Personal Information Collected
We receive personal information from Data Subjects which may include:
- Category 1 – Personal contact information, such as name, address, telephone number, and email address.
- Category 2 – Payment information, such as payment card information, checking account numbers, and bank routing information
- Category 3 – Work contact information, such as name, title, name of the business the Data Subject works for, business address, business telephone number, and business email address.
- Category 4 – Data gathered by our websites and online properties visited or used by Data Subjects that pertains to Data Subjects’ usage of such website and online properties. Please also refer to the section entitled “Cookies and Other Similar Technologies” below.
You are not required by law to share your personal information with us. However, some of this information may be necessary in order for us to transact with you. In particular, we will not be able to accept your donations, without obtaining your personal details and, when you are making a donation, your payment information.
We receive personal information about Data Subjects from third party sources which includes:
- Category 5 – Data obtained from third party data aggregators
- Category 6 – Personal information obtained from publicly available sources.
Purposes for Processing Personal Information
We use the personal information held about Data Subjects for the following purposes:
- Categories 1 - 6 – To carry out our rights and obligations arising from any agreement entered into between us and a Data Subject, including to contact such individuals and for administrative purposes.
- Category 2 – To process payments of donations and to make payments for services rendered by the Data Subject.
- Category 3 – To communicate with other businesses and organizations through their representatives.
- Category 4 – To operate our websites and online properties, to enable account log-ins and to obtain analytic data about the use of our websites and online properties.
- Category 5 – 6 – To learn more about Data Subjects so we can tailor our offerings.
Lawful Basis for Processing Personal Information
The lawful basis/bases that we rely upon to process personal information held about Data Subjects is as follows:
- Categories 1-6 – We use this personal information subject to your consent for one or more specific purposes, when you have given it, and/or to carry out our obligations arising from our agreements with Data Subjects and/or to take steps at Data Subjects’ request prior to entering into such agreements and/or when to do so is in our legitimate interests that are not overridden by the interests or fundamental rights and freedoms of Data Subjects.
- Categories 1 and 3 – We use this personal information to send communications to Data Subjects about our activities and offerings to the extent we have Data Subject consent and/or when to do so is in our legitimate interests that are not overridden by the interests or fundamental rights and freedoms of Data Subjects.
- Categories 1-6 – We use this personal information to comply with our legal obligations.
Disclosure of Information
We do not disclose any personal information about Data Subjects to any third parties, except:
- as reasonably necessary or appropriate in connection with the administration of our receipt of donations, provision of our goods and services, and communications with our donors, business contacts and others;
- for marketing;
- with our co-sponsor(s) if we obtain your information in connection with a contest, sweepstakes, offering, or other promotional activity that is jointly offered by us and any third parties, unless you instruct us not to;
- to processors who are only permitted to use it to perform services for us;
- as required by law or any applicable regulatory authority;
- in connection with a corporate change or dissolution, including for example a merger, acquisition, reorganization, consolidation, bankruptcy, liquidation, sale or assets or wind down of business ; and/or
- to protect the rights, property, or safety of our company, its business associates or others.
In these cases, we may share personal information with communications providers, web analytics companies, payment processors, co-sponsors, social media platforms, legal advisers, accountants, companies engaged to dispose of or store data including personal information, and adverse parties who have a legal right to receive such information and their counsel, experts and legal advisers.
We will take reasonably necessary steps to ensure that where personal information is shared, it is treated securely and in accordance with this notice and applicable laws.
Personal Information Retention
We will endeavor not to keep personal information in a form that allows a Data Subject to be identified for any longer than is reasonably necessary for achieving the permitted purposes. At the end of the applicable retention period, we may destroy, erase from our systems, or anonymize personal information as part of such efforts. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Storage & Transfer of Personal Information
We endeavor to maintain physical, electronic and procedural safeguards designed to protect Data Subjects’ personal information, prevent unlawful or unauthorized processing of personal information, and prevent unauthorized disclosure of, or accidental loss of, or damage to, such information.
We may process personal information in, and transfer personal information to, countries, including, without limitation, the United States, that may not guarantee the same level of protection for personal information as the country in which Data Subjects reside.
Personal information will also be processed by staff who work for us and operate outside the European Economic Area. This includes staff engaged in, among other things, the provision of administration and support services. All such staff are subject to appropriate confidentiality and security obligations.
We restrict access to non-public personal information about Data Subjects to those of our employees and agents who need to know the information to enable us to provide services.
We will only transfer personal information to third party service providers if they agree to comply with the physical, electronic and procedural safeguards described above, or if they put in place adequate measures themselves.
Rights in Relation to Personal Information
These include, where certain conditions are met:
- the right to request access to the personal information we hold about them,
- the right to have inaccurate information about them amended or updated,
- the right to object to processing of personal information about them,
- the right to withdraw consent at any time (where relevant),
- the right to have personal information about them erased or to restrict processing in certain limited situations,
- the right to data portability and to request the transmission of personal information about them to another organization,
- the right to object to automated decision making that materially impacts them, direct marketing, and processing for research or statistical purposes, and
- the right to lodge complaints with applicable data supervisory authorities.
