THE PURPOSE OF THIS PRIVACY NOTICE
This Privacy Notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be used by us when you use our Website and our software and services (the “Services”). Please read this Privacy Notice carefully to understand our views and practices regarding the personal data we collect and how we will treat it.
This privacy notice is a statement of our commitment to protect the rights and privacy of individuals in accordance with data protection legislation including where applicable the General Data Protection Regulation in Europe (“GDPR”).
OUR ROLE AS DATA PROCESSOR
When we provide the Services we process personal data on behalf of other organisations who subscribe for the Services (referred to here as the “Customer”). References to Customer shall include, where relevant, those end users (e.g. canvassers) accessing the Services under the Customer’s name. The Customer controls the purpose and the means of any use made by us of the personal data provided to us.
OUR ROLE AS DATA CONTROLLER
We also act as a data controller for the purposes of the GDPR in relation to certain activities undertaken by us as part of the Services. We have set out below the relevant Services (the “Relevant Services”) where we act as data controllers and our legal basis for processing that information in accordance with the GDPR:
Customer account management contact details
Contract – Subscription Agreement
Consent of the data subject
WHO DOES THIS PRIVACY NOTICE APPLY TO?
This Privacy Notice applies to any person whose personal data we process as part of the Relevant Services where we act in the role of a data controller under the GDPR.
WHAT GENERAL DATA DO WE COLLECT?
We may collect general personal information as part of the Relevant Services (the “General Data”) including:
WHAT TECHNICAL DATA DO WE COLLECT?
We may collect the following technical data about users of the Relevant Services (the “Technical Data”) including:
- technical information, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
- information about visits to the Website or use of the Services, including the full Uniform Resource Locators (URL) clickstream to, through and from the Website and the Services (including date and time log); page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
WHEN DO WE COLLECT IT?
- when you register to use the Services
- when you correspond with us by phone, in writing or otherwise
- when you report a problem or receive support in connection with the Services
- when you use the Services
- when you provide this information to us
WHAT DO WE DO WITH IT?
We will only use it to provide the Relevant Services and to provide you with information about the Relevant Services.
WE USE GENERAL DATA TO:
- carry out our obligations arising from any contracts entered into between us and the Customer, including the Subscription Agreement, and to provide the products and services requested from us;
- send communications to you about the Website and/or the Services. You can unsubscribe from receiving such communications by contacting us at firstname.lastname@example.org or following the unsubscribe process;
- send notifications about changes to the Services; and
- ensure that content from the Website is presented in the most effective manner.
WE USE TECHNICAL DATA TO:
- administer the Relevant Services and for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes;
- provide information to users and Customers;
- to improve the Website and the Relevant Services and to ensure that content is presented in the most effective manner for you and for your device;
- to allow you to participate in the interactive features of our Service, when you choose to do so; and
- as part of our efforts to keep the Relevant Services and the Website safe and secure.
We do not provide your information to third parties for marketing purposes unless you have provided consent. In certain circumstances, we may disclose it to certain third parties as follows:
- business partners and subcontractors for the performance of any contract relating to the Website and the Relevant Services including; payment processors, data aggregators and hosting service providers;
- we may disclose the information relevant to any backup or hosting services;
- analytics and search engine providers that assist us in the improvement and optimisation of the Website. This consists of aggregated anonymous information only and relates to the web pages visited on the Website and not the information included on those web pages;
- if we or substantially all of our assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any contract; and/or
- to protect our rights, property, or safety, or that of the Customer, you or others.
We will take all steps reasonably necessary to ensure that the information is treated securely in accordance with this Privacy Notice and the relevant law.
In particular, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we manage on behalf of Customers and the information we collect and manage on their behalf.
To protect the privacy and security of the Services, we will also take reasonable steps to verify your identity before granting access to information.
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
European Registration Data processed by us, may be transferred to our Amazon Web Service hosting centres in the United States. This relates to registration data only. Amazon participates in the EU-US and Swiss-US Privacy Shield Framework regarding the collection, use, and retention of personal information from European Union member countries and Switzerland, respectively and this forms part of our data processing agreement with Amazon.
Cookies enable us to store information about your preferences and therefore customise the Website according to your individual interests. They are also used to monitor which parts of the Website are the most popular to its visitors. You are not obliged to accept cookies and you can amend your browser’s settings to prevent cookies being accepted by it. Please be aware that if you do disable cookies however, certain services on the Website will not be available to you and your use and enjoyment of them will be impaired. We use the following cookies:
_ga, _gid, _gat
Google Analytics is a web analytics service provided by Google, Inc. (“Google”), to help us to see how our Website is used. In doing so information about your use of our Website, including your IP address, may be transmitted to Google We use Google Analytics to determine the pages of the Website that are most frequently viewed
This cookie generates a unique ID for every visitor and is used for the report segmentation feature in VWO. It also allows you to view data in a more refined manner. If you have a test running on multiple domains, you will notice test-specific UUID values.
THIRD PARTY WEBSITES
The Website and the Relevant Services may contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own Privacy Notices. We do not accept any responsibility or liability for these third party websites nor do we provide support for their services. Please undertake the appropriate due diligence before submitting any personal data to these websites.
Transfer of data outside of the EEA
NationBuilder may transfer some or all of your personal information outside of the EEA. The privacy laws of the receiving country may be different from those in the EEA and may not have adequate data protection standards. NationBuilder will always have appropriate safeguards in place when transferring your personal information outside of the EEA, and you may ask them for a copy of these safeguards. In addition, NationBuilder will offer EU and Swiss individuals whose personal information has been transferred to us the opportunity to choose whether the personal information they have received is to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual may opt-out of such uses of their personal information by emailing us at email@example.com.
You have the following rights regarding your information:
- The right to rectification: You’re entitled to have your information corrected if it’s inaccurate or incomplete.
- The right to erasure: This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
- The right to restrict processing: You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
- The right to data portability: You have rights to obtain and reuse your personal data for your own purposes across different services. Eg, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
- The right to object: You have the right to object to certain types of processing, including processing for direct marketing (which we do only with your consent). For more information or to object, see Objecting to processing.
ACCESS TO INFORMATION
You have the right to access information held about you. You have a right to have your information rectified or erased free of charge if it is inaccurate or no longer required for the purpose for which it was collected. Please contact us at firstname.lastname@example.org in relation to any such access requests and let us know what you would like us to do.
RETENTION OF INFORMATION
Our retention policy for personal data processed in relation to the Relevant Services is as follows:
Customer account management contact details
For the duration of the contract and for a period of thirty (30) days post-termination
In certain cases, we may retain information for longer than specified here if required under relevant laws. If you would like your information to be deleted, please contact email@example.com
HOW TO CONTACT US
We have appointed a Data Protection Officer. If you would like to contact our Data Protection Officer or find out about the information that we hold about you please contact us:
- by email at: firstname.lastname@example.org; or
- write to the attention of the DPO at: 77 Victoria Street, Office 120, London, SW1H 0HW
DATA PROTECTION COMMISSIONER
The Data Protection Commissioner may be contacted at email@example.com