Human Rights Watch Privacy Statement
This website together with any non-English language versions (the Human Rights Watch websites) are provided by Human Rights Watch, Inc. (“Human Rights Watch” or “HRW”) and hosted in the United States. Human Rights Watch is a non-profit, non-governmental organization that investigates and exposes abuses around the world and advocates for the protection of human rights and human dignity around the globe. We are committed to protecting your right to privacy.
What is this Privacy Statement? This Privacy Statement sets out our information processing practices in relation to you and your personal data. These principles apply when we collect personal data from you through any channel. It explains Human Rights Watch’s information processing practices and applies to any personal information you provide to Human Rights Watch and any personal information we collect from other sources. This Privacy Statement is a description of our practices and of your rights regarding your personal information, but it is not a contract and it does not create any new rights or obligations beyond what the law already provides. This Privacy Statement does not apply to your use of a third-party site linked to on this website. Please refer to the privacy statement of that third-party site to understand how they handle your personal information.
Who is responsible for your information? Throughout this Statement, “Human Rights Watch” or “HRW” refers to Human Rights Watch, Inc., and its various parts around the world, including its affiliated charities, branch offices and other registered entities (also referred to as “we”, “us”, or “our”). The Human Rights Watch entity responsible for your personal information (and the controller for the purposes of data protection laws) will be the member of Human Rights Watch that originally collects information from or about you. This may also be explained in separate privacy notices made available when your personal information is first collected by that Human Rights Watch entity.
When and how do we collect your information? Human Rights Watch collects personal information in the following ways: • Website and Application Use: We collect information about how visitors use our websites and applications. This may include the log data from your visit to our website; analytics data about your usage patterns and the performance of our website; and technical information about your browsers and device configuration. • Donations: If you donate to HRW, we collect the data required to process your donation with our payment processor(s). • Volunteer Participation and Employment: If you seek employment with HRW or volunteer for HRW, we will collect information related to your role. For instance, we will collect employment history information if you submit a resume to HRW. You may provide this information directly (through an online recruitment portal, careers site or via correspondence), or it may be provided via an agency. • Events: When you register for and attend a Human Rights Watch event, we will collect personal information in order to keep you informed about the event, track attendance, and provide appropriate accommodations. • Engagement with Campaigns: We keep a record of your engagement with our campaigns. If you engage with our campaigns, e.g., sign an online petition, we will keep a record of these interactions. • Inquiries: When you submit an inquiry, query, or complaint, we will collect the Personal Information you provide in order to assist you and follow up with you in the future. • Subscriptions: When you subscribe to one of our online services, such as newsletters, we collect the data needed to send you news and information related to your interests. • Other Sources: We use third-party advertising networks, analytics providers, hosting providers and search information providers from whom we may also receive general aggregated, anonymous information about you. HRW may also receive your personal information through referrals from others who believe you would like to support our cause. We may also combine data about you with data that is available from other sources including publicly available sources.
applicable local law. Please see the section on Your Choices Regarding Your Information below if you do not wish to have your information shared in this way; Sharing the information that you provided us with third-party service providers who help us to provide our services and operate. Whenever possible or required by law, such sharing of information will be subject to an agreement with each such service provider, requiring such service provider to comply with data protection requirements. We use service providers, which may change from time to time, to undertake some of the following activities: • process donations; • operate our websites and other IT systems; • administer our e-mail lists; • offer publications or other products for sale on our site, for which in some cases you may automatically be directed away from our website to our third-party service providers; and • complying with applicable laws and regulations. Conducting data analytics Other uses: • Provide you with information and services; • Conduct data analysis so we can understand better how to inform the public; • Perform monitoring and training; • Develop new services; and • Conduct data processing where needed to fulfil a contract, such as when you purchase tickets to one of our events. If we wish to use your personal information for a purpose which is not compatible with the purpose for which it was collected for, we will request your consent. In all cases, we balance our legal use of your personal information with your interests, rights, and freedoms in accordance with applicable laws and regulations to make sure that your personal information is not subject to unnecessary risk.
