Effective: May 25, 2018
INTRODUCTION
This privacy policy (this “Privacy Policy”) is provided to explain the online information practices of the Essl Foundation (“Essl Foundation,” “us” or “we”) and the choices you can make about the way that data, which directly or indirectly identifies you (“Personal Data”) is collected and used at the Essl Foundation. We are a foundation established in Vienna, Austria with headquarters at “Haus der Philanthropie, Schottenring 16/3.OG, A-1010, Vienna”. For the purpose of the General Data Protection Regulation (the “GDPR”), we are the data controller. We use your Personal Data only in accordance with the following principles and in compliance with applicable data protection laws including the GDPR.
The official language of this Privacy Policy shall be in the English language except as required by local law. Any translations of this Privacy Policy shall be for reference purposes only. The terms of this Privacy Policy in the English language shall prevail over any terms of any translations hereof in the event any dispute arises regarding any conflicting terms.
Please read this policy carefully so that you understand your rights in relation to your Personal Data, and how we will collect, use and process your Personal Data. If you do not agree with this Privacy Policy in general or any part of it, you should not access the Essl Foundation Site (“Site”). This Privacy Policy is effective as of the effective date listed above and is subject to change as set forth below in “Changes to the Essl Foundation Privacy Policy.”
INFORMATION WE COLLECT
The Site’s web servers collect standard internet log information during user visits to the Site. This information is used to assist with troubleshooting issues with the Site including performance and security related functions. In addition to server logs, the Site also uses the Google Analytics service to help us assess how users access and utilize the Site by collecting bits of information, such as statistical usage and telemetry information including an anonymized version of your IP address. This information is used to create aggregate statistics about the operation and use of the Site such as when the Site is accessed, the pages which refer visitors to the Site, and other information that helps us understand how the Site is used and how it might be improved in the future.
Like many services, Google Analytics uses first-party cookies to track user interactions as in our case, where they are used to collect information about how users use our Site. This information is used to compile reports and to help us improve our Site. The reports disclose website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our Site – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.
In general, when you visit the Site we only incidentally collect such information as your IP address and/or information about your browser or computing device that enables us to provide you with access to the Site and appropriate content. There are instances, however, on which you need to provide additional Personal Data especially to register for the Essl Foundations conferences (“Conferences”), or when nominating your own practice/policy on a database provided by the Essl Foundation.
Such Personal Data will/could include:
• name, address, website address, social media handle, and contact information;
• organization (including the organization’s name, website, phone number, and address), fields of work, languages and location;
• the results of any questionnaires that you agree to respond to.
You may also provide to us Personal Data related to other people, for example to nominate a practice/policy for the Conference or recommend someone for employment. As part of this process, you will need to provide Personal Data, such as name, contact information, location, organization, fields of work, and other related information, to us about persons other than yourself. You agree to and confirm that you have sought and received consent to share such person’s Personal Data with us prior to submission. On request the Essl Foundation will delete such Personal Data.
HOW WE USE THE PERSONAL DATA WE COLLECT
As it is in our legitimate interests to be responsive and to ensure the proper functioning of our products and organization, we will use Personal Data to: provide requested information about our organization, evaluate nominations, respond to requests for information, process questionnaire responses submitted, and to register to, and accommodate participants at Conferences. We will also use the Personal Data we collect to improve the Site and to ensure the Site’s content is presented in the most effective manner; administer the Site, and for internal operations including troubleshooting, data analysis, testing, research, statistical and survey purposes, or to keep the Site safe and secure.
With your consent, we will use your Personal Data for the reasons stated above. You may revoke this consent at any time by using any such provided “unsubscribe” link or by contacting us at privacy@esslfoundation.org.
We will share Personal Data with selected consultants and providers, when necessary to deliver the objectives of the Essl Foundation. Our agreements with these entities require that they keep your Personal Data confidential and only use your Personal Data to the extent necessary to perform their functions and not for any other purpose. We also contract other companies and individuals (collectively Service Providers) to perform functions on our behalf:
• We use third-party expertise to evaluate incoming nominations, using a peer review approach.
