Jurisdiction of the European Union's General Data Protection Regulation (GDPR)
This Policy reflects changes in data protection law in the jurisdiction of the European Union's General Data Protection Regulation (GDPR). This Policy is effective as of July 1, 2018.
The Leonardo DiCaprio Foundation is committed to protecting and respecting your privacy.
This Policy explains when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others, how we keep it safe and secure, and your rights and choices in relation to your information.
Any questions regarding this Policy and our privacy practices should be sent by email to [email protected].
What type of information do we collect information from you?
The personal information we collect, store and use about you might include:
· Your name and contact details (including postal address, email address and telephone number).
· Information about your expressed interest in LDF and its programs and events.
· Information about your activities on our website and about the device used to access it, for instance, your IP address and geographical location.
· Your bank or credit card details. If you make a donation online or make a purchase, your card information is not held by us; it is collected by our third-party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions.
· Any other personal information shared with us.
Data protection laws recognise certain categories of personal information as sensitive and therefore requiring greater protection, for example, information about your health, ethnicity, and religion.
We do not usually collect sensitive data about you unless there is a clear and valid reason for doing so and applicable data protection laws allow us to.
How and why is your information used?
We may use your information for a number of different purposes, which may include:
· providing you with the services, products or information you asked for.
· keeping a record of your relationship with us;
· conducting analysis and market research to better understand how we can improve our services, products or information;
· notifying you of changes to our services; and
· sending you communications which you have requested and that may be of interest to you. These may include information about campaigns, fundraising appeals, activities, and promotions.
How long is your information kept for?
We keep your information for no longer than is necessary for the purposes it was collected for.
The length of time we retain your personal information for is determined by operational and legal considerations. For example, we are legally required to hold some types of information to fulfil our statutory and regulatory obligations.
We review our retention periods on a regular basis.
Who has access to your information?
We do not sell or rent your information to third parties.
We do not share your information with third parties for marketing purposes.
However, we may disclose your information to third parties to achieve the other purposes set out in this Policy.
We may pass your information to our third-party service providers, suppliers, agents, subcontractors, and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example, to process donations and send you mailings). However, when we use these third parties, we disclose only the personal information that is necessary to deliver the services, and we have a contract in place that requires them to keep your information secure and prevents them from using it for their own direct marketing purposes.
Please be reassured that we will not release your information to third parties to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
Data protection law requires us to rely on one or more lawful grounds to process your personal information. We consider the following grounds to be relevant:
Where you have provided specific consent to us using your personal information in a certain way, such as to send you emails, texts, posted mail, and/or telephone outreach.
Where we are entering into a contract with you or performing our obligations under it.
Where necessary so that we can comply with a legal or regulatory obligation to which we are subject.
Where it is reasonably necessary to achieve our or others’ legitimate interests (as long as what the information is used for is fair and its use does not duly impact your rights).
Our legitimate interests as a Foundation involve implementation of our aims and ideals around inspiring the public to take action on key environmental issues. For example, we may:
· send postal communications which we think will be of interest to you;
· conduct research to better understand our supporters and to improve the relevance of our communications and fundraising;
· understand how people choose to support the work of the Foundation and what steps they take;
· determine the effectiveness of our campaigns, programs, activities, and outreach;
· enhance, modify, personalise, or otherwise improve our campaigns, programs, activities, and outreach, to better achieve our mission as a Foundation; and
· better understand how people interact with our website.
When we legitimately process your personal information in this way, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information where our interests are overridden by the impact on you, for example, where use would be excessively intrusive (unless we are otherwise required to by law).
When we use sensitive personal information, we require an additional legal basis to do so under data protection laws, so we will either do so on the basis of your explicit consent or implement another route legally available to us.
Fundraising and Marketing Communications
We may use your contact details to provide you with information about the vital work we do, our fundraising appeals and opportunities to support us, and other campaigns or products we think may be of interest to you.
We will only send you marketing and fundraising communications by email, text and telephone if you have explicitly provided your prior consent. You may opt out of our marketing communications at any time by clicking the Unsubscribe link at the end of our marketing emails.
We may send you marketing and fundraising communications by post unless you have told us that you would prefer not to hear from us.
You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us, you can indicate your choices on the site used to collect your information.
We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted, and we will retain your details on a suppression list to help ensure that we do not continue to contact you. In some instances, we may still need to contact you for administrative purposes.
We’re committed to putting you in control of your data, so you are also free to opt out of your information being used at any time by contacting [email protected].
Under EU data protection law, you have certain rights over the personal information that we hold about you. Here is a summary of the rights that we think apply:
You have a right to request access to the personal data that we hold about you.
You also have the right to request a copy of the information we hold about you, and we will provide you with this unless legal exceptions apply.
If you want to access your information, please send a description of the information you would like to see and proof of your identity by post to the address provided below.
You have the right to have inaccurate or incomplete information we hold about you corrected. The accuracy of your information is important to us, so we're working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change email address, or if you believe any of the other information we hold is inaccurate or out of date, please contact us via email or post (see below).
You have a right to ask us to restrict the processing of some or all of your personal information if there is a disagreement about its accuracy, or we're not lawfully allowed to use it.
You may ask us to delete some or all of your personal information; we will do so as far as we are required to. In many cases, we will anonymise that information, rather than delete it, if legally allowable.
If we are processing your personal information (1) based on your consent, or in order to enter into or carry out a contract with you, and (2) the processing is being done by automated means, you may ask us to provide it to you or another service provider in a machine-readable format.
You have the right to object to processing where we use your personal information (1) based on legitimate interests, (2) for direct marketing, or (3) for statistical/research purposes.
If you want to exercise any of the above rights, please email us at [email protected] or write to Privacy Compliance, Leonardo DiCaprio Foundation, P.O. Box 921, Culver City, CA 90232. We may be required to ask for further information and/or evidence of identity. We will endeavour to respond fully to all requests within one month of receipt of your request, however, if we are unable to do so, we will contact you with reasons for the delay.
Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details, we recommend you consult the GDPR guidance published by the UK’s Information Commissioner’s Office, at: https://ico.org.uk/.
Keeping your information safe
When you give us personal information, we take steps to ensure that appropriate technical and organisational controls are in place to protect it.
Keeping your information up to date
We take reasonable steps to ensure your information is accurate and up to date.
Where possible we use publicly available sources to identify address and other contact changes.
We appreciate your sharing with us any changes in your contact details.
Use of “cookies”
It is possible to switch off cookies by setting your browser preferences. Turning cookies off may result in a loss of functionality when using our website.
Links to other websites
Our website may contain links to other websites run by other organisations. This Policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other websites, even if you access those using links from our website.
16 or Under
We are concerned about protecting the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian's permission beforehand whenever you provide us with personal information.
We are committed to protecting vulnerable supporters, customers and volunteers, and appreciate that additional care may be needed when we use their personal information. In recognition of this, we observe good practice guidelines in our interactions with vulnerable people.
Transferring your information outside of Europe
As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Economic Area (“EEA”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EEA. You should be aware that these countries may not have similar data protection laws to the GDPR. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
If you use our services while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.
Changes to this Policy
Any changes we may make to this Policy in the future will be posted on the Foundation website. Please check this page regularly to ensure that you have no questions or concerns regarding the changes. If we make any significant changes, we will note those on our landing page.
Review of this Policy
We keep this Policy under regular review. This Policy was last updated in July 1, 2018.