Table of Content

1. PRIVACY POLICY
   1. Compliance Requirements Summary
   2. Who We Are and What This Policy Covers
   3. What Personal Information We Collect
   4. How We Use Your Personal Information
   5. How We Share Your Personal Information
   6. International Data Transfers
   7. Your Privacy Rights
   8. Data Security and Retention
   9. Cookies and Tracking Technologies
   10. Children’s Privacy
   11. Changes to This Privacy Policy
   12. Contact Information and Complaints
   13. Contact
   14. Footnotes and Official Sources
   15. Privacy Policy Summary Free Download

---

PRIVACY POLICY

Last Updated: May, 2025

We protect your privacy while building a world of global citizenship for everyone.

Who We Are and What This Policy Covers

Summary: We’re a Spanish organization promoting global citizenship, and this policy explains how we handle your personal information worldwide.

We are WoliloM, a civil society organization based in Spain, dedicated to advancing global citizenship rights for all humanity. This Privacy Policy describes how we collect, use, protect, and share your personal information when you visit our website, join our community, participate in our programs, or otherwise interact with our global citizenship movement.

Data Controller Information:

• Name: WoliloM
• Email: wolilom.whorld@gmail.com

This policy applies to all users worldwide and complies with applicable privacy laws in your jurisdiction, including but not limited to GDPR, CCPA, LGPD, PIPL, PIPEDA, POPIA, and other relevant data protection regulations.

What Personal Information We Collect

Summary: We collect information you give us directly, information from your device when you visit our site, and information from third parties when you use social login features.

Information You Provide Directly:

• Contact Information: Name, email address, phone number, mailing address
• Account Information: Username, password, profile preferences
• Participation Data: Survey responses, event registrations, volunteer applications
• Communication Data: Messages, comments, forum posts, feedback
• Donation Information: Payment details (processed securely by third-party providers)
• Employment/Skills Data: Professional background, expertise areas, languages spoken

Information Collected Automatically:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent, click patterns, referral sources
• Location Data: General geographic location (country/region level)
• Cookie Data: Preferences, login status, analytics data (see Cookie Policy)

Information from Third Parties:

• Social Media Login: Profile information when you connect via Facebook, Google, LinkedIn
• Partner Organizations: Information from affiliated global citizenship groups (with consent)
• Public Databases: Publicly available information about organization leaders or public figures

How We Use Your Personal Information

Summary: We use your information to provide our services, communicate with you, improve our platform, comply with legal obligations, and advance global citizenship advocacy.

Primary Purposes:

• Service Delivery: Providing access to our platform, resources, and community features
• Communication: Sending newsletters, updates, event invitations, and movement news
• Community Building: Facilitating connections between global citizenship advocates
• Event Management: Processing registrations, managing attendance, following up
• Advocacy Campaigns: Coordinating policy advocacy and awareness initiatives
• Research & Analysis: Understanding movement impact and improving our effectiveness

Legal Bases (GDPR Article 6):

• Consent: Marketing communications, optional surveys, social media integration
• Contract Performance: Delivering services you’ve requested, processing donations
• Legitimate Interests: Website analytics, security, movement advocacy, research
• Legal Obligation: Tax reporting, regulatory compliance, law enforcement requests
• Vital Interests: Emergency situations affecting human rights or safety

Special Categories of Data:

We may process political opinions, philosophical beliefs, or trade union membership data only with explicit consent or where permitted by law for advocacy purposes.

How We Share Your Personal Information

Summary: We don’t sell your data, but we may share it with service providers, partners, and authorities when legally required or necessary for global citizenship advocacy.

We Share Information With:

• Service Providers: Cloud hosting, email delivery, payment processing, analytics
• Partner Organizations: Allied global citizenship groups (with opt-in consent only)
• Legal Authorities: When required by law, court order, or to protect rights
• Professional Advisors: Lawyers, accountants, consultants bound by confidentiality
• Successors: In case of merger, acquisition, or organizational restructuring

We Do NOT:

• Sell personal information to commercial data brokers
• Share sensitive data without explicit consent
• Transfer data to countries without adequate protection (see Section 6)
• Use personal information for discriminatory profiling

Public Information:

Some information may be publicly visible (forum posts, public event attendance, testimonials) only with your explicit consent and clear notice.

