Privacy Policy

Privacy Policy
Last updated: October 21st, 2018


    1.1 The Noncitizen Archive. Noncitizen Archive is a non-profit digital archive for storing images from migrant experiences. It is an independent platform for the secure digital storage of personal and observational footage.

    1.2 About us. Noncitizen Archive believes videos, photos, and audio material captured by migrants and people living in “noncitizenship” are crucial documents of our time, but that they often get lost. Footage is deleted and mobile phones go missing. Through Noncitizen Archive, we want to save this material for the future, whether it’s for personal use, research and/ or cultural projects.

    1.3 The Service. Noncitizen Archive is the administrator of, hereinafter referred to as the “Service”, which is a cloud based digital information management system integrating various functionalities enabling users (e.g. migrants, asylum seekers, refugees, activists, aid workers, filmmakers and journalists), through a digital archive platform, to upload, organise, and store videos, images, and audio files. For further information on the various functionalities pertaining to the Service, please refer to 

    1.4 Privacy Statement. Noncitizen Archive is committed to user privacy. We recognise that when you, as a user, upload and provide personal data to us, your trust that we will respect your privacy. We do not take that trust lightly and have committed to safeguarding each individual’s privacy and protecting the information entrusted to us. We endeavour to provide services, which do not place the integrity of our users and visitors at risk.

    We encourage you to contact us if you have questions about this Policy or our processing of your personal data. 

    2.1 Legal basis. This privacy policy (“Policy”) is based on the European Union’s Regulation 2016/679 ("GDPR") and national Swedish data protection regulatory schemes adopted at the time of this Policy.

    2.2 Data protection principles. All processing of personal data by us is conducted in accordance with the data protection principles as set out in the GDPR and data protection laws and regulations in Sweden, in particular Article 5 of the GDPR, in particular:

    A) Lawfulness – We only process your information when we have identified a lawful basis for the intended personal data processing pursuant to Article 6 of the GDPR. These are often referred to as the “conditions for processing”, for example contractual or legal obligation, legitimate interest or explicit consent.

    B) Fairness – We have made reasonable efforts to ensure not to use your data in any unjustified way or in a manner which may have adverse effects on our users, as well as kept to minimum in order to provide users with qualitative services. 

    C) Transparency – We have made our best efforts to provide you detailed information on our use of your personal information. Our users and visitors are encouraged to contact us whenever they have questions or seek information about our privacy procedures.

    Our policies and procedures are to our best efforts designed to ensure compliance with these principles.

    2.3 Privacy Policy. Our Policy describes what, why and how we collect and use your personal information, how we protect it and how you can contact us. By this Policy we will explain how our proactive work with data protection and integrity has been built into our organisation and our digital service

    2.4 Acknowledgement. By using our Service and/or our website, you acknowledge that you have read, understand and agree to our Privacy Policy at the time. You also accept that we may use electronic communication channels to submit information to you. It is important that you read and understand this Policy prior to using the Service.

    2.5 Policy updates. We will update this Privacy Policy from time to time in response to changing legal, regulatory or operational requirements. We will provide notice of any such changes (including when they will take effect). Your continued use of the Service after any such updates take effect will constitute acceptance of those changes. If you do not accept any updates to this Privacy Statement, you may cancel your use or service.

    3.1 In the context of this Policy, we, Noncitizen Archive Ekonomisk Förening reg. No. 769635-8048), c/o Story AB, Kocksgatan 31, SE-116 24 Stockholm, Sweden, hereinafter referred to as “Noncitizen Archive”, acts as:

    Data Controller in respect to all account related data that you provide us when setting up and sign-in to our Service, or when you communicate with us.

    Data Processor in respect to all account-related digital contents that you upload and store with us through the Service and/or chose to share with other users and the public.

    3.2 Data Protection Officer. In light of the nature of the large scale of special categories of personal data categories being processed in the Service pursuant to Article 9 of the GDPR, we have appointed a Data Protection Officer (“DPO”). The contact details to the DPO are set out in section “Contact Information” below.

    4.1 We may collect personal data about you in several different ways. Personal data in this context is any and all data relating to a natural person that can be used, directly or indirectly, to identify a natural person, (e.g. name, contact details, identification number, location data etc.).

    Please take care when submitting personal data to us, in particular when completing free text fields, using our Services or other web related contents. Some of the functions integrated into our Service or website are automated and we may not recognise that you have accidentally provided us with incorrect or sensitive information.

