Yesod Europe Notice and Policy for the Collection and Use of Personal Information
The Policy is effective as of 25 May 2018. The policy was last modified on 16 July 2018.
What is Personal Data?
Personal data means data (whether stored electronically or paper based) relating to a living individual who can be identified directly or indirectly from that data (or from that data and other information in our possession).
Processing is any activity that involves use of personal data. It includes obtaining, recording or holding the data, organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.
Sensitive personal data includes personal data about a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric, physical or mental health condition, sexual orientation or sexual life. It can also include data about criminal offences or convictions. Sensitive personal data can only be processed under strict conditions, including with the consent of the individual.
Data Protection Principles
In processing personal data, Yesod Europe will take all reasonable measures to ensure that data is:
- Processed fairly, lawfully and in a transparent manner.
- Collected for specified, explicit and legitimate purposes and any further processing is completed for a compatible purpose.
- Adequate, relevant and limited to what is necessary for the intended purposes.
- Accurate, and where necessary, kept up to date.
- Kept in a form which permits identification for no longer than necessary for the intended purposes.
- Processed in line with the individual’s rights and in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
- Not transferred to people or organizations situated in countries without adequate protection and without firstly having advised the individual.
Collection and Processing for Limited Purposes
In the course of Yesod Europe’s operations, we may collect and process the personal data as set out in this Notice. This may include data we receive actively and passively.
Active Collection of Personally Identifiable Information
Yesod Europe collects information directly from you through, for example, online application and registration forms, when subscribing to our mailing list as well as offline, through event registration forms, or meetings. Information is collected and maintained from participants in Yesod Europe programs, application forms, current and past website users, survey respondents, and others. To the extent that information requested is not required for your participation in a given Yesod Europe program/opportunity, you will be told which information is optional.
We may process the following of your personal data collected from you during your application, registration and participation in Yesod Europe programs and in the course of your interactions with us:
- Basic personal information, including your name, birth city and country, date of birth, previous first and last names, address, ID numbers, e-mail, and phone number.
- Demographic information, including gender, education, profession, occupation, and marital status.
- Data concerning health, including information regarding your medical history and any current medical conditions.
- Religious affiliation data, including your participation in movements, events, organizations relative to the Jewish culture.
- Photographs, video recordings and audio recordings of your voice, image, simulated likeness, and of other personal characteristics.
Passive Online Data Collection
Use, Sharing and Retention of Personally Identifiable Information
Yesod Europe uses personally identifiable information gathered and stored on the Yesod Europe database for the purposes described at the time of collection, including for the purpose of receiving information about general Yesod Europe initiatives and specific initiatives that we think will be of interest to you; and for Yesod Europe to evaluate the reach and impact of its initiatives. We may also use your personally identifiable information to tailor your experience at our sites, to compile and display content and information that we think you might be interested in, and to provide you with content according to such preferences.
Legal Bases for Data Processing
The GDPR is not intended to prevent the processing of personal data, but to ensure that it is done fairly and without adversely affecting the rights of the individual. In accordance with the GDPR, Yesod Europe will only process personal data where it is required for a lawful purpose.
The legal grounds we are most likely to rely on for processing data in relation to you are outlined below:
- Contract: we rely on this legal basis if our data processing is necessary for performance of a contract with you or to take steps at your request to enter into a contract. This covers carrying out our contractual duties and exercising our contractual rights, including the registration and participation in Yesod Europe programs and activities or complying with grant requirements if you apply for a grant. If you do not provide the necessary information, your participation in the relevant programs might be delayed or be impossible.
- Legal obligation: we process data if necessary to comply with our legal and regulatory obligations, such as, for example, to comply with tax reporting and accounting data retention obligations.
- Legitimate Interests: we rely on legitimate interest if processing is necessary for our or a third party’s legitimate purposes. We, or a third party, have legitimate interests in carrying on, managing and administering our respective operations effectively and properly, and, in connection with those interests, processing your data. Your data will not be processed on this basis if our or a third party’s interests are overridden by your own interests, rights and freedoms.
