Effective Date: July 29th, 2020
For the purpose of the General Data Protection Regulation (the “GDPR”), we are the data controller and our representative in the EU is ASHOKA gemeinnützige GmbH, a private limited company with registered number FN 362512g established in Vienna, Austria, with a registered office at Haus derPhilanthropie, Schottenring 16, 3. OG, 1010, Vienna, Austria. We use your Personal Data only in accordance with the following principles and in compliance with applicable data protection laws, including the GDPR.
If you are an employee of Changemakers or its affiliates, please note that other internal company policies apply to you related to employee use of company computer systems and networks.
Information We Collect
Information about You that You Provide
We and the companies with which we contract to provide services for us (“Service Providers”) may collect information in connection with your use of the Service. For example, wecollect information when you register for or use the Service, subscribe to receive notifications, participate in promotional activities, or communicate through the Service.
Personal Data collected via the Service includes:
- name, address, website address, social media handle, photographs, and contact information
- organization (including the organization’s name, website, phone number, and address), fields of work, languages, and location
- username and password
- the results of any questionnaires that you respond to
- demographic information, such as age, racial or ethnic origin, and religion
- your personal interests
Information Collected Automatically
Ashoka, its Service Providers, and Third-Party Services may automatically collect certain information about you when you access or use the Service (“Usage Information”). Usage Information may include IP address, device identifier, browser type, operating system, information about your use of the Service, and data regarding network connected hardware (for example, computer or mobile device). The methods that may be used on the Service to collect Usage Information include:
- Log Information: Log Information is data about your use of the Service, such as IP address, browser type, Internet service provider, referring/exit pages, operating system, date/time stamps, and related data, and may be stored in log files.
- Information Collected by Cookies and Other Tracking Technologies: Cookies, web beacons (also known as “tracking pixels”), embedded scripts, and other tracking technologies now and hereafter developed (“Tracking Technologies”) may be used to collect information about your interactions with the Service or emails, including information about your browsing behavior and information regarding your interactions with other Service users. The tracking technologies used on the Service include:
- Cookies.A cookie is a small text file that is stored on a user’s device, and may be a session ID cookie or a tracking cookie. Session cookies make it easier for you to navigate the Service and expire when you close your browser. Tracking cookies remain longer and help in understanding how you use the Service and enhance your user experience. Cookies may remain on your hard drive for an extended period of time. If you use your browser’s method of blocking or removing cookies, some but not all types of cookies may be deleted or blocked, and, as a result, some features and functionalities of the Service may not work. A Flash cookie (or locally shared object) is a data file which may be placed on a device via the Adobe Flash plug-in that may be built into or downloaded by you to your device. HTML5 cookies can be programmed through HTML5 local storage. Flash cookies and HTML5 cookies are locally stored on your device other than in the browser, and browser settings will not control them. To identify certain types of locally shared objects on your device and adjust your settings, please visit: macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html.
- Web Beacons (“Tracking Pixels”).Web beacons are small graphic images, also known as “Internet tags” or “clear gifs,” embedded in web pages and e-mail messages. Web beacons may be used to count the number of visitors to the Service, to monitor how users navigate the Service, and to count content views.
- Embedded Scripts.An embedded script is programming code designed to collect information about your interactions with the Service. It is temporarily downloaded onto your computer from Ashoka’s web server, or from a third party with which Ashokaworks, is active only while you are connected to the Service, and deleted or deactivated thereafter.
The Service may associate some or all these types of Tracking Technologies with your devices.
Information You Disclose Publicly or to Others
The Service may permit you to post or submit User Generated Content (“UGC”), including written content, user profiles, audio or visual recordings, computer graphics, photographs, data, or other content, including Personal Data. If you choose to submit UGC to any public area of the Service, your UGC will be considered “public” and will be accessible by anyone. Unless otherwise explicitly agreed by us, Personal Data included in UGC is not subject to Ashoka’s usage or sharing limitations and may be used and shared by Ashoka and third parties to the extent not prohibited by applicable law. Ashoka encourages you to exercise caution when making decisions about what you disclose in the Service’s public areas.
You may also provide to us Personal Data related to other people, for example when you nominate an individual for a competition or community sponsored by Changemakers, use an individual as a reference, or suggest an individual who may be interested in hearing about Changemakers. As part of this process, you will need to provide Personal Data, such as name, contact information, location, organization, fields of work, and other related information, to us about persons other than yourself. You agree to and confirm that you have sought and received consent to share such person’s Personal Data with us prior to submission.
