An open debate on ePrivacy and GDPR compliance

Privacy Policy

COMPLY.ORG is hosted and managed by PrivacyCloud SL, of Ponzano 51, 28003, Madrid (Spain). We act as data controllers when processing data about: a) Accredited privacy professionals applying to participate - and subsequently doing so - in the review of non-compliance alerts reported by end users of the Consent Manager browser extension ("verifiers"); b) Website operators submitting counterclaims; c) COMPLY.ORG visitors submitting their own feedback through the contact form provided. In particular:


Accredited lawyers from any jurisdiction (EU or not) may apply to become "verifiers" through the form provided. Should you choose to do so:

We will request your name and email address. You will also be asked to identify your local Bar/Law Society as well as credentials of your privacy expertise. We will use your contact details to reach back to you with and invitation to join us (or a kind rejection including our grounds for it).

Your credentials are initially used as a mere filter. However, such details will be stored together, and published alongside your full name on a "verifier details" page if admitted to the program.

Your email address will be used to submit verification requests and/or introductory exchanges with website operators aiming to make a counterclaim.

We expect you to know your rights :) You may exercise them by submitting your specific request to dpo[@]

Website operators

Should you choose to appeal against the inclusion of your organization’s website on the COMPLY.ORG list, you may fill out the form provided requesting a fresh manual review and its subsequent removal (when applicable).

By filling out such form, we will store the name of your organization, your name and email address, as well as your title or position within (or on behalf of) the said organization. These are only used in connection with your own request: we may either write to you directly or (at your request) share your contact details with the "verifier" in charge of your company’s website.

In no case will we store your personal data for purposes beyond the said exchange, or transfer your contact information to unrelated third parties. You may exercise your rights at any time by sending your request to dpo[@]

COMPLY.ORG visitors: Cookies

COMPLY.ORG employs first party cookies for pure statistical purposes. These cookies expire at the end of each session, and are never used for individual analysis, profiling, or advertising purposes. You may opt-out of them by using both your browser settings and the Google Analytics opt-out tool.

We follow the criteria of CNIL (French Supervisory Authority) to avoid cookie banners with regards to such aggregate audience measurement cookies.

If you fill out our contact/feedback form, we will use your contact details to get back to you where appropriate. We have no use for your personal information beyond attending your own request: your data will never be used for other purposes, or transfered to third parties.

Automated decisions and profiling

PrivacyCloud does not rely on data-driven automated decisions or profiling with regards to the data gathered through COMPLY.ORG.

Data sharing and international transfers

PrivacyCloud will not transfer your data to any countries outside the EEA that have not been identified by the European Commission as providing an adequate level of protection for your privacy.

Access to your information, correction, and portability

You may also exercise your access, rectification, erasure, and (where applicable) data portability rights by reaching out to PrivacyCloud directly.


We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information we collect from you.

Data Protection Officer

Our Data Protection Officer ("DPO") is D. Ignacio Menéndez-Manjón Tartiere, who can be reached at dpo[@]

In accordance with Article 38 of the GDPR, you may contact our DPO if you find any difficulties in the exercise of your rights. This may include any issues regarding our self-service tools, or your preference for a direct exchange through other means of communication.

Complaining to a supervisory authority

If you feel we have not dealt with your concern and that we are failing to properly protect your personal data or meet our legal obligations, you can report this to your local data protection regulator or Spain’s Data Protection Agency ("AEPD"). More information on reporting a concern to the AEPD can be found at