LET MY PEOPLE GO™ PRIVACY POLICY
Effective date: 05/25/2018
We value your privacy. We don’t rent or sell your personal information to any person, business or organization, ever. We commit to uphold transparency, accountability and choice regarding the collection of your personal information. We are committed to using the personal information you provide to only support your relationship with LET MY PEOPLE GO™ (LMPG) and the global network of LMPG affiliates (the “LMPG Team”). LMPG has implemented processes to ensure that personally identifiable data is accurate and complete. These processes are in accordance with LMPG’s privacy policy, and serve to support your relationship with the LMPG Team.
This privacy policy describes how the LMPG Team collects and uses the personal information you provide, whether online or offline. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information. References to “GDPR” refer to the General Data Protection Regulation adopted in the EU, which captures our standard for protecting your personal information. Visitors to www.lmpgnetwork.org can browse our website without providing any personal information.
Contact information of the controller: LET MY PEOPLE GO™, as the data controller, is located at Suite 325-202, 601 W 26th Street, New York, NY 10001. If you have questions or complaints regarding our privacy policy or practices, please contact us via email at info@lmpg.org.
Collection and use of Personal Information: LMPG will collect and use your personal information in connection with your donations and any services provided to you by the LMPG Team for the following purposes, based on the following legal principles:
a. Art. 6 (1) a) GDPR (processing is based on your consent). Except as described in item g., below, collection and use of your personal information will take place only if you provide us your consent (which is revocable at any time), we process personal information from you for e.g. marketing purposes or to facilitate your participation in LMPG events or activities in which you voluntarily engage.
b. Art. 6 (1) b) GDPR (processing is necessary for the performance of a contract). In order to communicate with you and for the performance of our contractual obligations to you (for example, to process your donation, issue receipts, and otherwise support your relationship with the LMPG Team), we may collect the following personal information from you:
■ Contact information such as name, e-mail address, mailing address, phone number
■ Billing Information such as credit card number and billing address
■ Unique identifiers such as user name, account number, password
■ Additional information as needed to support your relationship with LMPG, such as minimum age or DOB (to ensure age appropriate content) and tax-payer information (to support tax recovery)
c. Art.6 (1) c) GDPR (complying with a legal obligation). In certain circumstances we may be obliged to process personal data from you due to a legal obligation, such as anti-corruption stipulations or statutory retention periods.
d. Art.6 (1) f) GDPR (legitimate interest in transmitting personal data). We primarily rely on the legitimate interest of the LMPG Team to provide constituents with desired information about LMPG and its work worldwide. Where we process your personal information on the basis of legitimate interests, including sharing of your personal information within the LMPG Team or with third party processors for such purpose, we do so primarily to provide and improve constituent services and provide constituents a service which is suitable to their requirements. We may use your information to improve and customize our constituent services, and as necessary to pursue our legitimate interests of improving our constituent services and experience; understanding how constituents engage with the LMPG Team, communicating with constituents in appropriately customized ways, and exploring ways to better engage current and future constituents in the mission of LMPG. We may also process your information for our legitimate interest in providing age appropriate content for children; supporting tax recovery; and maintaining the safety and security of our constituent services, including enhancing protection against spam, harassment, intellectual property infringement, crime, and security risks of all kind. We may further process personal information of constituents who attend in person events or trips for our legitimate interest in providing for the safety and security of all event attendees. The LMPG Team has further legitimate interests in processing your personal information as follows:
■ We may exchange personal data within the LMPG Team’s network of contacts for the legitimate interests described above, as well as for administrative purposes.
■ we may also process personal data from you in order to defend legal claims.
e. Additionally, we may collect the following personal information from third party sources, including from public sources:
■ Marketing information such as additional forms of contact, indicators or flags used for segmentation purposes.
