Disclosure Regarding Collection and Use of Personal Information
This information applies to all JDC sites. These include: JDC.org, JDC Archives, Entwine, Interface, and the Jewish Coalition for Disaster Relief.
Thank you for visiting the website (the “Website”) owned and operated by the American Jewish Joint Distribution Committee, Inc. (“JDC”). This notice explains our online information collection and use practices and the choices you can make about the way we use and share such information. It is important that you take the time to read and understand this policy so that you can appreciate how we use your personal information.
REMEMBER IF YOU REGISTER WITH THE WEBSITE OR OTHERWISE PROVIDE INFORMATION TO THE WEBSITE, YOU AGREE TO THESE TERMS. AS WE UPDATE AND EXPAND OUR SERVICES, THIS POLICY MIGHT CHANGE, SO PLEASE REVIEW IT FROM TIME TO TIME.
The Information We Collect.
While visiting the Website you can do a wide variety of things. The types of personally identifiable information (i.e. information that can directly identify you or indicate where you might be contacted) that may be collected at these pages include: name, address, age or age range, date of birth, gender, email address, telephone number, credit card information, and information about your interests in and use of various programs, services and products. You can view or change your information at any time. Send an email to email@example.com.
At certain places on the Website, in order to sign up for or purchase certain paid activities, you may be asked to provide your credit card or debit card number and other credit or debit card related information. If you do not wish to provide this information to JDC online, please do not make a purchase online through the Website. Please click this link to find other means of contacting JDC to make a purchase or for additional information. Currently, JDC transmits credit or debit card information to its transaction services provider and does not retain such information on its servers. Other data relating to user transactions through the Website is used by JDC (or a third party service provider for JDC) to provide the services, programs and/or products purchased by the user and retained by JDC.
We also may collect certain non-personally identifiable information (i.e. generic information that does not identify you personally) when you visit any of our web pages such as the type of browser you are using, the type of operating system you are using, and the domain name of your Internet service provider.
Social Networking Services
If you choose to access, visit and/or use any third party social networking service(s) (“SNSs”) that may be integrated with the Website, we may receive personally identifiable information and other information about you and your computer, mobile or other device that you have made available to those services, including information about your contacts on those services. For example, some social networking services allow you to push content from the Website to your contacts or to pull information about your contacts so you can connect with them on or through the Website. Some social networking services also will facilitate your registration for the Website or enhance or personalize your experience on the Website. Your decision to use a social-networking service in connection with the Website is voluntary. However, you should make sure you are comfortable with the information your third party social networking services may make available to the Website by visiting those services’ privacy policies and/or modifying your privacy settings directly with those services.
Subject to the privacy settings you have set in your SNS account, you can email a friend and share certain SNS content or other materials you may choose to share with that friend. If you choose to use this aspect of our services we will ask you for your friend’s name, email address and/or SNS username. We will automatically send your friend a one-time email. This information is for the sole purpose of sending this one-time email.
How We Use and Disclose the Information.
We will use the personal information you provide online for the purpose(s) you have submitted. In addition, we may send to you an email offering information which we think you may be interested in or to ask you to participate in a survey. If you want us to stop using the personal information you provided, please contact us at firstname.lastname@example.org.
How We Share Your Personal Information.
We will not sell the personal information you provide. We will not share the personal information you provide, whether it is provided online or offline, with a third party except (a) for the purpose(s) you provided it; (b) with your consent; (c) as may be required by law or as we think necessary to protect our agency or others from injury (e.g. in response to a court order or subpoena, in response to a law enforcement agency request or when we believe that someone is causing (or about to cause) injury to or interference with the rights or property of another); (d) with other persons or companies with whom we contract to carry out internal site operations or our business activities (for example, sending out information or other item that you have requested on the site); and/or (e) notifying you when we make changes to one of our subscriber agreements or this policy.
Additionally, we may share certain of the personal information you provide online or offline with companies (whether or not affiliated with us) (i.e. third party companies). If you want us to stop sharing your personal information with these companies, please contact us at email@example.com. If you consent to receiving communications from non-affiliated companies, you may need to communicate with them directly if you later decide that you no longer wish to receive their communications or if you wish to change any data you provided online. In this instance, any changes or amendments to your personal information must be given directly to each company who communicates with you as these changes, amendments and/or deletions will not be exchanged between us and non-affiliated companies.
If we do share personal information to a non-affiliated company, to the extent practical, we request that they protect such information in a manner that is consistent with this policy. Such third party companies are not under our control, however, so we cannot guarantee how these non-affiliated companies will use your personal information.
With respect to any personally identifiable information we collect or receive from SNSs, we reserve the right to use, transfer, assign, sell, share, and provide access to such information and other non-personally identifiable information about you and your computer, mobile or other device in the same ways described in this Agreement as all of your other information.
Finally, we may transfer information, including any personally identifiable information, to a successor entity in connection with a merger, consolidation, sale of assets, bankruptcy, or other corporate or organizational change.
Use and Disclosure of Anonymous Information.
