Last Updated – May 24, 2022
It is important that you read this Policy, together with any other privacy or fair processing policy we may provide on specific occasions when we are collecting or processing your personal information, so that you are fully aware of how and why we are using your personal information.
This Policy describes the types of personal information we may collect from you or that you may provide when you visit the website www.rockpa.org (our “Website“), and our practices for collecting, using, maintaining, protecting, and disclosing that information.
Personal Information We Collect About You
“Personal information” is information relating to you or other individuals from which you or they can be identified.
We collect several types of personal information from and about users of our Website, including information about:
- How to contact you, such as name, postal address, e-mail address, and telephone number.
- Your workplace, such as position title, organizational affiliations and similar information.
- Your internet connection, the equipment you use to access our Website and usage details – see further in the “Automatic Data Collection Technologies” section below.
How We Collect Your Personal Information
We collect your personal information directly from you when you provide it to us. This will include personal information you provide:
- When filling in forms on our Website. This includes when you sign up for more information or for our newsletters, for events, to interact with various tools or to be part of specific communities; and request material, further information or services.
- When you report a problem with our Website or contact us for any other purpose.
- When you respond to surveys that we might ask you to complete for research purposes through our Website.
- When you input queries using the “search” function on the Website.
- When you provide information to be published or displayed on public areas of the Website, or transmitted to other users of the Website or third parties.
We also collect your personal information through our use of automatic data collection technologies – see further in the “Automatic Data Collection Technologies” section below.
We may also collect or receive personal information about you from various third parties and public sources, including but not limited to:
- Technical Data from the following parties: analytics providers, such as Google and search information providers.
- Contact, financial and transaction data from providers of payment and delivery services.
Automatic Data Collection Technologies
As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information from and about your equipment, browsing actions, and patterns, including:
- Details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website.
- Information about your computer and internet connection, including your IP address, operating system, and browser type.
“Do Not Track” – Certain laws, including that of California, require that we inform you on our response to Do Not Track signals. As there is not an industry or legal standard for recognizing or honoring these signals at this time, we don’t respond to them.
The information we collect automatically is statistical data we may use to improve our Website and to deliver a better and more personalized service, including by enabling us to:
- Estimate our audience size and usage patterns.
- Store information about preferences, allowing us to customize our Website according to individual interests.
- Speed up searches.
- Recognize you when you return to our Website.
The technologies we use for this automatic data collection may include:
- Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see the “Choices About How We Use and Disclose Your Personal Information” section below.
- Web Beacons. Pages of our Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit RPA, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
How We Use Your Personal Information
We have set out below the purposes for which we use your personal information. RPA is required under EU and UK data protection law to identify a legal basis for using your personal information – we have highlighted these in brackets below:
- To present our Website and its contents to you (to achieve our legitimate interest in making this content available to you in an effective way).
- To provide you with information, products, or services that you request from us (with your consent).
- To carry out any other of our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection (to perform our contract with you; to achieve our legitimate interests of being able to manage our finances and operations and to comply with our legal or statutory obligations in relation to keeping financial and other business records).
- To notify you about changes to our Website or any products or services we offer or provide though it (to achieve our legitimate interest in ensuring we provide our services to you effectively).
- To allow you to participate in interactive features on our Website (to achieve our legitimate interest in ensuring we provide our services to you effectively).
- To contact you about events, convenings and information that may be of interest to you (with your consent).
- In the manner set out in the “Disclosure of Your Personal Information” section below.
If you do not provide RPA with the personal information required to perform our contract with you or comply with our legal or statutory obligations (highlighted as such in the list above), we may not be able to provide those relevant services to you. If you consent to RPA’s use of your personal information and this consent forms the legal basis of our processing of that personal information, you are entitled to withdraw it at any time – see the “Your Rights With Respect To Your Personal Information” section below for more detail.
Disclosure of Your Personal Information
We may disclose personal information that we collect or that you provide as described in this Policy:
- To our subsidiaries and affiliates (the “RPA Group”) to provide you with requested services.
- To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations, to keep personal information confidential and use it only for the purposes for which we disclose it to them and in accordance with our instructions.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of RPA’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of RPA, our customers, or others.
- To other identified parties who we inform you about from time to time.