■ Demographic information, including census data or third party research for segmentation purposes.
f. Surveys or Contests. From time-to-time we may provide you the opportunity to participate in contests or surveys on our website or elsewhere. If you participate, we will request certain personal information from you. Participation in these surveys or contests is completely voluntary and you therefore have a choice whether or not to disclose this information. The requested information typically includes contact information (such as name and shipping address), and demographic information (such as zip code). The legal basis for processing that Personal Data is Art.6 (1)a) GDPR (consent).
g. Collection and use of Personal Information in connection with your use of our website, without your express consent. If you do not register with us or otherwise provide us with personal information, we only process the personal information that your browser transmits to our server. This includes your IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), the access status/HTTP status code, the amount of data transferred in each case, website from which the request comes, browser, operating system and its surface, language and version of the browser software. This processing is technically necessary for us to display our website to you and to ensure the stability and security of the website. The legal basis for such processing is Art.6 (1) f) GDPR.
3. Cookies: A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. We use cookies on this site, for example, to keep track of your preferences and profile information. Cookies are also used to collect general usage and volume statistical information that does not include Personal Data.
We use both session ID cookies and persistent cookies. A session ID cookie is deleted when you close your browser. Although session cookies are established, they are not capturing any behavioral or Personal Data, only information that is helpful to the user experience, such as whether the user's browser has JavaScript capability. A persistent cookie remains on your hard drive for an extended period of time. Persistent cookies are being used to switch one time messages on and off and to record form completion. You can remove persistent cookies by following directions provided in your Internet browser’s “help” file.
If you reject cookies, you may still use our site, but your ability to use some areas of our site, such as contests or surveys, will be limited.
We use cookies for communications purposes and to identify you for subsequent visits if you have an account with us. This way we can improve the use of our website for you. Otherwise, you will have to log-in again for each visit. The legal basis for the use of cookies is Art. 6 (1) f) GDPR. Our legitimate interest results from the storage of cookies for the technically error-free and optimized provision of our services.
Technologies such as: cookies, beacons, tags and scripts are used by LMPG and our partners [e.g. marketing partners], affiliates, or analytics or service providers [e.g. online customer support provider]. These technologies are used in analyzing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
Third parties with whom we partner to provide certain features on our site or to display advertising based upon your Web browsing activity use LSOs such as HTML 5 to collect and store information. Various browsers may offer their own management tools for removing HTML5 LSOs.
4. Links to Other Websites. Our Site includes links to other websites whose privacy practices may differ from those of LMPG. If you submit personal information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.
5. Social Media Widgets. We currently use the following social media plug-ins:
a. Facebook Like Button, Instagram Follow Button, Twitter Follow Button.
b. We use the so-called two-click solution. This means that when you visit our site, no personal information is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in by the marking on the box above its initial letter or the logo. We offer you the possibility to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it, the plug-in provider receives the information that you have accessed the corresponding website of our online offer. In addition, the data specified in section b) “Informational Use” of this privacy policy will be transmitted. In the case of using the “Facebook Like Button,” for example, the IP address is anonymized immediately after collection, according to the respective website provider. By activating the plug-in, personal data is transferred from you to the respective plug-in provider and stored there. Since the plug-in provider collects data mainly via cookies, we recommend that you delete all cookies before clicking on the grayed-out box using your browser's security settings.
c. We have no influence on the data collected and data processing processes, nor are we aware of the full extent of data collection, the purposes of processing, the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.
d. The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation takes place in particular (also for not logged in users) for the representation of demand-fair advertisement and in order to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Through the plug-ins we offer you the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art.6 (1) f) GDPR.
e. The data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected with us will be directly assigned to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.
f. Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers notified below. They will also provide you with further information about your rights in this regard and setting options to protect your privacy.
