ELEPHANT HAVEN EUROPEAN ELEPHANT SANCTUARY
PRIVACY POLICY
Introduction
Welcome to our website, we are delighted with your interest in Elephant Haven European Elephant Sanctuary. Your privacy and the protection of your private data are of the highest importance to us. In this Privacy Policy we describe how and why any personal information we collect from you will be used, stored and processed. We also outline your rights regarding your personal data. You can use the pages of our website without disclosing any personal data, however, to use certain services the processing of personal data may be necessary.
The processing of personal data, such as your name, address, email address, or telephone number will always be in compliance with the General Data Protection Regulation (hereinafter referred to as GDPR. Whenever the processing of personal data is necessary, and no legal basis exists for this processing, we ask for your consent to do so.
- Protection of your personal data
We have implemented appropriate technical,organizational and administrative measures to ensure the best possible protection of your personal data processed through this website. Unfortunately, no transmission or storage system can be absolutely secure, and transmissions of information via the internet are not absolutely secure either. Should you have any concerns or questions on this subject, please get in touch with us.
- The information we collect about you
a) personal data you provide to us directly
b) personal data we collect when you use our website and services
c) data we receive from other sources: we may receive information about you through third parties such as service providers we work with, who provide services such as payment processing or email shipping. More information about this will be provided throughout this policy.
1. Definitions
Our data protection declaration uses a number of defintions from the General Data Protection Regulation (GDPR). To help you better understand this document, we would like to explain these definitions.
a) Personal data
Personal data encompasses all information relating to you personally, that make it possible to identify you as an individual, including for example your name, postal adress, email address, telephone number.
b) Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, circulation or otherwise making available, alignment or combination, restriction, erasure or
c) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person such as personal preferences, interests, or behaviour.
d) Controller
The controller for the processing is the natural or legal person, public authority, agency or other body who, alone or jointly with others, processes your data.
In the present case, Elephant Haven European Elephant Sanctuary is the controller responsible for the processing of your data, and will hereinafter be referred to as „E.H.E.E.S.“ or as „we“.
e) Consent
Consent is any freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, agree to the processing of personal data relating to your person.
2. Who we are
Elephant Haven
5 Rétabout
Saint-Nicolas-Courbefy
87230 Bussière Galant
France
Contact België
Secretariat vzw Elephant Haven
Tuyaertsstraat 19
2845 Niel
België
Email: info@elephanthaven.com
Website: https://www.elephanthaven.com
3. Our Data Protection Officer ( hereinafter referred to as DPO )
The DPO is a role within an organisation, responsible to ensure that the organisation is correctly protecting your personal data according to current legislation. In other words, the DPO monitors the organisation’s compliance with the GDPR.
Our DPO’s details are:
Elephant Haven
5 Rétabout
Saint-Nicolas-Courbefy
France
Email: info@elephanthaven.com
Website: https://www.elephanthaven.com
You can, at any time, contact our DPO directly with all questions and suggestions concerning data protection, and the exercise of your rights concerning your personal data as listed under 10.
4. Cookies
The Internet pages of E.H.E.E.S. use cookies. Cookies are small files that are stored on the hard drive of your computer or mobile device by a website or app, in order to offer you access to various features or services.
Through the use of cookies, Elephant Haven can provide you with more user-friendly services and make it easier for you to use our website.
You can at all times, remove, reject or block cookies through your browser settings. Many browsers are set to accept cookies untill you modifie your settings.
Useful information on cookies, such as how to manage and delete them, can be found on www.allaboutcookies.org (amongst others).
Bear in mind though, that by not accepting our cookies, the functioning of some features or services may be impaired as a few things wouldn’t work without some cookies.
If you want to change the settings using our cookie consent tool, click here: Open Cookie-Consent-Tool
5. Collection of general data and information
When accessing our website, a series of general data and information are collected.These general data and information are stored in the server log files.
We collect:
(1) the browser type and version used,
(2) which operating system is installed on your computer,
(3) the website from which you access our website (so-called referrers),
(4) the sub-websites,
(5) the date and time of access to the Internet site,
(6) your Internet protocol address (IP address),
(7) your Internet service provider, and
(8) any other similar data and information that may be used for security reasons in the event of attacks on our information technology systems.
This information is needed to
(1) deliver the content of our website correctly,
(2) optimise the content of our website as well as its advertisement,
(3) ensure the long-term functioning of our information technology systems and website technology, and
(4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, E.H.E.E.S. analyses anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our organisation, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
6. Subscription to our newsletter
On our website, users can subscribe to our newsletter.
E.H.E.E.S. informs its customers, supporters and partners regularly by means of a newsletter about its activities and offers.
