eCHOIng has designed this policy to be consistent with the following principles:
- Privacy policies should be easy to read and find;
- Data collection, storage, and processing should be simplified as much as possible to enhance security, ensure consistency, and make the practices easy for users to understand;
- Data practices should always meet the reasonable expectations of users.
What personal data does eCHOIng collect and how do we document it?
By ‘personal data’, eCHOIng means information, which would allow someone to identify you. Examples are your name, mailing address, phone number, email address, username, photograph, IP address and details of your professional work such as your biography and networks to which you may belong.
In compliance with the EU General Data Protection Regulation (GDPR), we document how we obtain personal data, what we do with it, how we store it and with whom data has been shared. This documentation is stored in a Data Register. This register entails information about what personal data we process, for what purpose, where the data comes from and with whom we share it. In appropriate cases, the legal basis on which this is done will be maintained.
How and why does eCHOIng collect your data?
Website Analytics: eCHOIng uses Google Analytics to collect some information about your activities, when you visit the website. The type of information that we collect focuses on general information such as country or city where you are located, pages visited, time spent on pages, heat-map of visitors’ activity on the site, information about the browser you are using, etc. We do this to better understand how many people are using the website and to further improve our services. We do not use this information to identify individuals but rather to analyse broader trends in website usage.
Note: you can learn about Google’s practices in connection with its analytics services and how to opt out of it by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
Cookies: We and our service providers (e.g., Google Analytics) may collect information using cookies or similar technologies for the purposes described above and below. Cookies are pieces of information that are stored by your browser on the hard drive or memory of your computer or other device.
Cookies may enable us to personalize your experience on the services, maintain a persistent session, passively collect demographic information about your computer, and monitor advertisements and other activities. The websites may use different kinds of cookies and other types of local storage (such as browser-based or plugin-based local storage)
Emails and Newsletters: When you sign up to receive updates from eCHOIng or otherwise subscribe to one of our mailing lists, you will be asked to provide some personal information. eCHOIng collects and uses this personal information pursuant to its legitimate interest in providing news and updates to, and collaborating with, its supporters and volunteers. When you sign up for these services, certain principles will be respected:
- A double opt-in will be offered, so that the recipient expressly consents to receiving the emails from eCHOIng.
- The opt-in will not be part of (general) terms and conditions.
- During the collection of the data, it will be made clear what the data will be used for.
- Opt-ins will be registered.
- You will always be given an option to unsubscribe.
Other Voluntarily Provided Information: When you provide feedback to eCHOIng, email us with questions, sign a petition distributed by eCHOIng or otherwise submit personal information to eCHOIng, we collect and use this personal information in order to better understand our community and to further the particular program or activity to which you provided feedback or other input.
How does eCHOIng protect your data?
eCHOIng has implemented reasonable physical, technical, and organizational security measures for personal information that eCHOIng processes against accidental or unlawful destruction, or accidental loss, alteration, unauthorized disclosure or access, in compliance with applicable law.
However, no website can fully eliminate security risks. Third parties may circumvent our security measures to unlawfully intercept or access transmissions or private communications. If any data breach occurs, we will post a reasonably prominent notice to the websites and comply with all other applicable data privacy requirements including, when required, personal notice to you if you have provided and we have maintained an email address for you.
How can you access your data?
Any user of eCHOIng services has the right to inspect data stored about them by eCHOIng. On request, eCHOIng can create a file outlining which data have been retained, the purpose of the processing, with whom the data was shared and how the data were obtained. If corrections or deletions are required, eCHOIng will do this immediately.