We sometimes use the non-personally identifiable information that we collect to improve the design and content of our site and to enable us to personalize your Internet experience. We also may use this information in the aggregate to analyze how our site is used, as well as to offer you programs, services or products that we believe may be of interest. Sometimes we share aggregate information with others, including affiliated companies and non-affiliated companies.
Collection of Information by Others.
Our site may contain links to other sites whose practices may be different than ours. You should check the other sites’ privacy notices since we have no control over information that is submitted to or collected by them.
We may offer information or services that are sponsored by or co-sponsored with non-affiliated companies. Based on our agreements with them, these third parties may obtain personally identifiable information that site visitors voluntarily submit. We have no control over the use of this information by these companies.
To enhance your online experience with us, many of our web pages use “cookies.” Cookies are text files placed on your hard disk by our web server to store your preferences. Cookies, by themselves, do not tell us your e-mail address or other personally identifiable information unless you choose to provide this information to us. However, once you choose to provide the personally identifiable information, this information may be linked to the data stored in the cookie.
As you use the Internet, a trail of electronic information is left at each web site you visit. This information, which is sometimes referred to as “clickstream data,” can be collected and stored by a web site's server. Clickstream data can tell us the type of computer and browsing software you use and the address of the web site from which you linked to the Website. We may use clickstream data as a form of non-personally identifiable information to anonymously determine how much time visitors spend on each page of the Website, how visitors navigate throughout the site and how we may tailor our web pages to better meet the needs of visitors. Any collection or use of clickstream data will be anonymous and aggregate.
From time to time we may supplement information you give us with information from other sources, such as information validating your address. Thus, information we obtain through the Website may be intermingled with and used in conjunction with information obtained through sources other than the Website, including both offline and online sources.
Discussions and Community Tools.
We may, from time to time, make chat rooms, forums, message boards, news groups and other community tools available to you. Please remember that any information that is disclosed in these areas becomes public information for other users to view and for us to use. For example, from time to time, we may use the content you write (including your name or screen name if you post it) for promotional purposes, in e-mail newsletters or elsewhere, and by using the Website and/or these chat rooms, forums, message boards, news groups, and other community tools, you agree that we may do so. You should exercise caution when deciding to disclose your personal information in these areas, since anyone - not just us - may use publicly posted information.
Our Commitment to Security.
We believe we have in place the appropriate physical, electronic, and managerial procedures to safeguard and help prevent unauthorized access, maintain data security and correctly use the information we collect online as well as offline. JDC’s security standards are in validated compliance with the Payment Card Industry Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS).
If you are visiting the Website from outside of the United States, your connection will be through and to servers located in the United States, all information you provide will be processed and securely maintained in our web servers and internal systems located within the United States. By using the Website, you authorize the export of personal information to the USA and its storage and use as specified above when you provide such information to us. This policy and our legal obligations are subject to the laws of the State of New York and the USA, regardless of the location of any user. Any claims or complaints must be filed in the USA in federal or state courts located in the State of New York, County of New York.
How You Can Access or Correct Your Personal Information.
For instructions on how you can access the personally identifiable information that we have collected about you online, or how to correct any errors in such information, please send an e-mail to firstname.lastname@example.org.
To protect your privacy and security, we will take reasonable steps to help verify your identity before granting access or making corrections.
Special Note for Parents.
If you have concerns about this site or its services, wish to find out if your child is a member or has registered for one of our services, or wish to cancel your child's membership, please contact us at email@example.com. Our site will not knowingly accept personal information from anyone under 13 years old in violation of applicable laws, without consent of a parent or guardian. If you believe that your child under 13 has gained access to our site without your permission, you may contact us at firstname.lastname@example.org.
Changes to this Policy.
Because our needs may change over time, we reserve the right, at our discretion, to change, modify, add, or remove portions from this policy at any time. If at any time in the future we plan to use your personally identifiable information in a way that differs from this policy, we will revise this policy as appropriate. Your continued use of the Website following the posting of any changes to this policy means you accept such changes. This policy is effective as of June 15, 2012.
How to Contact Us.
Copyright © 2012 American Jewish Joint Distribution Committee, Inc. All rights reserved. The Site is the property of the American Jewish Joint Distribution Committee, Inc. and is protected by United States and international copyright, trademark, and other applicable laws. This includes the content, appearance, and design of the Site, as well as the trademarks, services names, graphics, logos, service names, slogans, colors, and designs.
1. Your Acceptance
2. Website Access
B. In order to access some features of the Website, you may have to create an account. When creating your account, you must provide accurate and complete information. You are solely responsible for the activity that occurs on your account, and you must keep your account password secure. You may never use another’s account without permission. You must notify JDC immediately of any breach of security or unauthorized use of your account. Although JDC will not be liable for your losses caused by any unauthorized use of your account, you may be liable for the losses of JDC or others due to such unauthorized use.
