Privacy Policy WPSO

Privacy Policy

Last Updated: May 4, 2025

Introduction
Welcome to worldpoetryslam.org. This Privacy Policy explains how the World Poetry Slam Organization (WPSO) – an international non-profit association based in Belgium – collects, uses, and protects your personal information when you use our website and services. We are committed to safeguarding your privacy and ensuring we comply with all relevant laws, including the EU General Data Protection Regulation (GDPR). We also outline privacy rights for California residents under the California Consumer Privacy Act (CCPA) (as applicable). By using our site or providing personal data, you agree to the practices described in this policy.

This Privacy Policy is organized into sections to help you understand our practices and your rights. Please read it carefully. If you have any questions or concerns about this policy or your personal data, feel free to contact us using the information in the Contact Us section below.

1. Types of Data We Collect

We collect personal data that you provide to us, as well as some data automatically collected when you use our site. The types of data we collect include:

  • Identity and Contact Information: Name, email address, postal address, telephone number (if provided), and other contact details you provide (for example, when registering for an event or creating an account).

  • Event Registration Details: Information related to event sign-ups or membership (such as organization/affiliation or preferences) that you provide on registration forms.

  • Newsletter Subscription Data: Email address (and name, if provided) when you subscribe to our newsletter or mailing list.

  • Order and Payment Information: If you make a purchase or pay for event registration through our online store, we collect information needed to process the transaction. This may include billing name and address, order details, and payment information. Payment details (such as credit card numbers) are NOT stored on our servers – payments are handled securely by third-party payment processors (e.g., PayPal) as described below.

  • Cookies and Usage Data: When you visit our site, we use cookies and similar tracking technologies to collect data about your device and how you interact with our website. This includes your IP address, browser type, device information, pages viewed, date/time of visits, and referring website. (See Cookies and Tracking Technologiesbelow for more details.)

We do not intentionally collect any sensitive personal data (such as race, religion, health, or biometric data) or data from children under 13 years old. Our website and services are not directed to children, and we do not knowingly collect information from anyone under the age of 13. If you believe a minor has provided us with personal information, please contact us so we can remove it.

2. How We Collect Your Data

We collect personal data in the following ways:

  • Directly from You: Most information is provided by you voluntarily. For example, when you fill out an event registration form, sign up for our newsletter, purchase merchandise or tickets, create an account, or contact us via a form or email, you provide personal data. We collect and store whatever information you choose to provide in these contexts.

  • Through Our Website (Automatically): When you interact with our site, we automatically collect certain technical data via cookies and other tracking technologies. For instance, we (or our analytics providers) gather data about your visits (such as IP address, browser, and device details, and browsing actions) as you navigate through the pages. This data is collected using cookies, browser web storage, and similar mechanisms.

  • From Third-Party Services: Some data might be collected or shared via third-party services integrated into our site. For example, if you complete a payment via PayPal, we receive confirmation and basic details of that transaction from PayPal. Similarly, if you join our mailing list, your information is collected through our email service provider (Mailchimp). We also use Google Analytics, which collects usage data about our website visitors (see Third-Party Services below). These third parties may collect data directly through their tools (e.g., analytics scripts or payment forms) and share it with us.

  • Cookies and Similar Technologies: As mentioned, our site uses cookies to enhance your experience and gather usage data. Cookies allow us to remember your actions and preferences over time. We also use cookies set by third parties (like Google Analytics) to collect site usage statistics. You have control over cookies – see Cookies and Tracking Technologies for how you can manage or opt out of non-essential cookies.

If you choose not to provide certain personal data (for example, the required information on a registration or order form), we may not be able to fulfill the related service or request – for instance, we might not be able to register you for an event, send you a newsletter, or complete a merchandise order.

3. How We Use Your Data

We use the collected personal data for specific purposes in order to run our events, services, and website effectively. These purposes include:

  • Providing and Managing Services: We use your information to facilitate event participation and memberships (e.g. registering you for competitions or workshops, confirming your attendance, issuing tickets or passes) and to operate our online store (processing and fulfilling your orders, deliveries, or downloads).

