Updated May 2018
NESsT, Inc. is a company established in the United States with principal offices at 2323 Broadway, Oakland, California 94612 and for the purpose of the General Data Protection Regulation (“GDPR”) and any local data privacy laws, we are the data controller of personal information provided through our website. We have named Éva Vörös at NESsT EUROPE Public Benefit Nonprofit Ltd. (Hungary) as our representative in the EU, who you can contact (in addition to or instead of us) should you have any issues in connection with personal information processed through our Website (contact details provided below).
What Information We Collect
Information that You Give Us
NESsT collects contact information such as the name, address, telephone, professional or personal e-mail address, title within and name of organization and credit card details of Website visitors who voluntarily submit that information via our Website, email, telephone, social media or otherwise, for instance when Website visitors subscribe to receive our newsletters and updates, or fill out our forms (including applications for social enterprise competitions and self-assessment tools), or make financial contributions through our Website.
Technical Usage Information
When you visit the Website, we automatically collect the information sent to us by your computer, mobile phone, or other access device. This information includes: your IP address; mobile network information; device information including, but not limited to device type and operating system; standard web information, such as your browser type and the pages you access on our Website.
NESsT does not specifically ask children under 18 for any information and does not knowingly collect personally identifiable information about them.
As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our services and our organization, we will use the information that you give us to communicate with you, respond to service requests or general queries, monitor financial contributions made online, enforce our Website terms and conditions, and if you have opted in to marketing, communicate with you about products, services, promotions, events and other news and information we think will be of interest to you.
As it is in our legitimate interests to provide effective services and useful content to you, we will use the technical usage information that we collect to ensure that content from the Website is presented in the most effective manner for you and your device; monitor and analyze trends, usage and activity in connection with our Website and services to improve the Website; administer the Website, conduct troubleshooting, data analysis, testing, research, statistical and survey analysis; keep the Website safe and secure; or measure and understand the effectiveness of the content we serve to you and others.
With your consent, where required by applicable law, we will use your personal data for marketing purposes – for instance, to send you our newsletter and other regular updates on NESsT’s work. You are able to unsubscribe from our newsletter at any time, as all of our email communications have unsubscribe links. Alternatively, if you would like to be removed from our newsletter distribution list, please send an email with ‘unsubscribe’ in the subject line to email@example.com. NESsT may use third parties, with which it has a confidentiality agreement, to send this type of emails. However, NESsT restricts its partners from sending spam associated with NESsT’s Website, brand, or products. Anyone receiving an unsolicited email related to NESsT products and services should forward the entire message and headers to firstname.lastname@example.org.
How We Use Your Information
Cookies & Tracking Technologies
NESsT does not sell personal information to third parties. We will share your personal information only with selected third parties including these categories of recipients:
- IT Services providers located in the United States that provide us with SaaS services, including Salesforce, SharePoint and iContact, who we use to store our customer relationship management information;
- Cloud storage providers located in the United States, including Google Drive and Dropbox, who we use to store the personal data you provide and for disaster recovery services, as well as for the performance of any contract we enter in with you;
- Data management solution providers located in the United States, including Formstack, that help us collect information through various types of online forms, including surveys, applications, and event registration forms;
- Analytics and search engine providers located in the United States, including Squarespace, that assist us in the improvement and optimization of the Website;
- Credit card and payment providers Donorbox and Stripe, located in the United States, that allow visitors to our Website to make safe and secure financial contributions to us and to purchase our publications using a major credit card. All of the information collected through these services is encrypted. Donorbox and Stripe do not sell, trade, rent or share your information with any entity other than NESsT, which receives your payment.
NESsT will share your information with law enforcement agencies, public authorities or other organizations if legally required to do so, including to meet national security or law enforcement requirements, or if we have a good faith belief that such use is reasonably necessary to:
- comply with a legal obligation, process or request;
- enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
- detect, prevent or otherwise address security, fraud or technical issues;
- protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law.
NESsT will also disclose your information to third parties:
- in the event that we sell any business or assets, in which case we will disclose your data to the prospective buyer of such business or assets; or
- if we or substantially all of our assets are acquired by a third party, in which case information held by us about our users will be one of the transferred assets.
Sharing with Third Parties
NESsT recognizes that your privacy is important to you, and, therefore, we employ technical security measures that endeavor to protect information from outside threats. NESsT has taken steps to ensure that personally identifiable information collected is secure, including limiting the number of people who have physical access to our database as well as electronic security systems and password protections that guard against unauthorized access.
All online transactions via our Website, and the information collected through those services, are protected and encrypted using secure sockets layer technology (SSL). This encryption is designed to prevent the theft or interception of the information you provide. Encryption is indicated on your web browser by the display of a lock or key on the browser status bar.
Unfortunately, the transmission of information via the internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through the Website or over email; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organizational measures to safeguard your personal data against loss, theft and unauthorised use, access or modification. If you have any questions about the security of your personal information, please contact us at email@example.com.
Data Transfers & Where We Store Your Data
Your personal information may be transferred to other countries in order for you to benefit from our services. The United States, European Economic Area (EEA) Member States and other countries all have different laws. If your data is moved from your home country to a different country, the laws and rules that protect your personal information in that different country may be different from those in the country where you live. For example, the circumstances in which law enforcement can access personal information can vary from country to country. In particular, if your data is in the United States, it may be accessed by government authorities in accordance with U.S. law.
Our Website is hosted in the United States and therefore the information that you submit to us through our Website will be transferred to the United States.
