Data Privacy Policy as of May 25, 2018

Data controller’s contact information:

PILnet is a US-based (501 c 3) nonprofit organization (EIM: 20-5087783) with affiliated entities in Budapest (Hungary) and Hong Kong (China).

Principal Officer: Mr. Garth Meintjes, President

Main Address:199 Water Street, 11th Floor, New York, NY 10038 USA Phone: Tel: +1 212 803 5380

Contact information (data protection matters): dataprotection@pilnet.org

Principles of data processing

PILnet is committed to processing your personal data based on the internationally recognized principles of lawfulness, fairness, and transparency. We collect personal data only for specific, explicit, and legitimate purposes. PILnet follows the principles of data minimization and accuracy while processing your personal data. Our organization implements data protection measures required by regulators primarily in the United States and in EU Member States but pays equal attention to the development of privacy regulations in other countries, including Russia and China. Privacy is a global concern and PILnet as public interest organization pays special attention to this topic while executing projects and conducting its operations globally. We process personal data in a manner that ensures appropriate level of data integrity and confidentiality. We as a data controller fulfill our obligation to be accountable for data processing activities as outlined by relevant national and supranational laws and guidelines.

Terms used in this policy

“Personal data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by European Union or Member State law.

”Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Purpose and legal basis for personal data processing

PILnet’s database contains personal data that has been submitted by individuals from around the world through an online platform operated by *Mailchimp. In case we receive your namecard during a personal contact or you write us an e-mail or phone us by expressing your interest to be informed regularly about PILnet’s activities, we add your data to PILnet’s global pro bono database that offers targeted services for you.

PILnet’s and your interest is to stay in touch:

  • Sending you pro bono newsletters
  • Inviting you to events, conferences, trainings locally and globally
  • Informing you about pro bono fundraising opportunities
  • Offering you pro bono opportunities worldwide

You may withdraw (unsubscribe) anytime from the global pro bono database by sending an email to: dataprotection@pilnet.org or use the unsubscribe option posted at the bottom of PILnet’s online media releases.

*Contact information to engaged online service provider:

MailChimp, Attn. Privacy Officer, privacy@mailchimp.com  675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA

Recipients of PILnet’s communication

PILnet generates content primarily for the global legal community that includes mainly but not exclusively legal experts, lawyers, law school and public policy educators, bar and law society officials, lawmakers, legal fellows, etc. Equally, PILnet targets primarily but not exclusively the recipients of pro bono and public interest services like representatives of local and international NGOs, grassroots community activists and groups, social entrepreneurs and enterprises.

Data transfers to third countries

PILnet processes data in the United States and may occasionally do so by way of its office in Budapest (Hungary). While processing personal data PILnet strictly abides by US and European law. You should be aware that in 2016 the representatives of the European Union and the United States signed the Privacy Shield Agreement that offers formal protection for EU citizens when their data is processed by US legal entities. The Privacy Shield is based on voluntary registration of US companies. In terms of its available guarantees and legal safeguards, the mechanism of the Privacy Shield has been criticised by the Article 29 Working Party of the European Commission. Sharing those concerns, PILnet is voluntarily committed to following stricter standards by abiding the requirements of the EU’s GDPR.

Period for storing/processing your personal data

The data you submitted to PILnet’s Global Pro Bono Database will be processed for 3 years starting at the time of your latest demonstrated activity. After 3 years of inactivity (for example not opening PILnet’s e-newsletters or a pro bono matter list) your contact data will be deleted from PILnet’s database. You may withdraw (unsubscribe) anytime from the global pro bono database by sending an email to: dataprotection@pilnet.org or use the unsubscribe option posted in the issues of PILnet’s online media releases.

Profiling

According to the European Union’s regulation, profiling refers to any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

PILnet does not profile members in its Global Pro Bono Database without prior consent.

Your rights based on this policy

The right to be informed: you can approach PILnet and ask what personal data is collected about you, how it has been used, how long it will be kept and whether it will be shared with any third parties.

You have the right to ask PILnet for access to your personal data.

You have the right to rectify data on you in case you discover that the information PILnet holds on you is inaccurate or incomplete. Your request will be executed within 30 days.

You have the right to ask PILnet to erase your personal data in certain circumstances, such as when the data is no longer necessary, unlawfully processed, or no longer meets the lawful basis for which it was collected.

You also have the right to request that PILnet limit the way we use your personal data.

You have the right to data portability as permitted to obtain and reuse personal data for your own purposes across different services. This right only applies to personal data that you provided to PILnet by a contract or based on a consent.

You have the right to object to the processing of your personal data that is collected on the basis of legitimate interests or the performance of a task in the interest/exercise of official authority.

Information on data protection authorities and available legal remedies Contact for US citizens to the Federal Trade Commission:

https://www.ftc.gov/news-events/media-resources/identity-theft-and-data-security/filing-complaint

U.S. Department of Commerce | EU-U.S. Privacy Shield | 1401 Constitution Avenue, N.W. | Room 20001 | Washington, D.C. 20230

Contact for EU citizens to national data protection authorities:

http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

Citizens of other countries: Please seek information about your privacy rights and available remedies available for you at your national data protection authority.

If you find that your privacy/data protection rights have been violated by PILnet’s current data protection practices, you may turn to us for immediate response and remedy. PILnet investigates your request and responds to you within 30 days. If you are not satisfied with our response you may turn to your Data Protection/Consumer Protection Authority for advice and/or complaint.

To download the PDF of this Data Privacy Policy, click here.