    Our processing of your personal data is conditioned predominantly on the basis of explicit consent, legal obligations under law, contractual obligation to provide you our Service, and your legitimate interest of us providing you service information, updates, news and/or other information which may enhance your use or experience with our Service.

    4.2 Account details. When you create a user account, we may collect a variety of personal data and information; including your username, e-mail address, password, and preferred privacy setting when you register with the Service. You have choices about the information on your profile and the information, such as first and last name, phone number, occupation and personal biography. You do not have to provide additional information on your profile.

    4.3 Communications with us. When you interact with our support or online services, we may keep information about the call or email, including your name, email address, telephone number and the reason why you contacted us and the advice we provided.

    4.4 Personal data in the uploaded contents. When you use our Service, we may process the content that you choose to upload or otherwise submit to our Service, such as, videos, images, and audio files that you choose share with us, other users or the public based on your selected privacy setting.

    You do not have to post or upload personal data; though if you do not, it may limit your ability to use and engage with our Service. It is your choice whether to include sensitive information on your profile and to make that sensitive information available to other users or the public.

    4.5 Automated personal data collection. When you use our Service or interact with our website, we may receive or collect information about your use of them, such as:

    A) Details of the online content viewed or interacted with, such as your browser software, pages you view and which items you “clicked” on.

    B) Services, software or server logs, storing information about your use of our Service or websites, inter alia, your IP address, browser information (including HTTP user agent strings), HTTP client request information and the time and location of your activities, domain, device and application settings, errors and hardware activity.

    C)Information about your hardware’s physical location, geo-location service or application.

    D) Interests and preferences that you specify when setting up your browser, account, or other internet enabled product or services.

    E) Information about your physical location and other information which our support personnel require to maintain, secure and operate the Service.

    In general, such online information is collected using digital identifiers such as browser cookie, plugins or your IP address. These identifiers are used to distinguish the information provided by your hardware or browser that you use. However, we may associate the collected information with one of your accounts, if for instance you are logged into our services when the information is collected. Please see our Cookie Policy for further details and cookie settings.

    4.6 Future collection of Personal Data. We continuously develop and enhance the Service’s features, which occasionally may entail collection and processing of new personal data. Notwithstanding, prior to activating such new features, we will provide you information about the feature and where required update this Policy.

    4.7 Children. We do not knowingly collect personal data from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided personal data to us by setting up a user account or utilise our Service, please contact us and we will endeavour to either delete that information from our Service, and/or make all reasonable efforts to ensure that consent is given or is authorised by the holder of parental responsibility over the child.

    5.1 General. Our processing and use of your personal data is necessary to provide, maintain, develop and secure the Service, as well as to enable the users to store and share their story and updated digital contents pursuant to the overall purposes of the Service under the Noncitizen Archive project.

    5.2 To provide the Service to our users. We use account-related information provided by you to us in connection with sign-up, use or support of user accounts (such as usernames and email address) to provide you with access to the Service and/or the site, contact you about your use of the Service (including information on technical service issues, security announcement, changes to our terms, conditions and policies) and/or the site or to notify you of important changes to the Services and/or the site.

    This use is necessary for us to fulfil our contractual obligations with our users pursuant to Article 6(1)(b) of the GDPR.

    5.3 To provide support services to our users. When you ask for information about the Service (e.g., when you request for assistance for sign-up, technical assistance or troubleshooting services in relation to stored information or other support and information requests prior, during and after your use of our Service), we will use your contact information to respond to your requests, to verify your identity.

    This use is necessary for us either (i) to fulfil our contractual obligations with our users pursuant to Article 6(1)(b) of the GDPR, or (ii) to respond to your legitimate interests prior to signing-up an account pursuant to Article 6(1)(f) of the GDPR.

    5.4 To store your uploaded digital material. We use account-related information and digital contents that you upload in order to store and to maintain in the Service according to your chosen privacy account settings.

    This use is necessary for us to fulfil our contractual obligations with our users pursuant to Article 6(1)(b) of the GDPR.

    5.5 To share your information with other users and the public. To the extent permitted by applicable law and your privacy settings when setting up an account, we share and transfer your account-related data and uploaded digital contents with other users and the public in line with the purposes of the Service. We will at all times ensure that you have given prior consent to such processing prior to any transfer and respect your chosen privacy account settings, which is given at the time you uploaded your personal data. If you do not provide us with your explicit consent or if you chose a privacy setting that prevents us to share your personal data, we will respect your choice.

