processing

Under the GDPR, we rely on the following legal bases:

Legitimate interests — running events, courses, and fellowships smoothly; sharing limited participant info with trusted facilitators or mentors; using anonymised insights to improve programming.
Consent — we'll always ask before referring you to an external org, featuring you in a testimonial, or adding you to optional communications. You can withdraw consent at any time.
Contractual necessity — when you formally join one of our programs, we may need to process your data to deliver what we promised.
Legal obligation — we have to retain certain records (like donation data) for accounting or compliance reasons.

Data Sharing

We do not sell or commercialise your data. We only share data under controlled, purpose-limited scenarios.

Trusted Processors

We use a small number of widely adopted, GDPR-compliant services: Google Workspace / Gmail, Slack, Luma, Zoom / Calendly, Airtable / Notion, and Stripe / Open Collective / PayPal. These tools are under Data Processing Agreements and may store data outside the European Economic Area with appropriate protections.

Referrals Within the Democracy Resilience Ecosystem

With your explicit consent, we may share your name, profile, and career goals with other Democracy Resilience organisations, researchers, mentors, or employers in the ecosystem (e.g. German Research Center for Artificial Intelligence, 80,000 Hours). Consent is always sought before any such referral.

Funders

We report to funders using aggregated, non-identifying data about program reach and impact only.

Data Retention

Program and event data: 12 months from last engagement;
Slack and community participation: Until you request deletion or are inactive for 12 months;
Grant and funding records: 7–10 years, as required by applicable accounting and tax regulations;
Referral and coaching notes: Deleted upon your request or after 12 months of inactivity;
Survey data: Aggregated and anonymised after 24 months for longitudinal program evaluation.

We may send you a reminder before deleting inactive profiles.

Data Breach Notification

In the event of a personal data breach, we will assess the risk to affected individuals promptly. Where a breach is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it, as required by GDPR. We will also notify you directly, explaining what happened, what data was affected, and what steps we are taking.

Your Rights Under GDPR

As someone whose data we process, you have the right to:

Access the personal data we hold about you;
Correct anything that is inaccurate or out of date;
Ask us to delete your data when it is no longer needed;
Limit or object to how we use your data in certain situations;
Receive a copy of your data in a portable format, where technically feasible.

Email us at hello@cordademocracy.org to exercise any of these rights. We will get back to you within one month.

International Transfers

As our community is international, your data may be processed in countries outside your home jurisdiction. We ensure appropriate safeguards are in place for such transfers.

Links and Social Media

On our website (www.cordademocracy.org) there are links to other websites. This Privacy Notice does not apply to those websites. You should read their policies before sharing personal data.

Supervisory Authority

If you have concerns about how we process your personal data, we encourage you to reach out to us directly first. You may also contact the data protection authority in your country of residence.

Updates to this Privacy Notice

We may update this Privacy Notice from time to time. Significant changes will be announced via email. The latest version will always be available on our website.