Effective Date: 10th May 2025
Mwmbl is committed to ensuring the highest standards of data protection and cybersecurity in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, the UK General Data Protection Regulation (UK GDPR), and the Swiss Act on Federal Data Protection (nFADP). This Data Privacy Policy explains how we collect, process, store, and protect your personal data when you use our services at https://mwmbl.org.
Mwmbl, a project in the process of forming the Mwmbl Non-Profit Organization in the European Union (EU) or the United Kingdom (UK), is the data controller responsible for processing your personal data as described in this policy.
Mwmbl is designed to minimize personal data collection and enhance privacy. However, we may process the following categories of data:
Personal Data:
If you choose to contact us (e.g., through forms or emails), we may collect your name, email address, and any other details you provide.
If you create an account, we will collect your name, email address, and username to facilitate authentication and account management.
Technical and Usage Data: This includes browser type, device identifiers, and site interaction data for the purposes of performance optimization and maintaining the security of our services. IP addresses are not stored on disk, and user search queries are not recorded or retained in any form.
Cookies and Tracking Technologies: Mwmbl uses only essential cookies that are strictly necessary to facilitate authentication and login functionality for user accounts. We do not use tracking cookies or third-party cookies for advertising, analytics, or any other purpose.
Our use of cookies complies with applicable EU, UK, and Swiss data protection laws, including the General Data Protection Regulation (GDPR). By using Mwmbl, you acknowledge and consent to the use of these essential cookies for authentication purposes.
Mwmbl processes personal data based on the following legal grounds under GDPR:
Consent (Article 6(1)(a)): When you explicitly consent to data processing (e.g., accepting cookies).
Legitimate Interests (Article 6(1)(f)): When processing is necessary for improving services, ensuring security, and detecting fraud, provided it does not override your rights.
Legal Obligations (Article 6(1)(c)): When required to comply with EU, UK or Swiss regulations.
Mwmbl follows a strict policy of not selling or commercially exploiting user data. We may share data under the following circumstances:
Service Providers: We may engage third-party hosting and security providers under strict data processing agreements (DPAs) ensuring GDPR compliance.
Legal Authorities: We may disclose data where required by EU, UK and Swiss law.
Cross-Border Transfers: No personal data is transferred outside the European Economic Area (EEA) or the United Kingdom. All data processing is conducted exclusively within these jurisdictions, in accordance with applicable data protection legislation.
Mwmbl engages a limited number of third-party service providers to support its infrastructure and maintain essential functionality. The following is the list of current subprocessors and their respective purposes. This list may be updated periodically to reflect any changes in Mwmbl’s service ecosystem:
Hosting Provider: Granite (granite.host) – Provides infrastructure hosting services.
Email Service Provider: SendGrid – Facilitates the secure delivery of transactional and user communications.
Monitoring and Error Tracking: Sentry – Used for application monitoring and error reporting to ensure service reliability and performance.
Backup Storage: Backblaze – Provides secure off-site storage for data backups.
At present, no content delivery networks (CDNs) or analytics providers are in use. Mwmbl does not transfer personal data outside the EEA or UK. No formal data processing agreements are currently in place with these subprocessors, although service use is limited and subject to future review and compliance actions.
Users have the following rights concerning their personal data:
Right to Access (Article 15 GDPR): You may request details of the data we hold about you.
Right to Rectification (Article 16 GDPR): You may request corrections to inaccurate personal data.
Right to Erasure (‘Right to be Forgotten’) (Article 17 GDPR): You can request deletion of your personal data, subject to legal retention obligations.
Right to Restriction of Processing (Article 18 GDPR): You may request temporary restriction on processing.
Right to Data Portability (Article 20 GDPR): You may request a structured copy of your data.
Right to Object (Article 21 GDPR): You can object to data processing under certain conditions.
Right to Withdraw Consent (Article 7(3) GDPR): If processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at info@mwmbl.org.
We retain personal data only as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations. We employ anonymization and pseudonymization techniques where possible to minimize retention risks.
Mwmbl implements rigorous security measures in compliance with EU cybersecurity regulations, including the NIS2 Directive and GDPR security obligations:
Encryption and Access Controls: Data is encrypted both in transit and at rest.
Data Minimization: We collect only the necessary data.
Security Audits: Regular assessments ensure compliance with industry standards.
Incident Response: In case of a data breach, we will notify users and authorities as required under GDPR (Article 33-34).
We reserve the right to update this policy in compliance with evolving regulations. Significant changes will be communicated via our website.
For privacy-related inquiries, please contact our Privacy Compliance Manager at info@mwmbl.org.