• We use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. For more information about Google Analytics privacy practices, see their Privacy Policy;
• We use a third-party provider, the International Center for New Media, to process form data submitted securely through the site. For more information about the International Center for New Media privacy practices, see their Privacy Policy;
• We use a third-party provider, Highrise, to manage constituent data that we use to facilitate our communications, process registrations, and process nominations. For more information about Highrise’s privacy practices, see their Privacy Policy;
• We use a third-party service, WPENGINE, to host our website. We incidentally gather standard internet log information to enable us to troubleshoot issues with the site infrastructure. For more on WPENGINE’s privacy practices, see their Privacy Policy;
• We use a third-party service, Dropbox, to store our data. For more on Dropbox’s privacy practices, see their Privacy Policy;
• We use a third-party service, Attendify, to register people to and accommodate people at our Conferences. For more on Attendify’s privacy practices, see their Privacy Policy;
• We use a third-party service, Amazon Web Services, Inc., to manage static data. For more information about Amazon Web Services, Inc’s privacy practices, see their Privacy Policy;
• We use a third-party service, mabacher.com, to consult us on our social media and Site activity. For more information about mabacher.com’s privacy practices, see their Privacy Policy;
• We use a third-party service, schultes.IT, to assist us with the maintenance of our IT systems. For more information about schultes.IT’s privacy practices, see their Privacy Policy;
• We use a third-party service, Ashoka gemeinnützige GmbH, to consult us on incoming nominations for Conferences and delivers side projects, such as the Zero Project Impact Transfer. For more information about Ashoka gemeinnützige GmbH’s privacy practices, see their Privacy Policy;
• We use a third-party service, Cezar Neaga e.U, to maintain the technical aspects of our website. For more information about Cezar Neaga e.U’s privacy practices, see their website.
We will take reasonable steps to ensure that these Service Providers keep Personal Data confidential and only use Personal Data to the extent necessary to perform their functions and not for any other purpose.
HOW LONG DO WE STORE PERSONAL DATA?
We will retain information as follows:
• technical data (e.g., IP address, device information) incidentally collected when you visit the Site will be retained for (90) ninety days;
• if you sign up for communications from us, we will keep your information until you unsubscribe after which we will retain only that information that will enable us to respect your unsubscribe preference.
• If you nominate yourself or a third party, we will keep your information for a period of time that is necessary to facilitate the nomination process, provide you with notifications about the nomination.
• If you are an awardee, the Essl Foundation will include your name and email address in their annual, printed report.
• If you are an expert consultant, helping the Essl Foundation to process nominations, we will keep your information for a period of time that is necessary to facilitate the nomination process, provide you with notifications about the nomination.
• If you register for a Conference, we will keep your information for a period of time necessary to facilitate you and your needs for the Conference process, provide you with notifications about the logistics of the Conference. We delete all Sensitive Data (2) two months after the Conference.
• If you are a (network) partner of the Essl Foundation, we will keep your information for a period of time that is necessary to facilitate the partnership.
• if you apply for a position with the Essl Foundation, we will keep your information for a period of time necessary to facilitate the hiring process. If you are a successful candidate, will be retained your information as part of your employee file for the duration of your employment plus (7) seven years following the end of your employment.
At the end of the retention period we may store your information in an aggregated and anonymized format to help us understand historical behaviors and to enhance the Site.
Your Personal Data will be retained for longer if required by law or a court order and/or as needed to defend or pursue legal claims.
SENSITIVE DATA
The Essl Foundation uses sensitive data, from the opening of registration, and no longer than (2) two months after Conferences. This data is used internally, for organizational purposes, such as making venues accessible.
The Essl Foundation uses the following sensitive data upon registering for a Conference:
– to facilitate you and your needs for at the Conference, the Essl Foundation keeps data that helps the team organize a Conference, according to everyone’s needs. This data includes things, such as: “travelling with an assistant”, “has a guide dog”, “uses a wheelchair”.
HOW WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES
The Essl Foundation operates in Vienna, yet has a global network, and your Personal Data will be transferred to Service Providers located in jurisdictions other than your residence jurisdiction, for the purpose of providing the services you request. We share your Personal Data with our Service Providers so that they can perform services on our behalf in order to deliver our objectives. We require our Service Providers to take appropriate technical and organizational measures to safeguard your Personal Data against loss, theft and unauthorized use, access, or modification.
