Youth Security Europe Logo

Youth Security Europe Privacy Policy

Last updated: 2025-09-26 | Version: 1.0

Youth Security Europe (YSE) is an independent, non-profit and non-partisan organization of young Europeans with the purpose of increasing youth engagement in security policy and decision-making on both European and national levels. YSE aims to create opportunities for young professionals, students, and experts to contribute to discussions and initiatives related to security, defense, and international affairs.

1. Data Controller

Youth Security Europe (YSE) is the data controller responsible for your personal data.

If you wish to contact YSE directly on data protection questions, you may do it at the following email and address. A registered postal address will be made available upon request.

Email: gdpr@youthsecurity.eu

2. What Personal Data We Collect

Youth Security Europe (YSE) here in after referred to as "YSE" or "We" will collect, store and process your personal data in connection to carry out the activities stated in the organisations agenda xyz

When you register for membership, we may collect the following information:

  • Identification details: Name, age/date of birth, nationality, gender (optional).
  • Contact details: Email address, phone number, postal address (if required).
  • Membership details: Type of membership, national chapter, activities/events participation.
  • Other voluntary information: Skills, interests, or professional background (if you apply for roles within YSE).

3. Personal Data

Personal data refers to any information that, directly or indirectly, can be used to identify a living individual.

Such information may include, for example, a name, postal address, telephone number or email address. It may also encompass technical details, such as IP addresses, or visual material, such as photographs, when these can be linked to a specific person in combination with other data.

The term processing of personal data covers any activity carried out on such information, including but not limited to collection, registration, organization, analysis, adaptation, storage, and erasure.

4. Purpose and Legal Basis for Processing

To process your personal data we must have a legal basis for all processings according to Article 6 GDPR.

We process your data for the following specific purposes:

  • Membership administration (registering you as a member, verifying eligibility).
  • Communication (sharing updates, invitations, newsletters, events).
  • Legal compliance (age verification, grant eligibility, reporting).
  • Organizational development (statistics, anonymized reports, funding applications).
  • Website (user browser information, user approximate location. we use third party services like hotjar and google analytics to improve website and user experience
  • Video Calls (recordings of meetings, online events).

Processing Table

Membership Administration

Purpose of processing: Membership administration (registering you as a member, verifying eligibility).

Legal basis: Article 6(1)(b) GDPR – processing is necessary for the performance of membership services.

Categories of personal data:

  • Identification details: Name, age/date of birth, nationality, gender (optional).
  • Contact details: Email address, phone number, postal address (if required).
  • Membership details: Type of membership, national chapter, activities/events participation.
  • Other voluntary information: Skills, interests, or professional background (if you apply for roles within YSE).

Storage time: Membership data will be kept for as long as you are a member. Upon termination, your personal data will be deleted within 12 months, unless required by law to retain it longer (e.g., financial records).

Communication

Purpose of processing: Communication (sharing updates, invitations, newsletters, events).

Legal basis: Article 6(1)(b) GDPR – processing is necessary for the performance of membership services.

Categories of personal data:

  • Identification details: Name, age/date of birth, nationality, gender (optional).
  • Contact details: Email address, phone number, postal address (if required).

Storage time: Data used for communications purposes will be kept for as long as you are a member. Upon termination, your personal data will be deleted within 12 months, unless required by law to retain it longer.

Legal Compliance

Purpose of processing: Legal compliance (age verification, grant eligibility, reporting).

Legal basis: Article 6(1)(c) GDPR – processing is required to comply with legal obligations.

Storage time: Retained as required by applicable laws and regulations.

Organizational Development

Purpose of processing: Organizational development (statistics, anonymized reports, funding applications).

Legal basis: Article 6(1)(f) GDPR – legitimate interest in running the organization effectively.

Recruiting

Purpose of processing: Recruiting

Legal basis: Article 6(1)(f) GDPR – The processing is necessary to handle applications from you when you are applying for a position in YSE. YSE has a legitimate interest for processing the personal data in order to carry out a legitimate selection on applications based on competence.

We have no interest in gaining knowledge about memberships in trade unions, religious beliefs, sexual orientation, political opinions, medical diagnoses or conditions, or other information that is not relevant to recruitment. It is therefore important that you do not provide such special categories of personal data in connection with your application or in later communications in the recruitment process. We also ask you not to send your personal identification number in your application. A date of birth is sufficient. For certain positions, a background check is necessary. In such cases, this is handled with separate consent.

Categories of personal data:

  • Identification details: Name, age/date of birth, nationality, gender (optional).
  • Contact details: Email address, phone number, postal address (if required).
  • Professional details: Job title, personal letter, résumé, references (if required), links to social media profiles (if required or voluntarily shared).
  • Recruitment process information: correspondence between you and YSE, any results of interviews performed as part of the recruitment process, interview notes, technical information on how you have interacted with YSE

Storage time: The information is stored for up to 24 months after the end of the recruitment process, regardless of whether the application leads to a positive outcome or not, in order to be able to investigate any accusations of discrimination during that period. If you have given your consent, we may also use the information for future opportunities for up to 24 months.

Legal basis summary:

  • Article 6(1)(b) GDPR – processing is necessary for the performance of membership services.
  • Article 6(1)(c) GDPR – processing is required to comply with legal obligations.
  • Article 6(1)(f) GDPR – legitimate interest in running the organization effectively.
  • Article 6(1)(a) GDPR – where consent is given (e.g., photos, newsletters, optional info).

5. How We Store and Protect Your Data

  • Data is stored securely in encrypted digital systems (e.g., Google Workspace/Drive).
  • Access is restricted to authorized YSE officers handling membership matters.
  • We apply appropriate technical and organizational measures to prevent unauthorized access, loss, or misuse.