- Consent: We may process data if and to the extent you have given specific consent to the processing of your data. We ask for your consent in order to send newsletters and similar communications to you; or we ask for your consent so that we may use and publish your photo, image video and audio recordings for general promotional and fundraising purposes of Yesod Europe. The provision of personal data is voluntary. If we have relied on consent as grounds for processing, you may withdraw your consent at any time – though, if you do so, that will not affect the lawfulness of our actions prior to you withdrawal of consent.
We will only process sensitive personal data about you if one or more of the grounds for processing sensitive personal data applies. Yesod Europe’s activities serve ideological purposes; therefore, we may process information about your religious affiliation, such as your participation in movements, events, or organizations relative to the Jewish culture, to the extent data processing relates to persons who have regular contact with us. The additional legal grounds we are most likely to rely on for processing sensitive personal data in relation to you are outlined below:
- Consent: You have given specific consent to the processing of your religious affiliation data and personal data concerning health. If we have relied on consent as grounds for processing, you may withdraw consent at any time – though, if you do so, that will not affect the lawfulness of our actions prior to your withdrawal of consent.
- Legal claims: Processing is necessary for the purpose of establishing, making or defending legal claims. Those could be legal claims made by ourselves or you or by others, including claims relating to grants.
Recipients of Personal Data
We may transfer your personal data to the below third parties for the following reasons:
- Within the JDC Group: personal data may be transferred within a select group of JDC entities and affiliates. The list of such entities and affiliates can be found at http://www.jdc.org/about/privacy-policy/jdc-entities/. In each case, the transfer is for purposes of carrying on, managing and administering our respective operations effectively and properly; to administer Yesod Europe programs, communicate with donors, monitor and ensure compliance with applicable internal procedures (e.g., corporate financial responsibilities), and to respond to and comply with any grant requirements and legal demands. In addition, in the event that our foundation is closed and a new JDC entity is established or if our operations and/or employees are transferred in whole or in part to a new JDC entity that provides services to you, your personal information may be transferred to the new JDC entity prior to the transaction or after the transaction, subject to any rights provided by applicable law, including under the laws of the jurisdiction in which the other entity is located.
- Donors and/or partnering agencies, including Yesod Europe founding partners and funders for use in connection with their activities. In addition to JDC, these are Rothschild Foundation Hanadiv Europe and the Charles and Lynn Schusterman Family Philanthropies.
- With certain third parties: Personal data may be shared with vendors or third-parties who deliver or provide goods and services or otherwise act on behalf of or at the direction of Yesod Europe, which third parties include, for example, training providers and partners, product-fulfillment companies, third-party event hosts, other third parties who may provide services on web sites that are accessible from links on one of our Sites, banks or credit card companies processing payment; and independent external advisors (g, auditors, lawyers). If you are an event attendee, speaker, or sponsor, certain of your information will be included in the event Program, which can be publicly disclosed, and may also be shared with third-party event sponsors and exhibitors; Yesod Europe may also share personally identifiable information with third parties for legitimate business purposes, including for the following reasons or in the following circumstances: To investigate potentially fraudulent or questionable activities; In anticipation of and in the course of an actual or potential sale, reorganization, consolidation, merger, or amalgamation of all or part of our business or operations; and When we believe it is necessary to cooperate with law enforcement or in response to a government request, including if specifically requested or required, as otherwise permitted by law, and for other valid Yesod Europe business purposes.
Duration of Data Processing
Your personal data will not be kept in a form that allows you to be identified for any longer than is reasonably considered necessary by us for achieving the purposes for which it was collected or processed or as required by applicable laws related to data retention periods. We will retain your data during our relationship with you and thereafter, for varying periods of time, depending on the reason for which we are required to retain the particular data. There are several reasons for which we must retain your data, including: relevant statute of limitations under civil laws; the statutory data retention obligation applicable to personal data in contracts, communication and business correspondence which constitute accounting documents. The personal data will be removed from our records or properly anonymized when it is no longer needed.