International Data Transfers

Summary: We may transfer your data globally to provide our services, but we use strong protections to keep it safe.

As a global movement, we may transfer personal information outside your country of residence, including to:

• Cloud service providers in various jurisdictions
• Partner organizations worldwide for collaborative projects
• Service providers for technical support and operations

Transfer Safeguards:

• EU Standard Contractual Clauses for transfers outside the EEA
• Adequacy Decisions where available (UK, Canada, etc.)
• Binding Corporate Rules for multinational service providers
• Derogations only for essential advocacy activities with explicit consent

China PIPL Compliance: For data subjects in China, we implement additional protections including data localization where required and security assessments for cross-border transfers.

Your Privacy Rights

Summary: You have strong rights to control your personal information, including accessing, correcting, deleting, and restricting how we use it.

Universal Rights (Available to All Users):

• Access: Request copies of your personal information
• Rectification: Correct inaccurate or incomplete data
• Deletion: Request removal of your personal information
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests
• Restriction: Limit how we process your data in certain circumstances

Additional Rights by Jurisdiction:

GDPR/UK GDPR (EU/UK Residents):

• Right to withdraw consent at any time
• Right to object to automated decision-making
• Right to lodge complaints with supervisory authorities

CCPA/CPRA (California Residents):

• Right to know what personal information is collected and sold
• Right to delete personal information
• Right to opt-out of sale of personal information
• Right to non-discrimination for exercising privacy rights
• Right to correct inaccurate personal information
• Right to limit use of sensitive personal information

LGPD (Brazil Residents):

• Right to confirmation of processing existence
• Right to anonymization, blocking, or elimination
• Right to data portability to another service provider

PIPEDA (Canada Residents):

• Right to access personal information held by organizations
• Right to challenge accuracy and completeness

Data Security and Retention

Summary: We use strong security measures to protect your information and only keep it as long as necessary.

Security Measures:

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access, multi-factor authentication, regular audits
• Infrastructure: Secure cloud hosting with ISO 27001 certified providers
• Monitoring: Continuous security monitoring and incident response procedures
• Training: Regular staff training on data protection and security practices

Data Retention:

• Active Users: Personal information retained while account is active
• Inactive Accounts: Automatic deletion after 3 years of inactivity
• Marketing Data: Removed immediately upon unsubscribe request
• Legal Requirements: Some data retained longer for compliance (e.g., donation records)
• Legitimate Interests: Anonymous analytics data may be retained indefinitely

Data Breach Response:

• Detection: 24/7 monitoring and automated alerts
• Notification: Supervisory authorities notified within 72 hours when required
• User Notification: Direct notification for high-risk breaches
• Remediation: Immediate containment and remediation procedures

Cookies and Tracking Technologies

Summary: We use cookies to make our website work better and understand how people use it, but you can control these settings.

Types of Cookies:

• Essential Cookies: Required for basic website functionality (login, security)
• Analytics Cookies: Help us understand website usage patterns (Google Analytics)
• Marketing Cookies: Enable personalized content and advertising
• Social Media Cookies: Allow social sharing and embedded content

Cookie Management:

• Consent Banner: Clear opt-in choices for non-essential cookies
• Cookie Settings: Granular controls accessible from all pages
• Browser Controls: Instructions for managing cookies in major browsers
• Do Not Track: We respect Do Not Track signals where technically feasible

Third-Party Services:

• Google Analytics: Website usage analysis (with IP anonymization)
• Social Media Plugins: Facebook, Twitter, LinkedIn sharing buttons
• Video Embedding: YouTube, Vimeo video content
• Email Marketing: Open/click tracking in newsletters (with opt-out)

Children’s Privacy

Summary: We don’t knowingly collect information from children under 16, and we have special protections for young users.

