Appeals Centre Europe Privacy Policy

Appeals Centre Europe (“Appeals Centre“, “we“, “us“, “our”) is responsible for the information we collect, use, share and otherwise process which identifies individuals (“personal information“), including users of social media platforms who wish to raise disputes in relation to social media content moderation decisions to the Appeals Centre, individuals who are referred to in the context of such disputes, visitors to our website: www.appealscentre.eu (“Website”), and business partners (including suppliers/service providers) (collectively, “you“, “your”).

We take our responsibilities seriously including how we handle your personal information, keep it secure and comply with applicable data protection and privacy laws.

How this Policy Works

The purpose of this privacy policy (“Policy”) is to clearly explain when, why and how we collect and use personal information about you and the legal rights that you have in relation to this.

To make this Policy as user friendly as possible, we have labelled sections of the Policy to make it easy for you to locate the information you are looking for below.

Updates to this Policy

We may amend this Policy from time to time to keep it up to date with the way we operate and to comply with any applicable legal requirements. Any updates we make will be placed on this webpage. Please regularly check these pages for the latest version of this Policy.

Third Party Websites

This Policy does not apply to your use of any third-party website which we may link to on our Website.

Who is responsible for looking after your personal information?

Appeals Centre Europe is the data controller for the personal information we process in accordance with this Policy. You can contact us as follows:

Personal information we collect, when and why we use it, and our lawful basis for processing it

This Policy applies to the collection and processing of your personal information by us when you:

  • submit a dispute for review by the Appeals Centre in relation to a content moderation decision of a social media platform;
  • are referred to in a dispute made by someone else;
  • use our Website;
  • are in contact with us for general enquiries, in relation to events organised by us, or in relation to a complaint;
  • seek to conduct business with us;
  • engage with us as a stakeholder, regulator or public interest body, for example relating to enquiries or matters of mutual interest.

We collect personal information during your use of our Website via the cookies we use, certain details of which are set out in the table below. For further details about our use of cookies, please refer to our Cookie Policy.

Our rules of procedure

Information obtained directly from you

Our process is designed to collect only the minimum amount of personal data needed in order for us to handle your dispute. This will typically be limited to:

  • your reference identification (ID) number that you have been given from the relevant social media platform;
  • your email address and log in details for access to our secure dispute user portal;
  • your IP address to confirm your country of residence;
  • information you provide to us as part of your case.

We urge you to avoid sharing with us any unnecessary personal information about you or others as part of your case.

Information obtained from social media platforms

Social media platforms will share with us their case file which is connected to your reference (ID) number and may also include personal information about you and / or other individuals referred to in the case. The type of personal information we receive from social media providers will differ depending on the nature of the dispute but will typically include a copy of the content / supporting content that is subject to the dispute; the platform’s statement of reasons and its policy that is the subject of the user’s dispute; and the date the content was enforced.

The table below provides more detail regarding how and why we may use your personal information:

Types of Personal Information

Purpose

Legal Basis

Personal information we collect and use if you are submitting a dispute for review by the Appeals Centre Europe

Your reference (ID) number, email address and IP address

To allow us to verify your identity

The processing is necessary for our legitimate interest to verify that we our communicating with the correct person and to mitigate against abuse of process / fraudulent submissions

Email address, reference ID number, log-in credentials to our secure dispute review portal, payment transaction data, your responses to our eligibility questionnaire, your statement about your case, your attestation, the case content (which we will typically receive from the relevant platform provider), the platform’s statement of reasons regarding the case content (including the outcome of any internal appeal, content type, language, grounds for decision, policy basis, date of enforcement), your appeal statement, metadata regarding the platform’s enforcement action and any other  information that  either you provide directly to us or we receive from the social media platform(s) which are the subject of a case which is referred to the Appeals Centre.