  • Communicating with You: We use contact details (like email or phone) to send necessary communications related to the services you have requested. This includes sending confirmations, invoices or receipts, updates about event schedules or changes, and responding to inquiries or support requests you send us.

  • Email Newsletters and Marketing: If you subscribe to our newsletter or explicitly opt in to receive marketing communications, we will use your name and email to send you our newsletter, updates about upcoming events, news about the poetry slam community, and occasional promotional offers. You can unsubscribe from these communications at any time by clicking the unsubscribe link in the email or contacting us. We will not send you promotional emails unless you have given consent (where required by law).

  • Payment Processing and Order Fulfillment: When you make a purchase or pay for an event registration, we use your personal and payment information to process the transaction and deliver the product or service. For example, we use your provided details to process payment via our payment processor (PayPal) and to send you order confirmations or tickets. Payment data is handled securely and in compliance with applicable standards; we do not store full payment card numbers on our systems.

  • Site Analytics and Improvements: We analyze usage data (often in aggregate form) to understand how our website is used and to improve its design, functionality, and content. For instance, knowing which pages are most visited or where users come from helps us optimize the site and plan future content or features. We use analytics tools (like Google Analytics) to conduct this analysis. The information we get from analytics may also help us troubleshoot technical issues and enhance security (by detecting unusual activities).

  • Personalization: To a limited extent, we may use cookies to remember your preferences and settings so that our site can offer a more personalized experience (for example, remembering language preferences or items in your shopping cart).

  • Legal and Administrative Uses: We may process personal data as required for administrative or legal reasons. This includes maintaining proper business records, complying with financial, tax, and accounting obligations, and responding to lawful requests by public authorities. If necessary, we will use personal information to protect our legal rights, prevent misuse of our services, resolve disputes, or enforce our Terms of Service.

  • Safety and Security: Your information may be used to maintain the security of our website and users. For example, we may use certain data (like IP addresses or user account data) to detect and prevent fraud, spam, or abuse, and to ensure the integrity of our events (such as preventing unauthorized access or cheating in competitions).

We will only use your personal data for the purposes for which we collected it, and as explained in this policy. We do notuse your data for any automated decision-making or profiling that has legal or similarly significant effects on you. Specifically, we do not conduct any fully automated processes that would evaluate personal aspects (such as credit scoring, etc.) in a way that produces decisions without human involvement.

If we need to use your information for a new purpose that is not covered by this policy, we will update this Privacy Policy or notify you and, if required, seek your consent.

4. Third-Party Services and Data Sharing

We value your privacy and do not sell your personal information to third parties. However, we do share certain data with third parties in order to operate our services and website. These third parties act either as service providers processing data on our behalf or as independent controllers (such as payment processors) where they need your information to provide a service you requested. Below are the main third-party services we use and how we share data with them:

  • Google Analytics: We use Google Analytics (a web analytics service provided by Google) to collect anonymized information about how visitors use our website. Google Analytics uses cookies to gather usage data (e.g., pages visited, time spent, web browser, and approximate location based on IP address). We have configured Google Analytics to anonymize IP addresses where possible, meaning the last digits of your IP are masked to increase your privacy. The usage information generated by these cookies is transmitted to Google’s servers (which may be in the United States or other countries). Google uses this information on our behalf to compile reports on website activity and usage. This helps us understand website traffic and improve our site. We have a data processing agreement with Google to ensure they handle analytics data in line with GDPR. You can opt out of Google Analytics as described in Cookies and Tracking Technologies below (for example, by rejecting analytics cookies or using Google’s opt-out browser add-on). For more details, you can read Google’s own Privacy Policy which covers Google Analytics data handling.

