DPBoard.org’s Privacy Policy

DPBoard.org’s mission is to connect privacy professionals all around the world and others who are interested, to allow them to discuss, ask questions and inquire about data protection, and closely related legislation. Central to this mission is our commitment to respect your privacy and be transparent about the data we collect about you, how it is used and with whom it is shared.

This privacy policy covers DPBoard.org and all of our online services.

How do we collect data about you?

We collect data about you:

  • when you browse our website (DPBoard.org).
  • when you create and use an account on our forum (DPBoard.org).
  • when you post, send private messages, and otherwise participate in the forum on our website.

We do not buy or otherwise receive data about you from data brokers.

What data do we collect data about you, and why?

We collect data about your visits to our website.

When you visit our website and forum, whether you have an account or not, the forum uses cookies, server logs, and other methods to collect data about what pages you visit and when.

We use data about how you use the website to:

  • provide the website to you (“traffic data” such as your IP address and browser information)
  • optimize the website, so that it’s quick and easy to use
  • diagnose and debug technical errors
  • defend the website from abuse and technical attacks
  • ensure the security and integrity of our website and services.
  • compile statistics on forum and topic popularity
  • compile statistics on the kinds of software and computers visitors use

We usually store data about how you use the forum in identifiable form for just a few weeks. In special circumstances, like extended investigations about technical attacks, we may preserve log data longer, for analysis. We store aggregate statistics about use of the forum indefinitely, but those statistics don’t include data identifiable to you personally.

We collect account data.

Many features the forum on our website require a forum account. For example, we require an account to post and reply to topics.

To sign up for a forum account, we require, a user name, and an e-mail address. You may optionally provide additional information. Your e-mail address will be verified by an email containing a unique link. If that link is visited, we know that you control the e-mail address.

We use your account data to identify you on the forum, and to create pages specific to you, like your profile page. The forum is public, and we will publish your account data on your profile page. You can completely hide your public profile and presence features in your settings (Preferences > Interface > Other).

We use your e-mail address to:

  • notify you about posts and other activity on the forum
  • reset your password and help keep your account secure
  • contact you in special circumstances related to your account
  • contact you about legal requests, such as DMCA takedown requests

You can change your email-preferences in the settings

You may provide additional data for your account, like a short biography, your location, or your birthday, on the profile settings page for your account. We make that data available to others who can access your profile page. You don’t have to provide this additional information, and you can erase it at any time by emptying the fields.

We store your account data as long as your account remains open.

We collect data about posts and other activity on the forum.

We collect the content of your posts, plus data about bookmarks, likes, and links you follow in order to share that data with others, through the forum. We publish your activity on your public profile page, unless you opt-out by hiding your public profile and presence features in your settings (Preferences > Interface > Other).

When registered and posting, we record the IP address that the post originated from. We also may retain server logs which include the IP address of every request to our server.

We will make a good faith effort to:

  • Retain server logs containing the IP address of all requests to this server no more than a rolling 90 days.
  • Retain the IP address associated with a registered user and related posts no more than 5 years after the last visit.

If you choose to post on DPBoard.org, be aware that anyone will see your user name, and the content of your posts, and any user may interact with you in response to your posts.

We also collect data about private messages that you send through the forum. Private messages are available to senders and their recipients, and can also be viewed by forum administrators when there is legitimate reason to do so.

We store your posts indefinitely and other activity as long as your account remains open.

Do we make automated decisions based on data about you?

Yes, but not as referred to in Article 22(1) and (4) GDPR.

We use data about your posts and activity to award you badges and calculate a trust level for your account. Your trust level may affect how you can participate in the forum, such as whether you can upload images, as well as give you access to moderation and management powers in the forum. Your trust level therefore reflects forum administrators’ confidence in you, and their willingness to delegate community management functions, like moderation.

If you think your trust level has been set incorrectly, contact us at [email protected].

Do we share data about you with others?

We share account data with others as mentioned in the section about account data.

We also share data about your posts and other forum activity with others as mentioned in the section about forum data.

The current controller for your personal data is a natural person (see contract details below), in the future your data may be transferred to a legal person when DPBoard is set up as an non-profit / organization. Don’t worry - nothing will change if this ever happens, it would be purely for tax reasons and the benefits from getting legal personaility.

Otherwise, No. We do not share, sell, trade or otherwise transfer your personal data with any third parties. We may however release your personal data when we are required to do so to comply with the law, enforce our site policies, or protect ours and others rights, property, or safety.

Legal basis for processing

We collect, use and share your data in the ways described above:

  • consistent with your consent, which you may revoke at any time:
    • For processing data with special protections (such as your religious views and political views) if you share this information in your profile fields or in any topics and posts;
  • as necessary to fulfill our Terms of Service:
    • Processing account information such as your username, email address and username;
  • as necessary for our legitimate interests or the legitimate interests of a third party, where not outweighed by your interests or fundamental rights and freedoms:
    • To provide the website to you; for optimizing the forum; diagnosing and debugging technical errors; defending the forum from abuse and technical attacks; compiling statistics and topic popularity; compile statistics on the kinds of software and computers visitors use. The legitimate interests we rely on for these processing operations are:
      Providing and making available our website to you and others
      • Making the forum easy to use and quick.
      • Ensuring the security and integrity of our website, forum and other services.
      • Defending the forum from abuse and technical attacks.
      • Understanding what topics are popular and how the forum is used.
      • Understanding what kind of software and computers visitors use to adapt, tailer and optimize our website.
    • Making and keeping available and public the contents of your posts. It is in our legitimate interest to:
      • Keep discussions and archives of discussions complete, and preventing disruption to the discussion to ensure the freedom of expression.
    • Using your email address to notify you about posts and other activity on the forum, reset your password and help keep your account secure, contacting you in special circumstances related to your account and contacting you about legal requests.
  • as necessary to comply with our legal obligations;
  • For processing data when the law requires it, including, for example, if there is a valid legal request for certain data;


We only use trustworthy processors that only process your personal data on our behalf (“processors”). We want to be transparent in what processors we use, and if you have any questions or concerns, we encourage you to contact us using the contact information provided on this page.

