Toggle Side Panel

Privacy Policy

V.2 [Last updated on 10 February 2026]

The Vulture Conservation Foundation (“VCF“, “we“, “us“, “our“, “Organisation“), is an international non-governmental organisation (NGO) committed to the conservation of Europe’s vulture species. It is the coordinating beneficiary of the WildLIFE Crime Academy project.

Thank You for choosing to learn more about our project and wildlife crim by visiting www.wildlifecrimeacademy.eu (the “Website”).

The purpose of this Website includes, but is not limited to:

  1. Detailing our work and project activities,
  2. Raising awareness about wildlife crime and its impacts,
  3. Sharing project deliverables for transparency and accountability,
  4. Sharing relevant news and resources, and
  5. Providing a secure, password-protected Knowledge Exchange Platform (“Platform”) for registered and approved individuals to collaborate, exchange information, and access training materials.

We here at the VCF greatly appreciate the support of individuals like You to carry out our vital conservation work. That is why we wish to be completely transparent about why we need the personal details we request when engaging with us and how we will use them. We are committed to protecting Your personal information and Your right to privacy. If You have any questions or concerns about this privacy notice, or our practices with regards to Your personal information, please contact us.

In this privacy notice, we seek to explain to the User (“User“, “You“, “Your” means a person, organization or entity accessing or using the Website) in the clearest way possible what information we collect, how we use it and what rights You have in relation to it when You visit our Website or the Knowledge Exchange Platform, and more generally, use any of our Services (the “Services“, which include the Website). Please take some time to read through it carefully, as it is important. If there are any terms in this privacy notice that You do not agree with, please discontinue use of our Services immediately.

The Knowledge Exchange Platform involves additional data processing activities, including user registration, management of individual profiles, role-based access to training materials and forum discussions, and interaction between Users. This privacy notice therefore includes specific information on how personal data is collected, stored, shared, and protected within the Platform.

Please take some time to read through it carefully, as it is important. If there are any terms in this privacy notice that You do not agree with, please discontinue use of our Services immediately.

This privacy notice applies to all information collected through our Services, as well as, any related Services, communication or events.

WHAT DATA DO WE COLLECT?

Personal information You disclose to us:

We collect personal information that You voluntarily provide to us when You express an interest in obtaining information about us or our products and Services, when You participate in activities on the Website, when You register for the knowledge exchange platform, when you participate in a training course or otherwise when You contact us.

The personal information that we collect depends on the context of Your interactions with us and the Website, the choices You make and the products and features You use. The personal information we collect may include the following:

Personal Information Provided by You:

We collect names; phone numbers; email addresses; mailing addresses; contact preferences; country of residence; profession or role; cohort or training level; and other similar information.

Knowledge Exchange Platform-Specific Data:

**When registering for or using the WildLIFE Crime Academy platform and/or registering for a training course, we also collect data required to create and manage Your profile/ participation, such as:
1. name, country, email address,
2. profession and expertise area,
3. cohort assignment,
4. training level achieved,
5. t-shirt, trousers and vest size (visible only to admins),
6. user’s photo
7. ID card number or other form of identification (visible only to admins),
8. profile biography,
9. activity history within the platform, including posts, uploads, and feedback.**

Certain parts of Your profile information may be visible to other registered users, for example, your name, country, training level, and professional expertise, to enable interaction, collaboration, and learning within the platform. Sensitive fields such as ID card number and t-shirt size will remain strictly private and visible only to administrators.

Certain information is required to create and manage Platform accounts. If required information is not provided, we may not be able to grant or maintain access to the Platform or related training services.

HOW DO WE COLLECT DATA?

You directly provide Our Organisation with most of the data we collect. We collect data and process data when You:

  1. Voluntarily complete a survey or provide feedback via email.
  2. Use or view our Website via Your browser’s cookies.
  3. Subscribe to become part of our mailing list.
  4. Register for either physical or virtual events (i.e. training courses) we organise.
  5. Register and create a profile for the WildLIFE Crime Academy platform via a secure, private registration link.
  6. Interact with other users on the password-protected platform, for example, by posting messages in the forum, uploading documents or images, or providing course feedback.

All personal information that You provide to us must be true, complete and accurate, and You must notify us of any changes to such personal information.

Information automatically collected

Our Organisation may also receive personal data automatically and indirectly through the use of certain technologies and third-party services, including the following:

1. Google Analytics

We use Google Analytics to collect information about how Users interact with the Website, such as pages visited, approximate location, device and browser information, and usage patterns. This information helps us understand Website usage and improve functionality.

Where required by law, Google Analytics is used only with User consent, which can be managed via the cookie settings on the Website. Users may also opt out of Google Analytics through tools provided by Google.

2. Cookies and consent management (e.g. CookieYes)

We use a cookie consent management tool to record and manage Users’ consent preferences regarding cookies and similar technologies. This tool may automatically collect information such as consent status, date and time of consent, cookie categories accepted or rejected, and limited technical information (such as IP address and browser data) for compliance and record-keeping purposes.

