HomeResearchServicesAdvocacyGet InvolvedAbout
Page

Cookies & Privacy Policy

Privacy and Cookies Policy
Last updated: May 2026

This Privacy and Cookies Policy explains how Planetary Resilience Institute (PRI) may collect, use, store, and protect personal data when users visit the website, contact the institute, or interact with website features.

1. Controller information
Planetary Resilience Institute (PRI)

Email: Info@planetary-resilience.org
Address:
Planetary Resilience Institute
Tallinn, Harju maakond, 11415, 
Estonia

Kronenburggasse 25
99084 Erfurt
Germany (in Gründung (i. G.))

Unless and until more detailed legal registration information is provided, website users may use the contact email above for all privacy-related questions, requests, and notices relating to personal data processing on the website.

2. Scope of this policy
This policy applies to the public website of PRI and to personal data processed through normal website operation, email contact, inquiry handling, and basic website security and administration. It is written as a general website privacy and cookies policy and should be updated if the website later adds newsletters, user accounts, event registration forms, embedded social media, donation tools, payment services, analytics tools, or advertising technologies.

3. Categories of personal data processed
Depending on how the website is used, the following categories of data may be processed:

  • Technical connection and usage data, such as IP-related server information, date and time of access, browser type, operating system, device type, referring page, requested URL, and basic server log information.
  • Communication data, such as name, email address, organization name, and the content of messages sent by users through email or website forms.
  • Voluntarily provided information, such as any information a user chooses to provide in connection with research collaboration, advisory inquiries, partnership requests, or general communication.
  • Cookie and similar technology data, where cookies or similar tools are used on the website.

4. Purposes of processing
Personal data may be processed for the following purposes:

  • To provide and technically operate the website.
  • To maintain website security, stability, and protection against misuse.
  • To respond to inquiries and communicate with users.
  • To administer and improve website content and functionality.
  • To document communication relating to PRI’s research, advocacy, advisory, and organizational activities, as those activities are described in the source document.
  • To comply with legal obligations and defend legal claims where necessary.

5. Legal bases for processing
Where the General Data Protection Regulation (GDPR) applies, PRI may process personal data on one or more of the following legal bases:

  • Performance of a contract or steps prior to entering into a contract, where a user requests information or services.
  • Compliance with legal obligations.
  • Legitimate interests, including website operation, IT security, communication management, and protection against misuse, provided such interests are not overridden by the rights and freedoms of the data subject.
  • Consent, where consent is required by law, especially for non-essential cookies or similar technologies.

6. Contact by email or contact form
If a user contacts PRI by email or by a website contact form, the information submitted by the user may be processed for the purpose of handling the inquiry, replying to the request, maintaining correspondence, and documenting communication where operationally necessary. The document attached to this request shows the public contact email (Email) and identifies PRI’s fields of activity in research, advocacy, advisory, evaluation, and capacity building, which makes inquiry handling a foreseeable part of normal website operation.

Users should avoid sending highly sensitive personal data by unencrypted email unless clearly necessary, because email communication can involve security risks beyond the operator’s complete control.

7. Server log files
When users access the website, the hosting environment may automatically record technical information in server log files. This may include IP-related information, timestamps, browser and system information, requested resources, response status, and similar metadata required to operate and secure the website.

This processing is generally necessary to provide the website, detect technical errors, ensure system security, prevent abuse, and investigate incidents. Server logs are not used to personally identify visitors unless this is necessary for security, legal compliance, or the investigation of abuse.

8. Cookies and similar technologies
The website may use cookies and similar technologies to ensure technical functionality, improve usability, remember user preferences, protect security-related functions, and, if later enabled, measure website performance or analyze usage behavior.

Cookies are small text files stored on a user’s device by the browser. Some cookies are necessary for the operation of the website, while others may be optional and require user consent depending on applicable law.