We will only send you our newsletter if (1) you have a valid email address and (2) you have registered for the newsletter shipping. For legal reasons a confirmation e-mail will be sent to the registered email address as part of the double opt-in procedure. This confirmation email is to verify that the owner of the email address has consented to receive our newsletter.
During the registration for the newsletter, we also store the IP address of the computer used at the time of the registration, as well as the date and time of the registration. The collection of these data is necessary in order to retrace the (possible) misuse of the concerned email address at a later date, and therefore serves the legal protection of E.H.E.E.S. .
The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. Personal data collected by the newsletter service will not be passed on to third parties. You can cancel your subscription to our newsletter at any time. The consent to the storage of personal data, which you have given for shipping the newsletter, may be revoked at any time.
You can unsubscribe at any moment by using the corresponding link provided in each newsletter or by informing us about your decision in another way.
7. Newsletter
The newsletter of the Elephant Haven contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, that allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, E.H.E.E.S. can see if and when you have opened an email, and which links you have called up from this e-mail.
Such personal data collected by the tracking pixels contained in the newsletters are stored and analysed by E.H.E.E.S. in order to optimise the shipping of the newsletter, and to adapt the content of future newsletters even better to your particular interests. These personal data will not be passed on to third parties. At any time you have the rigth to revoke the consent given by means of the double opt-in procedure. After a revocation, these personal data will be deleted by E.H.E.E.S.. We automatically regard the cancellation of your subscription to our newsletter as a revocation.
8. Possibilities to contact us through the website
Our website offers several ways to contact E.H.E.E.S. , including a general email address. If you contact us by email or through a contact form, the personal data you transmit are automatically stored. These personal data, transmitted on a voluntary basis, are stored for processing purposes or to contact you. This personal data will not be passed on to third parties.
9. Routine erasure and blocking of personal data
Elephant Haven shall process and store your personal data only as long as needed for the purpose for which they were collected or for as long as stipulated by the European or other legislators in laws or regulations to which E.H.E.E.S. is subject to.
If the storage purpose does not apply, or if a storage period prescribed by the European or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
10. Your rights regarding your personal data
You have the following rights regarding your personal data:
- Right of access : this is the right to know whether or not we process your personal data, and where that is the case, to know what data we hold and how they are used. Furthermore you have the right to request a structured, commonly used, machine-readable copy of the data you transmitted to us.
- Right to rectification of inaccurate or incomplete data
- Right to request we erase your personal data
- Right to object to the processing of your personal data or request a restriction of processing
- Right to data portability: this is the right to transmit your personal data to another controller
- Right not to be subjected to automated individual decision-making
- Right to revoke, at any time, the consent you have provided us with to process your personal data.
There may be exceptions to the exercise of certain rights for specific legal reasons or legitimate grounds. Where this is the case we will set these out for you in response to your request.
Important : If you wish to exercise any of the rights listed above, please contact our Data Protection Officer using the details in section 3.
In your request please make clear which of your rights you want to exercise.
You can do this either
- in writing through our French or Belgian postal address, listed under 2., accompanied by a proof of your identity,
or
- by email.
Addionally you have the right to lodge a complaint with the relevant data protection regulatory authority.
11. Data protection for applications and the application procedures
E.H.E.E.S shall collect and process the personal data of applicants for the purpose of the processing of the application procedure only. The processing may also be carried out electronically. If E.H.E.E.S. concludes an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant by E.H.E.E.S., the application documents shall be automatically erased two months after notification of the refusal decision, provided that no other legitimate interests of E.H.E.E.S. are opposed to the erasure.
12. The application and use of YouTube
YouTube is an internet video portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, UNITED STATES. The YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.
More information about YouTube may be obtained under https://www.youtube.com/yt/about/en/ .
YouTube's data protection provisions are available at https://www.google.com/intl/en/policies/privacy/ ,
These provisions provide information about the collection, processing and use of personal data by YouTube and Google.
13. Payment Processing: Data protection provisions of PayPal as a payment processor
On its website, E.H.E.E.S. has integrated components of PayPal, an online payment service provider.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If you choose "PayPal" as the payment option in the online shop during the ordering process, we automatically transmit your data to PayPal. By selecting this payment option, you agree to the transfer of personal data required for payment processing.
The personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. The processing of the purchase contract also requires such personal data, which are in connection with the respective order.
The transmission of the data is aimed at payment processing and fraud prevention. E.H.E.E.S. will transfer personal data to PayPal, in particular, if a legitimate interest in the transmission is given. Under certain circumstances the personal data exchanged between PayPal and E.H. will be transmitted by PayPal to economic credit agencies. This transmission is intended for identity and creditworthiness checks.
The applicable data protection provisions of PayPal may be retrieved under https://www.paypal.com/us/webapps/mpp/ua/privacy-full .
