Volkrannchep

Data stewardship charter

Privacy Policy

This charter explains how Berkeley-based Volkrannchep observes transparency, minimizes data friction, and documents every audience touch tied to hydration awareness education. Printed exports share the same scope as interactive experiences.

Binding narrative as reviewed on

Controller identity

The organization responsible for this policy is referenced throughout as Volkrannchep, established at 2801 Adeline St, Berkeley, California 94703, United States. Day-to-day questions route through mailuse@volkrannchep.world. Postal correspondence referencing privacy matters should annotate subject lines plainly so escalation paths remain efficient.

Purpose and territorial scope

We steward personal data strictly to educate communities about structuring fluid-awareness routines outside clinical settings. Narratives on hydration habits stay descriptive; they ought not substitute conversations with clinicians. Wherever you browse https://volkrannchep.world/ or exchange email with coordinators, those interactions fall under this disclosure unless a narrower contract appendix claims precedence.

Visitors within the European Economic Area, Switzerland, or the United Kingdom receive GDPR-aligned rights described below alongside UK GDPR analogues once domestic adequacy rulings lapse. Californians invoke supplemental vocabulary where the California Privacy Rights Act still applies.

Categories observed

  • Identifiers. Name, professional title, phone extension, hashed social handles when you proactively share handles for collaboration.
  • Electronic communications. Message bodies uploaded through asynchronous forms plus attachment metadata—not attachment internals unless scanners flag malware signatures.
  • Networking telemetry. IP-derived coarse geolocation truncated to locality, referrers stripped of noisy query fragments, session identifiers salted where feasible.
  • Consent artifacts. Cookie preference JSON payloads, versioning stamps, cryptographic fingerprints proving non-repudiation for enterprise procurement.
  • Commercial context. Purchase references when you procure slide decks—tokenized pseudonyms reconcile with gateways without storing PAN data on our disks.

Sources of intake

Beyond information you knowingly submit, aggregated analytics aggregates arrive from infrastructure partners respecting Data Processing Agreements. Occasionally partner districts share roster counts so we resize seating charts; roster counts omit student names whenever administrators choose anonymized spreadsheets.

For GDPR contexts we lean on contractual necessity when delivering remunerated facilitation, legitimate interests when maintaining anti-automation shields, explicit consent whenever optional pixels load, and legal obligation when archiving finance records mirrored to California Franchise Tax Board expectations. Legitimate interest assessments document why educational insights outweigh ancillary privacy intrusion and provide opt-out gateways when marketing enters the fray.

You may revoke consent tied to discretionary channels without forfeiting foundational services unrelated to withdrawn categories, subject to contradictory statutory duties.

Processing purposes in detail

Operational staff reconcile lesson calendars, circulate presenter briefings, and archive reflective worksheets for institutional partners who request archival proof. Pseudonymised analytics measure whether microcopy resonates without attributing keystrokes back to identifiable humans unless you attach identity inside free-text fields willingly.

Security tooling inspects payloads for scripted injections. Where automated classifiers escalate tickets, reviewers document rationalized outcomes consistent with supervisory guidance.

Retention choreography

Consent ledgers linger until superseded by newer choices. Marketing suppression lists endure indefinitely once you opt out to honor negative consent. Incident investigation bundles may surpass normal windows when forensic partners require elongated cold storage. Once legally permissible destruction triggers, shredding logs evidence completion.

Disclosures beyond our walls

Hosting providers, transactional email relays, conferencing suites, spreadsheet automation vendors, and translation studios receive narrowly scoped payloads. Agreements mandate confidentiality, onward transfer bans without identical protections, breach notification SLA mirrors, and annual penetration testing attestations wherever budgets allow.

Cross-border movement

When SCCs underpin transfers, Annex II technical measures reference encryption inventories. UK IDTA addenda attach when clientele demand British jurisprudence alignment. Copies of prevailing transfer frameworks remain available upon verifiable solicitor engagement.

Security posture

Role-based access rotates quarterly passwords, dormant accounts terminate automatically, phishing simulations train facilitators quarterly, immutable backups segregate ransomware risk, penetration tests recur after major refactor branches.

Exercise of data subject privileges

You may solicit access, rectification, erasure, restriction, objection, or portability. Appeals receive acknowledgment within statutory windows. Denials reference appeal instructions. Supervisory authorities welcome complaints when dialogue stalls.

United States supplements

California residents may request twice per rolling year categories of information sold or shared; current commercial posture reflects no sale in the statutory sense. Sensitive personal information categories remain absent from collection lists. Colorado, Virginia, Connecticut, and Utah residents receive parallel channels once threshold registration duties activate.

Youth audiences

We do not conduct commercial surveillance of children under thirteen without verifiable parental consent aligned to COPPA standards. Educators remain responsible for institutional permissions when inviting adolescents to participate in awareness pilots.

Policy evolution

Material revisions surface at the top of this page with an updated timestamp mirrored in the hero reference. Continued interaction after notice constitutes acceptance where law permits; contractual partners may require explicit countersignatures.