Privacy Notice for EU Data Subjects
Last Revised: October 22, 2018
The Foundation for a Smoke-Free World (the “Foundation”, “we”, “us”, “our”) is committed to fulfilling our responsibilities under the European Union’s General Data Protection Regulation (“GDPR”) in relation to the collection, retention, use, and other processing of personal data that is obtained when EU data subjects visit and interact with our website (the “Site”). This Privacy Notice sets forth how we process EU personal data in our role as a data controller (i.e., when we are responsible for determining the purpose and means of the processing).
Personal Data We Collect
The Foundation may collect and process the following information about you:
- Contact Data. You may provide us with your contact details, such as name, email address, country, or other similar information, which we may use to respond to your inquiries, to send you informational emails and updates, or for administrative purposes
- Log Data. As with most websites and technology services delivered over the Internet, our servers automatically collect information when you access or use our Site and record that data in log files. This log data may include your Internet Protocol (IP) address, the address of the web page visited before using the Site, browser type and settings, the date and time the Site was used, information about browser configuration and plugins, language preferences, and cookie data.
- Device Information. We may obtain information about devices that access the Site, including the type of device, its operating system, device settings, unique device identifiers, and crash data.
- Online Portal. If you register for an account on our online portal or submit a proposal through our online portal, we or our vendor may collect your name, email address, or other similar information.
- Other Information You Provide. This includes emails and other communications that you send us or otherwise contribute, such as support inquiries or when you comment publicly on the Site. Please be aware that information you post on public parts of our Site may be visible to anyone.
How and Why We Use Your Personal Data
We may use the personal data we obtain to:
- Respond to emails, inquiries, comments, questions, or other requests for support
- Process your proposals and Expressions of Interest
- Manage your access to the online portal
- Send you informational notices about news and events
- Ensure the security and integrity of our Site
- Monitor and analyze trends, usage, and activities of visitors and users on the Site
- Facilitate, manage, personalize, and improve your online experience
- Comply with applicable laws, regulations, or legal processes as well as our policies
- Protect our and others’ interests, rights, and property
- Contact you regarding your use of the Site or, in some cases, changes to our policies
We process your personal data pursuant to the following legal bases:
- The processing is necessary for us to provide you with the services you request, or to respond to your inquiries.
- We have a legal obligation to process your personal data, such as to comply with applicable tax and other government regulations or to comply with a court order or binding law enforcement request.
- To protect your vital interests, or those of others.
- We have a legitimate interest in using your personal data. In particular, we have a legitimate interest in the following cases:
- To analyze and improve the safety and security of our Site. This includes implementing and enhancing security measures and protections and protecting against fraud, spam, and abuse.
- To maintain and improve the Site.
- To operate the Site and provide you with certain tailored communications to develop and promote our business.
- If you have consented to the use of your personal data. When we use your consent as the legal basis for the processing, you can change your mind at any time.
Note that our Site is dynamic. We may introduce new features, which may involve new or different personal data processing activities. If we intend to process your personal data for a purpose not described above, we will notify you and request your consent to the change as appropriate. We will also modify this Privacy Notice.
How We May Share Your Personal Data
We may share your personal data:
- With our affiliates or business partners when it is reasonably necessary or desirable, such as to help provide services to you or analyze and improve the Site.
- With our service providers that perform services on our behalf. For example, we may use third parties to help us send email communications or to assist with data storage.
- During negotiations of any proposed or actual transaction, such as a partnership or joint venture, or any other type of legal event.
How We Protect Your Personal Data
We maintain appropriate technical and organizational safeguards designed to help protect personal data from unauthorized disclosure or access and accidental or unlawful destruction, loss, or alteration. Although we use reasonable efforts to safeguard personal data, we cannot guarantee the security of your information obtained through the Site.
How Long We Retain Your Personal Data
We will store your personal data for no longer than is necessary for the performance of our obligations or to achieve the purposes for which the information was collected, or as may be permitted under applicable law. To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which we process the data and whether we can achieve those purposes through other means; and the applicable legal requirements. Unless otherwise required by applicable law, at the end of the retention period we will remove personal data from our systems and records.
How We Transfer Your Personal Data
If we transfer your personal data out of the European Economic Area (“EEA”) to countries not deemed by the European Commission to provide an adequate level of personal data protection, the transfer will be based on one of the following safeguards recognized by the European Commission as providing adequate protection for personal data, where required by EU data protection legislation:
- Model Contracts approved by the European Commission, which impose data protection obligations on the parties to the transfer.
- The EU-U.S. Privacy Shield Framework (for transfers to third parties in the United States that have self-certified to the Framework).
Please contact us if you want further information on the specific mechanism we have used to transfer your personal data.
Your Rights and Choices
The GDPR provides EU data subjects with certain rights regarding their personal data. Subject to certain conditions, you may ask us to take the following actions in relation to your personal data that we hold:
- Provide you with information about our processing of your personal data and give you access to your personal data.
- Update or correct inaccuracies in your personal data.
- Delete your personal data.
- Restrict the processing of your personal data.
- Object to our processing of your personal data for direct marketing purposes.
- Object to reliance on our legitimate interests as the basis for processing of your personal data.
- Transfer a machine-readable copy of your personal data to you or a third party of your choice.
You can submit these requests by email to firstname.lastname@example.org or our postal address provided below. We may request specific information from you to help us confirm your identity prior to processing your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal data or our response to your requests regarding your personal data, you may contact us at email@example.com or lodge a complaint with a supervisory authority.
Changes to this Privacy Notice
We may update this Privacy Notice to reflect changes to our information practices. Any changes will be effective immediately upon posting of the revised Privacy Notice. We encourage you to periodically review this page for the latest information on our privacy practices.
We can be contacted via email sent to firstname.lastname@example.org or at the following address:
Foundation for a Smoke-Free World
ATTN: DATA PROTECTION INQUIRY
575 5th Avenue
14th Floor New York, NY 10017
United States of America