• Our current hosting provider is Hetzner Online GmbH. The particular provider may be subject to change in the future.
• We use Mailgun to send you transactional emails – such as email confirmation on sign-up and notifications when someone reacts, or likes a topic or post by you.
• We use Cloudflare to – amongst others – deliver our website to you, mitigate DDoS attacks and keep the website secure.

Third Country Transfers

We aim to keep as much of your personal data within the EEA and countries that are deemed adequate, however due to lack of suitable alternatives we are transferring your personal data to third countries that lack an adequacy decision by the European Commission.

This involves our processor Cloudflare, based in the United States. In addition to valid Privacy Shield certifications this processor (especially since its invalidation by the European Court of Justice), we maintain EU Standard Contractual Clauses (SCC’s) with Cloudflare to transfer data.

We are aware of the CJEU judgement (Scherms II) and have taken appropriate and suitable safeguards. Such as, end-to-end encryption, physical access controls, system access controls, data access controls, data transmission controls, input control and availability control. You can obtain a copy of all of the safeguards taken by sending us a message at [email protected] and we’d be happy to provide you with more information.

Although our processor Mailgun is a United States based controller we keep your personal data in encrypted form on their European based servers (Google Platform in Belgium & Germany and Rackspace (AWS) in Germany).


Cookies are a small text file that a website stores on your computer or mobile device when you visit the site.

  • First party cookies are cookies set by the website you’re visiting. Only that website can read them. In addition, a website might potentially use external services, which also set their own cookies, known as third-party cookies.
  • Persistent cookies are cookies saved on your computer and that are not deleted automatically when you quit your browser, unlike a session cookie, which is deleted when you quit your browser.

We mostly use “first-party cookies”. These are cookies set and controlled by us, not by any external “third-” party.

However, to view some of our pages, you will have to accept cookies from external “third-” parties. Such as when you want to view a YouTube video that is embedded. If you refuse, the video will not be shown.

The 3 types of first-party cookie we use are to:

  • store visitor preferences
  • make our websites operational

Visitor preferences

These are set by us and only we can read them. They remember:

  • if you have agreed to (or refused) this site’s cookie policy

List of cookies

Change your cookies preferences

Your rights under the GDPR

In short: Just send us an email at [email protected] and we’ll take care of things!

In more detail: You have the following data subject rights, save for the limitations set forth in the GDPR:

Right of access
You can see your account data at any time by visiting your account page on the forum. Your account page also lists your posts and other activity on the forum.

Your account activity page also includes a link to download all of your personal data in a standard comma-separated values format.

Right to rectification
You can change your account data at any time by visiting the profile settings page for your account.

Right to erasure
You have the right to obtain erasure (right to be forgotten) of your personal data without undue delay where one of the grounds laid out in Art. 17 GDPR apply.

Note that the right to erasure does not apply insofar the processing is necessary for the exercise of freedom of expression and information, and that we do thus not remove your posts on the forum. However, we will – on a case-by-case basis – modify or remove certain posts.

Right to restriction of processing
You have the right to obtain restriction of processing from us when you a) contest the accuracy of your data; b) the processing is unlawful but you oppose the erasure; c) we no longer need your personal data but they are required by you for the establishment, exercise or defense of legal claims; d) you have objected to the processing of your personal data, and pending the verification whether our legitimate grounds override yours.

Right to data portability
You have the right to data portability when the processing of the data concerned is based on your consent or on a contract. Your account activity page includes a link to download all of your personal data in a standard comma-separated values format.

Right to object
You have the right to object to the processing of your personal data if the processing takes place on the basis of our legitimate interest or necessary for the performance of a task carried out in the public interest.

We will consider several factors when assessing an objection including: our users’ reasonable expectations; the benefits and risks to you, us, other users, or third parties; and other available means to achieve the same purpose that may be less invasive and do not require disproportional effort. Your objection will be upheld and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons.

Right to withdraw consent
If you previously consented to the processing of your personal data, you may withdraw consent at any time. You can do so by sending us a message at [email protected].

Right to lodge a complaint with a supervisory authority

You also have the right to lodge a complaint with our supervisory authority (“Autoriteit Persoonsgegevens”) or your local supervisory authority (in your place of residence). We are governed by the Dutch supervisory authority (“Autoriteit Persoonsgegevens”).

How can I contact DPBoard.org about privacy?

You can send questions, complaints and any other inquiry relating to privacy and data protection to: [email protected]

For complaints under GDPR, you may also lodge complaints with your local data protection supervisory authorities or the Dutch supervisory authority.

The controller for the processing of your personal data is @hugo. We are aware that we are required to inform about the identity of the controller, but choose to not make details publicly available for anyone to see due to privacy concerns. If you need to obtain further information as to the identity and contact details of the controller please do not hesitate to contact us at [email protected] or DM @hugo and we will provide you the details without undue delay.

Changes to our Privacy Policy

We may update our Privacy Policy from time to time by posting a new version of it on the website. We encourage you to check the website regularly for information about revisions to this Privacy Policy. If you object to the change to our Privacy Policy, then you must contact us by any of the methods set out above regarding your objection.

This policy was last updated on 28th April 2021.

FAQ | Privacy Policy |  ToS