I. Personal Information
Personal information is any information that we can use to identify, locate, or contact you, along with other associated information. It also includes other information that may be associated with your personal information.
The personal information provided to HHP when you make a donation, register for an event, sign up for a newsletter, purchase a product, or otherwise provide HHP with information via the HHP website located at humanhealthproject.org, or any other domain name owned or controlled by HHP. The Policy, also applies to personal data you may provide to HHP via telephone, email, regular mail, social media, text messaging, mobile applications, at a special event, in response to a solicitation or face-to-face.
HHP may request from you, or you may volunteer to provide, your contact information, including your name, mailing address, phone number(s), social media handles and email address(es).
II. Sharing of information within the HHP network. What about data you provide to other HHP organizations?
Outside the U.S. and Canada: Each HHP Global Organization (“Global Affiliate”) is responsible for its own compliance with local data protection laws and regulations.
Sharing of information within the HHP network: We may share your data with a HHP Global Organization a Global Affiliate, such as in connection with your participation in a global pilot program, or to enable a HHP Global Extension where you have expressed interest in receiving updates you about the Global Affiliate its own programs and campaigns. Before we will share your personal data, HHP requires that the HHP Global Organization Global Affiliate receiving the data (the “Receiving Organization”) maintain security controls that will assure that your data is securely stored and accessible only by appropriately trained personnel. Unless you inform us that you do not consent, a Receiving Organizations may in the future contact you about their own programs and activities.
Likewise, when you provide personal data to a HHP Global Organization Global Affiliate in connection with your participation in a global pilot program or other international volunteer event that HHP sponsors, your personal data may be shared between (i) the Receiving Organization and any other Global Affiliate HHP Global Organization that hosts the event (the “Hosting Organization”) and (ii) the Receiving Organization and HHP. Unless you inform HHP or the Receiving Organization that you do not consent to marketing by Hosting Organization, the Hosting Organization may also contact you about its own programs and activities in the future.
III. How We Collect Personal Information
HHP may obtain your personal information in the following circumstances:
a. When you give it to HHP
We will obtain your personal information directly when you make a donation, sign up for one of our events, purchase products from the HHP on-line retail store, or when you communicate with us directly in some other way.
Some examples, but not exclusive, of how users provide their data, are through their health data through surveys, questionnaires or in their profile and through their enrollment in educational courses.
b. When you give it to a Global Affiliate
We may obtain your personal information indirectly when you sign up for an event sponsored by a HHP Global Organization, such as a campaign or pilot program. In such cases, the HHP HHP Global Organization will share your data with HHP to enable us to contact you about your campaign or about future HHP programs and support opportunities. It may also be shared if it is a necessary part of completing a contract or other legal obligations to you in connection with your participation in an event.
c. When you give it to HHP indirectly
We will obtain your personal information when you communicate to your employer or to a retail partner of HHP during your point of purchase that you affirmatively designate HHP to receive a personal contribution from you.
Sometimes your personal information is collected by an organization working on HHP’s behalf (for example, a client management system). In such cases, the agency is acting on our behalf, and we are the “data controller” responsible for the security and proper processing of your data, just as if you had given it to HHP directly.
d. When you access HHP’s sponsored social media
We might also obtain your personal information through your use of social media such as Facebook, WhatsApp, Twitter or LinkedIn, depending on your settings or the privacy policies of these social media and messaging services. To change your settings on these services, please refer to their privacy notices, which will tell you how to do this.
e. When the information is publicly available
We might also obtain personal information about individuals who may be interested in giving major gifts to charities or organizations like HHP. In these cases, we may seek to find out more about these individuals’ interests and motivations for giving through publicly available information. The information sources may include newspaper or other media coverage, open postings on social media sites such as LinkedIn, and services that aggregate data on charitable giving. HHP will not retain publicly available data relating to major donors without their consent, which will be sought at the earliest practical opportunity.
IV. How We Use Personal Information
We hold and process supporters’ personal data for a few reasons:
- a. To keep a record of donations made and actions taken by our supporters and our communications with them.
- b. To send our supporters marketing information about our projects, fundraising activities and appeals where we have their consent or are otherwise permitted to do so.
- c. To fulfill contractual obligations entered into with supporters.
- d. To support volunteers, such as during campaigns or fundraising events.
- e. To support global based fundraising and campaigning.
- f. To ensure we do not send unwanted information to supporters or members of the public who have informed us they do not wish to be contacted.
- g. Manage supporters’ accounts and provide customer service.
- h. Enforce the HHP website terms of service.
- i. Perform other functions as described at the time HHP collects information.
V. Personal Marketing
If you make a donation or a purchase with HHP, or otherwise provide us your information, HHP may contact you from time to time about opportunities to make additional donations or purchases or to provide you information about upcoming programs.
We will make it easy for you to tell us if you would like to receive marketing communications from us and hear more about our work and the ways in which you would like to receive this information. We will not send you marketing material if you tell us that you do not wish to receive it. Instructions for how to do so are below (see “How to control what we send you or update your personal information”).
VI. Personal Information Disclosed to Others
If you reside in the U.S. or Canada, and unless you instruct us otherwise, HHP may share your personal data with organizations with which HHP partners, as well as other companies whose products and services may be of interest to you. In these cases, we may also provide you with information about services from third parties, unless you inform us that you do not want to receive this information.
