Last updated January 31, 2020
WHO WE ARE
We are the International Digital Accountability Council (IDAC) and you can find our contact information below. If you have any questions about how we use personal information or any requests relating to your information, please send an email to firstname.lastname@example.org.
WHAT PERSONAL INFORMATION WE COLLECT AND USE
Generally, processing personal information is incidental to our operations. The categories of personal information we process on a regular basis may include names, professional affiliation, contact details, and communications submitted to us.
In performing our core activities, we may also obtain the contact details and affiliation of organizations or professionals, including developers, from publicly available or other sources.
WHY AND HOW WE USE PERSONAL INFORMATION
We use the personal information we collect and retain in the context of investigations and related reporting, to send communications related to our work, and for other IDAC related efforts.
Our emails may include web beacons or similar technologies to track when recipients open the emails to provide us with analytics information about our email communications, such as if the email was opened. Please choose plain text email in order to decline this tracking.
WHO HAS ACCESS TO PERSONAL INFORMATION
Sometimes we may share personal information with our partners. This happens when we perform investigations or engage in initiatives jointly with other entities.
We may also share your information with third parties that are our vendors and process personal information on our behalf and for no other purposes. For example, we may use:
- an email delivery service,
- an email and virtual common workplace service provider,
- a provider of cloud services,
- an online conference system provider,
- a Customer Relationship Management service provider,
- an online registration service provider (for participation to events we organize).
All of these service providers are based in the US.
We will share your information with government authorities only if the law requires us to do so or, in the case of IDAC formal investigations, as determined appropriate to address or remediate investigation findings.
We keep personal data for as long as necessary to facilitate our work. The period of time varies.
Information specifically related to investigations, including initial complaint reports, supporting investigation documentation, and final reports may be retained indefinitely.
We will retain our Newsletter subscriber information until we receive an opt-out request or our emails are reported as undeliverable. In these cases, we will remove the email address from our newsletter database.
We will store contact details of registrants for our events and may use this information to send notice of future events and other IDAC information, unless or until we receive a request to delete the information.
We implement appropriate technical and organizational security measures designed to protect the security of the personal information we process. Although we do our best to protect your personal information, please remember that no one can guarantee that the internet itself is 100 percent secure.
ARE YOU BASED IN THE EU/EEA?
If you are in the EU or EEA and interact with us, the processing of your personal data (or personal information) may fall under the General Data Protection Regulation. This depends on whether your personal data is processed in the context of us providing you services or monitoring your behavior. In addition to all of the above information, the following is applicable to you as well:
Legal Basis and Purpose
Know that we are a controller in the processing of personal data in relation to conducting our activities. We process your personal data:
- on the basis of consent when you subscribe to our newsletters, when you request to be included among our contacts, such as for future events, or to follow our activity, and when our website places non-essential cookies on your device,
- on the basis of necessity to enter a contract or for the performance of a contract when you provide us information, such as to register for participation to the conferences and other events we organize,
- on the basis of our legitimate interests to:
- communicate with relevant representatives and organizations for the purpose of initiating and facilitating investigations; we can rely on this ground, since there is a clear expectation the relevant representatives of such organizations and those involved in ongoing investigations may be engaged in our activities and that we will communicate with them.
- engage with relevant stakeholders to promote principled data practices in support of emerging technologies, we obtain and maintain your professional contact details, using them to contact you as one of our stakeholders; we’ve balanced your rights and our legitimate interest and we believe that the small amount of personal data we process, the type of data (your professional contact information and your affiliation), your probable expectation to be contacted in relation with your professional expertise, as well as your ability to opt-out of this processing at any time.
You have the right to obtain access, rectification, erasure, restriction of personal data, portability of personal data, and to object to the processing under the conditions and restrictions laid out in Chapter III of the GDPR. You can also withdraw your consent at any time, when processing is based on consent, as described above. Just send us an email at email@example.com with any request you may have regarding these rights.
We transfer your personal data to the United States whenever you interact with us. The US has not sought, nor obtained adequacy status from the European Union. The EU-US Privacy Shield framework obtained an adequacy decision. The level of protection of your personal data is not deemed equivalent to the one in the EU, unless the receiving organization is self-certified under the EU-US Privacy Shield. As a not-for-profit organization, we are not able to adhere to the EU-US Privacy Shield Principles.
We transfer your personal data on the basis of the derogations in Article 49 GDPR, particularly:
- consent, for newsletter subscribers and processing in relation to addressing your inquiries;
- necessary to enter into and for the performance of a contract such as for registration to participate in our programs;
- our compelling legitimate interests to engage with stakeholders to advance our mission and bridge the understanding of the American and European privacy cultures, for obtaining the professional contact details and communicating with stakeholders for sending occasional invitations to events or exchanging information. For this last derogation, we take into account that we only process personal data occasionally, mostly from publicly available sources, concerning a very limited number of data subjects, in a non-intrusive way and posing no risks to rights of individuals.
As a matter of principle, we do not engage in any onward transfers regarding your data, beyond the access that our processors have to your data. Exceptionally, we share personal data with our partners when we organize events jointly. We select carefully our processors and our partners, having regard to their stance related to privacy, to their adherence to the EU-US Privacy Shield Framework or their implementation of other mechanisms that ensure lawful transfers of personal data from the EU.
If you have concerns, questions, or requests about how we process personal data, email firstname.lastname@example.org. If your concerns are not satisfactorily addressed, you can contact the data protection Supervisory Authority in your country, pursuant to Article 77 GDPR.
WHAT ARE COOKIES?
Cookies are small data files stored on your device when you visit a website. They enable the website to remember your actions, preferences, and other information related to your visit (such as number of visits, login data, preferred language, time spent on the website, etc.), for a certain period of time.
HOW DO YOU CONTROL COOKIES ON OUR WEBSITES?
If you access our website from the European Union or the EEA: By default, when you access any of our websites, we only place cookies that are essential for that website to function on your device. You can accept additional cookies (such as those for analytics, social media plugins, or advertising purposes) through the control panel that appears when you access our websites. We will not place any cookies that are not necessary for the website functionality on your device unless you accept them from the banner.
WHAT COOKIES DO WE USE?
Our website uses different categories of cookies:
Necessary cookies help make the website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies. If you access our website from Europe, we may use a cookie to remember if you have agreed or not to the use of analytics, social media, or advertising cookies. Your options are remembered for 12 months.
Statistical cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Marketing cookies can be used to track visitors across websites. The intention is to display ads that are relevant to the individual user and thereby more valuable for publishers and third party advertisers.
If you access our website from Europe, you will see an updated list of individual cookies in the pop-up banner through which you make your choice.
Contact us at email@example.com.