  • Mailchimp (Email Newsletter Service): We use Mailchimp (an email marketing service) to manage our mailing list and send out newsletters or mass email updates. If you subscribe to our newsletter, the name and email address you provide will be stored on Mailchimp’s servers. We utilize Mailchimp to create and distribute email communications to you. Mailchimp may process your data (e.g., to help us manage subscriber lists and track email open rates or link clicks for our analytics). Mailchimp is a U.S.-based service, and your data may be transferred to or stored on servers in the United States. However, Mailchimp has committed to GDPR compliance and protects data transfers from the EU via approved safeguards (they are certified under the EU-U.S. Data Privacy Framework and also implement Standard Contractual Clauses for data transfers). We will only use your email for sending newsletters if you have opted in, and you can unsubscribe anytime. Mailchimp’s privacy policy is available for you to review when you sign up, and it explains how they handle personal data.

  • PayPal (Payment Processing): We use PayPal as a payment gateway to handle payments for event registrations, donations, or purchases in our online store. When you make a payment on our site, you may be redirected to PayPal or use a PayPal-provided form, where you will provide your payment details (such as credit card number, PayPal account information, or other payment data) directly to PayPal. PayPal processes your payment information securely and only shares with us the data we need to confirm the transaction (such as your name, email, shipping address if relevant, and confirmation that the payment was completed). We do not receive or store your full credit card details from these transactions. PayPal may independently collect and use your information according to their privacy policy (for example, to monitor for fraud or comply with legal obligations). As an international company, PayPal might transfer data to other countries as needed to process transactions and prevent fraud, but they state that they safeguard personal data and comply with applicable data protection laws. Please refer to PayPal’s own privacy notice for further details on how they handle your payment data.

  • Bluehost (Web Hosting): Our website is hosted by Bluehost, which means all data you provide through the site (including personal information and website usage data) is stored on Bluehost’s servers. Bluehost may have access to our server logs and stored data as part of their role in providing hosting and backup services. Bluehost is a US-based hosting provider, but they have data centers in multiple locations. It is possible that your data on our website is stored on servers located outside the European Union (for example, in the United States or other regions). Bluehost has its own privacy and security measures and is subject to data protection requirements. We have ensured that our contract with Bluehost includes appropriate data protection clauses so that your data is handled securely and lawfully. For more details, see Bluehost’s Privacy Policy, which describes how they treat customer website data.

  • Other Service Providers: In addition to the above, we may use other third-party service providers to help us operate our organization and website – for example, cloud storage or backup services, IT support, or analytics/performance tools. We only share data with these providers to the extent necessary for them to perform their functions on our behalf. We ensure that any such providers are bound by confidentiality and data protection obligations (through contracts or terms of service) consistent with this policy and applicable law. They are not permitted to use your data for their own purposes. If in the future we partner with additional third parties that significantly affect your personal data, we will update this Privacy Policy accordingly.

We do not share or disclose your personal information to third parties for their own marketing purposes without your consent. We may share information if required to do so by law or legal process (for example, in response to a court order or government demand), or to establish or exercise our legal rights or defend against legal claims. If our organization is ever involved in a merger, acquisition, or other transfer of assets, your information may be transferred to the successor entity, but it will remain protected by this privacy policy (or you will be notified and given any choice required by law).

5. Legal Bases for Processing Data (GDPR Compliance)

If you are located in the European Economic Area (EEA) or United Kingdom, our processing of your personal data will be justified by one or more legal bases under the GDPR. We only collect and use your data when we have a valid legal basis to do so. These legal bases include:

  • Consent: We will ask for your consent to process certain personal data for specific purposes. For example, we rely on consent to send you marketing emails/newsletters (you can opt-in and unsubscribe at any time) and to place non-essential cookies (like analytics cookies) on your device. Where we ask for consent, you have the right to withdraw that consent later. Withdrawal of consent will not affect the lawfulness of processing already carried out, but it will stop the particular use of your data going forward (e.g., we will stop sending you the newsletter if you withdraw consent).

  • Performance of a Contract: When we need to process your data to fulfill a contract with you or to take steps at your request before entering a contract. For instance, if you register for an event or buy a product from our site, we need to use your personal information (like name, contact, and payment details) to process that registration or purchase, deliver the services or goods, and provide customer support. Similarly, if you join as a member or competitor, we process your data as part of our agreement to provide those membership benefits or event entries. Without this data, we wouldn’t be able to perform our obligations to you.

