1. WHO ARE WE?
2. WHICH OF YOUR PERSONAL DATA DO WE PROCESS?
- When you use our website or our social media channels, we process:
- Technical information, such as information concerning your device, IP-address, browser type, geographical location, and operating system;
- Browsing behavior, such as the length of your visit, the links you click, the pages you visit, and the frequency with which you visit a page.
- When you communicate with us by filling out a contact form on our Website, or via e-mail, telephone, fax, or social media channels, we process:
- Identity information you provide us with, such as your first name, last name, gender, birth date, age, the company you work for, preferences and interests;
- Contact details you provide us with, such as your e-mail address, postal address, country, telephone number, and mobile telephone number;
- Content of the communication, such as your request or question;
- Technical information of the communication, such as with whom you communicate at our end, date and time of the communication;
- Publicly available information about you, such as information publicly available on your social media profile;
- Any other personal data you provide us with.
- When you place an order, such as for a book or an information kit:
- Identity information you provide us with, such as your first name, last name, the company you work for, preferences and interests;
- Contact details you provide us with, such as your e-mail address, postal address, country, telephone number, and mobile telephone number;
- Order details, such as the title of the book you purchased;
- Payment details, such as the amount you paid for your purchase.
- We receive most of your personal data directly from you, but it may happen that we receive additional information about your preferences and browsing behavior from partners such as Google. If you require more information about the personal data these parties process about you and make available to others, you are kindly requested to consult their respective privacy policies.
3. FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA AND WHAT IS THE LEGAL BASIS FOR THIS?
- In the table below, we explain the purposes for which we process your personal data and on which legal basis we do so. We rely on the following legal bases:
- Your consent, in which you are informed of what this consent means before you freely give your consent;
- A contract with you, in order to perform that contract or in order to take steps prior to entering into a contract with you;
- A legal obligation that we have to comply with;
- Our legitimate interest, such as continuous improvements of our Website, social media channels, materials and services to ensure that you have the best experience possible, to keep them safe from misuse and illegal activity, to disseminate and promote them and to make them available to you, including our social betterment and humanitarian programs.
|1||We process your personal data to provide you, in a personalized and efficient way with the materials, services, or information you request via our Website, e-mail, telephone, fax, or social media channels.||Our legitimate interest|
A contract with you
|2||We process your personal data in order to be able to process your order and to be able to deliver to you the materials or information you request or to provide you with the services you request.||A contract with you|
|3||We process your personal data to send you promotional information for our materials and services, such as communications, promotions, offerings, and newsletters, via e-mail or other person-to-person electronic communication channels if you explicitly consented to receive such promotional information.||Your consent|
|4||We process your personal data to send you promotional information for materials or services similar to those you previously purchased or received from us, such as communications, promotions, offerings, and newsletters, via e-mail or other person-to-person electronic communication channels.||Our legitimate interest|
|5||We process your personal data for other marketing purposes, such as on paper or via social media channels, i.e. to provide you with targeted promotional information, such as communications, promotions, offerings, and newsletters of CSI and carefully selected partners.||Our legitimate interest|
|6||In the framework of sending you promotional information, such as communications, promotions, offerings and newsletters, via e-mail or other person-to-person electronic communication channels, we process your personal data to collect information to analyse our promotional information, such as which of our content in those promotional information you have accessed or on which links in those promotional information you have clicked (i.e.g. via tracking technologies such as web beacons in our e-mails).||Your consent|
|7||We process your personal data to create a unique profile of you to enhance your experience based on your location, your order history, your preferences, your interests and the content in our promotional information you have accessed.||Your consent|
|8||We process your personal data:|
to comply with legal obligations that we have to comply with, or
to comply with any reasonable request from competent law enforcement agents or representatives, judicial authorities, governmental agencies or bodies, including competent data protection authorities, or
to transfer your personal data to the police or the judicial authorities upon our own initiative as evidence or if we have justified suspicions of an unlawful act or crime committed by you through your use of our Website, our social media channels or other communication channels.
|A legal obligation|
|9||We process your personal data to perform statistical analyses in order to be able to improve our Website, promotional information, materials, and services or to develop new materials and services.||Our legitimate interest|
|10||We process your personal data to preserve our legitimate interests or to preserve the legitimate interests of a third party in case your use of our Website, our social media channels or other communication channels can be considered:|
danger or threat to the security or integrity of our Website, our social media channels or other communication channels or any of our, our select partners’ or a third party’s IT systems due to viruses, Trojan horses, spyware, malware or any other form of malicious code, or
in any way hateful, obscene, discriminating, racist, slanderous, spiteful, hurtful, or in some other way inappropriate or illegal.
|Our legitimate interest|
4. TO WHOM DO WE SEND YOUR PERSONAL DATA?
- We rely on third parties, for example:
- To provide you our Website (such as a hosting provider); or
- To target our promotional information (such as a marketing company); or
- To process your order (such as a transport company to deliver you the materials); or
- To process your payment (such as a payment service provider or a credit checking agency).
- These third parties are only allowed to process your personal data on our behalf and upon our explicit written instruction. We also warrant that all those third parties are selected with due care and are committed to observing the safety and integrity of your personal data.
- We may be legally obliged to share your personal data with competent law enforcement agents or representatives, judicial authorities, governmental agencies or bodies, including competent data protection authorities, to comply with a legal obligation as set out in Article 3.