HHP’s suppliers: We may need to share your information with service providers who help deliver our projects and fundraising activities. These “data processors” will only act under our instruction and are subject to contractual obligations containing strict data protection clauses. We do not allow these organizations to use your data for their own purposes or disclose it to other third parties without our consent, and we will take all reasonable care to ensure that they keep your data secure.
Facebook and other Social Media Sites: We may also use your email address and phone number to match to your Facebook or other social media account in order to show you HHP content while you use those services. We only do this where you have consented to receiving marketing emails, either by opting in (where you reside in the European Economic Area) or by not opting out (where you reside in the United States and Canada). In addition, we may also use your email address and phone number to link to Facebook or other social media sites in order to identify other users of these sites whom we believe would be interested in HHP.
There are two ways to prevent this use of your data. You can either update your consent preferences directly with us at HHP (see below, “How to control what we send you or update your personal information”) or via the social media sites.
Updating your preferences with HHP will not guarantee that you never see HHP content on social media, since the social media site may select you based on other criteria.
Where legally required: We will also comply with legal requests where disclosure is required or permitted by law (for example to government bodies for tax purposes or law enforcement agencies for the prevention and detection of crime, subject to such bodies providing us with a relevant request in writing).
- To amend your contact preferences for any type of communication, email us at email@example.com, or write to us at: Data Protection Officer, Human Health Project; 2271 Vandalia Ave. Los Angeles, CA 90032 (to amend your preferences for any communication channel);
- To amend your contact preferences for newsletters, reply to the newsletter via the email account from which the communication was received.
Additionally, you can opt out of marketing emails at any time by clicking the unsubscribe link in any marketing email from HHP.
Timing of implementation. In responding to requests to not receive marketing information, we will make take all reasonable efforts to meet the following service levels:
- Email: 48 hours from receipt of email
- SMS: 48 hours from receipt of SMS
- Mail: 28 days from receipt of ‘do not mail’ request. This period is longer than for other channels due to the production times for mailing campaigns, and in most cases, we would expect the change to be effective much more quickly.
If you are a resident of the European Economic Area and your country has adopted the provisions of the General Data Protection Regulation, you have the right to request a copy of the personal information we hold about you, to have any inaccuracies corrected, and to have any personal information deleted from our systems (a “Subject Access Request” or “SAR”). In line with standard guidelines for these requests, we will require you to prove your identity with two pieces of approved identification. We will respond to such requests within 30 days of receipt.
Please address SARs, or questions or complaints about this Policy, to the firstname.lastname@example.org , or write to us at: Data Protection Officer, Human Health Project; 2271 Vandalia Ave. Los Angeles, CA 90032 (to amend your preferences for any communication channel);
California (California Consumer Privacy Act): If you are a California resident, the California Consumer Privacy Act (CCPA) gives you certain rights regarding your personal information. California consumers have a right to knowledge, access, and deletion of their personal information under the CCPA. California consumers also have a right to opt out of the sale of their personal information by a business and a right not to be discriminated against for exercising one of their California privacy rights.
You can exercise your CCPA rights by sending your request(s) to us at email@example.com, or write to us at: Data Protection Officer, Human Health Project; 2271 Vandalia Ave. Los Angeles, CA 90032 (to amend your preferences for any communication channel);
If you want to exercise more than one of your CCPA rights, please submit a separate request for each CCPA right, which will help us handle your requests more effectively. Please be aware that we will process your requests in the order we receive them.
We will need information from you to process your request so that we can confirm you are a California resident, determine if we have personal information about you, and, for access and deletion requests, verify your identity. We may also need to contact you about your request, and you can choose the contact method you would like us to use.
Please be aware there might be circumstances where we will not honor your request, as permitted under the CCPA. For example, if we are not able to verify your identity and that you are a California resident, we may not honor your access or deletion request.
Canada (Personal Information Protection and Electronic Documents Act): This Policy complies with the Personal Information Protection and Electronic Documents Act. If you want to review, verify or correct your personal information, please contact our Privacy Officer. Please note that any such communication must be in writing.
When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information that we hold about you.
Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices. In the event that we cannot provide you with access to your personal information, we will endeavor to inform you of the reasons why, subject to any legal or regulatory restrictions.
VIII. How do we store your data?
We keep your data for no longer than necessary for the purposes for which the data is collected and processed. The length of time we retain Personally Identifiable Information for depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise, or defend our legal rights.
IX. HHP keeps your data safe
We ensure that there are appropriate technical controls in place to protect your personal details. For example, our online forms that ask for personal information are stored on networks that are password-protected and routinely monitored. Laptops are not used to store sensitive personal information unless they are both password protected or encrypted. All sensitive personal data is stored on a secure database, to which only a limited number of relevant staff have access. It is deleted when no longer needed by HHP, is never shared with third parties, and is available to you at any point should you wish to see it.
Within HHP, we undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors. Where we share your personal data with a Global Affiliate, the Global Affiliate is required to take comparable steps to assure that your information is securely stored and accessed only by appropriately trained personnel.
We use external companies to collect or process personal data on our behalf. We do comprehensive checks on these companies before we work with them, and in our legal agreements, we clearly set out our requirements regarding how they manage the personal data to which they have access. We have a robust partner-monitoring framework to ensure these contractual obligations are met.
This Policy may be updated from time to time, so you may wish to check it each time you submit personal information to HHP. The date of the most recent revisions will appear on this page. If you do not agree to these changes, please do not continue to use the HHP website to submit personal information to HHP. If material changes are made to the Policy, we will notify you by placing a prominent notice on the website.