  • Legal Obligation: We will process personal data when necessary for compliance with a legal obligation to which we are subject. For example, as an organization, we may need to retain and disclose certain transaction records for tax and accounting purposes under Belgian or EU law. If authorities lawfully require personal data (such as for law enforcement or regulatory inquiries), we may be obligated to provide it. Processing under legal obligation is done only to the extent required by the relevant law.

  • Legitimate Interests: We may process your data when it is in our legitimate interests (or those of a third party) to do so, and those interests are not overridden by your data protection rights. A legitimate interest is a business or organizational reason to use information, but one that must be balanced against your rights and expectations. We believe our legitimate interests include things like: improving and securing our website (e.g., analyzing usage to enhance user experience, and using data to prevent fraud or attacks); communicating with our supporters and participants (e.g., sending updates about events you’ve attended in the past, unless you opt out); and promoting our mission of supporting the global slam poetry community. When relying on this basis, we will always consider your rights and ensure we don’t infringe on your privacy in a way that’s disproportionate. You have the right to object to processing based on legitimate interests (see Your Rights below). If you object, we will consider your request and stop or adjust the processing unless we have a compelling legitimate ground that overrides your objection or if the processing is needed for legal claims.

We do not typically rely on “public interest” or “vital interests” as bases for processing in the context of our normal activities. If we ever process personal data under those bases (for example, vital interest might apply in a life-threatening emergency situation at an event), we will let you know. The primary bases we use are the four listed above (Consent, Contract, Legal Obligation, Legitimate Interests).

6. Data Retention Practices

We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements. In general, this means:

  • Account and Registration Data: If you register for an account on our site or sign up for an event, we will retain your information for as long as your account is active or as long as needed to administer the event and any related services. If you discontinue your account or after the event ends, we may retain your data for a reasonable period in case you participate in future events, or to keep historical records of event participation. You may request deletion of your account data at any time (see Your Rights below), and we will honor such requests in accordance with applicable law.

  • Newsletter Subscription: We keep your email address and related subscription data until you unsubscribe from our mailing list. If you opt out from marketing emails, we will remove you from the list promptly, but may keep a record of your unsubscribe request to ensure we respect your choice in the future.

  • Transaction and Payment Records: We retain records of purchases, donations, and event payments for as long as needed to complete the transaction and then as required for financial reporting and audits. For example, we may retain invoice and payment details for a number of years as mandated by tax law (in Belgium, financial records are often kept for 7 to 10 years). Even if you request deletion of your data, we might need to keep certain financial records to comply with legal obligations. However, any retained records will be stored securely and not used for other purposes.

  • Communication Data: If you contact us (via email or contact forms), we may keep those communications and our responses for a period of time to handle your inquiry and for our internal training or quality assurance. Typically, routine correspondence is retained for a couple of years at most, unless it contains information we need to keep for legal reasons (e.g., evidence of consent or complaints).

  • Website Usage Data: Analytics data collected via Google Analytics and other tracking tools may be retained in aggregated form for longer periods (to identify long-term trends), but personal data points (like IP addresses) are typically anonymized or deleted after a shorter period. For example, we might set Google Analytics to retain user-level data for 14 months (or a similar standard period), after which it is automatically deleted from Analytics servers. Any usage logs on our own servers (like web server logs capturing IP addresses) are typically rotated and deleted within a few months, unless we need to retain them longer for security analysis.

  • Legal Holds: If any personal data is needed to resolve disputes, enforce our agreements, or comply with legal obligations (such as an official investigation), we will retain that data as long as necessary for those purposes.

Once the retention period expires or the purpose of processing has been fulfilled, we will either securely delete your personal data or anonymize it (so it can no longer be associated with you). If deletion or anonymization is not immediately feasible (for example, because the data is stored in backup archives), we will securely store the data and isolate it from any further use until deletion is possible.