Third-Party Content, Third-Party Services, Social Features, Advertising, and Analytics
The Service may include hyperlinks to or in connection with the Service (for example, through apps and plug-ins) to websites, locations, platforms, applications, or other services operated by third parties (“Third-Party Service(s)”). These Third-Party Services may use their own cookies, web beacons, and other Tracking Technologies to collect information about you and may solicit Personal Data from you.
Certain functionalities on the Service permit interactions that you initiate between the Service and certain Third-Party Services, such as third-party social networks (“Social Features”). Examples of Social Features include enabling you to send content such as contacts and pictures between the Service and a Third-Party Service; “liking” or “sharing” Ashoka’s content; logging in to the Service using your Third-Party Service account (for example, using LinkedIn to sign-in to the Service); and otherwise connecting the Service to a Third-Party Service (for example, to pull or push information to or from the Service). If you use Social Features, and potentially other Third-Party Services, information you post or provide access to may be publicly displayed on our Service or by the Third-Party Service you use. Similarly, if you post information on a Third-Party Service that references our Service (for example, by using a hashtag associated with us in a tweet or status update), your post may be used on or in connection with our Service or otherwise by Ashoka. Also, both Ashoka and the third party may have access to certain information about you and your use of the Service and any Third-Party Service.
Ashoka may engage and work with Service Providers and other third parties to serve advertisements on the Service. Some of these advertisements may be tailored to your interests based on your browsing of the Service and elsewhere on the Internet, which may include the use of location and cross-device data, sometimes referred to as “interest-based advertising” or “online behavioral advertising,” which may include sending you an advertisement on a third-party service after you have left the Service.
How We Use Your Personal Data
With your consent, we will use your Personal Data to send you information that we think will be relevant to you, including newsletters and marketing information. You may revoke this consent at any time by using the “unsubscribe” link provided in such communications or by contacting us at firstname.lastname@example.org.
We will take reasonable steps to ensure that Service Providers keep your Personal Data confidential and only use your Personal Data to the extent necessary to perform their functions and not for any other purpose.
Our processing of your Personal Data is carried out pursuant to the following legal bases:
- The processing is necessary for us to provide you with services or products you request.
- We have a legal obligation to process your Personal Data, such as to comply with applicable tax laws and other government regulations or to comply with a court order or binding law enforcement request.
- To protect yourvital interests or those of others.
- We have a legitimate interest in carrying out the processing activity. For example, we have a legitimate interest in the following cases:
- To analyze and improve the safety and security of the Service. This includes implementing and enhancing security measures and protections and protecting against fraud, spam, and abuse.
- To maintain and improve the Service.
- To operate the Service and provide you with certain tailored information and communications to develop and promote our network and opportunities.
- You have consentedto the use of your Personal Data. When you consent, you can change your mind at any time by contacting us at email@example.com.
How Long Do We Store Your Personal Data?
We will retain your information as follows:
- Technical data (for example, IP address or device information) incidentally collected when you visit the Service will be retained for 60 days.
- If you sign up for communications from us, we will keep your information until you unsubscribe, after which we will retain only that information that will enable us to respect your unsubscribe preference.
- If you register an account with us, we will keep your information to provide you with the services related to having an account.
- If you apply for a challenge with us, we will keep your information for the duration of the challenge and for a period of time after the challenge is completed to design future challenges.
After your account is terminated, we may retain certain information for our internal business purposes, such as analytics. At the end of the retention period, we may store your information in an aggregated and anonymized format to help us understand historical behaviors and to enhance the Service.
Your Personal Data will be retained for longer if required by law or a court order or as needed to defend or pursue legal claims.
How We Share Your Personal Data with Third Parties
We will share Personal Data with our partners, affiliates, consultants, and Service Providers. Our agreements with these entities require that they keep your Personal Data confidential and only use your Personal Data to the extent necessary to perform their functions and not for any other purpose. We also contract with other companies and individuals to perform functions on our behalf.
Our agents, vendors, consultants, and Service Providers may receive, or be given access to, your information, including Personal Data, demographic Information, and Usage Information, in connection with their work on our behalf. However, Ashoka does not authorize its Service Providers to use Service-Collected Personal Data provided by Ashoka to send you direct marketing messages other than those related to Ashoka without your consent.
