Statement on Privacy, Shareability, Autonomy and Transparency
Statement on Privacy, Shareability, Autonomy and Transparency (PDAT Statement)
For Framer Framed, inclusivity, justice, autonomy and transparency are core values – both in our physical programming and in our digital activities. Digital autonomy plays an important role in this. Public organisations must retain control over their own technology, infrastructure and data. For us, this means developing and managing our own systems as much as possible, rather than relying on commercial platforms that do not share our values. These principles guide how we make our archives accessible, how we protect privacy, and how we actively involve our audiences and partners in the creation of knowledge.
Below, we outline our position on Privacy and Shareability, Autonomy and Transparency. As background to this statement, we refer to the Public Spaces Manifesto
1. Privacy
Framer Framed does not collect or use information for purposes other than those described in this privacy policy, unless prior consent has been obtained. Because we consider the careful handling of personal data to be important, such data is processed and secured with care. In this document, we explain which data Framer Framed collects and why this data is collected.
Principles we strive to uphold as much as possible are:
– User data is secure and is never shared with third parties for their own purposes.
– Users always have full access to all of their data.
– No data other than what is strictly necessary for the functioning of the software ecosystem are collected or stored.
– Insight into the origin of content is always guaranteed, making the spread of fake news more difficult.
– No single party will have full control over the user experience, governance or management of Framer Framed; we aim for a distributed form of control and governance.
– Framer Framed does not serve a political or commercial purpose beyond what is set out in publicly available documents.
How do we do this?
What is the collected data used for?
Framer Framed works with a wide range of partners: from professional organisations such as museums and universities, to small foundations, artist collectives, individual artists, team members, volunteers, visitors and other users of our locations. Our programmes range from exhibitions to educational and public programmes, workshops and guided tours. In order to maintain contact with all these users and audience groups, it is necessary to store personal data. In general, this data is provided directly by the partners themselves. For event registrations, Framer Framed uses third-party platform Stager, which collect names and email addresses on our behalf. These platforms act as data processors and may only process personal data according to our instructions and applicable data-protection legislation. Personal data is not shared with third parties for their own purposes. To maintain oversight of stored personal data, the platforms and locations where this data is stored are kept to a minimum.
Data storage
For data storage, Framer Framed uses its own on-site server. Since 2014, we have been working to bring our digital production tools under our own management. That year, we acquired our first server. At the time, it ran on the open-source platform OwnCloud; since then, several versions later, it now runs on NextCloud open-source software, with source code that is publicly available and transparent. This gives the organisation full ownership and control over the use and storage of data.
Internal file management & archiving
The folder structure on the file server is organised by department. This means employees only have access to files necessary for their work. Personal data is therefore accessible only within specific departments. After the completion of a project, the folder is moved to the ‘archive’, a section of the server to which no one has general access. Personal data remains stored there but is only accessible via an ‘archive’ account. Folders that do not follow a project cycle are archived at the end of each calendar year.
Website
As of 1 January 2026, we have stopped using Google Analytics to track visitor numbers on our website. We have replaced Google Analytics with Matomo. This software prioritises privacy by guaranteeing users full ownership of their data. Matomo runs on our own server, providing full control over collected data. Matomo includes built-in features to comply with legislation such as AVG, GDPR and CCPA. Tracking without cookie banners is possible thanks to data anonymisation, unlike data platforms that use data for advertising purposes. Matomo is a privacy-focused alternative to Google Analytics, designed to keep user data secure, private and exclusively for internal organisational use, thereby preventing data misuse.
Cookies on the website
The website www.framerframed.nl uses cookies (text files placed on computers) solely to help internally analyse what is and is not being read. Framer Framed does not use Google Analytics but the open-source tool Matomo (see above). Matomo collects data about website visits and usage in order to gain better insight into visitors and serve them better. This data is never shared with third parties, except in anonymised/abstracted form in subsidy accountability reports. These reports describe general visitor trends and do not address the browsing behaviour of individual users. The data cannot be traced back to individual users, is not used commercially, and therefore cannot be used for personalised advertising. In line with GDPR compliance and our principle of putting the user first and ensuring the best possible user experience, no pop-up is used.
Newsletter
Visitors to the Framer Framed website can subscribe to the monthly digital newsletter via the website. Each email includes an option to unsubscribe. The newsletter is sent via MailerLite, where address management takes place. This is the only storage of personal data outside Framer Framed’s own server. No copies of this file are stored elsewhere. The intention is to replace this platform in the future with an open-source system under our own management. Framer Framed does not combine the newsletter address list with other personal data the organisation may hold and does not share these addresses with third parties.
