Privacy Policy "NGO Academy Learning Platform"

Last updated: October 2022
This privacy notice sets out how NGO Academy collects and uses information about you when you use our NGO Academy moodle platform and why we collect certain personal data. This notice also explains the choices that you can make about the way that we use your information.
We have also included a number of useful resources below which you may use to engage with NGO Academy to ensure your personal data and the personal data of those around you is protected.
Your privacy protection is important to us. This is why we have adopted the EU’s General Data Protection Regulation 2016/679 (“GDPR”).  This privacy notice relates to all personal data we process and addresses the legislation mentioned.
‘Personal data’, in this privacy notice, means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Why we collect your personal data

In order to offer our services (NGO Academy Programmes and networking support), we need your data and here we tie in our legal justifications for needing to collect your data.
In order for us to provide you with our services or for correspondence purposes we need to collect your personal data. We ensure that the information we collect and use is confined to this purpose. We always process your personal data for specific purposes, with the nature of the data collected depending on your interaction with us. We are committed to transparency in this.
Our legal bases for controlling or processing personal data are:
  • Article 6.1(a) GDPR (Consent): You provide informed consent to us or have a reasonable expectation that we will use your information in a certain way – for example, to engage in our community discussions, or to hear about new services or offers. You can withdraw your consent at any time either by selecting ‘delete my data’ within the specific service or by request to;
  • Article 6.1(b) GDPR (Contract): Providing our services and fulfilling our obligations to you, usually relating to a terms of service or partnership agreement;
  • Article 6.1(c) GDPR (Legal Obligation): The necessity to meet compliance with our legal obligations; and/or
  • Article 6.1(f) GDPR (Legitimate Interest): Where it is in our legitimate interests to do so. We only rely on ‘legitimate interests’ as the legal basis for processing by us, or third parties we use, for these purposes:
    • recruitment and induction of new employees, contractors and other people who work with us;
    • emergency contacts for people who work with us, such as employees and contractors for health and safety purposes;
    • business development; or
    • providing self-enrolment for new users
Where we rely on a specific basis for processing your information and you wish to object to that processing, you must be aware that it might not be possible for you to continue using our services.
The special categories of personal data (Article 9 of GDPR) we process are:
  • biometric data in the form of facial images, where you have uploaded and we store your profile picture;
  • any special categories of special personal data which any user volunteers while using our services (for example in a forum or submission).
If we need to pass on special category personal data (see Article 9 of GDPR) to a third party, we will only do that in accordance with the legal bases under Article 6 of GDPR as outlined above.

How we collect personal data

Here we give you examples of ways that you interact with us and the resulting data we may collect!
NGO Academy collects personal data from you when you interact with us. This can be through our websites, over the phone, in person, via email including, without limitation, when you:
  • create an individual or corporate user account;
  • request support;
  • register for or participate in one of our programmes
  • request information or materials;
  • participate in surveys or evaluations;
  • submit questions or comments; or
  • submit content or posts on our forums or other interactive webpages.

What kind of personal data we collect when you create an account

If you are part of an NGO Academy Member Organisation or invited to participant in a specific programme by NGO Academy you have to create an account in order to participate in the programme.
For creating an account we need your first name, surname, email-address, date of birth, gender and organisation.  
We keep your data stored as long as your user account exists. You can cancel your user account at any time without notice.

What kind of personal information we may collect in your user account

In order to actively use the learning platform and the NGO Academy Network, you can add information in your user account, such as country, city/town, field of activity, website, social media profiles and interests as well as a photo.
With this information, we can bring users located in the same region or in similar fields of activity or with the same interests to each other’s attention. This processing is based on our legitimate interest in promoting personal contacts between users and establishing personal networks (Article 6 par. 1 lit. f GDPR). All this information is voluntary and you can update the information in your user profile all the time.  We delete this information as soon as the user account is deleted.
This processing is based on your consent (Article 6 par. 1 lit. a GDPR). We will keep this data until you delete it yourself, but in any case no longer than your user account exists.

What information other users see about you

One of NGO Academy’s purposes is to enable its users to get to know each other, share information, and cooperate.
Therefore, other logged-in users can always see the following information from you:
  • Required information: First name, surname, city/town, organisation
  • Optional information: profile picture, website and information on your social media profiles
  • Depending on the settings you chose in your profile: email-address.
The following additional information about you can be seen by other logged-in users, if you have filled out the respective fields in your profile:
Contact details (e.g. country, address, phone numbers), master data (e.g. place of birth, gender, additional names), links to social media accounts, information on interests.

What data are collected in the messaging function

Users can write messages to each other via the platform. When using this function, the recipient will receive your message together with your first and last name in their inbox within their user account.
This processing is based on your consent (Article 6 par. 1 lit. a GDPR). Messages sent by you remain stored in your user account and in the recipient‘s user account as long as your user account exists. Irrespective of this, you can delete messages that are in your user account mailbox at any time.

