The Foundation has updated its policies regarding the recording and use of personal information for individuals residing in the United Kingdom and the European Union, in compliance with the General Data Protection Regulation 2016/679 (“GDPR”).
If our processing of your information is subject to the GDPR, you have the right to certain information and other rights under the GDPR. The information and rights are as follows:
We will process your personal data in order to provide the Services and in furtherance of the mission of the Foundation. The lawful bases for processing your data may include:
- When you have given consent.
- When processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
- When processing is necessary to protect our legitimate interests or that of a third party, except where such interests are overridden by your interests or fundamental rights.
We may rely on more than one of the lawful bases for processing your information described above. If our processing is based on your consent, you have the right to withdraw the consent at any time. Subject to your right to erase personal data, we will store your information for as long as necessary for us to provide the Services.
You have the right to be informed about your personal data and how it is being processed, to access, correct and erase personal data, to restrict further processing, to obtain and reuse your data for your own purposes across different services and to object to processing. You also have the right to lodge a complaint with the relevant EU supervisory authority.
If we transfer your information to a recipient in a country outside the European Economic Area (“EEA”), we will ensure that at least one of the following shall apply:
- the transfers will be to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
- we have used specific model contracts approved by the European Commission which are intended to give personal data the same protection it has in Europe;
- where we use providers based in the US, we may transfer information to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US; or
- any alternative transfer mechanism that can under GDPR lawfully support the transfer. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.