Users can review, modify, or withdraw their consent at any time using the cookie settings available on the Website.

3. Security and performance services (e.g. Cloudflare)

We use security and performance services, such as Cloudflare, to protect the Website and ensure its secure and reliable operation. These services may process technical data such as IP addresses, device information, and request metadata for security, performance optimisation, and abuse prevention purposes. Such providers act as service providers processing technical data on our behalf.

4. Abuse and spam prevention (Google reCAPTCHA)

We use Google reCAPTCHA on certain forms and access points to help protect the Website and Platform from automated abuse and spam. reCAPTCHA may automatically process technical, device, and interaction data (such as IP address and browser characteristics) in accordance with Google’s privacy policies.

LEGAL BASIS FOR PROCESSING PERSONAL DATA

We process personal data only where we have a lawful basis to do so under the General Data Protection Regulation (GDPR). Depending on the context, these legal bases include:

  1. Consent, where Users have explicitly agreed to the processing of their personal data (e.g. newsletter subscriptions, cookie preferences);
  2. Performance of a contract, where processing is necessary to provide access to the Website or Knowledge Exchange Platform and related Services;
  3. Legal obligations, where processing is required to comply with applicable laws or regulatory requirements;
  4. Legitimate interests, where processing is necessary for the operation, security, and improvement of our Services, provided such interests are not overridden by Users’ rights and freedoms.
HOW DO WE USE YOUR DATA?
We use the information we collect or receive:
  1. To create and manage Your platform account: Your personal information will be used to create, approve, and manage Your user profile and access rights within the WildLIFE Crime Academy platform. This includes controlling access to certain resources, forum threads, and learning materials based on Your role and training level.
  2. To send administrative information to You: We may use Your personal information to send You product, Service and new feature information and/or information about changes to our terms, conditions, and policies.
  3. To protect our Services: We may use Your information as part of our efforts to keep our Website and Knowledge Exchange Platform safe and secure. This includes the use of security measures such as two-factor authentication (2FA), CAPTCHA verification, firewall protection, and monitoring systems to prevent unauthorised access, fraud, abuse, and other malicious activities.
  4. To enforce our terms, conditions and policies for business purposes, to comply with legal and regulatory requirements or in connection with our contract.
  5. To enable interaction and collaboration between Users: Certain profile information such as Your name, country, training level, and expertise area will be visible to other approved platform participants and teachers to facilitate learning, networking, and discussion in the forum. Users may share messages, documents, images and other media within the platform.
  6. To respond to legal requests and prevent harm: If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
  7. To send You informational communications: We may use Your information to send updates, announcements, and information related to training activities, platform features, or other project-related matters that may be relevant to You, in accordance with Your communication preferences. For example, when expressing an interest in obtaining information about our us or our Website, subscribing to the newsletter or otherwise contacting us, we will collect personal information from You if You give us Your consent. You can update Your preferences or unsubscribe from the email list by clicking the relevant hyperlinks found in the footer of the emails we send to You.
  8. We use Flodesk for our email marketing service. By clicking to subscribe to our mailing list, you acknowledge that your information will be transferred to Flodesk for processing. You can learn more about Flodesk’s privacy practices here. You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us or by contacting us. We will treat your information with respect. Transactional and system-related emails (such as account creation, password reset, security notifications, or platform updates) are delivered using a third-party email service provider to ensure reliable and secure communication.
  9. For other purposes. We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our campaigns and to evaluate and improve our Website, communication and Your experience. We may use and store this information in aggregated and anonymised form so that it is not associated with individual end Users and does not include personal information. We will not use identifiable personal information without Your consent.
We do not use personal data for automated decision-making or profiling that produces legal effects or similarly significant effects on Users.
WILL YOUR INFORMATION BE SHARED WITH ANYONE?
We only share personal information where necessary and in accordance with applicable data protection laws, including where:
  1. You have provided Your consent;
  2. Sharing is required to comply with legal or regulatory obligations;
  3. Sharing is necessary to provide and operate the Website or Knowledge Exchange Platform;
  4. Sharing is necessary to protect the rights, safety, or security of Users or the Organisation; or
  5. Sharing is required to fulfil legitimate operational or project-related purposes.
Access to personal data is limited to authorised individuals and service providers and is granted strictly on a need-to-know basis. Internal Access Platform administrators, moderators, and designated teachers may have access to certain User data where necessary to:
  1. Manage user accounts and profiles;
  2. Assign access levels and training cohorts;
  3. Evaluate participant progress and learning outcomes; and
  4. Moderate forum discussions and platform activity.
All such individuals are subject to confidentiality obligations. Third-Party Service Providers We use selected third-party service providers to support the operation, security, communication, and compliance of our Website and Services. These providers process personal data on our behalf and only in accordance with our instructions and applicable data protection laws. Such service providers may include:
  1. Analytics providers (e.g. Google Analytics);
  2. Security and performance providers (e.g. Cloudflare);
  3. Abuse and spam prevention services (e.g. Google reCAPTCHA);
  4. Cookie consent management services (e.g. CookieYes);
  5. Email communication and delivery providers (e.g. Flodesk, Elementor Site Mailer); and
  6. Hosting and infrastructure providers.
HOW DO WE STORE YOUR DATA?