- We do not send your personal data in an identifiable manner to any other third party than the ones mentioned in Articles 4.1, 4.2, and 4.3 without your explicit consent to do so. However, we may send anonymized data to other organizations that may use those data for improving materials and services as well as to tailor the marketing, displaying, and selling of those materials and services.
5. WHERE DO WE PROCESS YOUR PERSONAL DATA?
- We process your personal data both within and outside the European Economic Area (EEA), including in the USA. In order to process your personal data for the purposes outlined in Article 3 above, we may also transfer your personal data to third parties who process on our behalf outside the EEA. Each entity outside the EEA that processes your personal data will be bound to observe adequate safeguards with regard to the processing of your personal data. For CSI, such safeguards result from the fact that we are directly bound by compliance with EU legislation in the context of personal data protection. For third parties, such safeguards may be the consequence of:
- The recipient country having legislation in place which may be considered equivalent to the protection offered within the EEA; or
- A contractual arrangement between us and that entity; or
- An approved certification mechanism, such as the EU-US Privacy Shield decision adopted by the European Commission on 12 July 2016.
- We may transfer anonymized and/or aggregated data to organizations outside the EEA. Should such transfer take place, we will ensure that there are safeguards in place to ensure the safety and integrity of your data and all rights with respect to your personal data you might enjoy under applicable mandatory law.
6. WHAT QUALITY ASSURANCES DO WE COMPLY WITH?
- We do our utmost best to process only those personal data which are necessary to achieve the purposes listed under Article 3.
- Your personal data are only processed for as long as needed to achieve the purposes listed under Article 3 above or up until such time where you withdraw your consent for processing them. Your withdrawal of consent may imply that you can no longer use the whole or part of our Website. We will de-identify your personal data when they are no longer necessary for the purposes outlined in Article 3 above unless there is:
- An overriding interest of CSI, or any other third party, in keeping our personal data identifiable; or
- A legal or regulatory obligation or a judicial or administrative order that prevents us from de-identifying them.
- We will take appropriate technical and organizational measures to keep your personal data safe from unauthorized access or theft as well as accidental loss tampering or destruction. Access by our staff members or third parties’ personnel will only be on a need-to-know basis and be subject to strict confidentiality obligations. You understand, however, that safety and security are best efforts obligations which can never be guaranteed.
- If you are registered to receive promotional information, such as communications, promotions, offerings, and newsletters, via e-mail or other person-to-person electronic communication channels, you can change your preferences for receiving such promotional information by clicking the opt-out link provided in such promotional information.
7. WHAT ARE YOUR RIGHTS?
- You have the right to request access to all personal data processed by us pertaining to you. We reserve the right to charge a reasonable administrative fee for multiple subsequent requests for access that are clearly submitted for causing nuisance or harm to us. Each request must specify for which processing activity you wish to exercise your right to access and must specify to which data categories you wish to gain access to.
- You have the right to rectification, i.e. to ask that any personal data pertaining to you that are inaccurate, are corrected free of charge. If you submit a request for correction, your request needs to be accompanied by proof of the flawed nature of the data for which correction is asked.
- You have the right to withdraw your earlier given consent for the processing of your personal data.
- You have the right to erasure, i.e. to request that personal data pertaining to you be deleted if these data are no longer required in the light of the purposes outlined in Article 3 above or if you withdraw your consent for processing them. However, you need to keep in mind that a request for deletion will be evaluated by us against:
- Our and a third parties’ interests which may override your interests; or
- Legal or regulatory obligations or administrative or judicial orders which may contradict such deletion.
- You have the right to restriction instead of deletion, i.e. to request that we limit the processing of your personal data if:
- We are verifying the accuracy of your personal data; or
- The processing is unlawful and you oppose the deletion of your personal data; or
- You require your personal data to establish, exercise or defend a legal claim, while we do no longer need your personal data for the purposes listed under Article 3 above; or
- We are verifying whether our legitimate interests override your interests if you exercise your right to object in accordance with Article 6.
- You have the right to object to the processing of personal data if:
- The processing is based on our legitimate interest under Article 3 above; and
- You are able to prove that there are serious and justified reasons connected with your particular situation that warrant such objection; and
- Our legitimate interests do not override your interests.
- You have the right to data portability, i.e. to receive from us in a structured, commonly used and machine-readable format all personal data you have provided to us if the processing is based on your consent or a contract with you under Article 3 above.
- If you wish to submit a request to exercise one or more of the rights listed above, you can contact our Data Protection Officer by sending an e-mail to email@example.com. An e-mail requesting to exercise a right will not be construed as consent with the processing of your personal data beyond what is required for handling your request. Such request should meet the following conditions:
- State clearly which right you wish to exercise; and
- State clearly the reasons for exercising your right if such is required; and
- Your request should be dated and signed; and
- Your request should be accompanied by a digitally scanned copy of your valid identity card proving your identity. If you use the contact form, we may ask you for your signed confirmation and proof of identity.
We will promptly inform you of having received your request. If the request meets the conditions above and proves valid, we will honor it as soon as reasonably possible and at the latest thirty (30) days after having received your request.
If you have any complaints regarding the processing of your personal data by us, you may always contact our Data Protection Officer by sending an e-mail to firstname.lastname@example.org. If you remain unsatisfied with our response, you are free to file a complaint with the competent data protection authority.