It is important that you read this Policy, together with any other privacy or fair processing policy we may provide on specific occasions when we are collecting or processing your personal information, so that you are fully aware of how and why we are using your personal information.
This Policy describes the types of personal information we may collect from you or that you may provide when you visit the website www.ifpim.org (our “Website“), and our practices for collecting, using, maintaining, protecting, and disclosing that information.
What we process and why
We have followed a privacy-by-design and data minimisation approach in the design and build of our website.
The personal data that we collect from persons (or data subjects) who visit our website is accordingly limited to the Internet protocol (IP) address of the computer accessing the site; the browser software and operating system that the computer uses; and the Internet address (URL) of the outside website from which the visitor came.
This information is processed for technical purposes in our legitimate interest, which provides a legal basis for such processing. Specifically, we process personal data for the purposes of (i) providing basic statistical information about the use of our website; and (ii) assisting in diagnosing technical problems and defending attacks against it.
All personal data collected is anonymised. Anonymisation is achieved through the aggregation of statistical data that prevents the re-identification of individual users. It is usually deleted after 48 hours.
On occasion, we may need to retain personal data for longer than 48 hours. This includes for the purposes of conducting tests, diagnosing technical problems and defending against attacks on our website. In these situations, we will delete personal data as soon as it is no longer needed for the purpose for which it was kept.
We do not directly collect any sensitive data (or “special category data” as defined in EU law) through our website. All internet usage generates additional “metadata” that is collected and retained by internet service providers. This data can be accessed by law enforcement and intelligence agencies, who may extrapolate upon it to build up detailed “pictures” of specific individuals and communities. Individuals concerned about this kind of surveillance are encouraged to take measures to protect their privacy, for example by using the Tor browser or a VPN.
Tracking & cookies
A cookie (or browser cookie) is a small file placed on the hard drive of your computer. Like all websites, the IFPIM.org website uses “cookies” and other technical measures to monitor and protect the website against malicious traffic and to collect limited analytical data in order to understand how users engage the information we provide.
The ifpim.org website honours “Do Not Track” requests and has limited the cookies it deploys to the following:
- Strictly necessary Cloudflare cookies to protect the Website against DDoS attacks
- Matomo performance cookies to provide ifpim.org with analytical information about the use of the website, which is only deployed with visitors’ consent (see further below).
- User cookies, which are strictly necessary in order for the site to operate. They expire when the user exits the site.
Opting in and out of cookies
If you accepted the Matomo cookies, these will have been deployed with your consent, which provides a legal basis for the processing of the analytical data they collect about your use of the Website. If you declined the cookies, they will not have been deployed.
The Cloudflare cookies perform essential Website security functions and as such it is not possible to opt-out.
Browser settings can also be used to manage cookie preferences. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. Each browser is different, so check the Help or Settings menu of your particular browser to learn how to change your cookie preferences
Data sharing and sub-processors
We work with carefully selected third-party service providers who perform certain data processing tasks in order to maintain this Website. These third parties – Matomo and Cloudflare – are engaged by ifpim.org on terms which ensure confidentiality and compliance with data protection laws.
If our processing of your personal information is subject to EU data protection law, you have a number of rights. These include, in certain circumstances:
- To ask us not to process your personal information, including where we are using it for direct marketing purposes.
- To receive a copy of all your personal information held by Us, in order to check we are processing it lawfully.
- To ask us to correct any errors in your personal information.
- To ask us to delete your personal information, including when exercising your right to object to processing (see above).
- To ask us to restrict the processing of your personal information.
- To ask us to transfer your personal information to another party.
- To withdraw your consent where you have provided it for our collection or use of your personal information for a specific purpose.
You may exercise these rights at any time by contacting Us using the details in the “Contact Information” section of this Policy.
We may not be able to accommodate a request relating to your personal information in certain circumstances prescribed by law. Please contact us using the details in the “Contact Information” section of this Policy if you would like more information.
EU Website Users: International Transfers
To deliver services to you, it may sometimes be necessary for us to share your personal information outside of the European Economic Area (“EEA”). We ensure your personal information is protected by requiring all of our group companies to follow the same rules when processing your personal information. We may also share your personal information with contractors, service providers and other third parties supporting our business when needed. Many of these third parties are based outside of the EEA, so their processing of your personal information will involve a transfer of data outside of the EEA.
Whenever we transfer your personal information out of the EEA, we ensure proper protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal information an appropriate level of protection when being processed outside Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal information shared between Europe and the US.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.
We take all reasonable steps to ensure that personal data is processed securely and treated in accordance with this Policy. The technical and organisational measures to prevent unauthorised access to personal data include limiting staff and sub-processor access to personal data in accordance with specific job responsibilities or contractual obligations, the encryption of data where possible, the institution of security protocols and staff training.
Although we do our best to protect personal data, information transmitted over the internet remains vulnerable to interception – for this reason, the transmission of any personal data to our websites or via email to us is therefore at the data subjects’ own risk.
Changes to Our Policy
We may revise and update this Policy from time to time in our sole discretion. All changes are effective immediately when we post them, and apply to all access to and use of the Website and handling of your personal information thereafter. It is our policy to post any changes we make to our Policy on this page. If we make material changes to how we treat our users’ personal information, we will notify you through a notice on the Website home page. The date the Policy was last revised is identified at the top of the page.
To ask questions or comment about this Policy and our privacy practices, contact us at:
Rockefeller Philanthropy Advisors
6 West 48th St.
New York, NY 10036
If you are concerned about how We use your personal information, you have the right to make a complaint to the supervisory authority in your place of work or residence or the place in which the relevant infringement has taken place.
Last modified: 4 May 2021