Effective date: 05/25/2018
- Collection and use of Personal Information: LMPG will collect and use your personal information in connection with your donations and any services provided to you by the LMPG Team for the following purposes, based on the following legal principles:
a. Art. 6 (1) a) GDPR (processing is based on your consent). Except as described in item g., below, collection and use of your personal information will take place only if you provide us your consent (which is revocable at any time), we process personal information from you for e.g. marketing purposes or to facilitate your participation in LMPG events or activities in which you voluntarily engage.
b. Art. 6 (1) b) GDPR (processing is necessary for the performance of a contract). In order to communicate with you and for the performance of our contractual obligations to you (for example, to process your donation, issue receipts, and otherwise support your relationship with the LMPG Team), we may collect the following personal information from you:
■ Contact information such as name, e-mail address, mailing address, phone number
■ Billing Information such as credit card number and billing address
■ Unique identifiers such as user name, account number, password
■ Additional information as needed to support your relationship with LMPG, such as minimum age or DOB (to ensure age appropriate content) and tax-payer information (to support tax recovery)
c. Art.6 (1) c) GDPR (complying with a legal obligation). In certain circumstances we may be obliged to process personal data from you due to a legal obligation, such as anti-corruption stipulations or statutory retention periods.
d. Art.6 (1) f) GDPR (legitimate interest in transmitting personal data). We primarily rely on the legitimate interest of the LMPG Team to provide constituents with desired information about LMPG and its work worldwide. Where we process your personal information on the basis of legitimate interests, including sharing of your personal information within the LMPG Team or with third party processors for such purpose, we do so primarily to provide and improve constituent services and provide constituents a service which is suitable to their requirements. We may use your information to improve and customize our constituent services, and as necessary to pursue our legitimate interests of improving our constituent services and experience; understanding how constituents engage with the LMPG Team, communicating with constituents in appropriately customized ways, and exploring ways to better engage current and future constituents in the mission of LMPG. We may also process your information for our legitimate interest in providing age appropriate content for children; supporting tax recovery; and maintaining the safety and security of our constituent services, including enhancing protection against spam, harassment, intellectual property infringement, crime, and security risks of all kind. We may further process personal information of constituents who attend in person events or trips for our legitimate interest in providing for the safety and security of all event attendees. The LMPG Team has further legitimate interests in processing your personal information as follows:
■ We may exchange personal data within the LMPG Team’s network of contacts for the legitimate interests described above, as well as for administrative purposes.
■ we may also process personal data from you in order to defend legal claims.
e. Additionally, we may collect the following personal information from third party sources, including from public sources:
■ Marketing information such as additional forms of contact, indicators or flags used for segmentation purposes.
■ Demographic information, including census data or third party research for segmentation purposes.
f. Surveys or Contests. From time-to-time we may provide you the opportunity to participate in contests or surveys on our website or elsewhere. If you participate, we will request certain personal information from you. Participation in these surveys or contests is completely voluntary and you therefore have a choice whether or not to disclose this information. The requested information typically includes contact information (such as name and shipping address), and demographic information (such as zip code). The legal basis for processing that Personal Data is Art.6 (1)a) GDPR (consent).
g. Collection and use of Personal Information in connection with your use of our website, without your express consent. If you do not register with us or otherwise provide us with personal information, we only process the personal information that your browser transmits to our server. This includes your IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), the access status/HTTP status code, the amount of data transferred in each case, website from which the request comes, browser, operating system and its surface, language and version of the browser software. This processing is technically necessary for us to display our website to you and to ensure the stability and security of the website. The legal basis for such processing is Art.6 (1) f) GDPR.
If you reject cookies, you may still use our site, but your ability to use some areas of our site, such as contests or surveys, will be limited.
Technologies such as: cookies, beacons, tags and scripts are used by LMPG and our partners [e.g. marketing partners], affiliates, or analytics or service providers [e.g. online customer support provider]. These technologies are used in analyzing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
Third parties with whom we partner to provide certain features on our site or to display advertising based upon your Web browsing activity use LSOs such as HTML 5 to collect and store information. Various browsers may offer their own management tools for removing HTML5 LSOs.
