Privacy Policy

The Edelstam Institute of Education for Human Rights and International Affairs

Privacy Policy (GDPR)

Controller
The Edelstam Institute of Education for Human Rights and International Affairs (“The Edelstam Institute”, “we”, “us”).
Org. No.: 5590344742
Postal address: Box 24019, SE-104 50 Stockholm, Sweden
Phone: +46 706 98 72 23
E-mail: caroline.edelstam@edelstam.org

What this policy covers

This policy explains how we collect, use, share, and protect personal data when you visit our website, contact us, or participate in our courses and programmes. It applies to all processing carried out by The Edelstam Institute as data controller under the EU General Data Protection Regulation (GDPR).

The data we process

Depending on your interaction with us, we may process:

  • Identification & contact data: name, title/role, organisation, email, phone, postal address.
  • Professional information: areas of interest, programme preferences, dietary/access needs if voluntarily provided for events.
  • Communication data: messages you send to us (e.g., contact form, email), feedback/testimonials (with your consent).
  • Website data: technical data from your browser/device (e.g., IP address, pages viewed, timestamps, basic analytics and cookies—see “Cookies & analytics” below).
  • Social media: public profile information and messages if you interact with our official profiles (e.g., LinkedIn).

We do not intentionally collect special categories of data. Please avoid sending sensitive information unless we explicitly request it for a clear purpose.

Why we process your data (lawful bases)

We process personal data only when we have a valid legal basis:

  • Contract: to respond to enquiries, provide proposals, deliver courses/programmes you request, and manage attendance.
  • Legitimate interests: to operate and improve our website and services, maintain business contacts, ensure IT security, and keep appropriate records (balanced against your rights).
  • Consent: for optional activities such as publishing a testimonial, sending certain updates, or using non-essential cookies. You can withdraw consent at any time.
  • Legal obligation: to comply with accounting, tax, or other legal requirements.

How we use your data

  • Handle enquiries and bookings; plan and deliver courses and briefings.
  • Send essential service communications (e.g., confirmations, practical information).
  • Improve our materials and website, including basic usage statistics.
  • Maintain a professional contact list (you can opt out at any time).
  • Publish testimonials only with your explicit consent.

We do not sell personal data and we do not use automated decision-making producing legal or similarly significant effects.

Sharing and international transfers

We share data only as needed with trusted processors (service providers) under contract, such as:

  • Website & hosting providers (e.g., WordPress.com/Automattic), email and cloud services, form tools, analytics/cookie tools, and IT/security providers.

Some providers may process data outside the EU/EEA. Where that occurs, we rely on appropriate safeguards under GDPR (e.g., adequacy decisions or Standard Contractual Clauses) and apply additional measures when required.

Data retention

We keep personal data only as long as necessary for the purpose collected:

  • Enquiries and course administration data: generally up to 24 months after last contact (or longer where required by law or to establish/defend legal claims).
  • Contractual/financial records: 7 years (or the statutory period).
  • Testimonials/communications published with consent: until consent is withdrawn.
    We regularly review data and securely delete or anonymise it when no longer needed.

Your rights

You have the right to:

  • Access your data and receive a copy.
  • Rectify inaccurate or incomplete data.
  • Erase data (“right to be forgotten”) in applicable cases.
  • Restrict or object to processing based on our legitimate interests.
  • Data portability for data you provided to us based on consent or contract.
  • Withdraw consent at any time (does not affect past processing).

To exercise your rights, contact us at caroline.edelstam@edelstam.org. We will respond without undue delay.

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) or your local supervisory authority in the EU.

Cookies & analytics

Our website may use essential cookies that are necessary for it to function, and—if you consent—non-essential cookies for basic analytics to understand aggregate usage (e.g., pages visited). You can manage or withdraw cookie consent at any time via the site’s cookie controls or your browser settings. Details about categories, purposes, and retention are presented in our cookie notice/banner when applicable.

Security

We use technical and organisational measures to protect personal data (e.g., access controls, encryption in transit where supported by our providers, least-privilege access, regular updates). No system can be 100% secure, but we work to reduce risks and respond to incidents promptly.

Third-party links

Our website may include links to external sites (e.g., LinkedIn). Those sites are governed by their own privacy policies.

Changes to this policy

We may update this policy from time to time to reflect legal, technical, or business developments. The latest version is always published on this page.

Contact
For any privacy questions or requests, please contact: caroline.edelstam@edelstam.org, +46 706 98 72 23.

Effective date: January 2026
© The Edelstam Institute, January 2026