7. Your Privacy Rights (GDPR and CCPA)

You have important privacy rights regarding your personal data. Depending on your location and the applicable law, your rights may include those under the GDPR (for individuals in the EU/EEA and equivalent jurisdictions) and under the CCPA (for California residents). We honor all applicable rights and provide similar controls to all our users as far as possible. Below, we outline these rights and how you can exercise them:

If you are in the EU/EEA (GDPR Rights):
Under the GDPR, you have the following rights with respect to your personal data:

  • Right to Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to receive a copy of the personal data we hold about you. This helps you understand what information we have and how we use it.

  • Right to Rectification: If any personal data we have about you is incorrect or incomplete, you have the right to request that we correct or update it. We encourage you to contact us to keep your information accurate and up-to-date (for example, if you change your email address).

  • Right to Erasure: Commonly known as the “right to be forgotten,” this gives you the right to ask us to delete or remove your personal data. You can request erasure, for instance, if the data is no longer necessary for the purpose it was collected, if you have withdrawn your consent (where consent was the legal basis), or if you object to our processing (and we have no overriding legitimate grounds to continue). We will honor valid erasure requests and will also direct any service providers holding that data on our behalf to delete it, subject to any legal obligations to retain data. Please note that some data cannot be deleted if we are required to keep it by law (e.g., transaction records needed for tax) – in such cases, we will inform you.

  • Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain circumstances. For example, if you contest the accuracy of your data, you can ask us to “freeze” its use until the issue is resolved. Similarly, if we no longer need the data but you want us to keep it for a legal claim, you can request restriction. When processing is restricted, we will store your data securely and not use it until the restriction is lifted (unless for legal reasons).

  • Right to Data Portability: You have the right to obtain a copy of certain personal data in a commonly used, machine-readable format, and to have that information transmitted to another controller where technically feasible. This right applies to personal data you provided to us, which we process by automated means, and which we process based on your consent or a contract with you. For example, if you provided us with a set of data, you may request us to export it in a CSV file for portability.

  • Right to Object: You have the right to object to our processing of your personal data when the processing is based on legitimate interests (or performed in the public interest). If you object on grounds relating to your particular situation, we will consider your objection and stop or adjust the processing unless we have compelling legitimate grounds to continue (such as a legal requirement). You also have an unconditional right to object to your data being used for direct marketing purposes. If at any time you prefer not to receive marketing emails or newsletters from us, you can opt out and we will honor that (as noted above).

  • Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the legality of any processing we conducted prior to your withdrawal. For example, you can unsubscribe from our newsletter (withdrawing consent for email marketing), and we will stop that use of your data.

  • Right to Not Be Subject to Automated Decisions: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significant effects for you. As noted, we do not engage in such automated decision-making. If that changes, we will inform you and ensure any such processing complies with the law and your rights.

To exercise any of your GDPR rights, you can contact us at the contact details provided below. We may need to verify your identity before fulfilling your request (to ensure we don’t disclose data to the wrong person). We will respond to your request within one month, or inform you if we need more time. There is generally no fee for exercising these rights, but if a request is unfounded or excessive (e.g., repetitive), we may charge a reasonable fee or refuse the request as permitted by law. Additionally, you have the right to lodge a complaint with a Data Protection Authority (DPA) if you believe our handling of your personal data violates the GDPR. For example, you can contact the Belgian Data Protection Authority (since we are based in Belgium) or your local DPA in the EU/EEA. We would, however, appreciate the chance to address your concerns directly before you approach a regulator, so please feel free to reach out to us first.

If you are a California Resident (CCPA Rights):
While we are a Belgium-based non-profit organization and may not squarely fall under the CCPA’s jurisdiction in all cases, we are committed to respecting the privacy rights of our users, including those in California. Under the California Consumer Privacy Act (CCPA) (as amended by the CPRA), California residents have the following rights regarding their personal information**:**

  • Right to Know: You have the right to request that we disclose what personal information we collect, use, and share about you. This includes the categories of personal information we have collected, the categories of sources of that information, the business or commercial purposes for collecting it, the categories of third parties with whom we share personal information, and the specific pieces of personal information we have collected about you. Much of this information is provided in this Privacy Policy itself. However, you can also request a more detailed report from us on the personal data specific to you that we have collected and retained in the past 12 months.