For users in the EU, we ensure that adequate safeguards are in place when we export your Personal Data out of the EEA, including Model Clauses and Privacy Shield.
Except as provided herein, we will not share or sell any Personal Data that you provide.
We will share your information with law enforcement agencies, public authorities, or other organizations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
• comply with a legal obligation, process or request;
• enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
• detect, prevent or otherwise address security, fraud or technical issues; or
• protect our rights, property or safety, or those of our users, a third party, or the public as required or permitted by law (including exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction).
COOKIES AND OTHER TRACKING TECHNOLOGIES
Tracking technologies, for simplicity referred to here as cookies, are designed to collect and store small pieces of information about your browsing activity and are generally used to enable a range of functionalities including session management, multimedia playback, and performance monitoring. When you visit the Site, cookies are set, by us or Service Providers, on your browser to log information about your preferences and Site viewing patterns. You can find more information about cookies and how to manage them at http://www.allaboutcookies.org/. We use cookies for such purposes as:
• Providing you with relevant content;
• Enabling multimedia playback and social media integration;
• Providing session management and security features;
• Improving Site performance and content relevance
For more information about the types of cookies that we use on the Site and how to control them, please contact privacy@esslfoundation.org.
LINKED SITES
For your convenience, hyperlinks may be posted on the Site that link to other websites (“Linked Sites”). We are not responsible for, and this Privacy Policy does not apply to, the privacy practices of any Linked Sites or of any companies that we do not own or control. Linked Sites may collect information in addition to that which we collect on the Site. We do not endorse any of these Linked Sites, the services or products described or offered on such Linked Sites, or any of the content contained on the Linked Sites. We encourage you to seek out and read the privacy policy of any Linked Site that you visit to understand how the information that is collected about you is used and protected.
CHILDREN
The Service is not intended for use by children under the age of 18, and we do not knowingly collect Personal Data from such children. If we become aware that we have unknowingly collected Personal Data from a child under the age of 18, we will make all reasonable efforts to delete such information from our database. If you become aware that we have unknowingly collected Personal Data from a child under the age of 18, please contact us immediately at.
SECURITY
The security of your Personal Data is important to us. We use appropriate technical and organizational measures to safeguard your Personal Data against loss, theft, and unauthorized use, access or modification. Unfortunately, the transmission of information via the internet or email is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your information transmitted through the Site or over email; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organizational measures to safeguard your Personal Data against loss, theft and unauthorized use, access or modification.
YOUR RIGHTS
You have the right to access the Personal Data that we hold about you. To the extent permitted by applicable law, you also have the right to request the correction or deletion of your Personal Data, to require us to stop processing the Personal Data except for storage purposes in certain circumstances and to obtain a copy of your Personal Data in a commonly used, machine-readable format. You can exercise these rights by contacting us at privacy@esslfoundation.org. We may refuse your request for correction or deletion of your Personal Data where its retention is necessary, for example in the context of a legal dispute or as required by law.
If you are an awarded nominee your practice/policy with be published in the Essl Foundation’s annual printed report, we cannot delete your Personal Data from this report (name and email address).
Where you have provided your consent for us to process your personal data, you can withdraw your consent at any time by contacting us at privacy@esslfoundation.org.
At any time, you have the right to object to our processing of Personal Data about you in order to send you marketing, including where we build profiles for such purposes, and we will stop processing the Personal Data for that purpose.
COMPLAINTS
If you wish to make a complaint about how we process your Personal Data, please contact us in the first instance at privacy@esslfoundation.org and we will endeavor to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.
CHANGES TO THIS ESSL FOUNDATION PRIVACY POLICY
We will revise this Privacy Policy from time to time. If we do so, we will post the new policy on our website and change the effective date, so we encourage you to review it frequently. Your continued use of the Site after changes in this Privacy Policy will mean that you accept such changes except as otherwise required by local law.
CONTACT US
If you have any questions, concerns, or complaints about our use of your Personal Data, or would like to request access to, correction, or deletion of, your Personal Data, please address them to:
Haus der Philanthropie,
Schottenring 16, 3. OG,
1010 Vienna,
Austria.
You may also reach our data privacy team via email at privacy@esslfoundation.org.