Legal basis All processing (i.e., use) of your personal information is justified by a “lawful basis” for processing. In the majority of cases, processing will be justified on the basis that: • the processing is in our legitimate interests, subject to your interests and fundamental rights. • the processing is necessary for the performance of a contract to which you are a party, or to take steps (at your request) to enter into a contract; • the processing is necessary for us to comply with a relevant legal obligation (e.g., where we are required to make disclosures to courts or regulators); • the processing is necessary for the performance of a task carried out in the public interest (e.g., the tracking of human rights violations); In limited circumstances, we will use your consent as the basis for processing your personal information, for example, where we are required by law to obtain your prior consent in order to send you marketing communications. Before collecting and/or using any special categories of data, or criminal record data, we will establish a lawful exemption which will allow us to use that information. This exemption will typically be: • your explicit consent; • the establishment, exercise or defense by us or third parties of legal claims; or • a context specific exemption provided for under local laws of EU Member States and other countries implementing the GDPR or another relevant law. Do we collect information from children? Our website is not intended for children under 13 years of age. We do not knowingly collect personal information from an individual under age 13. If you are under the age of 13, please do not submit any personal information through the website. If you have reason to believe that we may have accidentally received personal information from an individual under age 13, please contact us immediately at firstname.lastname@example.org.
own purposes, such as marketing). These service providers are restricted from using or disclosing the information except as necessary to perform services on our behalf or to comply with legal requirements. These activities could include any of the processing activities that we carry out as described in the above section, ‘How we use your personal information.’ Examples include: • IT service providers who manage our IT and back office systems and telecommunications networks; • marketing automation providers; • contact center providers. For a detailed list of Third-Party Service Providers and Business Partners that we may use to process personal data, please see our Third-Party Service Provider list. Legal Requirements and Business Transfers We may disclose personal information (i) if we are required to do so by law, legal process, statute, rule, regulation, or professional standard, or to respond to a subpoena, search warrant, or other legal request; (ii) in response to law enforcement authority or other government official requests; (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss; (iv) in connection with an investigation of suspected or actual illegal activity; or (v) in the event that Human Rights Watch is dissolved or otherwise reorganized. Disclosure may also be required for audits or to investigate a complaint or security threat. Do we transfer your personal information across national borders? We are a global organization and may transfer certain personal information across geographical borders to Human Rights Watch entities, authorized service providers or business partners in other countries working on our behalf in accordance with applicable law. Our affiliates and third parties may be based locally or they may be in other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we do, we use a variety of legal mechanisms to help ensure your rights and protections travel with your data:
• we ensure transfers within Human Rights Watch are covered by agreements based on the EU Commission’s standard contractual clauses, which contractually oblige each member to ensure that personal information receives an adequate and consistent level of protection wherever it resides within Human Rights Watch; • where we transfer your personal information outside Human Rights Watch or to third parties who help provide our services, we obtain contractual commitments from them to protect your personal information. Some of these assurances are well recognized certification schemes like the EU - US Privacy Shield for the protection of personal information transferred from within the EU to the United States, or the standard contractual clauses; or • where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information is disclosed. Examples of countries we transfer personal information to include, but are not limited to, the United States, the United Kingdom and India. If you would like further information about whether your information will be disclosed to overseas recipients, please contact us as noted below. You also have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments, which may be redacted for reasons of commercial confidentiality) to ensure the adequate protection of your personal information when this is transferred as mentioned above. Do we have security measures in place to protect your information? The security of your personal information is important to us and Human Rights Watch has implemented reasonable physical, technical and administrative security standards to protect personal information from loss, misuse, alteration or destruction. We protect your personal information against unauthorized access, use or disclosure, using security technologies and procedures, such as encryption and limited access. Only authorized individuals access your personal information, and they receive training about the importance of protecting personal information. While we take reasonable measures to protect the information you submit via the website against loss, theft, and unauthorized use, disclosure, or modification, we cannot guarantee its absolute security. No internet, email, or mobile application transmission is ever fully secure or error free. Email or other messages sent through the website may not be secure. You should use caution
whenever submitting information through email or the website and take special care in deciding which information you provide us. Our service providers and agents are contractually bound to maintain the confidentiality of personal information and may not use the information for any unauthorized purpose. We cannot guarantee that transmissions of your personal information will be fully secure and that third parties will never be able to defeat our security measures or the security measures of our partners. WE ASSUME NO LIABILITY FOR DISCLOSURE OF YOUR INFORMATION DUE TO TRANSMISSION ERRORS, THIRD PARTY ACCESS, OR CAUSES BEYOND OUR CONTROL. Your Choices Regarding Your Information We offer certain choices about how we communicate with you and what personal information we obtain about you and share with others. When you provide us with personal details, if we intend to use those details for marketing purposes, we will provide you with the option of whether you wish to receive promotional e- mail, SMS messages, telephone calls and postal mail from us. At any time, you may opt out from receiving interest-based advertising or marketing from us by contacting us. You may also choose not to receive marketing communications from us by clicking on the unsubscribe link or other instructions in our marketing e-mails or contacting us as noted below. You may update, correct, or change your information by contacting us at email@example.com or by following the instructions below in this Privacy Statement. How can you update your communication preferences? We take reasonable steps to provide you with communication about your information. You can update your communication preferences in the following ways. Newsletters If you request electronic communications, such as an e-newsletter, you will be able to unsubscribe at any time by following the instructions included in the communication.