Ashoka operates globally, and your Personal Data may be transferred to Service Providers located in jurisdictions other than your jurisdiction of residence for the purpose of providing the services you request. We share your Personal Data with our Service Providers so that they can perform services on our behalf. We require our Service Providers to take appropriate technical and organizational measures to safeguard your Personal Data against loss, theft, and unauthorized use, access, or modification. For users in the EU, we ensure that adequate safeguards are in place when we export your Personal Data out of the EEA.
We will share your information with law enforcement agencies, public authorities, or other organizations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
- comply with a legal obligation, process, or request;
- enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
- detect, prevent, or otherwise address security, fraud, or technical issues; or
- protect our rights, property, or safety, or those of our users, a third party, or the public as required or permitted by law, including exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
We will also disclose your information to third parties:
- if we sell or buy any business or assets, in which case we will disclose your data to the prospective seller or buyer of such business or assets; or
- if we or substantially all our assets are acquired by a third party, in which case transferred assets will include information held by us about you.
Ashoka will comply with applicable local laws related to your Personal Data and otherwise use reasonable efforts to keep your Personal Data subject to the same protection as it was afforded prior to the transfer.
Residents of California are entitled by law to request an Information Sharing Disclosure. Ashoka will provide you with a notice of your right to prevent sharing of your Personal Data as well as a cost-free means of doing so. To receive such a notice, submit a written request to the address below, specifying that you are requesting your “California Customer Choice Notice.”
Ashoka does not “sell” “covered information” of Nevada “consumers” as those terms are defined by Chapter 603A of the Nevada Revised Statutes.
The security of your Personal Data is important to us. We use appropriate technical and organizational measures to safeguard your Personal Data against loss, theft, and unauthorized use, access, or modification. We encrypt information submitted to and presented by the Service using Transport Layer Security (TLS) technology. By encrypting this data, TLS attempts to prevent anyone from reading it as it travels across the Internet. Unfortunately, the transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your information transmitted through the Service or over email; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organizational measures to safeguard your Personal Data against loss, theft, and unauthorized use, access, or modification.
Usernames and Passwords
It is your responsibility to safeguard any username or password that you have received in connection with the Service and to notify us if you ever suspect that the security and confidentiality of such username or password has been compromised in any way. You are solely responsible for any use of the Service via your username and password.
The Service is not intended for use by children under the age of 13, and we do not knowingly collect Personal Data from such children. If we become aware that we have unknowingly collected Personal Data from a child under the age of 13, we will make all reasonable efforts to delete such information from our Service, records, and database. If you become aware that we have unknowingly collected Personal Data from a child under the age of 13, please contact us immediately at firstname.lastname@example.org.
Any California residents under the age of 18 who have registered to use the Service, and who posted content or information on the Service, can request removal by contacting Ashoka at email@example.com, detailing where the content or information is posted and attesting that you posted it. Ashoka will then make reasonable, good-faith efforts to remove the content or information from prospective public view or anonymize it so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, third parties (such as search engines and others that Ashoka does not control) may have republished or archived such content.
If you are a registered user of the Service, you can access and correct certain Personal Data that we collect online and maintain by clicking on “sign in” and entering your username and password. If any errors in your Personal Data cannot be corrected by accessing your account or if you have other questions related to updating or changing your account information, please contact us at firstname.lastname@example.org.
You have the right to access the Personal Data that we hold about you. To the extent permitted by applicable law, you also have the right to request the correction or deletion of your Personal Data, to require us to stop processing your Personal Data except for limited purposes as permitted by applicable law, and to obtain a copy of your Personal Data in a commonly used, machine-readable format. You can exercise these rights by contacting us at email@example.com. We may refuse your request for correction or deletion of your Personal Data where its retention is necessary, for example in the context of a legal dispute or as required by law.
Where you have provided your consent for us to process your Personal Data, you can withdraw your consent at any time by contacting us at firstname.lastname@example.org.
At any time, you have the right to object to our processing of Personal Data about you in order to send you marketing, including where we build profiles for such purposes, and we will stop processing the Personal Data for that purpose.
In the event that you wish to make a complaint about how we process your Personal Data, please contact us in the first instance at email@example.com, and we will endeavor to respond to your request as soon as possible. This is without prejudice to your right to lodge a complaint with the data protection supervisory authority in the EU country in which you live or work if you think we have infringed data protection laws.
How to Contact Us
Ashoka: Innovators for the Public
c/o Changemakers Personal Data Privacy Team
1700 North Moore Street
Arlington, VA 22209
For users in the EU, you can also contact our EU representative at: Haus derPhilanthropie, Schottenring 16, 3. OG, 1010 Vienna, Austria.