  • Right to Delete: You have the right to request that we delete personal information we have collected from you (and direct our service providers to do the same). Upon a verified request, we will delete your personal data from our records, unless an exception applies. For instance, we may retain information that is necessary to complete a transaction you requested, detect security incidents, comply with legal obligations, or other limited purposes allowed by the CCPA. We will inform you of any such exceptions that apply to your request.

  • Right to Correct: (Effective with the California Privacy Rights Act amendments) You have the right to request correction of inaccurate personal information that we hold about you. If you believe any of your information is incorrect, please let us know and we will rectify it if required.

  • Right to Opt-Out of Sale or Sharing: The CCPA gives you the right to opt out of the “sale” of your personal information to third parties (or the sharing of personal information for cross-context behavioral advertising). Note:We do not sell personal information to third parties for monetary consideration. We also do not share your personal information for targeted advertising in a way that falls under the CCPA’s definition of “sharing.” Therefore, there is no need for you to opt out as we do not engage in these practices. If that ever changes, we will provide a clear “Do Not Sell or Share My Personal Information” option.

  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. This means, for example, we will not deny you our services, charge you a different price, or provide a lesser quality of service just because you exercised your privacy rights under California law. Any financial incentive (if we ever offer one) related to your personal information will be permitted only if it complies with the law and you will be given appropriate notice and the chance to opt in to such program.

To exercise your CCPA rights to know, delete, or correct, you (or an authorized agent acting on your behalf) can contact us through the methods listed in Contact Us below. We will need to verify your identity (or your agent’s authority) before processing your request, which may involve asking you to provide certain information to match what we have on file. We aim to respond to California privacy requests within 45 days as required by law (with the possibility to extend by another 45 days with notice if needed). If we cannot fulfill your request, we will explain the reasons in our response.

Global Privacy Choices: Regardless of your location, we strive to give all our users control over their personal data. Even if you are not covered by GDPR or CCPA, you can request access, correction, or deletion of your data by contacting us, and we will do our best to accommodate your request, subject to any legal obligations. We believe in transparency and fairness in data practices for everyone.

8. Cookies and Tracking Technologies

What Are Cookies? Cookies are small text files that are placed on your computer or device when you visit a website. They allow the site (or a third party) to recognize your device and store information about your preferences or past actions. Similar technologies include web beacons, pixels, local storage, and scripts – for simplicity, we refer to all of these as “cookies” in this policy.

How We Use Cookies: We use cookies and similar tracking technologies on worldpoetryslam.org for several purposes:

  • Essential Cookies: These are necessary for our website to function properly. For example, if our site has a login area or a shopping cart, essential cookies would enable you to stay logged in securely or remember the items in your cart. These cookies do not require consent as they are needed to provide the service you requested.

  • Preferences Cookies: These cookies (if used) remember your choices and preferences to provide a more personalized experience. For instance, a preferences cookie might remember your language selection or other custom settings so you don’t have to set them every time.

  • Analytics Cookies: We use Google Analytics cookies to collect information about how visitors use our site. These cookies gather data on pages visited, time spent, interactions and referral sources. The information is aggregated and not used to identify you directly. It helps us analyze website traffic and user behavior to improve our content and user experience. We have configured analytics to anonymize data where possible (such as truncating IP addresses) to protect your privacy. We only set analytics cookies on your device if you have given consent through our cookie notice or settings (as required by law in the EU).

  • Third-Party Cookies: In addition to Google Analytics, other third-party services integrated into our site may set their own cookies. For example, if we embed videos (e.g., from YouTube) or social media content, those platforms might set cookies. If you click on share buttons or use social login (if available), the social network may set cookies to remember your login and track interaction. Also, our payment provider (PayPal) could set cookies on its pages or when returning to our site after payment, for fraud prevention and security. We do not control these third-party cookies, but we want to make you aware they may be present. Each third-party’s privacy policy will cover how they use cookies (e.g., Google’s and PayPal’s privacy policies).

