Purpose is committed to protecting your privacy and compliance with all relevant legislation, including the General Data Protection Regulation (GDPR), where this applies to EU citizens, and the EU-US Privacy Shield.
We will typically collect personal data from you where you register to support campaign or where you are engaged by Purpose or our clients for campaigning purposes (Activists), where you are a client of ours (Customers), or where you are a website user that browsers or interacts with pages relevant to Purpose or our clients (Website users). We use different methods to collect data from and about you including the following:
Contact Details. You may give us your Contact Details by filling in forms or by corresponding with us by post, phone, email or otherwise. This will include information such as your phone number, physical address, email address, etc. This includes personal data you provide when you:
This information could be collected directly from you through forms when you interact with on our website or through campaigns undertaken by our clients. It could also be collected directly as research performed by ourselves, our clients or other third parties. It may also be inferred from your browsing history, as collected by Technical Data (see below). Generally, it will include:
Special Category or Sensitive Personal Data.
In some cases, we could be collect special category or sensitive personal data directly from you through forms when you interact with on our website or through campaigns undertaken by our clients. We will usually only collect this with your explicit consent. Such information could includes sexual orientation, ethnicity, religious affiliation and/or refugee status.
Similarly to other websites, we may also collect information from your device and store it in log file, as you interact with our website or websites hosted by our third party partners or cookies embedded in our website, in order to support your website experience and interactions with us. This information could include data on your IP Address, Location, device identifiers and information on links that you click on or content that you view.
Third parties or publicly available sources.
We will receive personal data about you from various third parties as set out below:
Generally, we use your personal data for the purpose for which we obtained it which include the following:
Such data could also be used to compile user profiles used in the context of campaigns.
We may undertake profiling based on data collected from individuals, in order to build up a profile of their interests and ensure that campaigns are targeted suitably to them. This processing may also involve automated decision-making in order to allocate particular categories of interests to groups of individuals.
Typically, we anonymise any personal data used for the creation of anonymous or ‘lookalike’ profiles for our clients. However, this profiling may also involve assigning particular categories of interests to individuals and/or targeting them on the basis of their interests.
We take steps to ensure that any automated decision-making involving targeting or micro-targeting that is carried out to individuals on the basis of our campaigns does not adversely affect or prejudice particular groups of people. Where we believe this processing may cause such effects, such as in relation to children or using sensitive personal data, we take steps to avoid carrying out this processing unless one or more safeguards apply.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
This applies where you have given us consent to the processing. Typically, this will include where you have provided information to us or our clients in the course of engaging with our campaigns. It will also include where you have given us consent to send marketing information to you or have consented to the installation of cookies that might collect Technical data on your device. Additionally, we will generally only collect Sensitive Personal Data with your explicit consent, whether this consent is collected by Purpose or our third party partners.
We will take active steps to collect your consent or to ensure our clients have collected it. Where you have given consent, you have the right to withdraw consent to marketing at any time by contacting us or opting out. For more information, see the section on your Legal Rights.
We may rely on our legitimate interests (or those of a third party) – including in the context of research for campaigns and/or compiling a picture of your interests, improving our business operations and engaging in direct marketing, where your interests and fundamental rights do not override those interests. Typically, this will include where we contact you in the course of our business activities or engage in research on the targetaudience for our campaigns.
Performance of a contract
We may also process your data for the performance of a contract you have with us – for example, in the course of products and services where a contract is agreed.
We may also store your personal data where we need to comply with a legal obligation – in particular, in the course of products and services we offer or receive, the retention of relevant data for tax purposes.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means.
We will retain the following data for the applicable periods below.
Your personal data may be stored on our systems within the European Economic Area (EEA) and may also be transferred or stored on our secure servers which are located in the United States.
Third Party Providers
We may also transfer your personal data to our clients and third-party database providers.
These are discussed further in the section below.
We may share your personal data with the parties set out below for the purposes outlined above. This could include for storage purposes, for the administration of relevant contracts, to ensure that this information is used to target appropriate advertisements to you, and for our legal obligations. Such third parties could include:
We may also transfer your personal data to our clients and third-party database providers in order to store personal data and perform our operations using such systems. Some of these are based in the UK and others may also transfer, store and process your personal data outside the European Economic Area (EEA), subject to suitable and secure safeguards. These may include:
We may also be legally required to share information with the following third parties:
Where we use such third-party providers as listed in Section 6, we take steps to enter into agreements to ensure that such third parties have the adequate safeguards in place, which include:
a) General Transfer requirements. Generally, where data has been transferred from Purpose Europe to other third parties outside the EEA, we will ensure that any clients or third-party providers who receive such data have the appropriate measures to ensure secure transfers in place. Purpose will not transfer any data to such third parties until these arrangements have been verified. These may include ensuring that one of the following mechanisms are in place:
b) Liability for Onward Transfer. Where we transfer personal data to third-party providers as listed in Section 6, Purpose will generally be liable for these parties’ non-compliance with certain legislation, including the Privacy Shield Principles. Purpose will take steps to audit such third parties for compliance with the Privacy Shield Principles prior to engaging them for the provision of any services to ensure they have the adequate measures for data transfers in place before permitting any data transfers to be made. In particular, we will ensure such parties enter into agreements with us, which will include requirements to maintain similar safeguards equivalent to the GDPR and Privacy Shield Principles and, where appropriate, that personal data is only processed on the terms and in accordance with the rights set out in this Privacy Notice.