g. Addresses of the respective plug-in providers and URL with their data protection information:
Facebook: 1 Hacker Way, Menlo Park CA 94025. Facebook Data Policy: https://www.facebook.com/policy.php
Twitter: 1355 Market Street #900, San Francisco CA 94103. Twitter Data Policy: https://twitter.com/en/privacy
Instagram: 1 Hacker Way, Menlo Park CA 94025. Instagram Data Policy: https://help.instagram.com/519522125107875
6. Recipients of your Personal Information. We will share your personal information with third parties only in the ways that are described in this privacy policy. We do not sell your personal information to third parties. In those situations where we use a third party to process your data, we seek assurances that these third parties will provide the equivalent level of protection as provided under the applicable data privacy law and this privacy policy. Third parties may be suppliers that process personal data on our behalf, such as:
a. IT service providers
b. Companies that assist with customer service, shipping, or event registration
c. Companies that provide other services to support our relationship with you
d. Companies that provide demographic and market research assistance
e. In addition, any office within the LMPG Team may share personal information you provide it to contacts within the LMPG Team so that the receiving contacts may engage with users located in their locality and as otherwise necessary to manage the provision of suitable services to constituents as appropriate for their needs.
7. We may also disclose your personal information to third parties who are not included in item 6, above:
a. as required by law such as to comply with a subpoena, or similar legal process;
b. when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request; or
c. with your prior consent to do so.
8. Transfers of personal data to countries outside the EU
a. When we use external service providers based outside the European Economic Area to process your personal information, we will attempt to do so pursuant to the standard contractual clauses for data processors approved by the European Commission to ensure an appropriate level of data protection. These service providers will have been carefully selected by us, commissioned in writing and are bound by our instructions. They will have been regularly checked by us. The service providers will have committed not pass this data on to third parties, but to delete it after fulfilment of the contract and the conclusion of legal storage periods, unless you have consented to further storage.
b. When a member of the LMPG team located within the EU, or otherwise serving as a controller for data subject to GDPR, transfers personal information to an LMPG Team office located outside of the EU, we will rely on the standard contractual clauses for data controllers approved by the European Commission to ensure an appropriate level of data protection.
9. General information and your rights
a. Choice/Opt-Out. Where you have provided your consent, you have the right to withdraw your consent to our processing of your personal information. For example, you may choose to stop receiving all or certain types of communication by following the unsubscribe instructions included in these emails or you can contact us at info@lmpg.org. You can further choose to withdraw your consent to our processing of your personal information related to an online account by closing your account through your account settings and then emailing info@lmpg.org to request that your personal information be deleted, except for information that we are required to retain. This deletion is permanent and your account cannot be reinstated.
b. Correcting, Deleting and Updating Your Personal Data. To review and update or delete your personal information, contact us at info@lmpg.org. We will respond to your request to access within 10 days.
c. Customer Testimonials/Comments/Reviews. We may post customer testimonials/comments/reviews on our website which may contain personal information. We do obtain the customer's consent via email prior to posting the testimonial to post their name along with their testimonial. If you wish to update or delete your testimonial, you can contact us at info@lmpg.org. The legal basis for that processing is Art.6 (1) a) GDPR.
10. Data Retention. We will retain your information for as long as your account is active or as needed to provide you services. If you wish to cancel your account or request that we no longer use your information to provide you services, contact us as described in this policy. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
11. Security
a. Information Security. The security of your personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our website, you can contact us at info@lmpg.org. When you enter sensitive information (such as a credit card number) on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL).
b. Transaction Security. The personal information collected when you make a contribution or purchase items by credit card is kept for the purposes of tracking your order and to provide a receipt of the transaction. This information is stored on an encrypted, secure server managed by a third-party commercial credit card processing institution.
12. Notification of Privacy Policy Changes. We may update this privacy policy to reflect changes to our information practices. If we make any material changes we will notify you by e-mail (sent to the e-mail address specified in your account) or by means of a notice on this site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
13. Your other rights in respect of your Personal Data.
a. You have the right of access (Art.15 GDPR), rectification (Art.16 GDPR), erasure (Art.17 GDPR), restriction of processing (Art.18 GDPR) and the right to data portability (Art.20 GDPR). In addition, you have the right to object to processing that is based on Art.6 (1) f) GDPR. You also have the right to lodge a complaint with the data privacy supervisory authority.
b. If you have given us your consent to process personal data for specific purposes, this consent is the legal basis for processing your personal data. Consent can be revoked at any time without affecting the legality of the processing carried out on the basis of the consent until revocation. The revocation can take place form-free and should be directed if possible to the contact information provided at the beginning of this policy.