C. You agree not to use or launch any automated system, including without limitation, “robots,” “spiders,” “offline readers,” etc., that access the Website in a manner that sends more request messages to the JDC servers in a given period of time than a human can reasonably produce in the same period by using a conventional on-line web browser. Notwithstanding the foregoing, JDC grants the operators of public search engines permission to use spiders to copy materials from the site for the sole purpose of creating publicly available searchable indices of the materials, but not caches or archives of such materials. JDC reserves the right to revoke these exceptions either generally or in specific cases. You agree not to collect or harvest any personally identifiable information, including account names, from the Website, nor to use the communication systems provided by the Website for any commercial solicitation purposes. You agree not to solicit, for commercial purposes, any users of the Website with respect to their User Submissions.
3. Intellectual Property Rights
A. The content on the Website, except all User Submissions (as defined below), including artwork, images, text, software, sounds, music, video, names, and likenesses displayed on the Website are either the property of, or used with permission by, JDC. The reproduction and use of any of these by you is prohibited unless specific permission is provided on the Website or otherwise. Any unauthorized use may violate copyright laws, trademark laws, privacy and publicity laws, and/or communications regulations and statutes of the United States and foreign laws and international conventions.
B. The trademarks, service marks, logos, and other indicia, including of JDC (collectively the “Trademarks”) which appear on the Website are registered and unregistered trademarks of JDC and others. Nothing contained on the Website should be construed as granting, by implication or otherwise, any right, license or title to any of the Trademarks without the advance written permission of JDC or such third party as may be appropriate. All rights are expressly reserved and retained by JDC. Your misuse of any of the Trademarks displayed on the Website, or any other content on the Website, except as provided in these Terms and Conditions, is strictly prohibited. You are also advised that JDC considers its intellectual property to be among its most valuable assets, and will aggressively enforce its intellectual property rights to the fullest extent of the law.
C. Both the Website and the content of the Website are provided “AS IS” for your information and personal use only and may not be used, copied, reproduced, distributed, transmitted, broadcast, displayed, sold, licensed, or otherwise exploited for any other purposes whatsoever without the prior written consent of the respective owners. JDC reserves all rights not expressly granted in and to the Website and the Content. You agree to not engage in the use, copying, or distribution of any of the Content other than expressly permitted herein, including any use, copying, or distribution of User Submissions of third parties obtained through the Website for any commercial purposes. If you download or print a copy of the Content for personal use, you must retain all copyright and other proprietary notices contained therein. You agree not to circumvent, disable or otherwise interfere with security related features of the JDC Website or features that prevent or restrict use or copying of any Content or enforce limitations on use of the JDC Website or the Content therein. JDC does not make any representations or warranties, whether express or implied, regarding or relating to the Website or any associated hardware or software, including the content or operations of either.
4. User Submissions
A. The JDC Website may now or in the future permit the submission of content or communications submitted by you and/or other users (“User Submissions”) and the hosting, sharing, and/or publishing of such User Submissions. You understand that whether or not such User Submissions are published, JDC does not guarantee any confidentiality with respect to any submissions.
C. By submitting the User Submissions to JDC, you hereby grant JDC a worldwide, non-exclusive, royalty-free, sublicenseable and transferable license to use, reproduce, distribute, prepare derivative works of, display, and perform the User Submissions in connection with the JDC Website and JDC’s (and its successor(s), if any) business, including without limitation for promoting and redistributing part or all of the JDC Website (and derivative works thereof) in any media formats and through any media channels.
D. You agree that you will not: (i) submit material that is copyrighted, protected by trade secret or otherwise subject to third party proprietary rights, including privacy and publicity rights, unless you are the owner of such rights or have permission from their rightful owner to post the material and to grant JDC all of the license rights granted herein, including sampled music; (ii) publish falsehoods or misrepresentations that could damage JDC or any third party; (iii) submit material that is unlawful, obscene, defamatory, libelous, threatening, pornographic, harassing, hateful, racially or ethnically offensive, or encourages conduct that would be considered a criminal offense, give rise to civil liability, violate any law, or is otherwise inappropriate; (iv) post advertisements or solicitations of business: (v) impersonate another person.
F. If you are a copyright owner or an agent thereof and believe that any User Submission or other content infringes upon your copyrights, you may submit a notification pursuant to the Digital Millennium Copyright Act (“DMCA”) by providing our Copyright Agent with the following information in writing:
(i) A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed;
(ii) Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single notification, a representative list of such works at that site;
(iii) Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled and information reasonably sufficient to permit the service provider to locate the material;
(iv) Information reasonably sufficient to permit the service provider to contact you, such as an address, telephone number, and, if available, an electronic mail;
(v) A statement that you have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law; and
(vi) A statement that the information in the notification is accurate, and under penalty of perjury, that you are authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
JDC’s designated Copyright Agent to receive notifications of claimed infringement is: Guy Billauer, General Counsel, American Jewish Joint Distribution Committee, Inc., Guy.Billauer@jdcny.org. Only DMCA notices should go to the Copyright Agent. Any other feedback, comments, requests for technical support, and other communications should be directed to JDC customer service through email@example.com. You acknowledge that if you fail to comply with all of the requirements of this Section (D), your DMCA notice may not be valid.
