1. Introduction

​

We respect the privacy of our Members. This Policy explains what personal data we process, why, and what rights you have. We aim to process personal data in accordance with the GDPR and applicable European data protection laws.

​

​

2. Data controller

​

The data controller for the cOMmon platform is:

Solvondo BV
Waalstraat 81, 9870 Zulte, Belgium
Company number: 0866.464.574
Email: [email protected]

A cooperative entity is being established to support the broader cOMmon initiative. This does not change the identity of the data controller unless we explicitly communicate a transfer and update this Policy.

If a Data Protection Officer is appointed, we will update this Policy.

​

​

3. Scope

​

This Policy applies to personal data processed through the cOMmon platform and related support and communications.

​

​

4. Data we process

​

We process data that is relevant to running the platform, which may include:

• Account and profile data: name, email, username, profile details you choose to share.

• Content and interactions: posts, messages, project participation, comments, reports, support requests.

• Contribution and platform activity: membership status, internal credits activity (if used), coordination signals.

• Technical data: device and browser data, IP address, logs, usage patterns, cookie identifiers.

• Payment-related data (limited): if you purchase a membership or other platform-level access, payments are processed by a payment provider (for example Stripe). We receive limited information such as payment status, timestamps, and transaction references. We do not receive or store full card details. Stripe processes payment details as an independent service provider; we receive only limited payment-related information.
   

​

4a. How we collect data

​

We collect personal data directly from you when you create an account, complete your profile, communicate on the platform, participate in projects, contact us, or make a platform-level payment. We also collect limited technical data automatically when you use the platform, and we may receive limited data from service providers (such as payment status from Stripe).

​

​

5. Why we process data and legal bases

​

We process data for:

• Providing the platform (accounts, features, member interactions).
  Legal basis: contract necessity.

• Safety and integrity (moderation, abuse prevention, security, compliance).
  Legal basis: legitimate interests, and legal obligations where applicable.

• Support and essential communications (responding to requests, service messages).
  Legal basis: contract necessity and legitimate interests.

• Improvements and minimal analytics (basic usage such as active members, feature usage in aggregate, performance and error rates, with data minimization).
  Legal basis: legitimate interests; consent where required for non-essential cookies or similar technologies.

• Legal and financial administration (where relevant, e.g., invoices, accounting).
  Legal basis: legal obligations.

​​

​

6. Visibility and sharing choices

​

Some profile information may be visible to other Members depending on your settings and how you use community features. Content shared in community contexts may be visible within those contexts. You are responsible for what you choose to share.

​

​

7. Platform signals

​

Certain features may generate internal signals related to participation or reliability. These are intended to support coordination and do not produce legal effects. Human review is available where needed.

​

​

8. Sharing of data

​

We do not sell personal data.

We may share personal data with service providers supporting platform operations (processors), such as hosting and infrastructure providers, email delivery services, security and logging tools, basic analytics, customer support tooling, and payment providers such as Stripe, under appropriate contractual safeguards.

We may disclose data if required by law, or where necessary to protect Members, prevent harm, or respond to valid legal requests.

​

​

9. International transfers

​

We aim to process data within the EEA. If data is transferred outside the EEA, we use appropriate safeguards (such as standard contractual clauses) where required.

​

​

10. Retention

​

We keep personal data only as long as necessary for the purposes described.

Account data is retained while your account is active. After deletion, we delete or anonymize account data within a reasonable period, unless retention is needed for legal obligations, security, or dispute prevention.

Backups and certain security logs may retain data for up to 12 months. Transaction and accounting records are retained for the periods required by law.

​

​

11. Cookies

​

We use necessary cookies for platform functionality. Some basic usage measurement may rely on server logs or privacy-friendly analytics. Where non-essential cookies or similar technologies are used, consent is requested where required. You can manage cookie preferences via the platform (where available) or your browser settings.

​

​

12. Security

​

We use appropriate technical and organizational measures to protect personal data. No system can guarantee absolute security, but we aim to reduce risk and respond responsibly.

​

​

13. Your rights

​

Depending on your situation, you may have the right to access, correct, delete, or restrict processing of your data, and to object to certain processing. Where processing is based on consent, you can withdraw consent at any time.

To exercise your rights, contact [email protected]. We aim to respond within the timeframes required by law.

You also have the right to lodge a complaint with a data protection authority.

​

​

14. Changes to this Policy

​

We may update this Policy as the platform evolves. The latest version will be available on the platform. Where appropriate, we will notify Members of material changes. If the data controller changes, we will communicate this and update this Policy.

​

​

15. Contact

​

[email protected]

v2 dd April 28th 2026