To allow the Appeals Centre to determine whether it can take on your case and if so, to allow the Appeals Centre to review your case

The processing is necessary for our legitimate interests to meet our obligations as a body certified under the Digital Services Act to receive cases in relation to content enforcement decisions made by social media platforms

Personal information we collect and use if your information is referred to in a dispute that has been submitted to us

Any information that you may have posted on social media, or that may have been posted on social media about you, which is provided to us by either a user who has raised a dispute to us or a social media platform.

We will only use and retain such personal information of third parties as is strictly necessary in order to handle a dispute

The processing is necessary for our legitimate interests to meet our obligations as a body certified under the Digital Services Act to receive cases in relation to content enforcement decisions made by social media platforms.

Personal information we collect and use if you use our Website

Information about your visits to our Website, your IP address, browser type, your operating system and device type, the number of times you visit our Website, your interactions with our Website, the pages you’ve visited on our Website, your display settings, session start / stop time, referral URL, time zone, and network connection type, your geo-location address

To help us to keep our Website available and secure.

Our legitimate interest to provide and maintain our Website through utilising cookies that are strictly necessary.

To improve your experience when you visit our Website. This includes: (a) for statistical analysis to improve, test and monitor the effectiveness of our Website; (b) to monitor metrics such as total number of visitors and traffic data (including demographic patterns); and (c) to ensure content on our Website is presented in the most effective manner for you and to enhance your use of our Website.

Your consent for cookies that are not strictly necessary, such as cookies relating to performance, functionality and targeting.

Please refer to our Cookie Policy for further details about our use of cookies.

Personal Data we collect if you engage with us as an external stakeholder for one of our events / seminars

Name, email address

If you register for or attend an event that we host or sponsor, we may collect information related to your registration for and participation in such event.

Your consent and / or necessary for our legitimate interests to facilitate attendance at one of our events or briefings.

Personal Data we collect if you submit a complaint or comment via our contact form

Your email address, the contents of your complaint or comment

To allow us to address your complaint or comment, and to reply to you if appropriate.

Our legitimate interest to address service issues raised via user complaints and comments

Personal Data we collect if you are one of our suppliers / social media platforms

The names and email addresses of your staff with whom we work

To allow us to receive goods or services from you.

Necessary for yours and our legitimate interests to engage in a business relationship with you.

We do not seek to collect and we encourage you not to share with us any sensitive special category personal data (e.g. data revealing race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs) or criminal conviction data of yourself or others. To the extent that we do process any special category data, our lawful basis for processing this data is that the processing is necessary for reasons of substantial public interest (under art. 9(2)(g) GDPR). We will only process criminal conviction data where we have a basis to do so under GDPR.

In limited circumstances we may process any of the personal information we hold to the extent necessary to defend, establish and exercise legal claims and / or to comply with legal or regulatory obligations.

Disclosure of your personal information

Depending on your dealings with us, we may share some or all of the personal information we collect from and obtain about you with the following external recipients:

  • Social media providers: We will share your personal information with the social media provider(s) with whom you interact (typically by way of a unique reference number that they supply to you), for the purposes of investigating and resolving your dispute.
  • Regulatory bodies: We have legal obligations to provide regulators with information regarding the disputes we determine, but this information will be reported on an anonymised basis. There may be other exceptional circumstances where we are required to share personal information with law enforcement and / or regulators.
  • Service Providers: We engage third party suppliers, including:
    • Payment service providers who help facilitate any financial transactions you make in relation to use of our process;
    • Translation service providers and/or tooling;
    • Content delivery network services;
    • Case review and research providers and/or tooling;
    • Back office administration service providers and/or tooling.

International transfers of your personal information

Some of the recipients listed in DISCLOSURE OF YOUR PERSONAL INFORMATION above may be based outside the European Economic Area.

Whenever we make transfers of your personal information, we implement appropriate safeguards in accordance with applicable data protection laws, e.g.,

  • the EU Standard Contractual Clauses and additional measures to supplement such clauses as may be required in line with transfer impact assessments we carry out, to prevent interference by public authorities of third countries;
  • by sending to countries that have an adequacy decision by the European Commission.

