Brand Action Privacy Policy
Effective Date: November 22, 2023
Last modified: November 22, 2023
Introduction
Brand Action a NJ Non-Profit Corporation, 551 Summit Ave, Maplewood, NJ 07040, United States, 501(c)3 nonprofit organization | EIN: 93-3091661 ("Company", "We", "organization" or “controller” in terms of the GDPR) respects your privacy and is committed to protecting it through our compliance with this policy.
This policy describes the types of information we may collect from you or that you may provide when you visit the Website https://www.brandaction.org/ (our "Website") and our practices for collecting, using, maintaining, protecting, and disclosing that information.
This policy applies to information we collect on this Website.
It does not apply to information collected by:
● Us offline or through any other means, including on any other website operated by Company or any third party; or
● Any third party, including through any application or content (including advertising) that may link to or be accessible from or through the Website.
Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using this Website, you agree to this privacy policy. This policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.
Questions?
For questions regarding our Privacy Policy or practices, contact us by emailing donations@brandaction.org.
Information We Collect About You and How, Why and on what Legal Grounds We Collect It
Our Website collects information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device ("Personal Information"). Personal Information does not include:
● Publicly available information from government records.
● Deidentified or aggregated consumer information.
● Information excluded from the CCPA's scope, like:
● health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data;
● Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
In particular, our Website has collected the following categories of Personal Information from consumers within the last twelve (12) months:
|
PERSONAL
DATA / SITUATION |
LEGAL
GROUNDS |
TYPES
OF DATA & CATEGORIES OF DATA SUBJECTS |
DEADLINES
FOR DELETION OF PERSONAL DATA** |
PURPOSES
OF PERSONAL DATA PROCESSING AND TYPES
OF PROCESSING* |
|
Data associated with a donation |
Contract |
Data on the authorized person of the client
or representative who had concluded/negotiated for the conclusion of a
donation with our organization (such as his email address, first name, last
name) as well as the relevant business data (company name, pricing package,
special usage requirements). |
Another 10 years after the donation (or in a limited scope even
longer, if, for example, processing is necessary because there is a dispute
between the individual and our organization, etc.). Please note that this data shall not be deleted if our organization
is obliged to keep such data under applicable law. |
For the purposes of concluding /
negotiating the conclusion of the donation the data shall be stored on our
servers and in our CRM systems, viewed, shared inside and outside of our
organization, structured and processed in other
relevant ways for achieving these purposes. |
|
Information on
the individual communicating with our organization via the email addresses
and other communication channels that are available on the website |
Negotiation for the conclusion of a
contract. |
Personal data of an individual who
voluntarily communicates with the company (e.g. enquires about our causes via
a published email address, online contract form, etc.), whereby such situations justifie the limited storage or processing of such
individual's data for the purpose of preparing the company's response or for
further communication. |
Until the purposes for which the personal
data had been collected for the processing of the individual personal data
have expired (e.g. until the cessation of
communications) or until 5 years have elapsed since the moment of last
communication with the individual. |
In the context of negotiations (i.e. formulating responses and further communication) the
company may process the data in ways that are logically related to the
negotiations taking place or the preparation of responses (e.g. storage in an
email system for the purposes of responding and any further communication,
storage of the data in the company's archives, etc.). |
|
Details of
individuals who have opted in to receiving the company's newsletters and
other commercial communication |
Consent. |
Personal data of an individual who has
consented to the company sending him commercial information and other useful
information about its products and services to his or her e-mail address from
time to time. |
To unsubscribe from receiving electronic
communications, an individual may follow the unsubscribe link contained in
each email. In any case, the individual may also
request the deletion of his data by sending his/her request to the company's
official e-mail address: donations@brandaction.org. |
On the basis of consent, which had
explicitly been obtained from the individual, the company may process (i.e. store and use in connection with the email system)
the data solely for the purpose of providing commercial information and other
useful information about its products and services. |
|
Details of
individuals applying for a
open volunteering position with our organization |
Negotiation for the conclusion of a
contract. |
Name and surname of the candidate, the
candidate's email address, his Curriculum vitae or linkedin
account,, previous work experience or other
information relevant to the selection procedure and indicated as such when
the vacancy is posted or advertised, as well as any personal data contained
in email correspondence with such individual |
Until the end of the recruitment process, unless the company has obtained the individual's
explicit consent for longer data retention. |
On the basis of the negotiation of an
employment contract, the company may process (i.e. collect, store for the
duration of the selection process, review, structure) and otherwise
reasonably use the data solely for the purposes of the recruitment process
(e.g. evaluating the references of the individual and communicating with
him/her about the progress of the recruitment process, using the data to view
other publicly available information about the individual, etc.). |
Use of Personal Information
We will only use your Personal Information in a manner that is appropriate considering the basis on which that data was collected, as set out in the table above. We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Information We Collect Through Automatic Data Collection Technologies
As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
● Details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website.