    As a controller of your uploaded contents, we as a processor will respect and comply with your instructions that are defined through the account’s privacy settings. The legal basis for this use is either your explicit consent pursuant to Article 6(1)(a) of the GDPR, or instructions provided to us when choosing your account’s privacy level settings pursuant to Article 28 of the GDPR.

    5.6 To ensure compliance. We use account-related information in our efforts to ensure the security and integrity of the Service and the personal data you provide us. Such information may also be used to monitor and investigate possible violations of our terms of use, policies, instructions, guidelines, code of conduct and other social responsibilities, as well as to prevent and to mitigate the risk of fraudulent use of such material.

    This use is necessary for us to fulfil our contractual obligations with our users pursuant to Article 6(1)(b) of the GDPR, and also necessary for compliance with a legal obligation to which we are subject pursuant to Article 6(1)(c) of the GDPR.

    5.7 To generate Service related statistics. We use personal data to generate aggregated data sets, which give statistical insights into how the users interact with the Service. We use those insights to improve and to enhance the performance of the Service and review the need for improvements or additional features, as well as achieve the overall purposes of the Service under the Noncitizen Archive project.

    This use is necessary for us to fulfil our contractual obligations with our users pursuant to Article 6(1)(b) of the GDPR, and also necessary for the purposes of our legitimate interests to achieve the overall objectives of the Noncitizen Archive project according to Article 6(1)(f) of the GDPR.

    5.8 For more specific information on performed interest balance assessments and risk and consequence analyses concerning our processing of your personal data, please contact us at the address indicated in section “Contact Information” below.

    6.1 Sharing your information.
    In general, we do not sell, rent, share or otherwise disclose your personal information with other users or the public, unless you have consented and/or instructed us to share your information by choosing a privacy setting that allows for such disclosure or otherwise agreed to share your information with third parties on a case-by-case basis. Nevertheless, you should always exercise caution or discretion when using our services, in particular when using social network applications that may be integrated into our online services and/or website.

    6.2 Notwithstanding, in our endeavour to provide you with quality services, we may need to make certain exemptions to this general principle (in particular when information about you cannot be transferred in anonymous and/or in pseudonymised form). If so, we may:

    A) use third-party service providers to process information on our behalf for the purposes outlined above, e.g. to provide technical and support assistance, to providing IT and cyber security services, to providing fraud checking services and other user services etc.

    B) to share personal data when required under applicable laws, court proceedings or other legal proceedings or if we reasonably conclude that it is necessary to disclose the information in order to; (i) investigate, prevent or take measures upon suspicion or actual detection of illegal activities or in order to aid public authorities; (ii) fulfil our agreements with users; (iii) protect the security and/or the integrity of the Service. Prior to any disclosure, we will notify such disclosure with the concerned user(s), to the extent that we are not legally prohibited from doing so

    6.3 Research and statics. For research and statistical purposes, to the extent possible, we prepare anonymous, aggregate or generic data (including “generic” statistics) for a number of purposes outlined above. As we consider that you cannot reasonably be identified from this information, we may share it with any third party (such as our partners, the media and/or the general public). However, also in this we apply a restrictive approach in order to ensure a high level of security and safety.

    6.4 Third party service providers. Our third-party service providers, acting on our behalf, always operate under contract and only in accordance with our instructions, in line with this policy, and are subject to appropriate confidentiality, privacy and security obligations. Please see our Cookie Policy for further details and cookie settings related to third party service providers

    6.5 Transfer of personal data outside the EU/EES. We may make our Service available to all users across the globe. For the purposes explained in this policy, when you chose a privacy setting entailing access by other users and the public, your information may be transferred to persons outside of the EU/EES or to third parties in countries which may not have the same level of data protection laws as those in the Member States of the EU or member countries in the EES.

    Pursuant to Article 49(1)(a) of the GDPR, when you choose a privacy setting that allows third parties to access your personal data, you consent explicitly that your information may be transferred to third parties outside of the EU/EES.

    You should always exercise caution or discretion when choosing a privacy level that allows for third party disclosure of your information due to the possible risks associated with the safeguarding of your personal data that is transferred to countries without adequate level of protection afforded to the protection of personal data.

    7.1 We retain your personal data while your account is in existence or as needed to provide you our Service. This includes data you or others provided to us and data generated or inferred from your use of our Service. However, we will not retain your personal data for a longer period than is necessary, taken into account the purpose for which they were initially retained.