Any requests for information we receive from law enforcement or regulators will be carefully checked before personal information is disclosed. If you would like to find out more about any such transfers or obtain a copy of the safeguards we have in place (which may be redacted to ensure confidentiality), please contact us using the details set out in Who is responsible for looking after your personal information.

Retention and protection of your personal information

We will not retain your personal information longer than is necessary to carry out the purposes listed in this Policy.

In some circumstances we may retain your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements. In specific circumstances we may also retain your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings with us.

Where your personal information is no longer required, we will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business.

We have implemented and maintain appropriate technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the information concerned. As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect User IDs and passwords, please take appropriate measures to protect this information.

Your rights and how to exercise them

You have several rights in relation to your personal information set out in this section. In certain circumstances these rights may not be absolute, as they depend on our reason for processing your personal information. You are not required to pay any charge for exercising your rights, although we may charge a reasonable fee if your request is unfounded, repetitive or excessive. We have one month to respond to you (unless you have made a number of requests or your request is complex, in which case we may take up to an extra two months to respond).

Please note that, where we ask you for proof of identification, the one-month time limit does not begin until we have received this. If we require any clarification and/or further information on the scope of the request, the one-month deadline is paused until we receive that information.

Access:
You can ask us to:

  • confirm whether we are processing your personal information;
  • give you a copy of that data;
  • provide you with other information about your personal information such as what data we have, what we use it for, who we disclose it to, whether we
  • transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from etc., to the extent that information has not already been provided to you in this Policy.

Rectification:
You can ask us to rectify inaccurate personal information. We may seek to verify the accuracy of the data before rectifying it.

Erasure:
You can ask us to erase your personal information, but only where:

  • it is no longer needed for the purposes for which it was collected; or
  • you have withdrawn your consent (where the data processing was based on consent); or
  • following a successful right to object (see ‘Objection’ below); or
  • it has been processed unlawfully; or
  • to comply with a legal obligation to which we are subject.

We are not required to comply with your request to erase your personal information if the processing of your personal information is necessary:

  • for compliance with a legal obligation; or
  • for the establishment, exercise or defence of legal claims.

Restriction:
You can ask us to restrict (i.e. keep but not use) your personal information, but only where:

  • its accuracy is contested (see “Rectification” above), to allow us to verify its accuracy; or
  • the processing is unlawful, but you do not want it erased; or
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  • you have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your personal information following a request for restriction, where:

  • we have your consent; or
  • to establish, exercise or defend legal claims; or
  • to protect the rights of another natural or legal person.

Portability:
You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format or you can ask to have it ‘ported’ directly to another data controller, but in each case only where:

  • the processing is based on your consent or on the performance of a contract with you; an
  • the processing is carried out by automated means.

Objection:
You can object to any processing of your personal information which has our ‘legitimate interests’ as its legal basis (see Personal information we collect, when and why we use it, and our lawful basis for processing it above) if you believe your fundamental rights and freedoms outweigh our legitimate interests.

Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

International Transfers:
You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Economic Area. We may redact data transfer agreements or related documents (i.e. obscure certain information contained within these documents) for reasons of commercial sensitivity.

Supervisory Authority:
You have a right to lodge a complaint with the Irish Data Protection Commission about our processing of your personal information. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

Withdrawal of consent:
If you have given your consent to the processing of your personal information, you can revoke it at any time with effect for the future. The lawfulness of the processing of your data before this remains unaffected.

Any Questions

If you have any questions that have not been covered by this Policy, please contact us via email at: privacy@appealscentre.eu.

If you have a complaint or concern about how we use your personal information, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with your national data protection supervisory authority at any time, however, we ask that you please attempt to resolve any issues with us first.

This Policy was last updated on September 30, 2024.