c) Processor requirements. Additionally, where Purpose engages a processor to carry out data processing on our behalf, we will remain liability for the processor’s non-compliance with the GDPR and other data protection legislation, unless such parties are responsible for not complying with provisions of the GDPR and other data protection legislation specifically directed to processors or where it has acted outside or contrary to our lawful instructions. We do not allow our third-party providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and periods, and in accordance with our instructions. Purpose with enter into agreements Clients or third-party providers to ensure that they accept such all third parties to respect the security of your personal data and to treat it in accordance with the law, and to notify us if any security breaches occur. Purpose will also audit such third parties for compliance wit these adequate safeguards prior to engaging them for the provision of any services.
Under certain circumstances, you have rights under the GDPR in relation to your personal data, upon request:
o The right to opt-out from having campaigns or advertisements targeted at your interests. To exercise this, please click here. o The right to opt-out from marketing communications or newsletters we may send to you.
You should exercise this by contacting us at firstname.lastname@example.org or click on the Opt Out in the marketing email you received.
o The right to opt-out of any cookies we use, even to those you have consented to. For more information on this, please see the Cookies section above.
NO FEE USUALLY REQUIRED
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
WHAT WE MAY NEED FROM YOU
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
TIME LIMIT TO RESPOND
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
In compliance with the Privacy Shield Principles, Purpose to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Purpose at: email@example.com. We will respond to your complaint or inquiry within 45 days of receipt.
Purpose has further committed to refer unresolved Privacy Shield complaints to JAMS as an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit JAMS for more information or to file a complaint. The services of JAMS will be provided at no cost to you.
Purpose commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.
You may have the option to use a binding arbitration mechanism for the resolution of your complaint under certain circumstances, provided you have a) raised your compliant directly with Purpose and provided us the opportunity to resolve the issue; b) made use of the independent dispute resolution mechanism with the appropriate organisation(s) above; c) and raised the issue through your relevant data protection authority and allowed the Department of Commerce an opportunity to resolve the complaint at no cost to you. The binding arbitration will be handled by the International Centre for Dispute Resolution’s American Arbitration Association, available here.
For the purposes of the Privacy Shield, Purpose is also subject to the jurisdiction of the Federal Trade Commission (FTC) in the United States.
A cookie is a small text file that is downloaded onto your computer when you visit our website and allows us to recognise you as a user. Typically, these contain two pieces of information: a site name and unique user ID. All information these cookies collect is aggregated and anonymous. Cookies are essential to the effective operation of our website. Cookies make the interaction between you and the website faster and easier.
Cookies may also be set by the website you are visiting (first party cookies) or they may be set by other websites who run content on the page you are viewing (third party cookies).
We will generally collect information through the following types of cookies:
Through cookies, we may also collect your Internet protocol (IP) address, device identifiers, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Internet or this website or websites associated with our third party partners. We may also collect data about your interests and preferences which we receive in relation to web pages you have viewed and your interactions with various web pages, as collected through our cookies and cookies installed by our third-party providers to track you online.
The cookies are stored for a period of 13 months maximum unless you clear their cache and the cookies themselves.
Opting Out of Cookies
You may access our Cookie Consent Notice to decline cookies at any time subsequently here (<insert hyperlink to the relevant section of the Cookie Notice>).
You can manage the cookies stored on your device as well as stop cookies from being installed on your browser. For more information on how to manage cookies usage on your device, please let us refer you to information found on these topics on allaboutcookies.org, more specifically by clicking on the links below:
Please note that if you prefer to block some or all of the cookies Purpose uses, you might lose some of our website’s functionality.
DATA PROTECTION OFFICER
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
ICO contact details
Email address: firstname.lastname@example.org Postal address: Information Commissioner’s Office (ICO) Wycliffe House Water Lane Wilmslow Cheshire, SK9 5AF.
Telephone number: +44 (0) 303 123 1113
Additionally, for the purpose of disputes related to the Privacy Shield, Purpose have committed to the mechanisms outlined in Section 8 above.
We keep our Privacy Notice under regular review. This version was last updated in August 2019.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.