The New Design Congress is a fiscally sponsored project of Simply Secure, a registered 501(c)3 nonprofit organization based in the United States of America. Simply Secure's Employee Identification Number (EIN) is available upon request to firstname.lastname@example.org. Our official address is:
The New Design Congress
c/o Simply Secure
276 Fifth Ave Suite 704-33
New York, NY 10001
In Berlin, we can be reached at:
The New Design Congress
We adhere to the highest ethical standards in all of our operations. We are dedicated to protecting the privacy of everyone who interacts with us. We don’t sell, barter, give away, rent, or permit anyone outside of The New Design Congress, our fiscal sponsor, and project-scoped contractors to use or access information about our partners, collaborators, research participants, or website visitors.
Where possible, we control as much of our infrastructure as possible to ensure that your data never leaves our services. We sometimes use third party services to publish work and keep in touch with people, and understand the privacy implications of this. We have an active focus to do both of these things better. Here you can find out what these services are and how we handle all sorts of data, from user research to job applications.
If there is additional information you would like to see in this document about our practices, or if you have other comments or questions, please reach out to email@example.com.
Our Sites and Services
We use the following services to run our websites and understand how people are using them:
New Design Cables Newsletter
New Design Congress TV
We self-host our video and streaming content via our own Peertube instance. Peertube is a federated video platform. Although we New Design Congress TV is not federated with any other Peertube instance. This may change at a future date, and this policy will be updated clearly if this happens.
Peertube offers simple built-in analytics (such as view-counts, etc) for each video uploaded to the service. We use these analytics in reporting to funders and other instances in which we seek to measure our impact. Peertube also offers an opt-in feature in which viewers can help distribute a video's playback load, which exposes an individual's IP address to others who have opted in. This is off by default.
Where appropriate, we selectively mirror our content via our YouTube account and do so in accordance with YouTube's Community Guidelines.
We use a self-hosted, end-to-end encrypted Nextcloud to host our data. In cases where we interact with our fiscal sponsor or other external parties, we use G Suite for Nonprofits as required. We also use Notion for project planning. The use of all services is governed by an internal data security policy and collaborations are evaluated individually against our policies.
Our team uses PGP and are happy to correspond via encrypted email, or honor requests to have files shared with us be not stored in services we do not completely control. We respect diverse threat models and work to accommodate our partners’ needs and concerns.
All data stored locally is encrypted as per our internal data security policy.
Subscriptions and Donations
Streaming & Events
The New Design Congress maintains a schedule of events, many public facing. We collect event RSVPs via Notion and participant information is used solely to ensure event integrity and safety. We host livestreamed events in circumstances where in-person events pose unacceptable risks to the climate. New Design Congress hosted events are facilitated via Twitch and bound to Amazon's privacy notice. We are currently investigating suitable alternatives.
We securely archive all New Design Congress events. Before publishing an archived event, we require written consent from all participants.
The New Design Congress maintains a presence on popular social media platforms (Twitter, LinkedIn, etc), as well as alternatives (such as Mastodon and Secure Scuttlebutt). Many of these networks have their own individual policies or technical differences. We take all We take all reasonable steps to ensure particpant consent when sharing content that includes external participants.
You can withdraw your consent from any of our published material at any time by emailing firstname.lastname@example.org.
Consulting With Us
The New Design Congress consults with organisations and companies across a range of issues. In many cases, our consultancies involve sensitive information supplied to us via our consulting partner. We maintain strict confidentiality and secure data storage for all materials.
We maintain a transparency policy for our consultations and list active and former consultancies on our site. We are not able to work with organisations that cannot accomodate this policy.
Research is an important part of our work: it helps us understand people’s needs and helps us develop our perspectives with a greater degree of nuance.
All research participants are given a consent form that outlines what the research involves, what information will be recorded and how it will be used. If the participant is happy to proceed we ask them to sign the form to confirm this. We scan signed consent forms and shred paper copies, then store consent forms on Google Drive and keep these for 3 years.
At the moment, we do not conduct any research with people under the age of 18.
Our participant Bill of Rights is aligned with our fiscal sponsor. You can view an example of Simply Secure's participant Bill of Rights on GitHub.
Using Information for Research
Research material is separated from any identifiable information, such as consent forms, while we are working with it.
Any notes we gather during research sessions are stored securely. Any digital files (like audio, photos and videos) are stored on end-to-end encrypted infrastuture. In cases where we interact with our fiscal sponsor or select partners, this data may be stored on Google Drive. In any case, all data is only accessed by The New Design Congress researchers. At the end of the project, all notes and digital files are securely archived or, in more sensitive cases, destroyed and deleted.
Sometimes we may publish quotes from research sessions. We only do this if we have specific consent from the participant and any personally identifiable information has been removed. We will only publish audio, photos and video from a research session if a participant has given consent and has signed a model release form.
Working at The New Design Congress
Only team members involved in the recruitment process have access to applications, CVs and emails we receive. We don’t collect any special category data or ask for any background checks as part of the application process.
When people join The New Design Congress, we request information about them needed for tax purposes. We hold information about their role and their professional development. Access to this information is controlled.
Personal data shared during an application process may be shared with our fiscal sponsor as required by our sponsorship agreement.
We maintain a roster of contact information for individuals and organisations to work with as required. We collect this on a voluntary basic via our roll call available here. With consent, we store basic contact details and links to portfolios in encrypted infrastructure. This can be destroyed at any time upon request.
Data Policy Overview
The New Design Congress doesn’t participate in the following data processing activities:
- Buying or selling marketing lists
- Entering into data sharing agreements with other organisations
- Telephone marketing
- Postal marketing
- CCTV surveillance
We don’t use “soft opt-in”, meaning you won’t receive any marketing communication from us unless you’ve specifically agreed to it.
We carefully choose our services and tools at The New Design Congress. It’s important that they follow good security practices, like HTTPS, two-factor authentication and the ability to set a strong password. We’ve reviewed the privacy policies and security practices of everything we use.
When a new team member joins The New Design Congress, we explain best practices for keeping their devices secure, maintaining the security of their online accounts, and working outside our offices.
In the event of a data breach, we are required to notify the Information Commissioner’s Office. We will do so following their guidance.
Every quarter, we review our documentation of the data we handle and third party services we use. This helps us continuously improve our processes and hold ourselves to account. We will update this document as necessary.
Transfer Outside the EEA
We have reviewed the privacy policies of third party services we use. They provide adequate protections when information is shared outside of the European Economic Area.
There are exemptions to data protection regulations that may require us to share data about you, including requests by law enforcement. This includes requirements and orders in the United States, where we are based. A full list of EU exemptions are listed on the ICO website. This also applies to data held about you by third party services we use.
The General Data Protection Regulation gives EU citizens the following rights:
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision-making, including profiling
To exercise any of these rights, please contact us at email@example.com. You can find information specific to the services we use or our activities in the relevant sections of this document. If you are located in the EU and aren’t satisfied by our response, you can contact the EU Information Commissioner’s Office.
In drafting this policy we used a number of different resources and inspirations. We want to offer particular thanks to Simply Secure and Projects By If for their clear examples.