G. You understand that when using the JDC Website, you may be exposed to User Submissions from a variety of sources, and that JDC is not responsible for the accuracy, usefulness, safety, or intellectual property rights of or relating to such User Submissions. You further understand and acknowledge that you may be exposed to User Submissions that are inaccurate, offensive, indecent, or objectionable, and you agree to waive, and hereby do waive, any legal or equitable rights or remedies you have or may have against JDC with respect thereto, and agree to indemnify and hold JDC, its Owners/Operators, affiliates, and/or licensors, harmless to the fullest extent allowed by law regarding all matters related to your use of the site.
H. JDC permits you to link to materials on the Website for personal, non-commercial purposes only. JDC reserves the right to discontinue any aspect of the JDC Website at any time, which may result in the loss of material posted by user(s).
5. Links to Third Party Websites
6. Warranty Disclaimer and Limitation of Liability
YOU EXPRESSLY ACKNOWLEDGE THAT USE OF THE SITE IS AT YOUR SOLE RISK. NEITHER JDC NOR ITS AFFILIATED COMPANIES NOR ANY OF THEIR RESPECTIVE EMPLOYEES, AGENTS, THIRD PARTY CONTENT PROVIDERS OR LICENSORS (COLLECTIVELY THE “JDC PARTIES”) WARRANT THAT THE WEBSITE WILL BE UNINTERRUPTED OR ERROR FREE; NOR DO THEY MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE WEBSITE, OR AS TO THE ACCURACY, RELIABILITY OR CONTENT OF ANY INFORMATION, SERVICE, OR MERCHANDISE PROVIDED THROUGH THE WEBSITE. THE WEBSITE IS PROVIDED ON AN “AS IS” BASIS WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF TITLE OR IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OTHER THAN THOSE WARRANTIES WHICH ARE IMPLIED BY AND INCAPABLE OF EXCLUSION, RESTRICTION OR MODIFICATION UNDER THE LAWS APPLICABLE TO THIS AGREEMENT.
THIS DISCLAIMER OF LIABILITY APPLIES TO ANY DAMAGES OR INJURY CAUSED BY ANY FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DELETION, DEFECT, DELAY IN OPERATION OR TRANSMISSION, COMPUTER VIRUS, COMMUNICATION LINE FAILURE, THEFT OR DESTRUCTION OR UNAUTHORIZED ACCESS TO, ALTERATION OF, OR USE OF RECORD, WHETHER FOR BREACH OF CONTRACT, TORTIOUS BEHAVIOR, NEGLIGENCE, OR UNDER ANY OTHER CAUSE OF ACTION. YOU SPECIFICALLY ACKNOWLEDGE THAT JDC IS NOT LIABLE FOR THE DEFAMATORY, OFFENSIVE OR ILLEGAL CONDUCT OF OTHER USERS OR THIRD-PARTIES AND THAT THE RISK OF INJURY FROM THE FOREGOING RESTS ENTIRELY WITH YOU.
IN NO EVENT WILL JDC, THE JDC PARTIES, OR ANY PERSON OR ENTITY INVOLVED IN CREATING, PRODUCING OR DISTRIBUTING THE WEBSITE BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES ARISING OUT OF THE USE OF OR INABILITY TO USE THE WEBSITE. YOU HEREBY ACKNOWLEDGE THAT THE PROVISIONS OF THIS SECTION SHALL APPLY TO ALL CONTENT ON THE WEBSITE.
IN ADDITION TO THE TERMS SET FORTH ABOVE NEITHER, JDC, NOR THE JDC PARTIES SHALL BE LIABLE REGARDLESS OF THE CAUSE OR DURATION, FOR ANY ERRORS, INACCURACIES, OMISSIONS, OR OTHER DEFECTS IN, OR UNTIMELINESS OR UNAUTHENTICITY OF, THE INFORMATION CONTAINED WITHIN THE WEBSITE, OR FOR ANY DELAY OR INTERRUPTION IN THE TRANSMISSION THEREOF TO YOU, OR FOR ANY CLAIMS OR LOSSES ARISING THEREFROM OR OCCASIONED THEREBY. NONE OF THE FOREGOING PARTIES SHALL BE LIABLE FOR ANY THIRD-PARTY CLAIMS OR LOSSES OF ANY NATURE, INCLUDING, BUT NOT LIMITED TO, LOST PROFITS, PUNITIVE OR CONSEQUENTIAL DAMAGES AND THE AGGREGATE, TOTAL LIABILITY OF THE JDC PARTIES TO YOU OR ANY END USER FOR ALL DAMAGES, INJURY, LOSSES AND CAUSES OF ACTION (WHETHER IN CONTRACT, TORT OR OTHERWISE) ARISING FROM OR RELATING TO THIS AGREEMENT OR THE USE OF OR INABILITY TO USE THE SITE SHALL BE LIMITED TO PROVEN DIRECT DAMAGES IN AN AMOUNT NOT TO EXCEED ONE HUNDRED DOLLARS ($100).
SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OR EXCLUSION OF CERTAIN LIABILITY OR WARRANTIES SO SOME OF THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU. In such jurisdictions, JDC’s liability is limited to the greatest extent permitted by law. You should check your local laws for any restrictions or limitations regarding the exclusion of implied warranties.
Copyright © 2012 American Jewish Joint Distribution Committee, Inc. All rights reserved. The Site is the property of the American Jewish Joint Distribution Committee, Inc. and is protected by United States and international copyright, trademark, and other applicable laws. This includes the content, appearance, and design of the Site, as well as the trademarks, product names, graphics, logos, service names, slogans, colors, and designs.
JDC Policy on the Collection and Processing of Personal Data
Effective May 25, 2018
Every day JDC receives, uses and stores personal information about our clients, Board members, employees, program participants, service providers, volunteers, vendors, and contractors. It is important that this information is handled lawfully and
appropriately in line with the requirements of the EU General Data Protection Regulation (“GDPR”), where applicable. JDC takes our data protection duties seriously, because we respect the trust that is being placed in us to use
personal information appropriately and responsibly.
This Policy, and any other documents referred to in it, sets out the basis on which JDC will collect and process personal data where the GDPR is applicable. This policy does not form part of any employee’s contract of employment and may be amended at any time.
JDC is responsible for ensuring compliance with the GDPR and with this policy. Any questions about the operation of this policy or any concerns that the policy has not been followed should be referred in the first instance to Itamar Albek, JDC’s Chief Information Officer and Data Protection Officer or reported in line with JDC’s reporting policies.
What is Personal Data?
Personal data means data (whether stored electronically or paper based) relating to a living individual who can be identified directly or indirectly from that data (or from that data and other information in our possession).
Processing is any activity that involves use of personal data. It includes obtaining, recording or holding the data, organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.
Sensitive personal data includes personal data about a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric, physical or mental health condition, sexual orientation or sexual life. It can also include data about criminal offences or convictions. Sensitive personal data can only be processed under strict conditions, including with the consent of the individual.
Data Protection Principles
In processing personal data, JDC will take all reasonable measures to ensure that data is:
- Processed fairly, lawfully and in a transparent manner.
- Collected for specified, explicit and legitimate purposes and any further processing is completed for a compatible purpose.
- Adequate, relevant and limited to what is necessary for the intended purposes.
- Accurate, and where necessary, kept up to date.
- Kept in a form which permits identification for no longer than necessary for the intended purposes.
- Processed in line with the individual’s rights and in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
- Not transferred to people or organizations situated in countries without adequate protection and without firstly having advised the individual.
Fair and Lawful Processing
The GDPR is not intended to prevent the processing of personal data, but to ensure that it is done fairly and without adversely affecting the rights of the individual.
In accordance with the GDPR, JDC will only process personal data where it is required for a lawful purpose. The lawful purposes include (amongst others): whether the individual has given their consent, the processing is necessary for performing a contract with the individual, for compliance with a legal obligation, or for the legitimate interest of JDC. When sensitive personal data is being processed, additional conditions will be met.
Processing for Limited Purposes
In the course of JDC’s operations, we may collect and process the personal data set out in the attached schedule. This may include data we receive directly from a data subject (for example, by completing forms or by corresponding with us by mail, phone, email or otherwise) and data we receive from other sources (including, for example, location data, business partners, sub-contractors in technical, payment and delivery services, credit reference agencies and others).
The legal grounds we are most likely to rely on for processing data are: 1) consent; 2) legal obligation; 3) contract; and 4) legitimate interest. We will only process personal data for the specific purposes set out in the attached schedule or for any other purposes specifically permitted by law. We will notify those purposes to the data subject when we first collect the data or as soon as possible thereafter.
JDC will not keep personal data longer than is necessary for the purpose or purposes for which it was collected. We will take all reasonable steps to destroy, erase or anonymize from our systems, all data which is no longer required.
Processing in line with Data Subject’s Rights
JDC will process all personal data in line with data subjects’ rights, in particular their right to:
- Confirmation as to whether or not personal data concerning the individual is being processed.
- Request access to any data held about them by a data controller.
- Request rectification, erasure or restriction on processing of their personal data.
- Lodge a complaint with a supervisory authority.
- Data portability.
- Object to processing including for direct marketing.
- Not be subject to automated decision making including profiling in certain circumstances.
JDC will take appropriate security measures against unlawful or unauthorized processing of personal data, and against the accidental or unlawful destruction, damage, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.
JDC will put in place procedures and technologies to maintain the security of all personal data from the point of the determination of the means for processing and point of data collection to the point of destruction. Personal data will only be transferred to a data processor if he agrees to comply with those procedures and policies, or if he puts in place adequate measures himself.
