Europe (GDPR) Privacy Policy

Europe (GDPR) Data Privacy Policy as of December 2, 2021

Data Controller’s Contact Information

PILnet is a US-based (501(c)(3)) nonprofit organization (EIM: 20-5087783) with affiliated entities in Budapest (Hungary) and Hong Kong SAR (China).

  • Principal officer: Ms. Leila Saad, Executive Director 
  • Main address: 199 Water Street, 11th Floor, New York, NY, 10038, United States
  • Phone: Tel: +1-212-803-5380
  • Fax: +1-212-803-5381 
  • Email address (data protection matters): [email protected]

Principles of Data Processing 

This privacy policy relates to the handling of personal data by PILnet and its affiliated entities (“PILnet affiliates”).

PILnet is committed to processing your personal data based on the internationally recognized principles of lawfulness, fairness, and transparency. We collect personal data only for specific, explicit, and legitimate purposes. We process your personal data:

  • Where we have your consent; 
  • In connection with our legitimate interests and where your interests and fundamental rights do not override those interests; 
  • Where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract; and 
  • In order to comply with a legal obligation to which we are subject.

PILnet follows the principles of data minimization and accuracy while processing your personal data. Our organization implements data protection measures required by regulators primarily in the United States and European Union (EU) and European Economic Area (EEA) Member States, but pays equal attention to the development of privacy regulations in other countries. Privacy is a global concern and PILnet as a public interest organization pays special attention to this topic while executing projects and conducting its operations globally. We process personal data in a manner that ensures an appropriate level of data integrity and confidentiality. We as a data controller fulfill our obligation to be accountable for data processing activities as outlined by relevant national and supranational laws and guidelines. 

Terms Used in This Policy 

“Personal data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. 

“Processing” means any operation or set of operations, which are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. 

“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by EU or Member State law, the controller or the specific criteria for its nomination may be provided for by EU or Member State law. 

“Processor” means a natural or legal person, public authority, agency, or other body, which processes personal data on behalf of the controller. 

“Consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. 

Role of PILnet

PILnet is the controller with respect to your personal data.

Purpose and Legal Basis for Personal Data Processing 

PILnet’s database contains personal data that has been submitted by individuals from around the world through an online platform operated by *Mailchimp. In case we receive your name card during a personal contact, or you write us an email or phone us by expressing your interest to be informed regularly about PILnet’s activities, we add your data to PILnet’s global pro bono database that offers targeted services for you.

PILnet’s and your interest is to stay in touch by:

  • Engaging in pro bono activities and providing content to the global legal community;
  • Sending you pro bono newsletters;
  • Inviting you to events, conferences, and trainings locally and globally; 
  • Informing you about pro bono fundraising opportunities; and
  • Offering you pro bono opportunities worldwide.

You may withdraw (unsubscribe) anytime from the global pro bono database by sending an email to [email protected], or by using the unsubscribe option posted at the bottom of PILnet’s online media releases.

*Contact information to engaged online service provider: 

Mailchimp
Attn: Privacy Officer
675 Ponce de Leon Ave NE, Suite 5000
Atlanta, GA 30308
United States

[email protected]

If you have any questions about this privacy policy or our privacy practices, please contact our data privacy manager in the following ways:

Full name of legal entity: PILnet Foundation 

Email address: [email protected]

Postal address: 1055 Budapest, Honvéd utca 22/A. 2/1

You have the right to make a complaint at any time to the Hungarian National Authority for Data Protection and Freedom of Information (HNA), the Hungarian supervisory authority for data protection issues (www.naih.hu).

We would, however, appreciate the chance to deal with your concerns before you approach the HNA, so please contact us in the first instance.

Recipients of PILnet’s Communication

PILnet generates content primarily for the global legal community that includes mainly but not exclusively legal experts, lawyers, law school and public policy educators, bar and law society officials, lawmakers, legal fellows, etc. Equally, PILnet targets primarily but not exclusively the recipients of pro bono and public interest services like representatives of local and international NGOs, grassroots community activists and groups, social entrepreneurs, and enterprises.