The VCF securely stores Your data on password-protected computer systems.

  1. All sensitive personal data related to the WildLIFE Crime Academy platform is stored securely and access is strictly limited to authorised administrators, moderators, and designated teachers.
HOW LONG DO WE KEEP YOUR INFORMATION?

We keep Your information for as long as necessary to fulfil the purposes outlined in this privacy notice unless otherwise required by law.

If You request account deletion or withdrawal from the WildLIFE Crime Academy platform, Your personal data will be deleted within a reasonable period, except where retention is legally required.

However:

  1. Content You have contributed to the platform, such as forum posts, uploaded documents, evaluation feedback, or shared resources, may not be automatically deleted when Your account is removed.
  2. Depending on technical feasibility and project requirements, such contributions may either remain visible to other users or be anonymised so that they are no longer linked to You personally.
  3. We will always take steps to limit access to any remaining data to what is strictly necessary.
  4. We may also retain certain records or logs where necessary for security, auditing, reporting, or compliance purposes, but only for as long as required by law or our legitimate project obligations.
DO WE COLLECT INFORMATION FROM MINORS?
We do not knowingly collect data from or market to children under 18 years of age.
MARKETING

The VCF would like to send You information about the work and campaigns relevant to our project that we think You might be interested in, as well as those of our relevant partners.

If You have agreed to receive marketing (such as email newsletter), You may always opt out at a later date.

WHAT ARE YOUR DATA PROTECTION RIGHTS?

Our Organisation would like to make sure You are fully aware of all of Your data protection rights. Every User is entitled to the following:

  1. The right to access – You have the right to request Our Organisation for copies of Your personal data.
  2. Depending on the circumstances, Users may also have the right to request rectification or erasure of personal data, restriction of processing, to object to processing, to data portability, and to withdraw consent at any time where processing is based on consent.
  3. You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data infringes applicable data protection laws.
DATA SECURITY AND TECHNICAL SAFEGUARDS

The Vulture Conservation Foundation (“VCF”) implements appropriate technical and organisational measures designed to protect personal data against unauthorised or unlawful access, disclosure, alteration, loss, or destruction, in accordance with Article 32 of the General Data Protection Regulation (GDPR).

These measures include, where appropriate:

  1. Secure data transmission, including HTTPS encryption, modern TLS protocols (TLS 1.2 or higher), and HTTP Strict Transport Security (HSTS);
  2. Access controls, including enforced multi-factor authentication (MFA) and role-based access restrictions;
  3. Protection of data at rest, including encryption of sensitive personal data and uploaded documents at the hosting infrastructure level;
  4. Network and application security measures, such as web application firewalls (WAF), brute-force protection, and rate limiting;
  5. Monitoring and logging of security-relevant and administrative activities;
  6. Encrypted backups and recovery procedures to support data restoration in the event of incidents; and
  7. Hosting primarily within the European Union / European Economic Area (EU/EEA), with infrastructure security measures implemented in line with industry-standard practices.

VCF also uses security and anti-abuse technologies, such as Google reCAPTCHA, to prevent automated misuse, and Elementor Site Mailer to support the reliable delivery of transactional and administrative emails. Such services may process limited technical information in accordance with their own privacy policies.

While VCF implements safeguards designed to protect personal data, Users are responsible for maintaining the confidentiality of their login credentials and must take reasonable steps to prevent unauthorised access to their accounts. This does not affect VCF’s obligations under applicable data protection laws.

No method of transmission over the Internet or electronic storage is completely secure. Accordingly, VCF cannot guarantee absolute security of personal data.

DATA BREACH RESPONSE

In the event of a personal data breach, VCF will assess the incident in accordance with applicable data protection laws.

Where a breach is likely to result in a risk to the rights and freedoms of individuals, VCF will, without undue delay:

  1. Take appropriate measures to contain and mitigate the breach;
  2. Notify the competent supervisory authority, where required by law; and
  3. Inform affected Users, where required by law.

Where notification is not legally required, VCF will document the breach and any remedial actions taken, in accordance with applicable data protection legislation.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, Services, or applicable legal requirements. The “Last updated” date will be revised accordingly. Where required by law, Users will be informed of material changes.

CONTACT US

For privacy-related questions or requests, please contact us using the contact form available on our Website. Please indicate that your request relates to data protection or privacy so that it can be handled appropriately.