JDC will maintain data security by protecting the confidentiality, integrity and availability of the personal data, defined as follows:
- Confidentiality means that only people who are authorized to use the data can access it.
- Integrity means that personal data should be accurate and suitable for the purpose for which it is processed.
- Availability means that authorized users should be able to access the data if they need it for authorized purposes. Personal data should therefore be stored on the JDC’s central computer system instead of individual
Security procedures include:
- Entry controls. Any stranger seen in entry-controlled areas should be reported.
- Secure lockable desks and cupboards. Desks and cupboards should be kept locked if they hold confidential information of any kind. (Personal information is always considered confidential.)
- Data minimization.
- Encryption of data where appropriate
- Methods of disposal. Paper documents should be shredded. Digital storage devices should be physically destroyed when they are no longer required.
- Equipment. Staff must ensure that individual monitors do not show confidential information to passers-by and that they log off from their PC when it is left unattended.
- Transferring Personal Data Outside of the EEA
We may transfer any personal data we hold to a country outside the European Economic Area (‘EEA’) or to an international organization, provided that one of the following conditions applies:
- The country to which the personal data are transferred ensures an adequate level of protection for the data subjects’ rights and freedoms.
- The data subject has given consent.
- The transfer is necessary for one of the reasons set out in the Act, including the performance of a contract between us and the data subject, or to protect the vital interests of the data subject.
- The transfer is legally required on important public interest grounds or for the establishment, exercise or defense of legal claims.
- The transfer is authorized by the relevant data protection authority where we have adduced adequate safeguards with respect to the protection of the data subjects’ privacy, their fundamental rights and freedoms, and the exercise of their rights.
Subject to the requirements above, personal data we hold may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Those staff may be engaged in, among other things, the fulfilment of contracts with the data subject, the processing of payment details and the provision of support services.
Disclosure and Sharing of Personal Data
We may share personal data we hold with any member of our group, which means our subsidiaries and affiliates, and their subsidiaries and affiliates. We may share personal data we hold with select partners and funders listed in the attached schedule.
Subject Access Requests
Individuals must make a formal request for information we hold about them. Employees who receive a request should forward it to Itamar Albek immediately.
When receiving telephone inquiries, we will only disclose personal data we hold on our systems if the following conditions are met:
- We will check the caller’s identity to make sure that information is only given to a person who is entitled to it.
- We will suggest that the caller put their request in writing if we are not sure about the caller’s identity and where their identity cannot be checked.
Where a request is made electronically, data will be provided electronically where possible.
Changes to this Policy
We may amend this Policy from time to time in order to comply with our legal obligations and any changes in the data processing activities of your personal data. You can determine when this was last revised by referring to the “last updated” date at the top of this Policy.
If you have any questions related to data collection and processing under this Policy, please contact:
Chief Information Officer
Data Protection Officer
220 East 42nd Street, Suite 400, New York, New York 10017
Last Updated: June 8, 2018
SCHEDULE OF DATA PROCESSING ACTIVITIES
What kinds of information do we collect?
To provide services to our clients and to provide information to our Board members, employees, vendors, contractors, program participants, and donors, we must collect and process information.
- We collect names, contact information such as email addresses, mailing addresses and phone numbers. We also collect photo, video and audio recordings.
- For clients we also may collect financial, health, employment, and religious information.
- For employees and pensioners we may also collect bank, health, and employment information.
- We collect credit card information of donors or program participants. Where necessary for travel and JDC-related missions, we collect passport information.
How do we use and process the information we collect?
JDC processes this data on the basis of legitimate business interest and, where required, consent.
- We collect contact information to provide necessary services to our clients, to maintain records of our employees and pensioners, to fulfill our legal obligations when we contract with a vendor, to ensure proper governance of our Board and to keep our community informed of our work and activities.
- We take photograph, video, and audio recordings of our clients and at our events to help bring awareness of the needs of Jewish communities around the world and keep our community informed of our work and introduce our programming to new members of our community.
- We collect additional personal information about or clients in order to ensure we provide appropriate and needed services and to fulfill reporting requirements of our funders.
- We collect additional personal information from our employees and pensioners in order to fulfill our contractual and legal obligations to them.
- We collect additional information about program participants where required for the operation of the program.
JDC will process data in collects until consent is withdrawn, until JDC no longer needs to process the data for its legitimate business purpose, or until we are legally required to destroy it.
Who do we share information with?
JDC may share personal data of clients, Board members, and employees with the following select list of partners and funders:
- UJA-Federation of New York
- The Jewish Federations of North America and their Network Communities (for more information on JFNA’s Network Communities, please see https://jewishfederations.org/network-communities)
- The Conference on Jewish Material Claims Against Germany
- Ronald S. Lauder Foundation
JDC PRIVACY NOTICE FOR JOB CANDIDATES
JDC and its affiliates and subsidiaries worldwide (collectively, the “Organization”) provides this Privacy Notice (“Privacy Notice”) to explain our practices regarding the collection, use, and other processing of certain individually identifiable information about job candidates (“Candidate Data”), as described in more detail below.
