Skip links
Join mailing list

Privacy Policy

Yesod Europe Notice and Policy for the Collection and Use of Personal Information

Yesod Europe (“Yesod Europe”) is a program of the American Jewish Joint Distribution Committee Europe, Asia and Africa Foundation located at H-1053 Budapest, Ferenciek tere 7-8. II. lph. Email: info@jdc.org (“AJJDC EAA”). AJJDC EAA is the data controller. This Privacy Policy describes how we collect, use, share, and retain personally identifiable information you provide. It is important that this information is handled lawfully and appropriately in line with pertinent law, including, where applicable, the requirements of the EU General Data Protection Regulation (“GDPR”). We take data protection duties seriously because we respect the trust that is being placed in us to use personal information appropriately and responsibly.  This Privacy Policy does not cover the practices of our licensees or business partners (such as vendors, sponsors, or advertisers).  

The Policy is effective as of 25 May 2018. The policy was last modified on 1 June 2023. 

 

What is Personal Data? 

Personal data means data (whether stored electronically or paper based) relating to a living individual who can be identified directly or indirectly from that data (or from that data and other information in our possession).   

Processing is any activity that involves use of personal data. It includes obtaining, recording or holding the data, organizing, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties. 

Sensitive personal data includes personal data about a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric, physical or mental health condition, sexual orientation or sexual life. It can also include data about criminal offences or convictions. Sensitive personal data can only be processed under strict conditions, including with the consent of the individual. 

 

Data Protection Principles 

In processing personal data, we will take all reasonable measures to ensure that data is: 

  • Processed fairly, lawfully and in a transparent manner. 
  • Collected for specified, explicit and legitimate purposes and any further processing is completed for a compatible purpose. 
  • Adequate, relevant and limited to what is necessary for the intended purposes. 
  • Accurate, and where necessary, kept up to date. 
  • Kept in a form which permits identification for no longer than necessary for the intended purposes. 
  • Processed in line with the individual’s rights and in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures. 
  • Not transferred to people or organizations situated in countries without adequate protection and without firstly having advised the individual. 

 

Collection and Processing for Limited Purposes 

In the course of our operations, we collect and process the personal data as set out in this Notice.  

Collection of Personally Identifiable Information 

We collect information directly from you through, for example, program registration forms and meetings, or indirectly from a select group of JDC entities and affiliates, or from local community partners/grantees. Information is collected and maintained from participants in our programs, application and registration forms, survey respondents, and others. To the extent that information requested is not required for your participation in a given program/opportunity, you will be told which information is optional.  

We process the following of your personal data collected from you during your application, registration and participation in our programs and in the course of your interactions with us: 

  • Basic personal information: your name, organisation, job title, age group, mobile phone number, email.  

We may also process the following of your personal data, including and not limited to: 

  • Basic personal information: including your nationality, address, date of birth, passport number and country of issuance, e-mail, and phone number.  
  • Demographic information: including gender, education, profession, and occupation 
  • Data concerning health: including information regarding your dietary restrictions, allergies, and any current medical conditions. 
  • Religious affiliation data: including your participation in movements, events, organizations relative to the Jewish culture.   
  • Photographs, video recordings and audio recordings: including of your voice, image, simulated likeness, and of other personal characteristics. 

 

Use, Sharing and Retention of Personally Identifiable Information 

We use personally identifiable information as described at the time of collection, including for the purpose of receiving information about general Yesod Europe initiatives and specific initiatives that we think will be of interest to you; and for Yesod Europe to evaluate the reach and impact of its initiatives. We may also use your personally identifiable information to tailor your experience at our sites, to compile and display content and information that we think you might be interested in, and to provide you with content according to such preferences. 

 

Legal Bases for Data Processing 

The GDPR is not intended to prevent the processing of personal data, but to ensure that it is done fairly and without adversely impacting the rights of the individual. In accordance with the GDPR, we will only process personal data where it is required for a lawful purpose.  

The legal grounds for which we may process data in relation to you are outlined below:  

  • Contract (1): we rely on this legal basis if our data processing is necessary for performance of a contract with you or to take steps at your request to enter into a contract. This covers carrying out our contractual duties and exercising our contractual rights, including the registration and participation in programs and activities or complying with grant requirements if you apply for a grant. If you do not provide the necessary information, your participation in the relevant programs might be delayed or declined. 
  • Legal obligation (2): we process data if necessary to comply with our legal and regulatory obligations, such as, for example, to comply with tax reporting and accounting data retention obligations. 
  • Legitimate Interests (3): we rely on legitimate interests if processing is necessary for our or a third party’s legitimate purposes. We, or a third party, have legitimate interests in carrying on, managing and administering our respective operations effectively and properly, and, in connection with those interests, processing your data. Your data will not be processed on this basis if our or a third party’s interests are overridden by your own interests, rights and freedoms. 
  • Consent (4): We may process data if and to the extent you have given specific consent to the processing of your data. We may ask for your consent to send newsletters and similar communications to you; or we may ask for your consent so that we may use and publish your photo, image video and audio recordings for general promotional and fundraising purposes. The provision of personal data is voluntary. If we have relied on consent as grounds for processing, you may withdraw your consent at any time – though, if you do so, that will not impact the lawfulness of our actions prior to your withdrawal of consent. 