Data Transfers to Third Countries 

PILnet processes data in the United States and may occasionally do so by way of its offices in Budapest (Hungary) and Hong Kong SAR. PILnet’s main administrative office is based in the US and that is where it processes personal information collected through its website. When you provide personal information to PILnet, PILnet requests your consent to transfer that personal information to the US. The US does not have an adequacy decision from the European Commission, which means that the Commission has not determined that the laws of the US provide adequate protection for personal information. Although the laws of the US do not provide legal protection that is equivalent to EU data protection laws, PILnet safeguards your personal information by treating it in accordance with this GDPR Privacy Notice. PILnet takes appropriate steps to protect your privacy and implement reasonable security measures to protect your personal information in storage. PILnet uses secure transmission methods to collect personal data through its website. PILnet also enters into contracts with its data processors that require them to treat personal information in a manner that is consistent with this Notice while processing personal data PILnet strictly abides by US and EU law.

Period for Storing/Processing Your Personal Data 

The data you submitted to PILnet’s Global Pro Bono Database will be processed for 3 years starting at the time of your latest demonstrated activity. After a period of inactivity, your contact data will be deleted from PILnet’s database. You may withdraw (unsubscribe) anytime from the global pro bono database by sending an email to [email protected], or by using the unsubscribe option posted in the issues of PILnet’s online media releases. 

Profiling 

According to the EU’s regulation, profiling refers to any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. PILnet does not profile members in its Global Pro Bono Database without prior consent.

Your Rights Based on This Policy 

The right to be informed: you can approach PILnet and ask what personal data is collected about you, how it has been used, how long it will be kept, and whether it will be shared with any third parties. 

You have the right to ask PILnet for access to your personal data. 

You have the right to rectify data on yourself in case you discover that the information PILnet holds on you is inaccurate or incomplete. Your request will be executed within 30 days. 

You have the right to ask PILnet to erase your personal data in certain circumstances, such as when the data is no longer necessary, is unlawfully processed, or no longer meets the lawful basis for which it was collected. 

You also have the right to request that PILnet limit the way we use your personal data. 

You have the right to data portability as permitted to obtain and reuse personal data for your own purposes across different services. This right applies only to personal data that you provided to PILnet by a contract or based on a consent. 

You have the right to object to the processing of your personal data. 

Citizens or residents of countries other than an EEA Member State: Please seek information about your privacy rights and remedies available for you at your national data protection authority. 

If you find that your privacy/data protection rights have been violated by PILnet’s current data protection practices, you may turn to us for immediate response and remedy. PILnet investigates your request and responds to you within 30 days. If you are not satisfied with our response, you may turn to your Data Protection/Consumer Protection Authority for advice and/or complaint.

US Privacy Policy

US Data Privacy Policy as of December 2, 2021

Data Controller’s Contact Information

PILnet is a US-based (501(c)(3)) nonprofit organization (EIM: 20-5087783) with affiliated entities in Budapest (Hungary) and Hong Kong SAR (China). 

  • Principal officer: Ms. Leila Saad, Executive Director
  • Main address: 199 Water Street, 11th Floor, New York, NY, 10038, United States
  • Phone: +1-212-803-5380
  • Fax: +1-212-803-5381 
  • Email address (data protection matters): [email protected]

Principles of Data Processing 

This privacy policy relates to the handling of personal data by PILnet and its affiliated entities (“PILnet affiliates”).

PILnet is committed to processing your personal data based on the internationally recognized principles of lawfulness, fairness, and transparency. We collect personal data only for specific, explicit, and legitimate purposes. We process your personal data: 

  • Where we have your consent; 
  • In connection with our legitimate interests and where your interests and fundamental rights do not override those interests; 
  • Where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract; and
  • In order to comply with a legal obligation to which we are subject.

PILnet follows the principles of data minimization and accuracy while processing your personal data. Our organization implements data protection measures required by regulators primarily in the United States and European Union (EU) and European Economic Area (EEA) Member States, but pays equal attention to the development of privacy regulations in other countries. Privacy is a global concern and PILnet as a public interest organization pays special attention to this topic while executing projects and conducting its operations globally. We process personal data in a manner that ensures an appropriate level of data integrity and confidentiality. We as a data controller fulfill our obligation to be accountable for data processing activities as outlined by relevant national and supranational laws and guidelines. 

Terms Used in This Policy 

“Personal data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. 

“Processing” means any operation or set of operations, which are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. 

“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by EU or Member State law, the controller or the specific criteria for its nomination may be provided for by EU or Member State law. 