● Information about your computer and internet connection, including your IP address, operating system, and browser type.
We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). Click here https://www.brandaction.org/cookies[1] for information on how you can opt out of behavioral tracking on this Website and how we respond to web browser signals and other mechanisms that enable consumers to exercise choice about behavioral tracking.
Our Website does not currently respond to browser “Do Not Track” requests as our website does not currently perform tracking (see our cookie policy on the link above to learn more).
The information we collect automatically may not include Personal Information, but we may maintain it or associate it with Personal Information we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:
● Estimate our audience size and usage patterns.
● Store information about your preferences, allowing us to customize our Website according to your individual interests.
● Speed up your searches.
● Recognize you when you return to our Website.
The technologies we use for this automatic data collection includes the data that cookie providers collect on our site as listed on: https://www.brandaction.org/cookies[2] .
We do not collect Personal Information automatically, but we may tie this information to Personal Information about you that we collect from other sources or you provide to us. Our Website does not] collect personally identifiable information about your online activities overtime and across different websites.
Sharing Personal Information
We will share Personal Information with third parties in limited circumstances including where:
● you have provided your explicit consent for us to pass data to a named third party;
● we are using a third party purely for the purposes of processing data on our behalf and we have in place a data processing agreement with that third party that fulfils our legal obligations in relation to the use of third party data processors; or
● we are required by law to share your data.
We may share your Personal Information by disclosing it to a third party for a business purpose. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the Personal Information confidential, and prohibit using the disclosed information for any purpose except performing the contract.
Third-Party Use of Cookies and Other Tracking Technologies
Some content or applications, including advertisements, on the Website are served by third-parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Website. The information they collect may be associated with your Personal Information or they may collect information, including Personal Information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.
We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see our full cookie policy here: https://www.brandaction.org/cookies[3] .
How We Use Your Information
We use information that we collect about you or that you provide to us, including any Personal Information:
● To present our Website and its contents to you.
● To provide you with information, products, or services that you request from us.
● To fulfill any other purpose for which you provide it.
● To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
● To allow you to participate in interactive features on our Website.
● In any other way we may describe when you provide the information.
● For any other purpose with your consent.
Disclosure of Your Information
We may disclose Personal Information that we collect or you provide as described in this privacy policy:
● To our subsidiaries and affiliates.
● To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which we disclose it to them (e.g. during collaboration with other humanitarian organizations or entities behind causes we promote).
● To carry out ur work by engaging volunteers.
● To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Brand Action’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by Brand Action about our Website users is among the assets transferred.
● To third parties to market their products or services to you if you have consented to disclosures. We contractually require these third parties to keep Personal Information confidential and use it only for the purposes for which we disclose it to them. For more information, see Choices About How We Use and Disclose Your Information.
● To fulfill the purpose for which you provide it.
● For any other purpose disclosed by us when you provide the information.
● With your consent.
We may also disclose your Personal Information:
● To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
● To enforce or apply our terms of use (https://www.brandaction.org/terms/) and other agreements, including for billing and collection purposes.
● If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Brand Action, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
How Long We Keep Your Data
We take the principles of data minimization and removal seriously and have internal policies in place to ensure that we only ever ask for the minimum amount of data for the associated purpose and delete that data promptly once it is no longer required. Where data is collected on the basis of consent, we will seek renewal of consent at least every three years.
Timescales for each type of data that we collect are disclosed in the table from section “Information We Collect About You and How, Why and on what Legal Grounds We Collect It”.
Accessing and Correcting Your Information
You can review and change your Personal Information by logging into the Website and visiting your account profile page.
You may also send us an email at donations@brandaction.org to request access to, correct or delete any Personal Information that you have provided to us. We cannot delete your Personal Information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
Residents of certain states may have additional Personal Information rights and choices. Please see Your State Privacy Rights for more information.
Rights For Residents of the European Union (i.e. rights under the GDPR)
Residents of the European Union have a range of rights over their data, which include the following:
relation to this personal data processing notice or the processing of yo
● Right to be Informed: Individuals have the right to be informed about the collection and use of their personal data.
● Right of Access: Individuals have the right to access their personal data and obtain information about how it is being processed, as well as a copy of the data itself.
● Right to Erasure (Right to be Forgotten): Individuals have the right to request the deletion of their personal data in specific circumstances.
● Right to Withdraw Consent: If personal data processing is based on consent, individuals have the right to withdraw their consent at any time and without any detriment.
