Personal Information we hold about you will be processed either because:
• the processing is necessary in pursuit of a “legitimate interest”; a legitimate interest in this context means a valid interest we have or a third party has in processing your personal data which is not overridden by your interests in data privacy and security;
• you have consented to the processing for the specific purposes described in this notice; or
• the processing is necessary in order for us to comply with our obligations under a contract between you and us.
When you visit the Site, we may automatically collect certain information about you and your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we may collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.” We collect Device Information using the following technologies:
• “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
• “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
• “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
We use or may use the Subscription Information and Communication Information that we collect generally to communicate with you via for example a newsletters you have subscribed to and to provide any other information you have requested or respond to any other correspondence. (This processing is necessary for our legitimate interests in being part of the Trustlines Network ecosystem and is carried out on the basis that you have consented to us communicating with you in such manner.) We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how you browse and interact with the Site, and to assess the success of our communication campaigns). (This processing for our legitimate interests in managing the information we provide via our Site and to assess how people use the Site.) We also use your Personal Information to further develop the Site, administrate our Site and comply with all legal requirements.
We share your Personal Information with third parties to help us use your Personal Information, as described above. We may use Google Analytics to help us understand how you use the Site–you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout. We may disclose your Personal Information to other third-parties that enable us to provide the Site and any connected services including technical support providers who may have access to personal data. These may include software and website developers, IT support and mail management service providers. In all cases, our agreement with the relevant third party will contain appropriate provisions regarding the use and security of your Personal Information. Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
We will not transfer any data in a systematic way outside of the EEA but there may be circumstances in which certain personal information is transferred outside of the EEA, in particular:
• if you live outside of the EEA, we may communicate with you during the course of our interactions and such communications may include Personal Information (such as Subscription Information);
• we may have certain third-party service suppliers who are based outside the EEA or who store data outside of the EEA;
• if you communicate with us while you are outside of the EEA there may be some data transfer to you or your device;
• from time to time your information may be stored in devices which are used by affiliates engaged by the Trustlines Foundation when outside of the EEA.
If we transfer your information outside of the EEA in a systematic way, and the third country or international organisation in question has not been deemed by the EU Commission to have adequate data protection laws, we will provide appropriate safeguards and your privacy rights will continue to be enforceable against us as outlined in this notice.
In accordance with the GDPR and data protection laws applicable to you, the following rights may be available to you: The right (1) to be informed about our data processing activities (2) of access to the Personal Information we hold about you (3) to correction of your Personal Information if it is incomplete or inaccurate (4) to deletion of your Personal Information or (5) to restriction or limitation of the processing of your Personal Information and (6) to object to the processing of your Personal Information and (7) to receive copies of your Personal Information in a commonly used form and to transfer it directly to a third party. If we are relying on your consent as the basis on which we are processing your Personal Information, you have the right at any time to withdraw your consent at any time. Any request made under (2) above (a subject access request) or any other notification in respect of your rights must be sent to us by email to: firstname.lastname@example.org or by post to: Trustlines Foundation, Lettstrasse 10, 9490 Vaduz, Liechtenstein.
If you are of the opinion that the Trustline Foundation’s data processing activities infringe upon applicable data protection regulations or your personal data protection rights, you have the rights to report this to the competent supervisory authority in Liechtenstein.
If you sign up for a newsletter through the Site or we acquire your Personal Information due to another interaction with the Trustlines Foundation, we will generally maintain your Personal Information for our records for twelve months unless you ask us to delete this information before such time has passed. We may retain your Personal Information for more than twelve months if we consider it is necessary to enable us to satisfactorily provide the information on the Site or administer the Site or to enable us to comply with any statutory, legal or contractual obligation we may have. We review the Personal Information (and the categories of personal data) we are holding on a regular basis to ensure the data we are holding is still accurate and is still relevant to the Trustlines Foundation and its Site. If we discover that certain data we are holding is no longer necessary or accurate, we will take reasonable steps to correct or delete this data as may be required.
We will take all reasonable steps to ensure that appropriate technical and organisational measures are carried out in order to safeguard your Personal Information and protect against unlawful access and accidental loss or damage. These measures may include (as necessary):
• compliance with our internal IT security procedures;
• protecting our servers by both hardware and software firewalls;
• locating our data processing storage facilities in secure locations;
• using appropriate support tool and mailing list management providers;
• when necessary, disposing of or deleting your data in a secure manner; and
• regularly backing up and encrypting all data we hold.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at email@example.com