Mobile Devices If you previously chose to receive push notifications on your mobile device from us but no longer wish to receive them, you can manage your preferences either through your device or the application settings. If you no longer wish to have any information collected by the mobile application, you may uninstall the application by using the uninstall process available on your mobile device. E-mail Contact us by e-mail or postal address as noted below. Please include your current contact information, the information you are interested in accessing and your requested changes. If we do not provide you with access, we will provide you with the reason for refusal and inform you of any exceptions relied upon. You may have certain other rights in relation to your personal information, depending on your place of nationality, residence, and the processing activity involved. These are described below. You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly or inform you if we require further information in order to fulfill your request. If you make a request, we may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested by you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way. EU Data Subject Rights If you are an EU Data Subject, you have the following rights of this EU Data Subject Rights section. To exercise these rights, please email us at firstname.lastname@example.org a description of your request. Right to Access
You have right to access personal information that Human Rights Watch holds about you. Right to Rectification You have a right to request us to correct your personal information where it is inaccurate or out of date. Right to be Forgotten (Right to Erasure) You have the right, under certain circumstances, to have your personal information erased. Your information can only be erased if your data is no longer necessary for the purpose for which it was collected, and we have no other legal ground for processing the data. Right to Object to Processing You have the right to object to the processing of your personal information at any time, on legitimate grounds, except if otherwise permitted by applicable law, or to lodge a complaint with a supervisory authority. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. Right to Restrict Processing You have the right to restrict the processing of your personal information, but only where: • its accuracy is contested, to allow us to verify its accuracy; or • the processing is unlawful, but you do not want it erased; or • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or • you have objected to processing of your data, and verification of overriding grounds is pending. Right to Data Portability You have the right to data portability, which requires us to provide personal information to you or another controller in a commonly used, machine readable format, but only where the processing of that information is based on (i) your consent; or (ii) the performance of a contract to which you are a party. Right to Decline Automated Decision Making
You have the right to not be subject to decisions based solely on automated decision making, which produce legal or significant effects for you, except where these are (i) necessary for a contract to which you are a party; (ii) authorized by law; (iii) based on your explicit consent. Even where such decisions are permitted, you can contest the decision and require Human Rights Watch to exercise human intervention. We currently do not use automated decision making (including automated decision making using profiling) when processing your personal information. If we ever use an automated decision making solution, you have a right to request that a decision based off your personal information cannot be solely decided via an automated process. International Transfers As noted above, you can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union. Your California Privacy Rights Section 1798.83 of the California Civil Code permits California residents to request from a business, with whom the California resident has an established business relationship, certain information about the types of personal information the business has shared with third parties for those third parties’ direct marketing purposes and the names and addresses of the third parties with whom the business has shared such information during the immediately preceding calendar year. You may make one request each year by emailing us at email@example.com or by writing us at Human Rights Watch 11500 W. Olympic Blvd., Suite 608 Los Angeles, CA 90064 USA. Information Collected From Other Websites and Mobile Applications and Do Not Track Policy Your browser or device may offer you a “Do Not Track” option, which allows you to signal to operators of websites, web applications, mobile applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and/or across different websites or applications. Our website does not support Do Not Track requests at this time, which means that we or our analytics providers or other third parties with which we are working may collect information about your online activity both during and after your use of the website.
Contact Us If you have any questions, would like further information about our privacy and information handling practices, would like to discuss opt-outs or withdrawing consent, or would like to make a complaint about a breach of the Act or this Statement, please contact us at this address: firstname.lastname@example.org. Alternatively, you have the right to contact your local Data Protection Authority. If you have any questions relating to this Statement, you can contact us using the following means: By email at email@example.com or by mail sent to 350 Fifth Avenue, 34th Floor, New York, New York 10118 United States, Attention: Operations Changes to this Statement We may update this Statement from time to time. When we do, we will post the current version on this site, and we will revise the version date located at the bottom of this page. We encourage you to periodically review this Statement so that you will be aware of our privacy practices.
** This Statement was last updated on May 25, 2018. **