14. Google Maps
Our website uses Google Maps to show you a site map. The operating company of Google Maps is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
By using this website, you agree to the recording, processing as well as the use of the data you provided or that were collected by automated means by Google, one of its representatives or third party providers.
You can find the General Terms of Use of Google Maps on
https://maps.google.com/help/terms_maps.html
More details are given on
https://privacy.google.com/index.html
15. Use of the mail-handling service provider „MailChimp“
The shipping of our newsletter is carried out by MailChimp, an email delivery platform of Rocket Science Group, LLC, 675 Ponce de Leon Ave NE #5000, Atlanta, GA 30308, USA.
The email addresses of the recipients of the newsletter, as well as all other data mentioned in these notes, are stored on the servers of MailChimp in the USA. MailChimp uses this information for the shipping and evaluation of our newsletter on our account. Additionally, MailChimp can use this data to optimise and improve their own services. However, MailChimp neither uses this data to contact our newsletter recipients directly nor passes them on to third parties.
We trust in the reliability, and the IT and data security of MailChimp.
MailChimp is certified under the US-EU „Privacy Shield“ data protection agreement and commits itself to adhere to the US-EU data protection guidelines. Furthermore we have concluded a „Data-Processing-Agreement“ with MailChimp, which requires MailChimp to protect the data of our users in accordance to its data protection rules on our account and not to pass them on to third parties.
You can consult MailChimps Privacy Policy on https://mailchimp.com/legal/privacy .
16. Legal basis for the processing
We only process your personal data when at least one of the following applies:
- You have given consent to the processing of your data for specific purposes, such as sending you emails
- The processing is necessary
a) For the performance of a contract to which you are party, or in orderto take steps at your request prior to entry into a contract
b) To comply with legal obligations to which E.H.E.E.S. is subject, e.g. tax obligations
c) To protect your vital interests or those of another natural person
d) For the purposes of the legitimate interests pursued by our organisation or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
17. Crowdfunding
We may obtain your personal information when organising a fundraising event or though fundraising platforms such as GoFundMe or Teaming, for the time such a fundraising action takes place. Please read their respective privacy policy before providing them with your information.
18. The legitimate interests pursued by E.H.E.E.S. or by a third party
Where the processing of personal data is based on the pursuit of our legitimate interest, this legitimate interest is to carry out our activities in favour of the well-being of all our employees and partners .
19. Period during which the personal data will be stored
The criterion used to determine the period of storage of your personal data is the respective statutory retention period, as this may depend on what we are using it for. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of a contract or the initiation of a contract.
Furthermore we only retain your personal data for the period necessary to fulfill the purposes for which that data is collected, unless otherwise required by law.
20. Provision of personal data as statutory or contractual requirement - Requirement necessary to enter into a contract – Your obligation to provide personal data - Possible consequences of failure to provide such data – donations and tax certificates
We would like to clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary, to conclude a contract, that you provide us with personal data, which must subsequently be processed by us. You are, for example, obliged to provide us with personal data when E.H.E.E.S. signs a contract with you. The non-provision of the personal data would have as a consequence that the contract could not be concluded. Please contact us before providing us with personal data. We will then clarify to you whether the provision of the personal data is required by law or contract, or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.
We also use your personal data for the processing of your donation(s) and to draw up a tax certificate if you have opted for this.
21. Automated decision-making - profiling
As a responsible organisation we do not use automatic decision-making or profiling.
22. Protecting the privacy of children
E.H.E.E.S. is committed to protecting the privacy and safety of children, and does not knowingly collect personal data about children . If you are younger than 16, please review the terms of this policy with your parents or guardian to make sure these terms are understood. No information should be submitted to our website without prior parental consent.
Also, whenever minors provide us with their data in another way than electronically (meaning not through our website or by email) , this must be approved by at least one parent or guardian.
23.Who has access to your data?
- At E.H.E.E.S. , access to your data is restricted to staff who need this information. Those staff members who have access to your data are aware of their responsibilties in relation to data protection legislation, and comply with them.
- Third party service providers: we may share your personal information with our third party service providers, who provide services such as payment processing or email shipping. They are only permitted to use your data to the extent necessary to provide their services to us, and are restricted from using them for other purposes.
24. Third party websites
Our website contains links to third party websites such as Google Maps, YouTube and Paypal. Please be advised that our Privacy Policy does not extend to these websites, who have their own privacy policies, and that we cannot accept any responsibilty for these. Please make sure to read and understand their privacy policies .
25. Version
This is the most recent version of our policy on 25/05/2018.
Note: This Privacy Policy has been compiled on the basis of a concept generated by the Privacy Policy Generator of the German Association for Data Protection that was developed in cooperation with Privacy Lawyers from WILDE BEUGER SOLMECKE, Cologne.