“Processor” means a natural or legal person, public authority, agency, or other body, which processes personal data on behalf of the controller. 

“Consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. 

Role of PILnet

PILnet is the controller with respect to your personal data.

Purpose and Legal Basis for Personal Data Processing 

PILnet’s database contains personal data that has been submitted by individuals from around the world through an online platform operated by *Mailchimp. In case we receive your name card during a personal contact, or you write us an email or phone us by expressing your interest to be informed regularly about PILnet’s activities, we add your data to PILnet’s global pro bono database that offers targeted services for you.

 PILnet’s and your interest is to stay in touch by:

  • Engaging in pro bono activities and providing content to the global legal community;
  • Sending you pro bono newsletters;
  • Inviting you to events, conferences, and trainings locally and globally; 
  • Informing you about pro bono fundraising opportunities; and
  • Offering you pro bono opportunities worldwide.

You may withdraw (unsubscribe) anytime from the global pro bono database by sending an email to [email protected], or by using the unsubscribe option posted at the bottom of PILnet’s online media releases.

*Contact information of engaged online service provider: 

Mailchimp
Attn: Privacy Officer
675 Ponce de Leon Ave NE, Suite 5000
Atlanta, GA 30308
United States

[email protected]

 If you have any questions about this privacy policy or our privacy practices, please contact our data privacy manager by emailing [email protected].

Recipients of PILnet’s Communication 

PILnet generates content primarily for the global legal community that includes mainly but not exclusively legal experts, lawyers, law school and public policy educators, bar and law society officials, lawmakers, legal fellows, etc. Equally, PILnet targets primarily but not exclusively the recipients of pro bono and public interest services like representatives of local and international NGOs, grassroots community activists and groups, social entrepreneurs, and enterprises. 

Data Transfers to Third Countries 

PILnet processes data in the United States and may occasionally do so by way of its offices in Budapest (Hungary) and Hong Kong SAR. PILnet is voluntarily committed to following stricter standards by abiding by the requirements of the EU’s GDPR.

Period for Storing/Processing Your Personal Data 

The data you submitted to PILnet’s Global Pro Bono Database will be processed for 3 years starting at the time of your latest demonstrated activity. After a period of inactivity, your contact data will be deleted from PILnet’s database. You may withdraw (unsubscribe) anytime from the global pro bono database by sending an email to [email protected], or by using the unsubscribe option posted at the bottom of PILnet’s online media releases.

Profiling 

According to the EU’s regulation, profiling refers to any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. PILnet does not profile members in its Global Pro Bono Database without prior consent. 

Your Rights Based on This Policy 

The right to be informed: you can approach PILnet and ask what personal data is collected about you, how it has been used, how long it will be kept, and whether it will be shared with any third parties. 

You have the right to ask PILnet for access to your personal data. 

You have the right to rectify data on yourself in case you discover that the information PILnet holds on you is inaccurate or incomplete. Your request will be executed within 30 days. 

You have the right to ask PILnet to erase your personal data in certain circumstances, such as when the data is no longer necessary, is unlawfully processed, or no longer meets the lawful basis for which it was collected. 

You also have the right to request that PILnet limit the way we use your personal data. 

You have the right to data portability as permitted to obtain and reuse personal data for your own purposes across different services. This right applies only to personal data that you provided to PILnet by a contract or based on a consent. 

You have the right to object to the processing of your personal data that is collected on the basis of legitimate interests or the performance of a task in the interest/exercise of official authority. 

Information on Data Protection Authorities and Available Legal Remedies 

Contact for US citizens to the Federal Trade Commission:
US Department of Commerce
EU-US Privacy Shield
1401 Constitution Avenue, NW, Room 20001
Washington, DC 20230
United States

https://www.ftc.gov/news-events/media-resources/identity-theft-and-data-security/filing-complaint 

Contact for EU citizens to national data protection authorities:

http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080 

Citizens of other countries:

Please seek information about your privacy rights and remedies available for you at your national data protection authority. 

If you find that your privacy/data protection rights have been violated by PILnet’s current data protection practices, you may turn to us for immediate response and remedy. PILnet investigates your request and responds to you within 30 days. If you are not satisfied with our response, you may turn to your Data Protection/Consumer Protection Authority for advice and/or complaint.