CATEGORIES OF CANDIDATE DATA
The Organization may collect and process the following categories of Candidate Data:
- Personal information: name and contact information (address, phone number, email, social media, photograph, video/audio recording and emergency contact information), gender, work authorization, and other data permitted or required by applicable law. Collection and processing of other categories of personal information will be performed within limits established in accordance with applicable local law.
- Information about Education: names of educational institutions, degrees earned, graduation date, degree description, grades, honors, and informal education received.
- Work History information: current and/or previous employers, title, department, location, hire date, termination date, job function, contact information of supervisors and references, recommendations.
- Other Qualifications Information: certifications, areas of expertise, skills, volunteering, professional associations, affiliations, memberships, languages spoken, publications.
Candidate Data will be collected either directly from candidates through interviews, assessments, application forms, CVs, resumes, passports, or other IDs provided by candidates to the Organization through email, mail, the Organization’s recruitment website, other online platforms used by the Organization, or from third parties (including references, former employees, former employers and recruitment agencies), subject to applicable law.
The Organization may also collect and process the following categories of Sensitive Candidate Data from you in connection with your job application:
- Health and Medical Data for the purpose of providing you with reasonable accommodation, if needed;
- Race-related Data for purposes of Organization’s equal employment opportunity and other reporting obligations;
- Criminal Background Data for certain positions for purposes of carrying out the obligations and exercising the specific rights of the Organization.
In certain circumstances, the Organization may collect consent at the time of collection for certain types of Sensitive Candidate Data. In such cases, additional information regarding the types and purposes of use of such data will be provided.
The provision of the Candidate Data is partly a legal obligation, partly a contractual requirement necessary to enter into an employment contract with you and partly a requirement for the Organization to manage the recruitment process and for
keeping records of the process. Except in limited instances when we indicate that the provisions of certain information is voluntary, in general, you are required to provide Candidate Data, and the refusal will cause the impossibility for the
Organization to continue the recruitment process with a candidate and may require the Organization to cease the recruitment process with that candidate.
PURPOSES AND BASIS FOR PROCESSING CANDIDATE DATA
The Organization will process Candidate Data, including Sensitive Data, for the following purposes (“Processing Purposes”):
Categories of Candidate Data Involved
Managing the recruitment process and selecting a candidate
Personal information, Information about education, Work history information, Other qualifications information, Criminal background data
Entering into an employment contract with you
Complying with applicable laws and employment-related requirements along with the administration of those requirements, such as administering workplace accommodations, and complying with employment and immigration laws.
Personal information, Information about education, Work history information, Other qualifications information, Health and medical data, Race-related data, Criminal background data
Communicating with you, other candidates, and third parties (such as recruitment agencies or government officials)
Personal information, Information about education, Work history information, Other qualifications information
Communicating with your designated references
Personal information, Work History Information, Other qualifications information
Responding to and complying with requests and legal demands from regulators or other authorities in or outside of your home country
Personal information, Information about education, Work history information, Other qualifications information, Health and medical data, Race-related data, Criminal background data
Managing corporate information technology, including the Organization’s recruitment website, outside online platforms used by the Organization, IT support, and IT security
The Organization relies on the following legal grounds for the collection, processing, and use of Candidate Data:
Sensitive Candidate Data
Legal grounds for the collection, processing and use of Candidate Data, including Sensitive Candidate Data, may be extended and detailed in accordance with applicable local law.
DISCLOSURE OF CANDIDATE DATA
The Organization may transfer your Candidate Data, including Sensitive Candidate Data as necessary, to third parties for the Processing Purpose as follows:
- Within the Organization Group: As part of our global structure, managerial and human resources responsibilities, your Candidate Data may be transferred to other JDC offices and affiliates worldwide, including in the United States (collectively, the “Organization Group”) as necessary for the Processing Purposes, in particular to administer the recruitment process, communicate with you and third parties, conduct IT management, monitor and ensure compliance with applicable internal procedures, and respond to and comply with requests and legal demands. The list of entities and affiliates in the Organization Group can be found at http://www.jdc.org/about/privacy-policy/jdc-entities/
- With certain third parties: Existing or potential independent external advisors (e.g., recruitment agencies), governmental bodies, and other third parties may also receive your Candidate Data as necessary in connection with the recruitment process, in particular to carry out our contractual relationships with such third parties, to administer and provide compensation, administer the recruitment process, enter into an employment contract with you, comply with applicable laws and employment-related requirements, communicate with you, your designated references, and third-parties, conduct IT management, and respond to and comply with requests and legal demands.
- With certain new entities within the Organization Group: If the Organization for a position at which you apply is closed and a new entity within the Organization Group is established or if operations and/or employment matters are transferred in whole or in part to a new entity for a position at which you applied (or any similar transaction is being contemplated), your Candidate Data may be transferred to the other potential new employer prior to the transaction (e.g., during the diligence phase) or after the transaction, subject to any rights provided by applicable law, including jurisdictions where the other entity is located.