Cookie Consent and Control: On your first visit to our site (and periodically thereafter), you may see a cookie consent banner or notice that allows you to accept or reject certain cookies. Where required by law, we will not set non-essential cookies (like analytics) unless you opt in. You have the right to choose whether to accept cookies. Please note that if you disable certain categories of cookies (especially essential ones), some features of the site may not work correctly or your experience may be degraded.

Here are ways you can manage cookies:

  • Browser Settings: Most web browsers allow you to control cookies through their settings. You can typically set your browser to refuse new cookies, delete existing cookies, or notify you when a new cookie is being set. However, note that if you block all cookies (including essential cookies), portions of our site may not function properly. Each browser is different, so check your browser’s help or privacy settings to learn how to manage cookies.

  • Opt-Out Mechanisms: For analytics cookies, you can opt out directly. For example, Google Analytics offers an opt-out browser add-on that you can install to prevent your data from being used by Google Analytics on any site 【This is provided by Google】. We also respect the “Do Not Track” setting on your browser; if your browser is configured to send a Do Not Track signal, our site will try to honor it for analytics (though note that not all services change behavior based on DNT).

  • Third-Party Opt-Outs: If third-party cookies are in use, check if those third parties offer their own opt-out choices. For instance, you can manage Google’s advertising cookies at Google’s Ad Settings, and you can learn about how to opt out of targeted ads from various advertisers via websites like the NAI Opt-Out page or Your Online Choices (for EU users). While our site doesn’t serve targeted ads, these tools can control cookies set by many third-party services.

For more detailed information about the cookies and tracking technologies we use, you can refer to our Cookies Policy (if available) or contact us with any questions. We aim to be transparent about our use of cookies so you can make informed choices.

9. International Data Transfers

Because our organization is based in Belgium (within the European Union), the personal data we collect is generally stored and processed within the EU. However, some of the third-party services we use are located outside of the EU/EEA, which means your personal data may be transferred to and processed in countries outside your own. In particular:

  • United States: Several of our service providers (such as Google Analytics, Mailchimp, PayPal, and our hosting provider Bluehost) are U.S.-based or may store data on servers in the United States. This means your personal data (names, contact info, website usage data, etc.) might be transferred to the U.S. for processing or storage.

  • Other Countries: Some of our partners or service providers might use servers or personnel in other countries (for example, Mailchimp and Google also have global infrastructure, and our team members or event partners might access data remotely from different countries). While we primarily operate in Belgium, the “international” nature of the internet and our global poetry community means data could cross borders.

When we transfer personal data outside of the European Economic Area (EEA) or other regions with data protection laws, we take steps to ensure that appropriate safeguards are in place to protect your information. Our goal is to ensure that your data is afforded an equivalent level of protection as it would be under EU privacy laws. The measures we rely on include:

  • Adequacy Decisions: Where we transfer data to a country that the European Commission has recognized as providing an adequate level of data protection, we rely on that adequacy decision. (For example, countries in the EEA, and certain others approved by the EU, are considered adequate.)

  • Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision (such as the United States prior to July 2023), we have agreements in place that incorporate the European Commission’s Standard Contractual Clauses. These are contractual commitments between companies transferring personal data, obligating the recipient to protect the data according to EU standards. For instance, our contracts with Mailchimp and Bluehost include SCCs to cover EU-US data transfers.

  • EU-U.S. Data Privacy Framework: Some of our U.S. service providers have certified under the new EU-U.S. Data Privacy Framework (DPF) (which replaced the former Privacy Shield). For example, Mailchimp and Google are certified to the DPFpolicies.google.compolicies.google.com, indicating they commit to protect EU personal data to a standard comparable to EU law. Transfers to such certified organizations are thus safeguarded by that framework.