For Users in the EEA
The information that we collect from you may be processed by NESsT staff outside the EEA for purposes of communicating with you (especially regarding applications or self-assessments you have submitted via forms on our Website), responding to service requests or general queries, monitoring financial contributions made online and, if you have opted in to marketing, communicate with you about products, services, promotions, events and other news and information we think will be of interest to you.
It may also be processed by third service providers operating outside the EEA, including those mentioned under section “Sharing with Third Parties” above, for the purposes described in each case. NESsT will take all steps reasonably necessary to ensure that your personal data is treated securely transferred, including by basing such data exports on:
- Model Clauses: The personal data that we collect from you will be transferred to, stored and processed by NESsT staff outside the EEA (in the United States, Peru, Colombia and Brazil) for purposes of communicating with you (especially regarding applications or self-assessments you have submitted via forms on our Website), responding to service requests or general queries, monitoring financial contributions made online and, if you have opted in to marketing, communicate with you about products, services, promotions, events and other news and information we think will be of interest to you, under the Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decisions 2001/497/EC, 2004/915/EC and/or 2010/87/EU. Please contact us at firstname.lastname@example.org if you would like to see a copy of the Model Clauses.
- Privacy Shield: The following third service providers to whom we will transfer your data for the purposes described above under “Sharing with Third Parties” participate in the U.S.-E.U. Privacy Shield framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of your personal data from European Union Member States: Salesforce, SharePoint (Microsoft), Google Drive, Dropbox, Formstack, Squarespace and Stripe. As such, they have certified that they adhere to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. To learn more about the Privacy Shield program, please visit www.privacyshield.gov.
Where you have a dispute or complaint regarding NESsT’s collection, storage, or use of your personal information, you may make a complaint to NESsT by sending it to email@example.com or firstname.lastname@example.org. NESsT takes your privacy complaints very seriously, so please be clear and detailed as to all facts related to your complaints. Where the dispute or complaint is not satisfactorily resolved or you don’t receive a timely response, you may escalate the matter to your European data protection authority free of charge, and NESsT commits to cooperate with the relevant European data protection authority and will comply with the advice given by this authority with regard to your information which was transferred from the EEA in the context of this Website.
How Long We Store Your Data
We will retain your information as follows:
- Data you provide to us by creating an account or submitting an application or self-assessment survey: For as long as your account is active, or the competitions or positions for which you applied are open. We will retain your information for longer if required by law or as necessary to defend or pursue legal claims or resolve disputes.
- Technical usage and Website analytics information: For up to 18 months.
- Donation or payment information: For up to 18 months after the last donation or payment was received. No credit card information is stored on NESsT computers or cloud-based storage systems, nor available to NESsT employees or volunteers. Credit card information is encrypted and stored safely by Stripe, our credit card payment processor. For more information about Stripe’s security protocols, please visit https://stripe.com/docs/security/stripe.
- Data provided for general communication or marketing purposes: Until you notify us that you no longer want us to use your information for marketing purposes, by unsubscribing from any marketing email you receive or by contacting email@example.com.
In certain circumstances, as provided by the applicable laws, individuals also have the following rights in relation to their personal data:
- Access and portability: You have the right to know whether we process personal data about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with.
- Correction, erasure and restriction of processing: You have the right to require us to correct any personal data held about you that is inaccurate and have incomplete data completed or ask us to delete data (i) where you believe it is no longer necessary for us to hold the personal data; (ii) where we are processing your data on the basis of our legitimate interest and you object to such processing; or (iii) if you believe the personal data we hold about you is being unlawfully processed by us. You can ask us to restrict processing data we hold about you other than for storage purposes if you believe the personal data is not accurate (whilst we verify accuracy); where we want to erase the personal data as the processing we are doing is unlawful but you want us to continue to store; where we no longer need the personal data for the purposes of the processing but you require us to retain the data for the establishment, exercise or defense of legal claims or where you have objected to us processing personal data and we are considering your objection.
- Objection: You have the right to object to our processing of data about you based on legitimate interests and we will consider your request. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims.
- Withdrawal of Consent: Where you have provided your consent for us to process your personal data, you can withdraw your consent at any time by contacting us at firstname.lastname@example.org.
- Testimonials: With prior permission from the individual, NESsT displays personal testimonials of donors, partners, volunteers, clients, entrepreneurs or beneficiaries of social enterprises on our Website in addition to other endorsements. Individuals wishing to update or delete a testimonial should contact NESsT at email@example.com.
- Marketing: You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing at any time by contacting us at firstname.lastname@example.org.
- Complaints: In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at email@example.com and we will endeavor to deal with your request. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.
You can exercise these rights by sending an email to firstname.lastname@example.org or by mailing NESsT at the address listed in this policy. Before we respond to your request, we will ask you to verify your identity.
Other Websites and Social Media Widgets
Our Website contains links to other third-party Websites we feel our audience may benefit from. If you follow a link to any of other Websites, these Websites will have their own privacy policies and we do not accept any responsibility or liability for these policies. We encourage you to carefully read the privacy policies of those third-party sites before you submit any information to those Websites.
Any changes we will make to this policy in the future will be posted on this page and will be effective immediately upon posting on our Website. Please check back frequently to see any updates or changes to this policy. We encourage you to regularly review this page for the latest information on our privacy practices.
By mail, phone or email:
Oakland, California 94612
Users in the EU may also contact NESsT’s EU Representative:
NESsT EUROPE Public Benefit Nonprofit Ltd. (Hungary)
Berzenczey utca 19. III/7
1094 Budapest, Hungary
Attention: Ms. Éva Vörös