● Right to Rectification: Individuals have the right to request the correction of inaccurate or incomplete personal data. If the data has been shared with third parties, our organizations must inform those parties of the rectification, if possible.
● Right to Restrict Processing: Individuals have the right to request the restriction of processing of their personal data. This right applies in certain cases, such as when the accuracy of the data is contested or the individual has objected to the processing.
● Right to Data Portability: Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format in certain cases. They can also request that their data be transmitted to another controller if the processing is based on consent or a contract and where the processing is carried out by automated means.
● Right to Object: Individuals have the right to object to the processing of their personal data based on legitimate interests or public interest/exercise of official authority. Our organization must cease such processing unless it can demonstrate compelling legitimate grounds that override the individual's interests, rights, and freedoms.
● Rights in Relation to Automated Decision Making and Profiling: Individuals have the right not to be subject to solely automated decisions, including profiling, which significantly affects them. They have the right to obtain human intervention, express their point of view and challenge the decision.
● Right to lodge a complaint with a supervisory authority: If you believe that the processing of personal data performed in connection with you by our organization violates personal data protection regulations, you may, without prejudice to any other (administrative or other) remedy, lodge a complaint with the a supervisory authority, in particular in the country where you have your habitual residence, your place of work or where the infringement is alleged to have taken place, whereby we do not have a EU representative named at this moment as we do not currently meet the requirements under the GDPR.
If you would like to access the rights listed above, or any other legal rights you have over your data under current legislation, please get in touch with us. Please note that relying on some of these rights, such as the right to deleting your data, will make it impossible for us to continue to deliver some services to you. However, where possible we will always try to allow the maximum access to your rights while continuing to deliver as many services to you as possible.
Residents of the European Union have a right to lodge a complaint with the applicable supervisory agency.
Your State Privacy Rights
Residents of certain states may have rights and choices regarding their Personal Information, such as California residents under the CCPA. This section describes those rights and how to exercise them.
Right to Know and Data Portability
You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months (the "right to know"). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will disclose to you:
● The categories of Personal Information we collected about you.
● The categories of sources for the Personal Information we collected about you.
● Our business or commercial purpose for collecting or selling that Personal Information.
● The categories of third parties with whom we share that Personal Information.
● If we disclosed your Personal Information for a business purpose, two separate lists disclosing:
● disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
● The specific pieces of Personal Information we collected about you (also called a data portability request).
Right to Delete
You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions (the "right to delete"). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
1. Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
3. Debug products to identify and repair errors that impair existing intended functionality.
4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
8. Comply with a legal obligation.
9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will delete or deidentify Personal Information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
Exercising Your Rights to Know or Delete
To exercise your rights to know or delete described above, please submit a request by either:
● Emailing us at donations@brandaction.org
● Visiting brandaction.org and following the provided contact form.
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your Personal Information. To designate an authorized agent, reach out to us at donations@brandaction.org.
You may also make a request to know or delete on behalf of your child by reach out to us at donations@brandaction.org.
You may only submit a request to know twice within a 12-month period. Your request to know or delete must:
● Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative, which may include certain verification requirements.
● Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.
You do not need to create an account with us to submit a request to know or delete. However, we do consider requests made through your password protected account sufficiently verified when the request relates to Personal Information associated with that specific account.
We will only use Personal Information provided in the request to verify the requestor's identity or authority to make it.
For instructions on exercising your sale opt-out or opt-in rights, see Personal Information Sales Opt-Out and Opt-In Rights.
Response Timing and Format
We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact us at donations@brandaction.org.
We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
● Deny you goods or services.
● Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
● Provide you a different level or quality of goods or services.
● Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Children Under the Age of 16
Our Website is not intended for children under 16 years of age. No one under age 16 may provide any information to or on the Website. We do not knowingly collect Personal Information from children under 16. If you are under 16, do not use or provide any information on this Website or through any of its features, register on the Website, make any purchases through the Website, use any of the interactive or public comment features of this Website, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received Personal Information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at donations@brandaction.org.
Residents of certain states under 16 years of age may have additional rights regarding the collection and sale of their Personal Information. Please see Your State Privacy Rights for more information.
Data Security
We have implemented measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to our Website. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
Changes to Our Privacy Policy
We reserve the right to amend this privacy policy at our discretion and at any time. When we make changes to this privacy policy, we will post the updated notice on the Website and update the notice's effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes..
Contact Information
If you have any questions or comments about this notice, the ways in which Brand Action collects and uses your information described in the Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Email: donations@brandaction.org
Postal Address: Brand Action a NJ Non-Profit Corporation, 551 Summit Ave, Maplewood, NJ 07040, United States