We will only process sensitive personal data about you if one or more of the grounds for processing sensitive personal data applies. Our activities serve ideological purposes; therefore, we may process information about your religious affiliation, such as your participation in movements, events, or organizations relative to the Jewish culture, to the extent data processing relates to persons who have regular contact with us. The additional legal grounds we are most likely to rely on for processing sensitive personal data in relation to you are outlined below: 

  • Consent: You have given specific consent to the processing of your religious affiliation data and personal data concerning health. If we have relied on consent as grounds for processing, you may withdraw consent at any time – though, if you do so, that will not impact the lawfulness of our actions prior to your withdrawal of consent. 
  • Legal claims: Processing is necessary for the purpose of establishing, making or defending legal claims. Those could be legal claims made by you, us or others, including claims relating to grants. 

 

Recipients of Personal Data 

We may transfer your personal data to the below third parties for the following reasons: 

  • Within the JDC Group: personal data may be transferred within a select group of JDC entities and affiliates. The list of such entities and affiliates can be found at http://www.jdc.org/about/privacy-policy/jdc-entities/. In each case, the transfer is for purposes of carrying on, managing and administering our respective operations effectively and properly; to administer programs, communicate with donors, monitor and ensure compliance with applicable internal procedures (e.g., corporate financial responsibilities), and to respond to and comply with any grant requirements and legal demands. In addition, in the event that our foundation is closed and a new JDC entity is established or if our operations and/or employees are transferred in whole or in part to a new JDC entity that provides services to you, your personal information may be transferred to the new JDC entity prior to the transaction or after the transaction, subject to any rights provided by applicable law, including under the laws of the jurisdiction in which the other entity is located. 
  • Donors and/or partnering agencies: The Rothschild Foundation Hanadiv Europe and other JDC partners and funders for use in connection with their activities.  
  • With certain third parties: Additionally, personal data may be shared with vendors or third-parties who deliver or provide goods and services or otherwise act on behalf of or at the direction of JDC, which third parties include, for example, hotels, training providers and partners, product-fulfillment companies, third-party event hosts, other third parties who may provide services on websites that are accessible from links on one of our websites, banks or credit card companies processing payment; and independent external advisors (e.g., auditors, lawyers). If you are an event attendee, speaker, or sponsor, certain of your information will be included in the event Program, which can be publicly disclosed, and may also be shared with third-party event sponsors and exhibitors. We may also share personally identifiable information with third parties for legitimate interest purposes, including for the following reasons or in the following circumstances: i) to investigate potentially fraudulent or questionable activities; ii) in anticipation of and in the course of an actual or potential reorganization of operations and/or transfer of employees; and iii) when we believe it is necessary to cooperate with law enforcement or in response to a government request, including if specifically requested or required, as otherwise permitted by law, and for other valid operational purposes. 

 

Duration of Data Processing 

Your personal data will not be kept in a form that allows you to be identified for any longer than is reasonably considered necessary by us for achieving the purposes for which it was collected or processed or as required by applicable laws related to data retention periods. We will retain your data during our relationship with you and thereafter, for varying periods of time, depending on the reason for which we are required to retain the particular data.  There are several reasons for which we must retain your data, including: relevant statute of limitations under civil laws; the statutory data retention obligation applicable to personal data in contracts, communication and business correspondence which constitute accounting documents. The personal data will be removed from our records or properly anonymized when it is no longer needed. 

 

Security 

We use reasonable measures to safeguard sensitive personally identifiable information, which measures are appropriate to the type of information maintained, and follows applicable laws regarding safeguarding any such information under our control. We cannot guarantee, however, that your information will remain secure. The Internet by its nature is a public forum, and we encourage you to use caution when disclosing information online or through e-mail. Often, you are in the best situation to protect yourself online. 

 

International Visitors 

Our office is located in Hungary. If you are providing personally identifiable information and are not a resident of Hungary, your country’s laws governing data collection and use may differ from those in Hungary. In particular, Israel may not provide the same level of protections as those in your own country. By providing information to us, you are transferring your personal data to Hungary, and you consent to the transfer to, retention of and processing of your data in Hungary. 