6. International Data Transfers

To provide our services, we use third-party providers such as Google Workspace. This may involve transferring your personal data to countries outside the European Economic Area (EEA), including the United States.

For any such transfers, YSE ensures that your data is protected by implementing appropriate safeguards, primarily through the use of Standard Contractual Clauses (SCCs) approved by the European Commission, which contractually oblige the receiving party to protect your data with a standard equivalent to that of the EU.

You may request further information about these safeguards and obtain a copy of the applicable Standard Contractual Clauses by contacting us at gdpr@youthsecurity.eu.

7. Data Sharing

We do not sell your personal data. The recipients of your personal data include only:

  • YSE staff and officers for organizational purposes.
  • Partner organizations or funding bodies, acting as processors on our behalf, only in anonymized or aggregated form.
  • Competent legal authorities, where required to comply with a legal obligation.

Any sharing of personal data takes place only insofar as necessary for the purposes described in Section 4 "Purposes and Legal Bases", and always under the corresponding legal bases.

If personal data is transferred outside the European Economic Area (EEA), this will be done only as described in Section 5 "International Transfers" of this Policy.

8. Data Retention

Membership data will be kept for as long as you are a member, in accordance with the principle of storage limitation (Article 5(1)(e) GDPR).

Upon termination, your personal data will be deleted within 12 months, unless required by law to retain it longer (e.g., financial records). We ensure that all data retained for legal reasons is securely stored and only used for compliance with those legal obligations.

We carry out periodic reviews of the personal data we retain to verify whether it continues to be necessary in relation to the purposes for which it was collected.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

Access your data (Art. 15 GDPR)

YSE is open and transparent regarding how it processes your personal data. If you want greater insight into which personal data YSE processes regarding you specifically, you can request access to this data. To ensure efficient handling of your request and that the information is being provided to the right person, we may need to request further information about you.

Rectify inaccurate data (Art. 16 GDPR)

You have the right to request the rectification of any inaccurate personal data concerning you. Within the context of the purpose stated, you also have the right to provide additional information in the case of any incomplete personal data.

Erase your data ("right to be forgotten," Art. 17 GDPR)

You can request erasure of personal data that relates to you and that YSE processes, if:

  • The personal data are no longer needed for the purpose for which they were collected or processed.
  • You object to the balancing of interests that YSE has performed based on a legitimate interest and your reasons for objection outweigh our legitimate interest.
  • You revoke your consent to processing that is based on consent and there is no other legal basis for the processing.
  • The personal data have been unlawfully processed.
  • The personal data must be erased to fulfill a legal obligation by which YSE is encompassed.

Please note that YSE may have the right to reject your request if there are legal obligations preventing YSE from immediately erasing certain personal data (e.g. legislation on discrimination, bookkeeping) or for the establishment, exercise or defence of legal claims, in accordance with (Article 17(3) GDPR).

Restrict processing (Art. 18 GDPR)

You have the right to request restriction of processing where:

  • You contest the accuracy of the personal data (for a period allowing us to verify accuracy).
  • Processing is unlawful, and you oppose erasure, requesting restriction instead.
  • We no longer need the data for processing purposes but you require them to establish, exercise, or defend legal claims.
  • You have objected to processing based on legitimate interests, pending verification of whether our interests override yours.

Data portability (Art. 20 GDPR)

In cases where YSE processing of personal data is based on your consent or the fulfillment of a contract, you have the right to request that the information that concerns you and that you have provided us with is transferred to another data controller. However, this is provided that the transfer is technically possible and that it can be performed in an automated manner.

Object to processing (Art. 21 GDPR)

You have the right to object, at any time, to YSE processing of your personal data based on our legitimate interests. We will no longer process your data for these purposes unless we demonstrate compelling legitimate grounds for the processing that override your interests or where processing is necessary for the establishment, exercise, or defence of legal claims. You may also object to processing for direct marketing purposes at any time, in which case your data will no longer be processed for such purposes.

Withdraw consent at any time (Art. 7(3) GDPR)

You may withdraw any consent you have given to YSE for the processing of your personal data at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal. Upon withdrawal, we will stop any processing based solely on consent, without undue delay. Other lawful bases for processing, where applicable, remain unaffected, and we may continue to retain or process data where necessary for compliance with legal obligations or for the establishment, exercise, or defence of legal claims.

For further information about the rights of data subjects under the GDPR, please visit the website of the Swedish Authority for Privacy Protection (IMY): https://www.imy.se/verksamhet/dataskydd/det-har-galler-enligt-gdpr/de-registrerades-rattigheter/

To exercise these rights, please contact us at gdpr@youthsecurity.eu. We may ask you to identify yourself in connection to exercise your rights as a data subject.

10. Consent for Optional Communications

By joining YSE, you may be asked for separate consent regarding:

  • Receiving newsletters/updates.
  • Participation in photos/videos during events.

Consent is voluntary and can be withdrawn at any time without affecting your membership status. To withdraw your consent contact us at gdpr@youthsecurity.eu.

11. Complaints to the DPA

If you have any questions about our processing of personal data or believe that your personal data is being misused in accordance of the GDPR, you can first contact YSE at gdpr@youthsecurity.eu. You also have the right to file a complaint to the Data Protection Authority, the Swedish supervising authority (Integritetsskyddsmyndigheten, IMY) can be reached at www.imy.se.

12. Updates to our Privacy policy

This Privacy Policy may be updated from time to time to reflect changes in how we process personal data or to comply with legal requirements. The most recent version, in English, is always available at www.youthsecurity.eu. If we make changes that are of significant importance for how we process your personal data, or which we consider to be of significant importance for you and your rights, we will inform you through email. For other updates, we will indicate the date of the latest version on our website.