Data Subjects should use the contact information below to get more information and/or to make a formal request.
We will endeavor to keep the personal information we store about Data Subjects reasonably accurate and up-to-date by enabling Data Subjects to correct it by request. Data Subjects should notify us by sending an email to Andrea Testa (Contracts Manager) at firstname.lastname@example.org if any of their personal information changes or if they become aware of any inaccuracies in the personal information we hold about them.
COOKIES AND SIMILAR TECHNOLOGIES
Other Information Collected on CLASP Websites
Our websites utilize web measurement technology in order to improve our website and provide a better user experience for our visitors. We are utilizing a multi-session web measurement technology that does not collect any personal information. This multi-session web measurement technology anonymously tracks how visitors interact with our websites, including where they came from, what they did on the site, and whether they completed any pre-determined tasks while on the site.
This technology is provided by Google Analytics and the information collected is used to optimize our website, helping us determine top tasks, improve our user interface and diversify our content offerings to meet the needs of our visitors. No personal information is collected, so the anonymity of the end user is protected. The measurement data that is collected is only retained for as long as is needed for proper analysis and optimization of the website and is accessible only to employees whose position necessitates it.
Since disabling this web measurement technology requires modifying individual browser settings it is enabled by default. Google also provides a browser plug-in that will allow you to opt-out of all Google Analytics measurements, which you can find at http://tools.google.com/dlpage/gaoptout. Please note that opting-out in no way effects your access to content within our websites or how you see our websites.
See the “Notice of Automatic Collection of Information and Persistent Multi-Session Measurement on Website” section below for additional details on the information collected on the CLASP Websites.
Notice of Automatic Collection of Information and Persistent Multi-Session Measurement on Website
Our servers automatically collect your IP address when you visit our website, and we may associate that with your domain name or that of your internet access provider. We may also capture certain “clickstream data” pertaining to your website usage. Clickstream data includes, for example, information about your computer or device, web browser and operating system and their settings, the referring page that linked you to the website, the pages, content or ads you see or click on during your visit and when and for how long you do so, items you download, the next website you visit when you leave a CLASP website, and any search terms you have entered on the website or a referral site.
Some CLASP websites use the technology called a cookie. A cookie is a small file that a website transfers to your computer to allow it to remember specific information about your session while you are connected. A cookie assigns a unique numerical identifier to your web browser, and may enable us to recognize you as the same user who was at our website in the past, and relate your use of the website to other information about you, such as your website usage information. Cookies may also be used to collect general usage and aggregated statistical information and detect and prevent fraud. There are two types of cookies used on some websites, session cookies and persistent cookies. Session cookies last only as long as your web browser is open. Once you close your browser, the cookie disappears.
You can at any time change or withdraw your consent from the Cookie Declaration on our website.
Local shared objects, such as “Flash cookies,” may be stored on your computer or device using a media player or other software installed on your computer or device. Local shared objects operate a lot like cookies, but cannot be managed in the same way. Depending on how local shared objects are enabled on your computer or device, you may be able to manage them using software settings.
HTML5 (the language some website are coded in) may be used to store information on your computer or device about your website usage activities. This information can be retrieved by us to determine how our website is being used by our visitors, how it can be improved, and to customize it for our users.
Cache cookies, such as eTags, may be used to identify your computer or device as the same computer or device that visited our website or another website in the past.
CLASP is committed to expanding the global conversation on energy efficiency and upholding the principles of transparency, participation and collaboration. One of the key ways we seek to accomplish this is through the use of third-party social media websites and applications. We do not collect or request personal information through these outlets, but may occasionally come into contact with unsolicited personal information due to circumstances beyond our control. As a result, we reserve the right to moderate or remove comments that offer personal information such as address, phone number or social security number in a public manner. No personal information will be retained in our system or shared with outside parties. In addition, third party social networking platforms and blogging platforms have their own privacy policies that explain how the third parties that provide them will use and protect your information. In accordance with those policies (and your privacy settings within your social media accounts), information about your activities on our website (such as “likes” or “favorites”) may be published to your social media profile.
Comments Sent by Email
You may choose to provide us with personal information, as in an email message containing your comments or questions. We use this information to improve our service to you or to respond to your request. There are times when your message is forwarded, as email, to other CLASP employees or contractors, or other experts who may be better able to help you.
CLASP uses software programs to monitor this website for security purposes. By accessing this website, you are expressly consenting to these monitoring activities.
Unauthorized attempts to defeat or circumvent security features, to use the system for other than intended purposes, to deny service to authorized users, to access, obtain, alter, damage, or destroy information, or otherwise to interfere with the system or its operation is prohibited. Evidence of such acts may be disclosed to law enforcement authorities and result in criminal prosecution under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act of 1996, codified at section 1030 of Title 18 of the United States Code, or other applicable criminal laws.
Effective Date: June 2019