This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Compliance

Balean’s Compliance handbook

1 - ANBI Status

Balean is a foundation that aims at the general interest. For that reason we publish our statutes.

Dutch text below

Details

The Balean foundation is legally registered under the following name and address:

Stichting Balean
Provincialeweg 21
5835 CZ Beugen
The Netherlands

KvK (Chamber of Commerce) registration: 95267565
RSIN number: 867065710

Public Interest Organisation

Balean has requested to be identified as an organisation for public interest (ANBI status). This request is pending and not yet approved.

Purpose

According to our statutes (in dutch), Balean has the following purpose:

  1. The aim of the Foundation is to connect organisations active in the conservation, protection and recovery of oceans and seas worldwide on the one hand and society, individuals, organisations, businesses and (semi-)governments on the other hand, as well as all anything that is related to the above in the broadest sense, is related to the above and/or can be conducive to the above.
  2. The Foundation tries to achieve its objective by, among other things:
    • raising funds;
    • providing information;
    • creating a dialogue between the parties mentioned above; and
    • all other legally permissible ways.
  3. The objective of the Foundation includes: accepting (or rejecting or not accepting) acquisitions by inheritance or gift, also if a charge or obligation is attached thereto.
  4. The Foundation aims at the general interest and has no objective of making profit.

The above mission statement is translated from the statutes. The Dutch version is the original text.

Statutes

A copy of the statutes of the Balean Foundation is publicly available for review via this link. The statutes are in dutch and provided as is. The formal copy is deposited at the notary (Notariskantoor Teeuwen in Boxmeer, The Netherlands).

Strategy plan

The Balean Foundation (Stichting Balean) wrote a strategy plan in Dutch with justification and policies around the goals of the Foundation and a multi-year plan from inception through 2026. If you are interested in this plan, you can download it via this link.


Dutch

ANBI

Balean heeft een verzoek ingedient om aangemerkt te worden als ANBI. Dit verzoek is nog in behandeling.

Doelstelling

Zoals beschreven in onze statuten heeft de stichting het volgende doel:

  1. De Stichting heeft ten doel het verbinden van organisaties actief in het behoud, bescherming en herstel van oceanen en zeeën wereldwijd enerzijds en de maatschappij, individuen, organisaties, ondernemingen en (semi-)overheden anderzijds alsmede al hetgeen in de ruimste zin met één en ander verband houdt, daartoe behoort en/of daartoe bevorderlijk kan zijn.
  2. De Stichting tracht haar doel onder meer te bereiken door:
    • het werven van fondsen;
    • het geven van voorlichting;
    • het creëren van een dialoog tussen de hiervoor gemelde partijen; en - alle overige wettelijk toegestane manieren.
  3. Tot de doelstelling van de Stichting is mede begrepen: het aanvaarden (of verwerpen dan wel niet aanvaarden) van verkrijgingen krachtens erfrecht of schenking, ook als daar een last of verplichting aan is verbonden.
  4. De Stichting beoogt het algemeen belang en heeft niet ten doel het maken van winst.

Statuten

Een kopie van de statuten van de stichting zijn te downloaden via deze link. Deze statuten zijn een kopie van de oorspronkelijk door de notaris opgestelde statuten. De officiële statuten zijn gedeponeerd bij Notariskantoor Teeuwen te Boxmeer.

Beleidsplan

Stichting Balean heeft een beleidsplan opgesteld met een verantwoording en het beleid rondom de doelen van de Stichting en een meerjarenplan vanaf oprichting tot en met 2026. Dit beleidsplan is te downloaden via deze link.

2 - Confidentiality

How we protect data confidentiality

Content confidentiality

Every organisation manages information with different levels of confidentiality. Based on its confidentiality, different protection levels will be in place.

To identify the confidentiality of an asset, we use the following confidentiality ratings:

RatingDescription
publicEveryone in the world can view the content and suggest changes via a Merge Request.
protectedEveryone in the world can view the content changes but only a restricted group of people can approve changes.
internalOnly people internal to Balean are allowed to view this content or suggest changes.
confidentialThis content is confidential and only visible to a specific group of people. Only this specific group of people can suggest changes and publish them.

Safety measures

For each confidentiality rating, different safety measures apply.

Public information

Information that is public to everyone will be published in this handbook. The handbook is open to everyone in the world. This public handbook makes how Balean works open and transparent. Any procedures, processes or other information related to Balean can be treated as public if it cannot harm Balean, its team members or any of Balean’s partners or customers in any way. Keep in mind that information can be used for phishing attempts and social engineering hacks. Giving away too much information may be used for such attempts. If you are unsure if information can be public, treat it as internal instead and ask for internal guidance.

Examples of non-public information include: data about people or partner organisations, specific details inside of a process, policy or procedure that could potentially help to gain access to systems owned by Balean. Think about details like usernames, IP-addresses, server names, network details, internal URL’s, bank account details, etc.

Anyone can propose changes to public pages by opening a merge request or an issue in the corresponding project. Every handbook page has a link to edit the page. Every change request will be reviewed by a Balean team member before being published in the handbook. Every Balean team member can approve changes and merge changes to public pages.

Protected information

Protected information is still publicly visible in the handbook but has a more thorough process for reviewing. Information is protected when the information in question is strategic to Balean in general or if the information in question applies to processes or procedures related to team members of Balean. Examples are Balean’s values since it is strategic to Balean in general, or community code of conduct since it applies to team members of Balean.

Changes to pages that are rated as protected must be reviewed and merged by a designated team within Balean.

Internal information

Information is rated as internal when it would harm Balean in any way if people outside Balean would see it. Examples of internal information are for example meeting minutes of meetings, non-public roadmaps or business plans. Internal information should never be added to the handbook, since the handbook stores information in a public space.

If information is internal, then that information is typically stored in Balean’s Google Drive or in applications that are only accessible by Balean team members. Any new information must be treated as internal unless you are sure that it can be shared to the public.

Confidential information

Information should be treated as confidential when it can be used to identify single people, organisations, servers, systems or other. Information must also be treated as confidential when it can be used to harm Balean, individual people or other organisations. Information that is rated as confidential should only be visible to the people with whom it is explicitly shared and who should have access to that information to do their job. Access to confidential information must be tracked and reviewed regularly.

When information is confidential it should never be stored in a public space, like the Balean handbook. When stored in Google Drive, then it must be stored in a location where specific people have been giving access to. Confidential information stored in a folder that is shared with certain groups has the risk of being shared with more people than desired when people are being added to that group.

When confidential information is stored in other systems than Google Drive, then that system must be reviewed separately. Especially when systems contain personal data, it must be reviewed for GDPR compliance.