Yesod Europe uses reasonable measures to safeguard sensitive personally identifiable information, which measures are appropriate to the type of information maintained, and follows applicable laws regarding safeguarding any such information under our control. In addition, on our website, Yesod Europe uses Secure Socket Layer (“SSL”) to enhance data privacy and help prevent loss, misuse, or alteration of the information under Yesod Europe control.
Yesod Europe cannot guarantee, however, that your information will remain secure. The Internet by its nature is a public forum, and Yesod Europe encourages you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online.
Yesod Europe office is located in the United Kingdom If you are providing personally identifiable information and are not a resident of the United Kingdom, your country’s laws governing data collection and use may differ from those in the United Kingdom, in particular, the United Kingdom may not provide the same level of protections as those in your own country. By providing information to Yesod Europe, you are transferring your personal data to the United Kingdom, and you consent to the transfer to, retention of and processing of your data in the United Kingdom.
International Transfer of Data
We may transfer any personal data we hold to a country outside the European Economic Area (‘EEA’) or to an international organization, provided that one of the following conditions applies:
- The country to which the personal data are transferred ensures an adequate level of protection for the data subjects’ rights and freedoms.
- The data subject has given consent.
- The transfer is necessary for one of the reasons set out in the Act, including the performance of a contract between us and the data subject, or to protect the vital interests of the data subject.
- The transfer is legally required on important public interest grounds or for the establishment, exercise or defense of legal claims.
- The transfer is authorized by the relevant data protection authority where we have adduced adequate safeguards with respect to the protection of the data subjects’ privacy, their fundamental rights and freedoms, and the exercise of their rights.
Subject to the requirements above, personal data we hold may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Those staff may be engaged in, among other things, the fulfilment of contracts with the data subject, the processing of payment details and the provision of support services.
Links to Third-Party Sites
- Right of access
You have the right to obtain from us confirmation as to whether or not personal data concerning you is processed, and, where that is the case, to request access to the personal data. The accessed information right includes, among others, the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipient to whom the personal data have been or will be disclosed. You may have the right to obtain one copy of the personal data undergoing processing. If you request additional copies, we may charge you a reasonable fee based on administrative costs.
- Right to rectification
You have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to deletion or erasure (right to be forgotten)
Under certain circumstances, you have the right to obtain from us the erasure of personal data concerning you and we may be obliged to erase such personal data.
- Right to restriction of processing
Under certain circumstances, you have the right to obtain from us restriction of processing your personal data. In this case, the relevant data will be marked and may be processed by us only for certain purposes.
- Right to data portability
Under certain circumstances, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit those data to another entity without hindrance from us.
- Right to object and rights relating to automated decision-making
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, including profiling, by us and we can be required to cease processing your personal data. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. Exercising this right will not incur any costs. Such right to object may not exist, in particular, if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
Furthermore, under certain circumstances, in case of automated individual decision-making, you have the right to obtain human intervention, to express your point of view and to contest the decision.
If your data processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on consent before its withdrawal. Moreover, if your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In this case your, personal data will no longer be processed for such purposes by us.
Right to Complaint and Legal Remedies
If you believe we have violated the General Data Protection Regulation, you also have the right to lodge a complaint with the competent data protection supervisory authority. You may also turn to courts if your data protection rights have been infringed.
Modifications to this Policy
American Jewish Joint Distribution Committee Europe, Asia and Africa Foundation (“AJJDC EAA”) (registered seat: H-1053 Budapest, Ferenciek tere 7-8. II. lph. I/5.; tax number: 18908226-2-41; e-mail: email@example.com. You may contact our Data Protection Officer at firstname.lastname@example.org.
How to Contact Yesod Europe and Modify Your Information or Preferences
To help us keep your personal information up to date, or to request access to the personal information Yesod Europe maintains about you, you may contact us by email: email@example.com
To remove yourself from our database please contact firstname.lastname@example.org or use this link
 The legal basis for this is Article 6 (1) (b) of the GDPR.
 The legal basis for this is Article 6 (1) (c) of the GDPR.
 The legal basis for this is Article 6 (1) (f) of the GDPR.
 The legal basis for this is Article 6 (1) (a) of the GDPR.