    7.2 In some cases, we choose to retain certain information (e.g., visits to our website or other automated logs) in a depersonalised or aggregated form.

    7.3 Notwithstanding, we may retain certain personal data about you after you have chosen to close your user account, if it is necessary for us to fulfil our legal obligations (including requests from authorities), comply with laws and regulations, establish, invoke or defend legal claims, maintain security, prevent fraud and abuse, fulfil our legal, regulatory or social responsibilities.

    7.4 The information collected by us is stored on third party servers in Falkenstein, Germany. All such transfer of personal data will be made in accordance with applicable legislation, our terms and conditions and this Policy.

    8.1 With respect to personal data for which we, Noncitizen Archive, are Data Controller, the users are hereby advised of the following rights:

    A) Right of Access. If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data (along with certain other details such as purpose of the processing etc.).

    B) Right of Data Portability. In certain cases, you have the right to obtain your personal data from us in a structured, commonly used and machine-readable format. You may reuse it elsewhere.

    C) Right to Rectification. If your personal data is inaccurate or incomplete, you are entitled to have it rectified or completed. If we have shared your personal data with others, we will tell them about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your personal data so that you can contact them directly.

    D) Right to Erasure. You may ask us to delete or remove your personal data and we will do so in some circumstances, such as where we no longer need it. Notwithstanding, we retain the right not to delete personal data pursuant to Section 7.3 above. If we have shared your data with others, we will tell them about the erasure where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.

    E) Right to Restrict Processing. We provide your choices about the collection, use and sharing of your personal data and updated digital contents, from deleting or correcting data you include in your profile and controlling the visibility of your account information. We offer you settings to control and manage the personal data we have about you. Notwithstanding, you may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of that personal data or object to us processing it. If we have shared your personal data with others, we will tell them about the restriction where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.

    F) Right to object. You may ask us at any time to stop processing your personal data, and we will do so: (i) if we are relying on a legitimate interest to process your personal data — unless we demonstrate compelling legitimate grounds for the processing; or (ii) if we are processing your personal data for direct marketing.

    G) Rights in relation to automated decision-making and profiling. You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, unless such profiling is necessary for entering into, or the performance of, an agreement between you.

    H) Right to Withdraw Consent. We provide your choices about the collection, use and sharing of your personal data and updated digital contents, from deleting or correcting data you include in your profile and controlling the visibility of your account information. We offer you settings to control and manage the personal data we have about you. Notwithstanding, you have always the right to inform us that you wish to withdraw that consent. This will not affect the lawfulness of processing based on your prior consent. 

    I) Right to lodge a complaint with the data protection authority. If you have a concern about this Policy, including the way we have handled your personal data, you may report it to the competent data protection authority that is authorised to address those concerns. The Swedish Data Protection Authority (Sw.: Datainspektionen) is the competent data protection authority in Sweden charged to protect the individuals’ privacy in the information society.

    8.2 You may exercise your rights by contacting us as indicated under the section “Contact Information” below. 

    We maintain reasonable and appropriate technical and administrative security measures to protect personal data from loss, misuse, unauthorised access, disclosure, alteration, or destruction in light of the risks inherent in processing this information, including where appropriate the following:

    A) Using Secure Sockets Layer (SSL) encryption when collecting, storing, processing or transferring sensitive information (SSL encryption is designed to make the data unreadable by anyone but Noncitizen Archive);

    B) Limiting access rights to the information we collect about you according to your chosen privacy setting (e.g., only those of our personnel who need your information to carry out our business activities are allowed access to process your information);

    C) Implementing physical, digital and procedural safeguards in line with relevant business standards and guidelines.

    9.2 We regularly monitor our systems to identify possible vulnerability and potential attacks. However, we cannot guarantee the security for information which users make available to other users or the public within the Service. Please take into account that there is no guarantee for the protection from unauthorised access or disclosure, change or destruction of personal data despite our physical, technical and administrative security measures. The same applies to all information that has been made publicly available on the internet.

    9.3 For more information regarding our security, please contact us at the address indicated under section “Contact Information” below.

    In the event of questions, comments or complaints regarding this Policy, our work with data protection or IT security, please contact us at:

    Noncitizen Archive
    Att: Data Protection Officer
    C/o Story AB
    Kocksgatan 31
    SE-116 24 Stockholm