Contributions in Groups

If you contribute to a forum in one of the courses, your contribution, together with your first and last name, will be made available to all other participants of the respective course.
This processing is based on your consent (Article 6 par. 1 lit. a GDPR). We will keep this data until you delete it yourself, as far as the function used in each case provides for this, but in any case no longer than your user account exists.

Registering for NGO Academy Offers

If you register for any offer via the platform, we will process the information input by you in the registration process.
This data is processed to plan and conduct the offer and to be able to notify you of any information on the offer (Article 6 par. 1 lit. c GDPR).
In your user account, we store which offers you registered for and which you participated in for the purpose of planning future programmes.  This data processing is based on our legitimate interest in supporting the users in the network according to their interests (Article 6 Paragraph 1 lit. f GDPR).
Other logged-in users can also see which offers you have registered for and participated in. In this way, other users can, for example, plan a joint journey with you or exchange topic-based information with you before or after an offer. The basis for this default setting is our legitimate interest in fostering the communication between participants (Article 6 Paragraph 1 f GDPR).
We will keep this data for the time your user account exists or until you withdraw from your consent.

What data we process when you contact us

If you send us a message via the messaging tool on the platform, we will process the data input in the form fields, in particular your name, your e-mail address and your message.
If you send us a message by e-mail, we will save your message along with the sender details (your name, e-mail address, and any additional information added by your e-mail program) in order to be able to answer it and also to respond to possible subsequent questions. For reception, storage and sending of e-mails, we use an e-mail provider who acts for us as a processor in accordance with Article 28 GDPR.
This data processing is based on our legitimate interest to answer your request and handle possible follow-up requests from you (Article 6 par. 1 f GDPR). We will erase the information collected from your message no later than twelve months after the last communication with you on your request, subject to the provision in the following paragraph.

How we use personal data

We may need to pass your personal data on to third-party service providers contracted to NGO Academy in the course of dealing with you. We do this because there are services, such as workshops operated by external trainers or hotels, which will not work unless we are able to make these transfers. When we need to pass on your personal data, we do only forward those data that are absolutely necessary for the third parties to carry out their services. Any third parties we share your data with are obliged to keep your personal data secure and use it only for necessary service delivery. When your data is no longer required to fulfil the service, those third parties will be directed to dispose of your data in accordance with our standard procedures.
We seek to enter into Data Processing Agreements with our third party service providers to ensure they only process your data as instructed by us.

How we store personal data

Here we outline our processes for data storage, how we will protect your data and keep it only for as long as needed!
We will process (collect, store and use) the information you provide in a manner compatible with GDPR. We maintain physical, organisational and technical safeguards for all personal data we hold. We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. We are required to retain certain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept are governed by specific business sector requirements and agreed practices. Personal data can be held in addition to these periods depending on individual business needs.
We will process different forms of personal data for as long as it is necessary and proportionate for the purpose for which it has been supplied and we will store the personal data for the shortest amount of time possible, taking into account legal and service requirements.


We have no interest in collecting any data beyond that needed to ensure our services work for you. If you are going to be contacted by us for marketing purposes, we will not rely solely on this privacy notice. We will endeavour to seek your consent appropriately. NGO Academy does not sell data, and has no intentions in doing so in the future.

Data protection rights

You control the personal data you share with us! Here, we outline your rights under GDPR and CCPA.
At any point while we are in possession of or we process your personal data, you have the following rights:
  • (GDPR) right of access – you have the right to request a copy of the information that we hold about you;
  • (GDPR) right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete;
  • (GDPR) right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records;
  • (GDPR) right to restriction of processing – where certain conditions apply to have a right to restrict the processing;
  • (GDPR) right of portability – you have the right to have the data we hold about you transferred to another organisation;
  • (GDPR) right to object – you have the right to object to certain types of processing such as direct marketing;
  • (GDPR) right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling;
  • (GDPR) right to judicial review: in the event that we refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.
Where we are your Data Controller, please make your request directly to the Data Protection Officer at We will always respond within one month.

Privacy notices of other websites

Our privacy notice and managing your data is only applicable when you are using our services. It does not cover your use of others’ sites and services.
This privacy notice outlines how we manage your personal data. If the website you are using is not hosted by us or you click on a link to another website, we encourage you to read their privacy notice.


Before we action a request we need to ensure it is from you.
Before we action a personal data request we need to verify your identity. We accept a request made through your personal Moodle account while you are logged in. We sometimes require additional information such as a colour copy of your passport, driving licence or national ID card.

Amendments to our Privacy Policy

We are transparent about any updates made to this Notice.
NGO Academy updates their privacy notice when necessary or in response to:
  • feedback from our community, customers, relevant authority, industry or other stakeholders;
  • changes in our products or services; and/or
  • data processing or policy changes.
The “last updated” date at the top of this privacy notice reflects when the most recent changes were made. We encourage you to periodically review this privacy notice for any amendments.

How to contact us

If you have any questions about our privacy notice, please contact us by email at
Vienna, October 19, 2022
DIE ERSTE österreichische Spar-Casse Privatstiftung
Am Belvedere 1
A-1100 Vienna