This policy and any documents we mention in this policy are meant to inform you on which personal data about you we collect, use, disclose, share, or otherwise process when you are engaging with CIPE through our websites. Please read this policy carefully to understand our views and practices on how we protect your personal data.
1. ABOUT US
CIPE is the controller with respect to your data. This means that we determine the purpose and manner in which your personal data is processed, as specified in this policy.
If you want more information regarding CIPE entities and locations, please visit https://www.cipe.org/who-we-are/contact-us/.
CIPE cares about protecting your right to privacy in all the regions where we operate and while complying with local laws, we are committed to protecting the personal data of our users.
2. HOW DO WE DEFINE PERSONAL DATA?
Personal data is the information related to a person and which can be used to identify that person such as name, email address, telephone number, address, bank account information, and location data.
Personal data is data about you which you provide to us when interacting with CIPE through our websites and by using our services and which helps us know who you are. It also includes data collected when you visit our websites such as IP address and other online identifiers.
3. WHAT PERSONAL DATA IS PROCESSED AND WHY?
The personal data we process, as well as the purposes and legal basis for such processing, will differ depending on your relationship with CIPE.
When website users request or attempt to download resources, we may ask for an email address and, optionally, name, title, and organization or affiliation. This helps ensure the resources can be shared properly. We also use the information to provide metrics to our grantors, donors, and stakeholders. These metrics are anonymized and not considered personal data.
When accessing CIPE training or awareness materials, we may collect an individual’s username, email address, location, usage statistics, completion or test results, and, optionally, organization or other data. We use this information to grant and manage your access to the training and to report metrics on training usage.
When signing up for CIPE mailing lists, we collect an individual’s email address and, optionally, name, title, and affiliation. We use this information to send emails and updates.
When registering for CIPE events, we collect certain information such as email, name, organization, and phone number. We use this information to invite individuals to events or to participate in programs, to ensure safety of our events and grant access to event locations, and to provide information related to upcoming events and programs. In the case of event access, your data may be shared with the event facility.
When attending CIPE events, we may collect photo and video (images and footage) which may contain personal information including name and affiliation. We use these to showcase CIPE’s work on our websites and to donors, grantors, and stakeholders.
When applying to a position at CIPE, we collect your email address and information you provide us in the content of your email, cover letter, resume or CV, and other material as applicable.
When donating to CIPE or paying CIPE (such as when providing award funds or purchasing services), we collect data associated with the payment method used. We use this data to process payments and deliver goods purchased.
When receiving funds from CIPE (e.g. sub-recipients, grantees, contractors), we collect names, addresses, bank account information, and in some cases social security numbers (SSNs) for tax reporting.
5. WHAT ANALYTICS TOOLS DO WE USE?
In order to understand the navigational trends on our websites we use third-party analytics tools which collect information which your browser sends when you visit our web page. Here are examples of tools which we use and information about their privacy policies.
- Google Analytics
When you visit our websites, we utilize Google Analytics to collect information about your device, how you utilize our site, frequency of visits, what parts of the site you interact with, and your location. None of this information is shared with third-parties and is used to enhance our site and provide a better user experience to you.
6. TO WHOM WE DISCLOSE YOUR PERSONAL DATA?
CIPE considers all personal data confidential and only shares it within the Center, with partners as necessary for the delivery of services or activities, or with the person who provided the information.
CIPE may share anonymized, aggregated data with our donors and partners to fulfill the requirements of our awards.
CIPE does not use, share, or sell any personal data for commercial purposes.
We may provide personal data to third-parties in the following situations.
- To public authorities, auditors, or institutions competent to exercise inspections on CIPE, which may ask us to provide information, based on their legal obligations. Such public authorities or institutions may be relevant data protection authorities or authorities for consumer protection.
- For compliance with legal requirements or for protection of the rights and assets of CIPE or other entities or people, such as courts of law.
- To third-parties performing services on our behalf, such as a transcribing service or training provider. CIPE remains responsible for your data and has contractual terms and procedures to ensure confidentiality is respected.
7. DO WE TRANSFER YOUR PERSONAL DATA ABROAD?
As of the date of this policy, CIPE data from the following sites is stored within the European Union (EU).
All other CIPE data collected through our websites is stored within the continental United States.
Data collected through third-party websites may be stored at the third-party’s location.
This is subject to change as CIPE data collection needs, websites, and other services change.
8. PROTECTION OF PERSONAL DATA:
CIPE uses mechanisms to ensure the adequate protection of personal data. Including but not limited to the following.
- Employing the principle of least privilege
- Auditing access rights on a regular basis
- Performing security testing of our platforms
- Utilizing stringent change control processes
- Preparing for incident response and disaster recovery situations
9. HOW LONG DO WE STORE YOUR PERSONAL DATA?
CIPE will store your data only for the period of time necessary or required by law. If you have entered into a contract with CIPE we will store your data for up to seven (7) years or as required by law.
10. DO WE PROCESS PERSONAL DATA FROM CHILDREN?
We provide limited services to children, the services rendered are provided with the consent of parents and parents will be asked to consent for any data collected for children under the age of 16.
11. HOW DO WE KEEP YOUR DATA SECURE?
CIPE constantly evaluates and upgrades the security measures implemented to ensure a secure and safe personal data processing environment. CIPE has implemented the following controls to protect your personal data: physical security measures, access control, organizational security measures, and incident management procedures.
12. WHAT HAPPENS IF YOU DO NOT AGREE TO YOUR PERSONAL DATA BEING PROCESSED?
If you refuse to have your personal data processed, depending on your relationship with us, we might not be able to provide you with our products or services, we will not be able to enter into a contract with you, or otherwise interact with you as described in this policy.
13. WHAT ARE YOUR RIGHTS?
When we process your personal data, it is very important to know that you have the following rights:
- The right of access: you have the right to obtain a confirmation whether or not we process your personal data, how we process it, and what kinds of data we process about you.
- The right to request the rectification or erasure of personal data: you have the right to request, the rectification of inaccurate or incomplete personal data which we have about you, or the erasure of your personal data.
- The right to request the restriction of processing: you have the right to ask for the restriction of processing in cases where:
- you believe that your data is inaccurate and wish for us to verify said data;
- the processing is unlawful, however you do not want us to erase your personal data, but to restrict the use of data; and
- the data is no longer needed as described in the policy above, however, it is required for legal purposes.
- The right to withdraw your consent for processing: when the processing is based on your consent unless governed by litigation.
- The right to data portability: you have the right to receive a copy of your personal data which was provided to us within the confines of the contract or agreement.
You may exercise your rights at any time.
For any questions regarding your rights please write to us at firstname.lastname@example.org.
We will post the updates here so we encourage you to check this page.
If you do not agree with the changes, you may exercise your rights as described in section 12.
15. HOW CAN YOU CONTACT US FOR PRIVACY PURPOSES?
You may address any question regarding this document to email@example.com.