Privacy Policy

Last updated: 21 June 2026

1. Introduction and Commitment

The European Observatory for Transparency in Cooperatives (OETC) places the protection of your personal data at the heart of its mission. This privacy policy explains, transparently, how we collect, use, protect, and share your information, in accordance with the European Union's General Data Protection Regulation (GDPR). Your trust is essential, and we are committed to handling your data with the utmost care and respect for your rights.

2. Data Controller

The association responsible for processing your personal data is: Observatoire Européen pour la Transparence des Coopératives (OETC) Registered office: 200 rue de la Croix Nivert, 75015 Paris, France. Association governed by the French law of 1 July 1901.

3. Contact for Data Protection

For any question about this policy or to exercise your rights, you can contact us at: dpo@oetc-rights.eu

4. Data We Collect

We collect different types of data depending on your interaction with our services:

  • Identification and contact data: last name, first name, e-mail address, and the content of your message when you contact us through our contact form.
  • Reporting data: all information, documents, and testimony that you voluntarily provide through our dedicated, confidential reporting channel. This channel is operated separately from this website, through a secure system designed to protect the confidentiality — and, where you wish, the anonymity — of the person reporting. This data may include sensitive information, which we handle with enhanced security measures.
  • Technical data: our website does not use tracking or analytics cookies and does not profile its visitors. Limited technical information (such as your IP address) may be processed transiently by our hosting provider solely to deliver the site and ensure its security.

In line with our commitment to continuously improving our services, the categories of data collected may evolve. Any new collection will be strictly linked to our purposes, justified by the need to make our support to members more effective, and will only take place after this policy has been updated and, where required, your explicit consent obtained.

5. Purposes and Legal Bases of Processing

  • Respond to your contact requests — legal basis: our legitimate interest in communicating with you.
  • Analyse reports and provide assistance — legal basis: your explicit consent when you submit your case; for members, performance of the membership contract.
  • Improve our website and services — legal basis: our legitimate interest in improving our offer.
  • Conduct systemic analysis and research — legal basis: our legitimate interest in pursuing our purpose, using aggregated and anonymised data.

6. Our Use of Artificial Intelligence (AI)

As part of our mission, we use artificial intelligence technologies to strengthen our analytical capabilities, not to replace human judgement. Every process involving AI is supervised by our experts. We use AI to:

  • Break down language barriers — translating and analysing documents in different European languages to provide borderless support.
  • Increase the efficiency of human analysis — helping our experts process large volumes of information (financial statements, minutes) to identify patterns or potential anomalies more quickly.
  • Make knowledge more accessible — helping to simplify complex legal concepts.

Important: AI is never used to make automated decisions about you. The final analysis, conclusions, and advice are always the result of human expertise.

7. Sharing Your Data

We do not sell or rent your personal data. We share it only with trusted third parties, and only where necessary:

  • Experts and partner lawyers: if you are a member and give your explicit consent, we may share your file with lawyers in our network for specialised advice.
  • Technical service providers (processors): in particular our website host (Netlify, United States) and our domain and e-mail provider (Register.it, European Union). These providers are contractually bound to protect the confidentiality and security of your data and to process it only on our instructions.
  • Competent authorities: only where we are required to do so by law.

8. International Data Transfers

Some of our providers are located outside the European Union (for example, our website host in the United States). Where personal data is transferred outside the European Economic Area, we ensure that appropriate safeguards are in place (such as the European Commission's Standard Contractual Clauses or an adequacy decision), so that your data continues to benefit from a level of protection equivalent to that guaranteed within the EU.

9. Retention of Your Data

We keep your data only for as long as necessary for the purposes for which it was collected. Data relating to a report is kept for the duration of the analysis of the case, then securely archived or anonymised.

10. Your Rights

In accordance with the GDPR, you have the rights of: access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, and objection (you may object to the processing of your data on grounds relating to your particular situation). To exercise these rights, contact us at dpo@oetc-rights.eu. You also have the right to lodge a complaint with the competent supervisory authority (in France, the CNIL).

11. Data Security

We implement appropriate technical and organisational measures (encryption, access controls, and others) to protect your data against destruction, loss, alteration, or unauthorised disclosure.

12. Changes to this Policy

We may amend this privacy policy at any time. Any change will be published on this page. We encourage you to review it regularly.