Our Commitment
As a Netherlands-registered organization, ODINT is subject to the General Data Protection Regulation (GDPR). We are committed to protecting personal data and ensuring that our research practices respect individual privacy rights while serving the public interest.
Data Protection Principles
- Lawfulness: We process data only when legally justified
- Purpose Limitation: Data is collected for specific, legitimate purposes
- Data Minimization: We collect only what is necessary
- Accuracy: We keep data accurate and up to date
- Storage Limitation: Data is retained only as long as necessary
- Security: Data is protected with appropriate technical measures
Types of Data We Process
Research Data
Our research involves documenting publicly exposed government infrastructure. This may include IP addresses, domain names, server configurations, and publicly accessible documents. We do not deliberately collect personal data of private individuals in our research.
Contact Information
When you contact us, submit tips, or sign up for updates, we collect the information you provide (email addresses, names, organizational affiliations). This data is used solely for communication purposes.
Website Analytics
We use privacy-respecting analytics that do not track individual visitors. We do not use cookies for tracking purposes. See our Privacy Policy for details.
Legal Basis for Processing
We process personal data under the following legal bases:
- Legitimate Interest: Research in the public interest for government accountability
- Consent: When you voluntarily provide information to us
- Legal Obligation: When required by law
Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your data
- Right to Restrict Processing: Request limitation of data processing
- Right to Data Portability: Receive your data in a portable format
- Right to Object: Object to processing based on legitimate interests
Data Security Measures
We implement appropriate technical and organizational measures to protect personal data:
- Encryption of data at rest and in transit
- Access controls limiting data access to authorized personnel
- Secure communication channels for sensitive information
- Regular security assessments of our infrastructure
- Staff training on data protection practices
International Transfers
Our team operates globally. When data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place, including Standard Contractual Clauses where applicable.
Data Protection Contact
For data protection inquiries, requests to exercise your rights, or complaints, contact us at contact@odint.org. Include "Data Protection" in the subject line.
You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.