5. Social Media Widgets. We currently use the following social media plug-ins:
a. Facebook Like Button, Instagram Follow Button, Twitter Follow Button.
c. We have no influence on the data collected and data processing processes, nor are we aware of the full extent of data collection, the purposes of processing, the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.
d. The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation takes place in particular (also for not logged in users) for the representation of demand-fair advertisement and in order to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Through the plug-ins we offer you the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art.6 (1) f) GDPR.
e. The data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected with us will be directly assigned to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.
f. Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers notified below. They will also provide you with further information about your rights in this regard and setting options to protect your privacy.
g. Addresses of the respective plug-in providers and URL with their data protection information:
Facebook: 1 Hacker Way, Menlo Park CA 94025. Facebook Data Policy: https://www.facebook.com/policy.php
Twitter: 1355 Market Street #900, San Francisco CA 94103. Twitter Data Policy: https://twitter.com/en/privacy
Instagram: 1 Hacker Way, Menlo Park CA 94025. Instagram Data Policy: https://help.instagram.com/519522125107875
a. IT service providers
b. Companies that assist with customer service, shipping, or event registration
c. Companies that provide other services to support our relationship with you
d. Companies that provide demographic and market research assistance
e. In addition, any office within the LMPG Team may share personal information you provide it to contacts within the LMPG Team so that the receiving contacts may engage with users located in their locality and as otherwise necessary to manage the provision of suitable services to constituents as appropriate for their needs.
7. We may also disclose your personal information to third parties who are not included in item 6, above:
a. as required by law such as to comply with a subpoena, or similar legal process;
b. when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request; or
c. with your prior consent to do so.
8. Transfers of personal data to countries outside the EU
a. When we use external service providers based outside the European Economic Area to process your personal information, we will attempt to do so pursuant to the standard contractual clauses for data processors approved by the European Commission to ensure an appropriate level of data protection. These service providers will have been carefully selected by us, commissioned in writing and are bound by our instructions. They will have been regularly checked by us. The service providers will have committed not pass this data on to third parties, but to delete it after fulfilment of the contract and the conclusion of legal storage periods, unless you have consented to further storage.
b. When a member of the LMPG team located within the EU, or otherwise serving as a controller for data subject to GDPR, transfers personal information to an LMPG Team office located outside of the EU, we will rely on the standard contractual clauses for data controllers approved by the European Commission to ensure an appropriate level of data protection.
9. General information and your rights
a. Choice/Opt-Out. Where you have provided your consent, you have the right to withdraw your consent to our processing of your personal information. For example, you may choose to stop receiving all or certain types of communication by following the unsubscribe instructions included in these emails or you can contact us at firstname.lastname@example.org. You can further choose to withdraw your consent to our processing of your personal information related to an online account by closing your account through your account settings and then emailing email@example.com to request that your personal information be deleted, except for information that we are required to retain. This deletion is permanent and your account cannot be reinstated.
b. Correcting, Deleting and Updating Your Personal Data. To review and update or delete your personal information, contact us at firstname.lastname@example.org. We will respond to your request to access within 10 days.
c. Customer Testimonials/Comments/Reviews. We may post customer testimonials/comments/reviews on our website which may contain personal information. We do obtain the customer's consent via email prior to posting the testimonial to post their name along with their testimonial. If you wish to update or delete your testimonial, you can contact us at email@example.com. The legal basis for that processing is Art.6 (1) a) GDPR.
10. Data Retention. We will retain your information for as long as your account is active or as needed to provide you services. If you wish to cancel your account or request that we no longer use your information to provide you services, contact us as described in this policy. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
a. Information Security. The security of your personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our website, you can contact us at firstname.lastname@example.org. When you enter sensitive information (such as a credit card number) on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL).
b. Transaction Security. The personal information collected when you make a contribution or purchase items by credit card is kept for the purposes of tracking your order and to provide a receipt of the transaction. This information is stored on an encrypted, secure server managed by a third-party commercial credit card processing institution.
13. Your other rights in respect of your Personal Data.
a. You have the right of access (Art.15 GDPR), rectification (Art.16 GDPR), erasure (Art.17 GDPR), restriction of processing (Art.18 GDPR) and the right to data portability (Art.20 GDPR). In addition, you have the right to object to processing that is based on Art.6 (1) f) GDPR. You also have the right to lodge a complaint with the data privacy supervisory authority.
b. If you have given us your consent to process personal data for specific purposes, this consent is the legal basis for processing your personal data. Consent can be revoked at any time without affecting the legality of the processing carried out on the basis of the consent until revocation. The revocation can take place form-free and should be directed if possible to the contact information provided at the beginning of this policy.