Choices About How We Use and Disclose Your Personal Information
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your personal information:
- Offers from RPA. If you do not wish to have your email address/contact information used by RPA to notify you of upcoming events or for our newsletter or other services, you can opt-out by checking the relevant box located on the form on which we collect your data or by sending us an email stating your request to [email protected]. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions. This opt out does not apply to information provided to RPA as a result of a service engagement or other transactions.
Your Rights With Respect To Your Personal Information
If our processing of your personal information is subject to EU and UK data protection law, you have a number of rights. These include, in certain circumstances:
- To ask us not to process your personal information, including where RPA is using it for direct marketing purposes.
- To receive a copy of all your personal information held by RPA, in order to check we are processing it lawfully.
- To ask us to correct any errors in your personal information.
- To ask us to delete your personal information, including when exercising your right to object to processing (see above), unless we have a compelling reason to continue with such processing.
- To ask us to restrict the processing of your personal information in certain situations (such as where there is an outstanding question you have raised regarding its accuracy).
- To ask us to transfer your personal information to another party, where we have collected it from you to perform a contract or are processing it on the basis of your consent.
- To withdraw your consent where you have provided it for RPA’s collection or use of your personal information for a specific purpose, subject to certain conditions.
You may exercise these rights at any time by contacting RPA using the details in the “Contact Information” section of this Policy.
We may not be able to accommodate a request relating to your personal information in certain circumstances prescribed by law. Please contact us using the details in the “Contact Information” section of this Policy if you would like more information.
We will only retain your personal information for as long as reasonably necessary to fulfil the purposes for which we use it, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
EU located individuals: International Transfers
We share your personal information within the RPA Group. For our clients and individuals with whom we deal who are located in Europe and the UK, this may involve transferring your personal information outside of the European Economic Area (“EEA”) and UK to countries whose laws are not deemed to provide a level of protection for personal information that is of the same standard as enjoyed under data protection law in Europe and the UK.
We ensure your personal information is protected by requiring all of our group companies to follow the same rules when processing your personal information. We may also share your personal information with contractors, service providers and other third parties supporting our business when needed. Many of these third parties are based outside of the EEA and the UK, so their processing of your personal information will involve a transfer of data outside of the EEA and UK.
Whenever we transfer your personal information out of the EEA or UK whether internally within our group or externally to other parties, we ensure proper protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission.
- We may use specific standard contract clauses approved by the European Commission or UK Information Commissioner’s Office (also conducting any required transfer impact assessment and, if necessary, implementing supplementary measures) to make sure that the transferred personal information is given an appropriate level of protection in accordance with applicable data protection law when being processed outside the EEA or UK.
Alternatively, in certain circumstances we may transfer personal information outside the EEA or UK relying on specific derogations under applicable EU and UK data protection law, including where you (or the relevant individual) have provided your (or their) explicit, informed consent to the transfer; the transfer is necessary for the purposes of being able to enter into or perform a contract with you (or another individual) at your (or their) request; or, the transfer is needed in connection with a legal claim (or possible legal claim).
Please contact us if you want further information on the specific mechanisms used by us when transferring your personal information out of the EEA or UK.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. For example, all information you provide to us is stored on our secure servers behind firewalls. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Website like message boards. The information you share in public areas may be viewed by any user of the Website.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. To the fullest extent legally permitted, we are not responsible for circumvention of any privacy settings or security measures contained on the Website.
Changes to Our Policy
We may revise and update this Policy from time to time in our sole discretion. All changes are effective immediately when we post them, and apply to all access to and use of the Website and handling of your personal information thereafter. It is our policy to post any changes we make to our Policy on this page. If we make material changes to how we treat our users’ personal information, we will notify you through a notice on the Website home page. The date the Policy was last revised is identified at the top of the page.
To ask questions or comment about this Policy and our privacy practices or if you are based in Europe or the UK and wish to exercise your rights under data protection law as described above, please contact us at:
Address: Rockefeller Philanthropy Advisors
6 West 48th St.
New York, NY 10036
Email: [email protected]
Before we can respond, we may need to ask you to verify your identity and/or clarify the nature and scope of your request.
If you are concerned about how RPA uses your personal information and we are unable to resolve your issue, you have the right to make a complaint to the supervisory authority in your place of work or residence or the place in which the relevant infringement has taken place.