We do not knowingly collect personal information from children under 16 years of age without parental consent. If we discover we have collected information from a child under 16:

• We will delete the information immediately
• We will not use it for any purpose
• We will not disclose it to third parties

For Young Advocates (13-18):

• Parental Consent: Required for users under 16 in EU, under 13 in US
• Limited Data Collection: Only information necessary for safe participation
• Enhanced Protection: Additional security measures and content moderation
• Educational Focus: Age-appropriate global citizenship educational content

Changes to This Privacy Policy

Summary: We’ll notify you clearly when we make important changes to how we handle your information.

We may update this Privacy Policy to reflect:

• Changes in our data processing practices
• New legal requirements or regulatory guidance
• Enhanced privacy protection measures
• Feedback from our global community

Notification Methods:

• Email: Direct notification to active users for material changes
• Website Banner: Prominent notice on our homepage
• Version History: Archive of previous policy versions available
• Effective Date: 30 days advance notice for substantial changes

Contact Information and Complaints

Summary: Contact us anytime with privacy questions, and know your rights to file complaints with authorities.

Contact Us:

Data Protection Officer:

• Website: http://www.aepd.es
• Email:  dpd@agpd.es 
• Phone: +34 901 100 099 / +34 91 266 35 17
• Address: C/ Jorge Juan, 6, 28001 Madrid, Spain

General Privacy Inquiries:

• Email: wolilom.whorld@gmail.com
• Response Time: 30 days (may be extended to 60 days for complex requests)
• Contact Form:

Supervisory Authorities:

Spain (Primary):

• Agencia Española de Protección de Datos (AEPD)
• Website: www.aepd.es
• Email: consultas@aepd.es

Other Jurisdictions:

• EU: Your local Data Protection Authority
• UK: Information Commissioner’s Office (ico.org.uk)
• California: California Privacy Protection Agency (cppa.ca.gov)
• Canada: Office of the Privacy Commissioner (priv.gc.ca)

Complaint Resolution:

1. Internal Resolution: We aim to resolve complaints within 30 days
2. Mediation: Alternative dispute resolution where available
3. Regulatory Complaint: Right to lodge complaints with supervisory authorities
4. Legal Remedies: Court action where permitted by applicable law

---

Footnotes and Official Sources

Core EU/Spanish Legislation:

1. GDPR (EU 2016/679): https://eur-lex.europa.eu/eli/reg/2016/679/oj
2. Spanish LOPDGDD (Organic Law 3/2018): https://www.boe.es/eli/es/lo/2018/12/05/3
3. Spanish LSSI (Law 34/2002): https://www.boe.es/eli/es/l/2002/07/11/34
4. UK GDPR & Data Protection Act 2018: https://www.legislation.gov.uk/ukpga/2018/12

International Privacy Laws:

5. CCPA (California Consumer Privacy Act): https://oag.ca.gov/privacy/ccpa
6. Brazil’s LGPD (Lei Geral de Proteção de Dados): http://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm
7. China’s PIPL (Personal Information Protection Law): http://www.npc.gov.cn/npc/c30834/202108/a8c4e3672c74491a80b53a172bb753fe.shtml
8. Canada’s PIPEDA: https://laws-lois.justice.gc.ca/eng/acts/P-8.6/
9. South Africa’s POPIA: https://www.gov.za/documents/protection-personal-information-act
10. Japan’s APPI: https://www.ppc.go.jp/en/legal/

Additional Resources:

11. European Data Protection Board Guidelines: https://edpb.europa.eu/our-work-tools/general-guidance_en
12. Spanish Data Protection Agency (AEPD): https://www.aepd.es/en
13. International Association of Privacy Professionals: https://iapp.org/
14. Privacy International: https://privacyinternational.org/
15. Future of Privacy Forum: https://fpf.org/

Technical Standards:

Privacy by Design Principles: https://www.ipc.on.ca/wp-content/uploads/resources/7foundationalprinciples.pdf

ISO/IEC 27001 Information Security: https://www.iso.org/isoiec-27001-information-security.html