Who is collecting your personal data?
The International Partnership for Microbicides (IPM) is committed to ensuring the privacy of visitors to our website. This policy represents our organization’s commitment to your right to privacy, giving you a clear explanation about how we use your information and your rights over that information.
By using the website, you have agreed to abide by the terms described herein, including the transfer, processing and maintenance of your personal information in the United States of America.
This policy applies to IPM’s public website, www.ipmglobal.org.
IPM is the data controller to which the policy refers. References to ‘we’, ‘us’ and ‘our’ are to IPM, registered as a nonprofit organization in the United States.
This policy was last updated on September 18, 2018 and is reviewed every 12 months.
Personal Data: “Any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (Art.4 §1 GDPR).
Sensitive Personal Data: A subset of data for which even greater care should be taken, such as “personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation” (Art. 9 §1 GDPR).
Processing Data: Any set of operations that is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art.4 §2 GDPR).
Data Subject: Individuals who are identifiable or identified by the processed personal data (Art.4 §1 GDPR).
Data Controller: The Data Controller decides how and why data is processed and ensures that legal obligations are met (Art.4 §7 GDPR).
Data Processor: An entity processing data on behalf of the Data Controller (Art.4 §8 GDPR).
Third Party: A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, is authorized to process personal data (Art.4 §10 GDPR).
What personal data do we collect?
Personal data of data subjects that IPM processes may include:
- IP addresses and website visit information. When you visit our website, you do so anonymously. However, like most website operators, IPM collects information that is not personally identifiable and that web browsers and servers typically make available, such as the browser type, language preference, referring site and the date and time of each visitor request. IPM’s purpose in collecting non-personally identifying information is to better understand how our visitors use the website.
- Identification information required for job applications.
- For email subscribers, identification data such as names, addresses, telephone numbers, email addresses, business contact information.
How do we use the information collected?
In accordance with Art.6 of the GDPR, IPM may process personal data:
- To undertake email actions
- To send you newsletters, if you choose to subscribe
- To ask you to donate or get involved in our campaigns
- To process donations that we receive from you
- To administer your application for employment
- To improve our website in consultation with IPM contractors, under confidentiality agreements
- To fulfill any legal obligations or to comply with the law
Legal basis for processing
IPM does not ask for personal data unless it is truly necessary (e.g., in conjunction with job applications). Depending on the type of data provided, we may process your personal data based on:
Your consent. When a visitor chooses to provide personal data, IPM uses that data solely for the purposes for which it was provided. IPM does not use personal information collected from its websites to facilitate unsolicited marketing or share it with or sell it to third parties.
- When you sign up for our email newsletters, you will receive a request to confirm your consent. We will only process your data if you confirm your consent. Should you wish to unsubscribe, you may do so at any time by following the “unsubscribe” link in our email newsletters.
- If you apply for a job with us, we will process your personal data only as necessary to consider your application.
Legitimate interest. We may process your personal data to fulfill our legitimate interest in achieving our mission.
To fulfill a contractual obligation. If you donate to us we will process the personal data you provided solely to process that donation.
Legal obligation. IPM will not sell or share any personal information provided by registered users of IPM’s website to third parties. Notwithstanding the foregoing, IPM may disclose personal information under the following circumstances: in response to subpoenas, court orders or other legal process, to establish, exercise or defend our legal rights and to process the registered user’s request.
Security. The transmission of information over the Internet is never completely secure. However, we take appropriate measures to keep your information as safe as possible, including keeping our website secure. IPM does not store personal information on our servers unless required for the ongoing operation of its website. IPM does not accept or store any credit card information for any reason.
Is your data shared with third parties?
Third Party Websites. Our website contains links to third party websites. These linked websites are not under the control of IPM, and IPM is not responsible for the contents of any linked website or any link contained in a linked website. IPM provides these links only as a convenience, and the inclusion of a link does not imply endorsement of or affiliation with the linked website by IPM.
Please note that third-party websites may collect information about you, through cookies or other technologies, when you link to their websites through IPMglobal.org. IPM does not monitor or control the information collection or privacy practices of these or any third parties, and is not responsible for the practices or the content of their websites. You should review the privacy policies of such third parties to understand how they collect and use information prior to providing any personal information to those third-party websites.
Third party data processors. Our website, donation page and email updates are hosted, maintained and analyzed by third party service providers, as follows:
- Website: Pantheon, SendGrid and Google Analytics
- Donation page: Network for Good
- Email updates: MailChimp
How long will your data be stored for?
We only hold your personal information in our systems for as long as is necessary for the purposes outlined above. We remove personal data from our systems once it is no longer required, in line with our guidelines on how long important information must remain accessible for future use or reference, as well as when and how data can be destroyed when it is no longer needed.
The length of time each category of data will be retained will vary depending on how long we need to process it for, the reason it was collected and in line with any statutory requirements. After this time the data will either be deleted or we may retain a secure anonymized record for research and analytical purposes.
What data privacy rights do you have?
You have the right, subject to applicable local data protection legislation, to:
- request access to, and receive a copy of the personal data we hold (Art. 15 GDPR);
- if appropriate, request rectification or erasure of the personal data that are inaccurate (Art. 16 GDPR);
- request the erasure of the personal data, subject however to applicable retention periods (Art. 17 GDPR)
- request a restriction of Processing of personal data where the accuracy of the personal data is contested, the Processing is unlawful, or if the Data Subjects have objected to the Processing (Art. 18 GDPR);
- object to the Processing of personal data, in which case we will no longer process the personal data (Art. 21);
- receive the personal data in structured, commonly used and machine-readable format (Art. 20);
Even if a Data Subject objects to the Processing of personal data, we are nevertheless allowed to continue the same if the Processing is (i) legally mandatory, (ii) necessary for the performance of a contract to which the Data Subject is a party, (iii) necessary for the performance of a task carried out in the public interest, or (iv) necessary for the purposes of the legitimate interests we follow, including the establishment, exercise or defense of legal claims.
Subject to the limitations set forth herein and/or in applicable local data protection laws, you can exercise the above rights free of charge by contacting IPM.
If you have any questions or concerns about these policies or the website, please feel free to contact us.