  • Other Measures: We also assess our providers’ security practices and privacy policies to ensure they meet our standards. We limit the personal data shared to what is necessary. In some cases, we may use encryption or pseudonymization for data transfers. We continually monitor legal developments regarding international data transfers (such as court rulings or new guidance) and will adjust our practices if needed to remain compliant.

By using our website or services and submitting your personal data, you understand that it may be transferred and stored in countries outside of your own. Nevertheless, we want to assure you that no matter where your data is processed, we will take appropriate measures to protect it in line with this Privacy Policy. If you have questions about international data transfers or need more information about the safeguards we have in place, please contact us.

10. Security Measures

We take security seriously and have implemented reasonable and appropriate technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encryption: Our website is encrypted using SSL/TLS technology, which means that information transmitted between your browser and our site (such as form submissions) is encrypted in transit. You can verify this by looking for the padlock icon in your browser’s address bar and the “https” in our URL. We also encourage you to use strong, unique passwords for any accounts and to keep your login credentials confidential.

  • Access Controls: We restrict access to personal data to authorized personnel and service providers who need it to perform their jobs. Our team members and volunteers who handle personal data are informed about data privacy and are required to handle your data confidentially. Administrative access to our website and databases is protected with authentication measures (such as passwords and, where possible, two-factor authentication) to prevent unauthorized entry.

  • Data Storage Security: The servers and systems where your data is stored (such as those provided by Bluehost) have security measures in place, including firewalls, regular security audits, and intrusion detection systems. We rely on reputable hosting and service providers who adhere to industry standards for physical and network security. Regular backups of the site data are performed to prevent data loss, and these backups are secured as well.

  • Payment Security: For payments, as noted, we use third-party processors like PayPal, which are PCI-DSS compliant and specialize in secure payment processing. They use encryption and other security measures to protect your payment information. We do not store sensitive payment details on our systems.

  • Monitoring and Testing: We periodically review our security procedures and update them as needed to address new threats. We may use security scanning tools, keep our software (like our website platform, CMS, and plugins) up to date to patch vulnerabilities, and monitor for potential security breaches or unauthorized access attempts. In addition, if we detect any suspicious activity or receive vulnerability reports, we act promptly to investigate and mitigate any issues.

  • Organizational Policies: We have internal policies and training in place to ensure that anyone who handles personal data does so with care. This includes proper data handling procedures, incident response plans, and confidentiality agreements where appropriate.

Despite all these measures, it’s important to note that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security. However, we will continuously work to strengthen our security posture. In the unfortunate event of a data breach that affects your personal data, we will follow all applicable breach notification laws – including notifying you and relevant authorities (such as the Belgian Data Protection Authority) when required by law, and taking steps to remediate the issue.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how your personal information is handled, please do not hesitate to contact us. We are here to help and address any issues you might have.

You can reach us in the following ways:

  • By Email: Send us an email at info@worldpoetryslam.org for any privacy-related inquiries or requests (such as data access or deletion requests).

  • By Mail: You may also write to us at our organizational address:
    World Poetry Slam Organization (WPSO)
    Rue Frédéric Mohrfeldstraat 65,
    1090 Jette, Brussels,
    Belgium.

Attn: Data Privacy Officer (or “Privacy Inquiry”) – Please include attention to privacy so we can direct your mail appropriately.

  • By Contact Form: Alternatively, you can use the contact form on our website’s Contact Us page. Please mention that your inquiry is related to privacy or data protection.

We will endeavor to respond to your questions or requests as soon as possible, and within any timeframe required by applicable law. If you make a request to exercise your data rights (as described in Section 7 above), we may need to verify your identity for security purposes, and then we will inform you of the actions taken or any further information we need.

12. Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will post the updated policy on this page and update the “Last Updated” date at the top. If the changes are significant, we may also provide a more prominent notice (such as by email notification or a notice on our homepage) to inform you of the update.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services after any modifications to this policy will constitute your acknowledgment of the changes and agreement to be bound by the updated policy.

Thank you for reading our Privacy Policy. We value your trust and are dedicated to protecting your personal data while you engage with the World Poetry Slam Organization’s events and community.