9. Categories of cookies
The website may use the following categories of cookies:

  • Strictly necessary cookies: These cookies are required for the website to function properly, for example to support page delivery, security, load balancing, form protection, or language or cookie-preference settings.
  • Functional cookies: These cookies remember user preferences and improve convenience, for example by remembering display settings or selected options.
  • Analytics cookies: If analytics tools are used in the future, these cookies may help understand how visitors use the website, which pages are visited, and how the website can be improved.
  • Embedded-content cookies: If the website later includes videos, maps, social media content, or third-party media, those services may place cookies or collect data when content is loaded.

10. Cookie consent
Where legally required, non-essential cookies should only be activated after a user has given valid consent through a cookie banner or consent management mechanism. Strictly necessary cookies may generally be used without prior consent where permitted by law.

Users should be able to withdraw or change cookie preferences at any time through the website’s consent settings, where such settings are implemented.

11. Third-party services
If the website uses third-party services such as embedded videos, maps, fonts, analytics providers, spam protection tools, newsletter tools, donation platforms, event tools, or social media integrations, those providers may process personal data in their own capacity or on behalf of the website operator.

Because the attached document does not list the actual technical stack or third-party providers for the live website, this policy does not name any specific provider at this stage. That information should be added before publication if the website uses such services.

12. Recipients of data
Personal data may be shared, where necessary and lawful, with:

  • Website hosting and infrastructure providers.
  • Technical service providers supporting website operation, maintenance, or security.
  • Email and communication providers.
  • Professional advisers, legal counsel, or authorities where required by law or necessary to protect rights and legitimate interests.

Data will not be sold to third parties for advertising purposes unless this is explicitly disclosed and a lawful basis exists.

13. International data transfers
If service providers are located outside the European Economic Area, personal data may be transferred to countries that may not offer the same level of data protection as the European Union. In such cases, transfers should only take place where appropriate safeguards are in place, such as adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms.

14. Data retention
Personal data is retained only for as long as necessary for the purposes for which it was collected, including communication handling, legal compliance, security monitoring, documentation, and the resolution of disputes.

As a general rule:

  • Server log data is retained only as long as necessary for technical and security purposes.
  • Inquiry and correspondence data is retained for as long as necessary to handle the request and maintain appropriate organizational records.
  • Consent records may be retained for as long as needed to demonstrate compliance with applicable legal requirements.
  • Where statutory retention obligations apply, data may be kept for the required legal period.

15. Security measures
PRI may use appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or unlawful disclosure. Such measures may include secure hosting, access controls, software updates, transport encryption where available, limited access to communication data, and security monitoring.

However, no internet transmission or electronic storage system can be guaranteed to be completely secure. For that reason, users should exercise care when transmitting information online.

16. Rights of data subjects
Where the GDPR or similar laws apply, users may have the right, subject to legal conditions and limitations, to:

  • Request access to their personal data.
  • Request correction of inaccurate data.
  • Request deletion of data.
  • Request restriction of processing.
  • Object to processing based on legitimate interests.
  • Request data portability where applicable.
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with a competent data protection supervisory authority.

Privacy-related requests may be sent to: (Email)

17. Children’s data
The website is not intended for children unless expressly indicated for educational or public-interest outreach purposes. Personal data should not knowingly be collected from children without an appropriate legal basis and, where required, parental or guardian authorization.

18. External links
The website may contain links to third-party websites. PRI is not responsible for the privacy practices, content, or data handling of external websites. Users should review the privacy notices of those third-party services separately.

19. Changes to this policy
This Privacy and Cookies Policy may be updated from time to time to reflect legal, technical, or organizational changes, or updates to the website’s services and features. The latest version should always be published on the website with an updated effective date.

20. Contact for privacy matters
For privacy, cookies, or data protection questions, requests, or concerns, contact:

Planetary Resilience Institute (PRI)
MTÜ
Email: info@planetary-resilience.org

Address: Planetary Resilience Institute
Tallinn, Harju maakond, 11415, 
Estonia

Kronenburggasee 25
99084 Erfurt
Germant (in Gründung (i. G.))