 

International Transfer of Data 

We may transfer any personal data we hold to a country outside the European Economic Area (“EEA”) or to an international organization, provided that one of the following conditions applies: 

  • The country to which the personal data are transferred ensures an adequate level of protection for the data subjects’ rights and freedoms. 
  • The data subject has given consent. 
  • The transfer is necessary for one of the reasons set out in the Act, including the performance of a contract between us and the data subject, or to protect the vital interests of the data subject. 
  • The transfer is legally required on important public interest grounds or for the establishment, exercise or defense of legal claims. 
  • The transfer is authorized by the relevant data protection authority where we have adduced adequate safeguards with respect to the protection of the data subjects’ privacy, their fundamental rights and freedoms, and the exercise of their rights. 

Subject to the requirements above, personal data we hold may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Those staff may be engaged in, among other things, the fulfilment of contracts with the data subject, the processing of payment details and the provision of support services. 

 

Links to Third-Party Sites 

We may provide links to third-party websites. For example, we may provide a link to a third party who is providing online resources. These links are provided as a service to you. These websites are operated by independent entities that have their own privacy policies. Our Privacy Policy does not apply to such other websites or to the use that those entities make of your information. We have no control over the content displayed on such websites, nor over the measures, if any, that are taken by such websites to protect the privacy of your information. 

 

Your Rights: 

1. Right to be informed 

You have the right to be informed as to the purpose of processing your personal data, the retention period for that personal data and with whom your personal data will be shared.  This Privacy Policy contains additional information so that you can make an informed decision regarding what permissions, if any, you would like to grant us in connection with your personal data. 

2. Right of access

You have the right to obtain from us confirmation as to whether or not personal data concerning you is processed, and, where that is the case, to request access to the personal data. The accessed information right includes, among others, the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipient to whom the personal data have been or will be disclosed.  You may have the right to obtain one copy of the personal data undergoing processing. If you request additional copies, we may charge you a reasonable fee based on administrative costs.  

3. Right to rectification 

You have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement. 

 4. Right to deletion or erasure (right to be forgotten) 

Under certain circumstances, you have the right to obtain from us the erasure of personal data concerning you.  

5. Right to restriction of processing 

Under certain circumstances, you have the right to obtain from us restriction of processing your personal data. In this case, the relevant data will be marked and may be processed by us only for certain purposes. 

 6. Right to data portability 

Under certain circumstances, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit those data to another entity without hindrance from us. 

 7. Right to object and rights relating to automated decision-making 

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, including profiling, by us and we can be required to cease processing your personal data. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. Exercising this right will not incur any costs. Such right to object may not exist, in particular, if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded. 

Furthermore, under certain circumstances, in case of automated individual decision-making, you have the right to obtain human intervention, to express your point of view and to contest the decision. 

If your data processing is based on consent, you have the right to withdraw your consent at any time, without impacting the lawfulness of the processing based on consent before its withdrawal. Moreover, if your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In this case your personal data will no longer be processed for such purposes by us. 

8. Right to Complaint and Legal Remedies  

If you believe we have violated the General Data Protection Regulation, you also have the right to lodge a complaint with the competent data protection supervisory authority. You may also turn to courts if your data protection rights have been infringed. 

 

Modifications to this Policy 

From time to time, we may need to update or modify this Privacy Policy, including to address new issues or to reflect changes. To the extent required by law, we will notify you of material changes to this Privacy Policy, including by sharing the most recent version of the Privacy Policy and information about the changes from the previous version via e-mail. 

 

How to Contact Us 

If you have any questions related to data processing under this Notice, please contact the American Jewish Joint Distribution Committee Europe, Asia and Africa Foundation, H-1053 Budapest, Ferenciek tere 7-8. II. lph. I/5.; e-mail: info@jdc.org. 

 

How to File a Complaint 

If you have any complaints about this Notice or our data processing, you may contact the governmental body associated with your country of residence. Alternatively, you can contact: 

Hungarian National Authority for Data Protection and Freedom of Information 

Falk Miksa utca 9-11 

H-1055 Budapest 

Tel. +36 1 3911 400 

Email: privacy@naih.hu 

Website: http://www.naih.hu/ 

Footnotes:

1: The legal basis for this is Article 6 (1) (b) of the GDPR.

2: The legal basis for this is Article 6 (1) (c) of the GDPR. 

3: The legal basis for this is Article 6 (1) (f) of the GDPR. 

4: The legal basis for this is Article 6 (1) (a) of the GDPR.