Hong Kong Privacy Policy

Hong Kong Data Privacy Policy as of May 30, 2022

Data Controller’s Contact Information

PILnet is a US-based (501(c)(3)) nonprofit organization (EIM: 20-5087783) with affiliated entities in Budapest (Hungary) and Hong Kong SAR (China) (collectively, “PILnet”). In the Hong Kong SAR (China), it is incorporated as a company limited by guarantee in the name of PILnet Hong Kong Limited (“PILnet HK” or “we”) (company number 2462148).

  • Directors: Heng-Pin Kiang, Alan Gary Schiffman
  • Address of registered office: 23/F Chun Wo Commercial Centre, 23-29 Wing Wo Street, Central, Hong Kong SAR
  • Phone: Tel: +852 6106 0892
  • Email address (data protection matters): [email protected]

Principles of Data Processing

This is the Privacy Policy of PILnet HK and is applicable only to the activities of PILnet HK. We are committed to fully complying with the data protection principles under the Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong) (“PDPO”) and to processing your personal data based on the internationally recognized principles of lawfulness, fairness, and transparency.

  • We collect and process your personal data where we have your consent.
  • We will use your personal data only for a lawful purpose directly related to a function or activity of ours, and only if the data is adequate but not excessive in relation to that purpose.
  • We take all practicable steps to ensure that the personal data is accurate having regard to the purpose for which the personal data is or is to be used.
  • We take all practicable steps to ensure that the personal data is not kept longer than is necessary for the fulfilment of that purpose (including any directly related purpose) for which the data is or is to be used.

We will not use the personal data for a new purpose without your prescribed consent.

We will take all practicable steps to ensure that any personal data (including data in a form in which access to or processing of the data is not practicable) is protected against unauthorized or accidental access, processing, erasure, loss or use.

PILnet implements data protection measures required by regulators primarily in the Hong Kong SAR, United States and European Union (EU) and European Economic Area (EEA) Member States in accordance with where its legal entities are respectively incorporated, but pays equal attention to the development of privacy regulations in other countries. Privacy is a global concern and PILnet as a public interest organization pays special attention to this topic while executing projects and conducting its operations globally. We process personal data in a manner that ensures an appropriate level of data integrity and confidentiality. We as a data user fulfill our obligation to be accountable for data processing activities as outlined by relevant national and supranational laws and guidelines.

Terms Used in This Policy

“Personal data” means any data relating directly or indirectly to a living individual from which it is practicable for the identity of the individual to be directly or indirectly ascertained and in a form in which access to or processing of the data is practicable.

“Data” means any representation of information (including an expression of opinion) in any document, and includes a personal identifier. A personal identifier is an identifier that is assigned to an individual by a data user for the purpose of the operations of the user, and that uniquely identifies that individual in relation to the data user, but does not include an individual’s name used to identity that individual.

“Processing” in relation to personal data, includes amending, augmenting, deleting or rearranging the data, whether by automated means or otherwise.

“Data user” in relation to personal data, means a person who, either alone or jointly or in common with other persons, controls the collection, holding, processing or use (including disclosure or transfer) of the data.

“Data processor” means a natural or legal person which processes personal data on behalf of the data user and does not process the data for any of the person’s own purposes.

“Consent” of a person means the express consent of the person given voluntarily and does not include any consent which has been withdrawn by notice in writing served on the person to whom the consent has been given (but without prejudice to so much of that act that has been done pursuant to the consent at any time before the notice is so served). Subject to the provisions of the PDPO, a person with parental responsibility for a minor can give consent in relation to the personal data of a minor.

Role of PILnet HK

PILnet is the controller with respect to your personal data.

Purpose and Legal Basis for Personal Data Processing

PILnet has a database containing personal data that has been submitted by individuals from around the world. The database is maintained through an online platform operated by *Mailchimp. In the event we receive your name card during a personal contact, or you express an interest to be informed about PILnet’s activities by writing to us or communicating this to us on a call, we will add your data to PILnet’s global pro bono database (“Global Pro Bono Database”) that offers targeted services for you.

PILnet’s and your interest is to stay in touch by:

  • Engaging in activities and providing content to the global legal community;
  • Sending you newsletters;
  • Inviting you to events, conferences, and trainings locally and globally;
  • Informing you about fundraising opportunities; and
  • Offering you pro bono opportunities worldwide.

