Fix The Status Quo OÜ., a limited liability company registered in Harju maakond, Tallinn, Kristiine linnaosa, A. H. Tammsaare tee 47, 11316, Tallin, Estonia, under the registration number 14614272 (“Fix The Status Quo”, “us”, “we” or “our”), is committed to protecting the privacy of visitors to our site, as well as our members and volunteers. At all times we aim to respect any personal data you share with us, or that we receive from other organisations, and keep it safe.
Please read this Policy carefully to understand how we use your personal data. We may update this Policy from time to time without notice to you, so please check it regularly.
- 1. Collection of Personal Data
- 2. How do we process sensitive personal information?
- 3. How and why will we use your personal data?
- 4. Who has access to your personal data?
- 5. How we protect your personal data?
- 6. Retention Policy
- 7. Your rights
- 8. Cookies
- 9. Use of our Website and services by minors
- 11. Contacting Us
- Third Party Service Providers
1. Collection of Personal Data
There are two general categories of information we collect on our website or at our events. The provision of your personal data to us is voluntary. However, without providing us with your personal data, you will be unable to (as appropriate) sign a campaign, start a campaign, make a donation, create an account on our website or mobile platform, open and/or maintain a case file, apply for employment with us or apply to volunteer with us.
You may give us your personal data a) directly – in order to start a campaign, sign a campaign, when you create an account on our website or mobile app, when you apply for employment with us, when you apply to volunteer with us, when you contact us by phone, email or post, and/or when you donate money to us.
or indirectly – when your information may be shared with us by others, independent event organisers, other fundraising entities, sponsors and supporters of our organisation and services.
Examples of personal data we collect include:
(i) details of why you have decided to contact us/start/support a campaign;
(ii) bank details or debit/credit card expiry date and partial number; or
(iii) details of campaigns you have supported, details of topics/areas of interest to you, responses to surveys you have completed,
(iv) information about your computer and about your visits to and use of this website including your geographical location (if you decide to disclose it us), browser type, referral source, length of visit and number of page views;
(v) any other information shared with us.
When we collect information from you, we provide you this Privacy for information purposes.
2. How do we process sensitive personal information?
Applicable law recognises certain categories of personal information as sensitive and therefore requiring more protection, including health information, ethnicity and political opinions. In limited cases, we may collect sensitive personal data about you. We would only collect sensitive personal data if there is a clear reason for doing so; and will only do so with your explicit consent.
Personal information you have disclosed to us containing such sensitive information will be held in encrypted files and will not be collected or processed by us for any purpose.
3. How and why will we use your personal data?
We use, store, and process personal data about you to:
(i) perform our services,
(ii) provide and improve the website and comply with our legal obligations.
(iii) handle the administration of your employment and/or volunteering application;
(iv) send you information about our work, campaigns, organisations and any other information, products or services that we provide (this will not be done without your consent);
(v) enable you to communicate with other users;
(vi) collect payments from you and send statements and/or receipts to you;
(vii) improve your browsing experience by personalising your interaction with our website.
4. Who has access to your personal data?
Your information is only accessible by appropriately trained staff and our sub-processors. The full list of sub-processors may be found below.
We will never sell your information to a third party for their own use. We may use agencies and/or suppliers to process data on our behalf such as email service providers. We may also merge or partner with like-minded organisations and in so doing transfer and/or acquire personal data.
5. How we protect your personal data?
We endeavour to ensure that there are appropriate and proportionate technical and organisational measures to prevent the loss, destruction, misuse, alteration, unauthorised disclosure or of access to your personal information.
Please note that some countries outside of the EEA have a lower standard of protection for personal data, including lower security requirements and fewer rights for individuals. We may transfer and/or store personal data collected from you to and/or at a destination outside the European Economic Area (“EEA”). Such personal data may be processed by agencies and/or suppliers operating outside the EEA. If we transfer and/or store your personal data outside the EEA we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your personal data, such as using Model Clauses or other adequate privacy protections under Article 45 of the GDPR.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee its security. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us by emailing email@example.com.
For transparency, we have included a list of these third-party providers below as well as reference [___]. We are, however, ultimately not responsible for the privacy or other practices of any third parties.
6. Retention Policy
We will retain personal data for as long as needed or permitted in light of the purpose(s) for which it was obtained. In general, we remove your personal information from our records 1 year after the date it was collected. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of erasure, we will remove it from our records at the relevant time.
7. Your rights
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for direct marketing purposes or to be unsubscribed from our email list at any time. You also have the following rights:
(a) Right to be informed – you have the right to be told how your personal information will be used. This Policy and other policies and statements used on our website and in our communications are intended to provide you with a clear and transparent description of how your personal information may be used.
(b) Right of access – you can write to us to ask for confirmation of what information we hold on you and to request a copy of that information. Provided we are satisfied that you are entitled to see the information requested and we have successfully confirmed your identity, we have 40 days to comply. As from 25 May 2018, we will have 30 days to comply.
(c) Right of erasure – as from 25 May 2018, you can ask us for your personal information to be deleted from our records. In many cases we would propose to suppress further communications with you, rather than delete it.
(d) Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated.
(e) Right to restrict processing – you have the right to ask for processing of your personal data to be restricted if there is disagreement about its accuracy or legitimate usage.
(f) Right to data portability – to the extent required by the General Data Protection Regulations (“GDPR”) where we are processing your personal information (i) under your consent, (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contact or (iii) by automated means, you may ask us to provide it to you – or another service provider – in a machine-readable format.
If you wish to exercise any of the above rights please email us at: firstname.lastname@example.org.
Where we consider that the information with which you have provided us does not enable us to identify the personal information in question, we reserve the right to ask for (i) personal identification and/or (ii) further information.
9. Use of our Website and services by minors
Our Website and Services are not directed to individuals under the age of eighteen (18), and we do not knowingly collect personal data from individuals under 18.
11. Contacting Us
If you have questions or concerns regarding how we collect and process your information, please contact us at:
Fix The Status Quo OÜ.,
Harju maakond, Tallinn, Kristiine linnaosa,
A. H. Tammsaare tee 47, 11316,
or at the following e-mail address: email@example.com.
Individuals using our services in Europe or the greater European Economic Area may also file a complaint with a supervisory authority in their country or region.
Third Party Service Providers
|3rd Party Service / Vendor||Purpose||Subprocessing Country||Website||Assurance of Adequate Data Protection|
|Hetzner Online GmbH||Application & database servers||Germany||https://www.hetzner.com||• GDPR compliant|
|Malijet (Maligun Technologies Inc.)||USA||https://www.mailjet.com/privacy-policy/||•Model Clauses|
|Stripe, Inc.||Payments/donations||USA||https://stripe.com/en-gb-pl/privacy||• Model Clauses, EU-US and Swiss-US Privacy Shield Framework, Binding Corporate Rules|