- With data processors: Certain third parties, whether affiliated or unaffiliated, may receive your Candidate Data to process such data under appropriate instructions (“Data Processors”) as necessary to support and facilitate the Processing Purposes. Data Processors will be subject to contractual obligations to implement appropriate technical and organizational security measures to safeguard the Candidate Data, and to process the Candidate Data only as instructed.
Additional requirements related to disclosure of Candidate Data may be detailed in accordance with applicable local law.
INTERNATIONAL TRANSFERS OF CANDIDATE DATA
The Organization may transfer Candidate Data, in connection with the Processing Purposes identified in Section III and disclosures identified in Section IV above, to other JDC offices and affiliates worldwide, service providers, suppliers and external advisers in a territory, such as the United States, that may not provide a level of protection to Candidate Data equivalent to that provided by your home country. The Organization has implemented appropriate safeguards with JDC to secure any such disclosures of Candidate Data. Candidates with questions regarding how JDC handles Candidate Data should contact JDC’s Human Resources representative via the contact information set out in Section IX below.
Requirements for International Transfers of Candidate Data may be established in accordance with applicable local law.
OTHER PROCESSING REQUIRED BY LAW
In addition to the activities described above, the Organization may also process, disclose, and transfer Candidate Data to governmental agencies and regulators, courts and other tribunals, and government authorities to the extent necessary or where required by applicable law.
ACCESS TO CANDIDATE DATA
If you have declared your consent regarding certain types of processing activities, you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
Pursuant to applicable data protection law you may also have the right to: (i) request access to your Candidate Data; (ii) request rectification of your Candidate Data; (iii) request erasure of your Candidate Data; (iv) request restriction of processing of your Candidate Data; (v) request data portability of your Candidate Data; and/or (vi) object to the processing of your Candidate Data. Please note that these aforementioned rights might be limited under the applicable national data protection law.
(i) Right of access: You may have the right to obtain from us confirmation as to whether or not Candidate Data concerning you is processed, and, where that is the case, to request access to such Candidate Data. The access information includes—inter alia—the purposes of the processing, the categories of Candidate Data concerned, the recipients or categories of recipients to whom the Candidate Data have been or will be disclosed, the sources of the Candidate Data, the duration of retention, and the technical security measures put in place to safeguard the Candidate Data in case of transfer outside the EEA. However, this is not an absolute right and the interests of other individuals may restrict your right of access.
You may have the right to obtain a copy of the Candidate Data. For additional copies requested by you, we may charge a reasonable fee based on administrative costs.
(ii) Right to rectification: You may have the right to obtain from us the rectification (i.e., correction) of inaccurate Candidate Data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete Candidate Data completed, including by means of providing a supplementary statement.
(iii) Right to erasure (right to be forgotten): Under certain circumstances, you may have the right to obtain from us the erasure of Candidate Data concerning you. In such cases, we will erase, or render permanently unintelligible, such Candidate Data.
(iv) Right to restriction of processing: Under certain circumstances, you may have the right to obtain from us restriction of processing of your Candidate Data. In this case, the respective data will be marked and may only be processed by us for certain purposes. However, as the Organization processes and uses your Candidate Data primarily for purposes of managing the recruitment process and entering into a contractual employment relationship with you, the Organization will in principle have a contractual necessity and legitimate interest for the processing which will override your restriction request, unless the restriction request relates to marketing activities (which generally do not apply in the recruitment context).
(v) Right to data portability: Under certain circumstances, you may have the right to receive the Candidate Data about you that you have provided to us, in a structured, commonly used and machine-readable format so you can transmit this Candidate Data to another entity.
(vi) Right to object: Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your Candidate Data by us. Where such right applies, we will no longer process the relevant Candidate Data. This is not an absolute right and does not apply in certain situations, such as when processing is necessary to enter into an employment contract, to comply with applicable law, or to defend legal claims.
Candidates should transmit any requests for access or updates to, or corrections or deletions of, their own Candidate Data to the Organization as specified below in Section IX. You also have the right to lodge a complaint with the competent data protection supervisory authority.
Your Candidate Data is stored by the Organization and/or our service providers, strictly to the extent necessary for the performance of our obligations and strictly for the time necessary to achieve the purposes for which the Candidate Data is collected, in accordance with applicable data protection laws. When the Organization no longer needs to use your Candidate Data, we will remove it from our systems and records and/or take steps to properly render it unintelligible so that you can no longer be identified from it (unless we need to keep your Candidate Data to comply with legal or regulatory obligations to which the Organization is subject).
Candidates who have any questions about this Notice or wish to (i) access, review, or, where required, correct or request the deletion of their Candidate Data or learn more about who has access to such information, (ii) make any other type of request, or (iii) report a concern related to Candidate Data, should contact JDC’s Human Resources representative or the Organization’s Data Protection Officer at firstname.lastname@example.org.
The procedures for submitting requests, claims, issues etc. may be established in accordance with applicable local law.
EFFECTIVE DATE: May 25, 2018