When you visit PILnet’s website, PILnet may also:

  1. Use cookies to help us improve your user experience (you can disable cookies from our website or your browser settings);
  2. Record your device and traffic data (e.g., your IP address or device identifiers) to help us understand how our website is used and improve our business;
  3. Record log file information (e.g., your browser type, and information on your number of clicks or pages viewed) to help us understand how our website is used and improve our business; and
  4. Use analytics tools which may store a small piece of data on your device that will send information to help us understand how our website is used.

If we want to use your personal data for any reason other than as set out above or as informed to you, we will seek your consent first.

You may withdraw (unsubscribe) anytime from the Global Pro Bono Database by sending an email to [email protected], or by using the unsubscribe option posted at the bottom of PILnet’s online media releases.

*Contact information to engaged online service provider:

Mailchimp
Attn: Privacy Officer
675 Ponce de Leon Ave NE, Suite 5000
Atlanta, GA 30308
United States

[email protected]

If you have any questions about this privacy policy or our privacy practices, please contact our data privacy manager in the following ways:

Full name of legal entity: PILnet Hong Kong Limited

Email address: [email protected]

Recipients of PILnet’s Communication

PILnet generates content primarily for the global legal community that includes mainly but not exclusively legal experts, lawyers, law school and public policy educators, bar and law society officials, lawmakers, legal fellows, etc. Equally, PILnet targets primarily but not exclusively the recipients of pro bono and public interest services like representatives of local and international NGOs, grassroots community activists and groups, social entrepreneurs, and enterprises.

Data Transfers to Third Countries

PILnet processes data in the United States and may occasionally do so by way of its offices in Budapest (Hungary) and Hong Kong SAR. PILnet’s main administrative office is based in the US and that is where it processes personal data collected through its website. Although there are no conditions required for transferring data to a third country under the PDPO, PILnet is voluntarily committed to following stricter standards by abiding by the requirements of the EU’s General Data Protection Regulation (GDPR). When you provide personal data to PILnet HK, PILnet HK requests your consent to transfer that personal data to the US. PILnet takes appropriate steps to protect your privacy and implement reasonable security measures to protect your personal information in storage. PILnet uses secure transmission methods to collect personal data through its website. PILnet also enters into contracts with its data processors that require them to treat personal information in a manner that is consistent with this policy.

Period for Storing/Processing Your Personal Data

The data you submitted to PILnet’s Global Pro Bono Database will be processed for 3 years starting at the time of your latest demonstrated activity. After a period of inactivity, your contact data will be deleted from PILnet’s database. You may withdraw (unsubscribe) anytime from the Global Pro Bono Database by sending an email to [email protected], or by using the unsubscribe option posted in the issues of PILnet’s online media releases.

Your Rights Based on This Policy

You can approach PILnet HK and ask whether PILnet HK holds personal data of which you are the data subject, and ask for a copy of such data if we do hold such data. Within 40 days, subject to the provisions of the PDPO, we will either comply with such requests or inform you that we do not hold such data. If you are provided with the data and you then find that the data is inaccurate, you have the right to request that we make the necessary correction to the data. Within 40 days, subject to the provisions of the PDPO, we will correct the data and give you a copy of the corrected data, or we will let you know why we are unable to correct the data.

If you find that your privacy/data protection rights have been violated by PILnet HK’s current data protection practices, you may turn to us for immediate response and remedy. PILnet HK investigates your request and responds to you within 30 days. If you are not satisfied with our response, you may turn to the Office of the Privacy Commissioner for Personal Data for advice and/or complaint.

Updates and Changes

From time to time, we may add to, change, update, or modify this policy. If we change the policy in a way that affects how your data will be used or the permissions you grant to us, we will notify you and ask you to review the new policy. We may not notify you of changes that do not affect how your data will be used or the permission you grant us. We ask that you review this policy from time to time to ensure that you continue to agree with all of its terms, and your continued provision of personal data (if any) to PILnet after a change will constitute your agreement to the new terms unless your explicit consent or indication of no objection is specifically required under law.

Other Websites

PILnet may provide, on PILnet’s website, links to other websites. If you choose to visit or use other websites, we are not responsible for their privacy practices, contents or practices. It is your responsibility to review the applicable privacy policies to confirm that you understand and agree with them.