Which personal data?
The collection of personal data is kept to a minimum by default. When used, it is for subsidy accountability or for improving service/information and is anonymised. When people subscribe to the newsletter, no names or dates of birth are requested, as this information is not necessary for sending the newsletter.
How long is personal data retained?
This depends on the purpose of the data. If someone has subscribed to the newsletter, data is retained for as long as the person remains subscribed. Personal data included in contracts is retained for at least seven years in our administration, in accordance with legal requirements of the Dutch Tax Authority.
Sharing with third parties
Personal data is not shared with third parties for their own purposes. We regularly receive requests to share personal data of people we work or have worked with, for example journalists wishing to contact an artist. In such cases, we reply to the email with the person concerned in BCC, allowing them to decide whether or not to respond, without sharing contact details. Phone numbers are generally not shared.
Deletion of personal data
Framer Framed offers all visitors and business contacts the possibility to view, correct, modify or delete their personal information. All contacts have the right to object to the processing of personal data and the right to withdraw consent for data processing at any time.
Server under our own management
If someone sends an email or other messages to Framer Framed, these are stored on our own server, which runs on the Netherlands-developed open-source software Stalwart. As a result, email-derived data, including personal data, is not searchable by third parties (unlike Gmail or Office 365). Storing emails is necessary to process questions and respond to requests. Framer Framed does not combine this data with other personal data it may hold, nor share them with third parties. For video conferencing, we use BigBlueButton, open-source software for educational purposes developed by Carleton University in Canada. This software also runs on our own server and is therefore not accessible to external parties (unlike widely used Zoom, Teams or Google Meet). We aim to reduce our dependence on Google by encouraging the use of alternative search systems within the organisation.
Changes
Our privacy policy is aligned with the use and possibilities of delivering and receiving services at a specific moment. Due to rapid technological developments, interim adjustments may be necessary. Any changes may lead to policy updates. It is therefore advisable to consult this privacy statement regularly and adjust where necessary.
2. Shareability, Autonomy and Transparency
Europe must formulate a response to its dependence on Big Tech. The cultural sector can play a role in this by experimenting with new forms of technology that are self-developed, prioritise self-management and privacy, and keep data under their own control. Increasingly, platforms operate according to a new organisational principle, often referred to as federalism, where data is stored and shared under one’s own management, via one’s own servers and on one’s own terms, giving users back control over their data.
Despite the enormous potential of online networks to transform everyday democratic decision-making or enable citizens to shape their own (economic) futures, today’s internet has done little to challenge old power structures. One could conclude that the internet has become increasingly centralised, creating new global powers.
We believe online networks have enormous potential to help people and communities share data, collaborate and organise their activities to address major challenges. Making the cultural sector less dependent on Big Tech by building its own media infrastructure is both a challenge and an objective. In the coming period, we will focus on developing open data platforms for (cultural) organisations to share their activities with the public without relying on commercial platforms. We believe this can be achieved by embracing the following principles. Naturally, the organisation views this as a ‘work in progress’. Not all objectives are currently achievable or feasible, but there is an annual PDAT plan (Privacy, Shareability, Autonomy and Transparency) in which objectives are defined for each policy period and the organisation aligns itself with the principles below (derived from the Public Spaces Manifesto):
Open
– The software ecosystem is equally accessible to every person, network or organisation.
– The software ecosystem functions independently of influence from governments, commercial entities or other political forces.
Transparent
– The technology used is fully transparent and verifiable.
– The governance policy of the software ecosystem is fully transparent and verifiable.
Responsible
– Users are verifiable and the origin of content can be fully disclosed.
– The software ecosystem guarantees the best possible protection of data – both content and user data.
– The software ecosystem does not store or own any personal data of its users.
– Management and governance of the software ecosystem are bound by statutes that guarantee independence from commercial or political influence.
Sovereign
– Users are not products – the well-being and self-determination of users always come first.
– Users have full control over their personal data, content and interactions.
User-centered
– The software ecosystem applies ‘privacy by design’ as a fundamental design principle.
– The software ecosystem avoids so-called ‘dark patterns’: tricks used by software designers to entice users into behaviour they would not otherwise choose.
Questions and feedback
Framer Framed regularly checks whether the organisation complies with this privacy policy. If you have questions about this policy, you can contact us.
This statement can be found on the website www.framerframed.nl
This statement was first published in May 2018 and was last updated on 08-01-2026.