1. Privacy & GDPR (with DPIA)

● We collect only what’s necessary (name, contact, anonymised learning/engagement data where possible).● Purposes: learning delivery, impact evaluation, donor reporting.● Legal bases: consent/contract / legitimate interest; retention periods are defined.● People’s rights: access, rectification, erasure, restriction — contact ue.retnecpid%40atad (Data Protection Lead).● Storage in the EU, with role-based access; a DPIA is conducted for higher-risk processing.● Security: pseudonymisation, encryption in transit, secure deletion; incident response within 72 hours.

2. Safeguarding & EDI (Equality, Diversity & Inclusion)

● Principles: safe participation, non-discrimination, do-no-harm, trauma-aware facilitation.● Who’s covered: participants, staff, volunteers, contractors.● Reporting: channel, response times, escalation; confidentiality guaranteed.● Adaptations: language support, accessibility cues, referral to specialised services.● Training & vetting: roles, onboarding, checks where needed; Code of Conduct acceptance.

3. Anti-fraud & Procurement

● Principles: integrity, competition, proportionality, full documentation.● Simple thresholds (adapt to your grant/country):● up to €1,000 — single invoice/market screenshot;   ● €1,000–€10,000 — 3 written quotes;   ● €10,000–€30,000 — simplified tender;   ● over €30,000 — full tender procedure.● Conflicts of interest: mandatory declarations and recusals.● Controls: segregation of duties, delivery verification, spot checks.

4. Intellectual Property & Open-Licensing

● Ownership defined by project agreements; contributors acknowledged.● Open by default: publications under CC BY 4.0; code under MIT/Apache.● Exceptions: personal data and third-party assets/logos (need explicit permission).● Reuse: citation format, versioning, repositories (e.g., Zenodo/OSF).

5. Accessibility (WCAG 2.1 AA) Accessibility Statement

● Scope: website, PDFs, videos/captions, third-party embeds.● Target: WCAG 2.1 AA, with periodic testing.● Known issues (if any) with remediation timelines.● Authoring rules: alt text, colour contrast, proper headings, no image-only PDFs.● Feedback channel and response SLA.

6. Whistleblowing (Reporting Concerns)

● Simple form (3 fields): name (or anonymous), contact, description.● Timelines: acknowledgement within 48 hours, then clear investigation steps.● Protection: confidentiality; no retaliation.

7. Risk Register & Mitigation

● Risks with: description → likelihood/impact → mitigation → owner → status.● Review cadence: quarterly or after trigger events.