PartnerStandard Council – Privacy Policy

Effective Date: 1 September 2025

This Privacy Policy explains how PartnerStandard Council (“we”, “us”, “our”) collects, uses, discloses, and protects personal data when you use our invitation-only platform for collaborative standards development (the “Council” or “Services”), or otherwise interact with us.

1. Who We Are

Service: PartnerStandard Council - Invitation-only platform for industry experts
Legal form: Sole proprietorship (autónomo) registered in Spain
Address: Bernhard Friedrichs - PartnerStandard Council, C/Cronista Carreres 10, 46003, València, Spain
Tax/VAT number (NIF‑IVA): ESX7526216H
Email: privacy@partnerstandard.com

2. Scope of this Policy

This Policy covers personal data processed through:

The Council platform and all associated subdomains
Invitation and member management systems
Published standards and attribution records
Support and communication channels

3. Categories of Personal Data We Collect

Category	Typical Examples	Source
Profile Data	Name, email, company, title, expertise areas, bio	Provided at registration or profile completion
Contribution Data	Definitions, votes, comments, collaborative articles	Created by members during participation
Activity Data	Login times, contributions count, badges earned, statistics	Automatically tracked during platform use
Invitation Data	Inviter details, invitation date, invitation status	Generated when invitations are sent/received
Technical Data	IP address, browser type, device information	Automatic server logs

4. Purposes and Legal Bases

Purpose	Legal Basis (GDPR)
Manage membership and access	Art. 6(1)(b) – Contract
Facilitate collaboration and voting	Art. 6(1)(b) – Contract
Publish standards with attribution	Art. 6(1)(f) – Legitimate interest
Track achievements and statistics	Art. 6(1)(f) – Legitimate interest
Platform security and integrity	Art. 6(1)(f) – Legitimate interest
Service announcements	Art. 6(1)(b)/(f)

5. Data Sharing and Visibility

Within the Council:

Your name, company, and title are visible to other members
Your contributions, votes, and comments are visible to relevant members
Your achievements and statistics may be displayed on leaderboards

Public Attribution:

Your name may appear as a contributor on published standards
Published standards may be shared with external platforms (e.g., Notion)

Third Parties:

We do not sell personal data
We share data only with essential service providers (see section 7)

6. Cookies and Analytics

We use:

Essential cookies for authentication and session management
Privacy-friendly analytics (Vercel Web Analytics) to improve the platform
No third-party advertising or tracking cookies

7. Service Providers

Provider	Purpose	Location
Vercel Inc.	Platform hosting	EU & US
Supabase Inc.	Database & authentication	EU & US
Notion Labs Inc.	Standards publishing	US
Resend (Twilio)	Email notifications	EU & US

All providers are bound by data processing agreements and appropriate safeguards (SCCs or EU-US Data Privacy Framework).

8. International Transfers

When data is transferred outside the EEA, we ensure appropriate safeguards through:

Standard Contractual Clauses (SCCs)
EU-US Data Privacy Framework certification
Adequacy decisions where applicable

9. Data Retention

Active Members: Data retained while account is active

Contributions: Permanently retained as part of historical record

Inactive Accounts: Deleted after 3 years of inactivity (except contributions)

Published Standards: Attribution data retained indefinitely

10. Security Measures

We implement industry-standard security measures including:

Encryption in transit (TLS 1.2+) and at rest
Multi-factor authentication available
Regular security audits and updates
Access controls and monitoring
Secure password requirements

11. Your Rights (GDPR)

You have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate data
Erasure: Request deletion (except published contributions)
Restriction: Limit processing in certain circumstances
Portability: Receive your data in a structured format
Object: Object to certain processing activities
Withdraw consent: Where processing is based on consent

12. Children's Privacy

The Council is not intended for users under 18. We do not knowingly collect data from children. If we become aware of such collection, we will delete the data immediately.

13. Data Breach Notification

In the event of a data breach likely to result in risk to your rights and freedoms, we will notify you within 72 hours as required by GDPR.

14. Exercising Your Rights

To exercise your rights or ask questions:

Email: privacy@partnerstandard.com
Response time: Within 30 days
Identity verification may be required

You may also lodge a complaint with the Spanish Data Protection Authority (AEPD) at aepd.es.

15. Automated Decision-Making

We do not use automated decision-making that produces legal or similarly significant effects. Voting results and statistics are transparent and based on actual member input.

16. Changes to This Policy

We may update this Policy periodically. Material changes will be announced to members at least 30 days in advance. The Effective Date indicates the latest revision.

17. Contact Information

For privacy-related questions or requests:

Email: privacy@partnerstandard.com
Mail: PartnerStandard Council, Bernhard Friedrichs, C/Cronista Carreres 10, 46003, València, Spain

18. Data Protection Officer

Given our size and operations, we have not appointed a formal DPO. Privacy inquiries should be directed to the contact information above.