NLnet foundation Privacy Statement
We are delighted that you are visiting our website and even spend some time reading this rather obscure page in which we outline our approach to privacy. The security and privacy of the people we interact with is something which we care about a great deal. We appreciate your vigilance, because talking about the importance of privacy and actually acting on it consistently are two different matters. If you are looking for inspiration and best practises while setting up your own privacy policy and writing a privacy statement, please feel free to reuse: the content of this privacy statement is available under a CC0 license.
Your data (and behaviour) isn't just "safe with us"
If you are just a regular user of our site, your data isn't just safe with us, because typically it isn't with us - period. As a mere visitor of our website, you should be perfectly safe. We do not set any cookies of any type, do not use any third party resources/assets and do not employ any trackers. We host this website with a trusted party inside the Netherlands, a person we know with servers we can physically touch if we want to. We do not embed third party content on our website, neither video content nor social media. We do not ask you to register your details to read anything we write - our mailing list archives are open, and so is the content on our site. We want to know nothing about you, unless you tell us yourself. We encourage the use of pseudonyms.
Use of Javascript and browser API's
Our website is served as plain HTML and CSS over HTTPS. We do not enforce the user to allow us to run ECMAscript/Javascript or proprietary technologies such as Flash on their devices. All content is available without any plugin or scripting. We offer an optional client-side open source viewer (ViewerJS) to read PDF and OpenDocument Format documents, to support those that do not have the adequate software for viewing those files otherwise.
We do not fingerprint your devices in any way, or send out audio beacons to do cross-device identification. We disallow embedding our website in other websites, in order to prevent click-jacking attacks. The custom search facility of our website is a story in itself, as we deploy zero leak search - we are technically unable to see what you search for on our site. The logs on our webserver are used only for technical purposes, and are rotated (wiped) every two weeks.
Submission of projects and questions
If you explicitly ask us for financial or other support through our application system or our contact form, at some point we obviously do need some information from you - if only to contact you back or make a payment. Feel free (like others have done before) to initially use an alias and a temporary email address and share a valid public PGP key. We will use PGP to encrypt any further communication. You can also write us a physical letter, or contact us through other channels such as SIP, XMPP or Matrix. Note that if you request a copy of your application, this is sent to the mail address you yourself provided. We assume you have a better understanding of who has access to the associated mailbox and/or can observe mail server traffic than us, but just to remind you. We do store our mail on our own mail server.
When you approach us, please inform us of any specific security and privacy constraints you have, and we will try to accommodate this to the best of our abilities - or tell you we are not able to do so. That at least gives you the choice to continue your interaction with us or not. By submitting information to us, you obviously expect us to use that information within the mission of our organisation (to promote the exchange of electronic information and all that is related or beneficial to that purpose
).
NGI/NGI Zero related calls
For project submissions to programmes related to the Next Generation Internet calls, such as the NGI Assure, and the various NGI0 programmes we have a somewhat different situation from all other project calls. These funds are part of a subgranting scheme set up by the European Commission, and are paid for by public money. Unlike the private funds we manage, we cannot be as discrete as we would like - but we believe the additional budget justifies this tradeoff. We explicity mention this in the application form, and by submitting to one of those calls you grant us permission to share some information with the independent review committee, with our partner organisations as well as some management information with the European Commision and its project review committee about projects receiving grants from these calls. Rest assured that we do our best to keep this to an absolute minimum, and none of those parties are allowed to retain or share that information with others without your explicit consent.
Other calls
For our other calls we never share any personal information with any other legal entity unannounced for any purpose without your express permission. We may point others to a public resource you yourself have made available (like a personal website). NLnet is a public benefit organisation that thrives on connecting people with aligned goals serving the public good, and we hope you trust us in keeping your contact details close to our chest. This allows us to approach you if a future opportunity arises. We will never send out any automated mass mailings or similar messages - if there is some effort we believe you will benefit from, we will contact you one on one through the contact details you chose to leave with us.
Please keep us posted if your contact information changes, and notify us at any point that you want us to remove your information. We will do so swiftly.
Donations and payments
If you want to make a donation to support our work, or if we make a donation to your cause, please note that bank records unfortunately are not very private. Every payment you make via a bank will leave a trace, and this is mandatorily kept on record for a number of years - not just by us, but by banks involved as well. This data is known to be shared beyond national boundaries and can thus be used for unknown purposes outside of our and your jurisdiction. While this is unlikely to be a risk to most of you, for some people this may be more complex.
We therefore also support donations made with various cryptocurrencies, in which case we do not have access to any personal information unless you explicitly share it with us through some other channel.
Can we do better?
If you think we can better serve your privacy, please tell us how. We want to lead by example, and we depend on the experts and communities we work with to help us achieve that goal.