1. Information We Collect.
We may collect your personal data when you submit it to us (including through the Site), and certain data are collected automatically when you use the Site. Data that we may collect includes your:
- Mailing address
- Email address
- Telephone number(s)
- Data that you provide in connection with any of our surveys to which you respond
- Technical data, including internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device identifiers, geolocation information, and other technology on the devices you use to access our Site.
In addition, we may collect personal data from various other sources, including through:
- The Site and other web properties via Google Analytics
- Third parties, such as Doodle, SurveyMonkey, Zoom, and Constant Contact
- Social media
Upon receiving your personal data, we may create a user profile linked to that personal data. If the same personal data is provided in connection with future actions or activities on the Site, such actions or activities will be added to that user profile. As described below, you may review and update such information at any time.
The following list includes the most common ways that you may provide your personal data to us and the types of personal data that we may collect in these ways:
- Registration. We do not ask that you register or enter any personal data to access or use most areas of the Site. However, you may choose to subscribe to join ROSA’s mailing list or submit an inquiry. To do so, you may be required to enter certain personal data, including your email address, title, and organization. You also have the option to provide us with your telephone number(s).
- Communications between you and ROSA. As described in this Policy, you may contact ROSA or subscribe to newsletters and other mailings, and ROSA may respond to your inquiries or request for mailings.
- Other purposes. In addition to the above, we may process personal data for other purposes for which we will provide notice to you at the time of collection.
2. Cookies, Tracking and Analytics.
3. How You Can Access and Manage Your Information.
You can review and update certain of your personal data, and can also opt out of any type of communication from ROSA, at any time, by contacting email@example.com. You are also able at any time to unsubscribe from specific publications that you are receiving by e-mail by clicking a link that appears in the email publication itself.
4. Rights of Individuals in the European Union.
This section applies only to individuals in the European Union (the “EU”).
With respect to the personal data we collect directly from you, we are the “data controller,” as defined in the European Union’s General Data Protection Regulation (the “GDPR”). We will only use your personal data when we have a lawful basis to do so under the GDPR. Usually, we will use your personal data in the following circumstances:
- when it is necessary for our legitimate interests, and your interests, and fundamental rights do not override those interests;
- when we need to comply with a legal or regulatory obligation; or
- when we have obtained your consent.
Under the GDPR, individuals in the European Union have certain rights in relation to their personal data, which are summarized below. These rights are subject to your exercising them in good faith and are subject to our legitimate interests or other valid basis to continue processing your personal data, in accordance with our policies and applicable law.
The right to access – You have the right to request that we provide copies of your personal data. We may charge you a small fee for this service.
The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete information you believe is incomplete.
The right to erasure – You have the right to request that that we erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
Processing of Special Categories of Personal Data
There are certain types of personal data that require a higher level of protection, known as “special categories” of personal data under the GDPR. We do not process special categories of personal data unless (a) we have obtained such individuals’ explicit consent or (b) we are otherwise legally permitted to do so.
In certain circumstances, EU Individuals have the right to withdraw their consent to our processing of their personal data. However, withdrawal of consent will not affect the lawfulness of any processing that had been carried out before consent is withdrawn.
EU Individuals who wish to exercise any of the rights they have under the GDPR should contact us at firstname.lastname@example.org. We may need to request specific information to help us confirm your identity, so that your personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request.
5. Sharing of Your Personal Data.
ROSA does not disclose your personal data to any third parties, except (i) to manage the Site and our database and to help us accomplish the objectives of our organization, in each case with the help of service providers (who are obligated to handle it in accordance with relevant laws), (ii) to send you communications about your interactions with us or about features of the Site, or (iii) as required by law or requested by governmental or law enforcement authorities, subpoena, court order or discovery request, or when we otherwise believe in good faith that such disclosure is appropriate to enforce our terms of service or in connection with any activity that may violate the law or the rights of others, threaten the safety or security of any person or property (including the Site) or expose us to liability. In addition, if you visit any website that we jointly maintain with a third party, that third party will have access to any personal data that you provide on such website.
6. Employment or Volunteer Positions.
In connection with seeking employment or a volunteer position with ROSA, you may decide to submit, through the Site or otherwise, personal data (including your name, address, telephone number, e-mail address, Social Security number or Tax ID number and any other personal data requested on our online and offline forms, as well as an electronic or paper copy of your resume/CV). All information provided related to employment or volunteering will be kept confidential, and will be viewed by ROSA only to assess your qualifications as an employee or volunteer for ROSA.
7. Retention of Personal Data.
We may retain your personal data for as long as is necessary to fulfill the purposes for which we have collected it, including for the purposes of satisfying any legal, regulatory, accounting, reporting, insurance, professional indemnity, internal policy or other requirements.
We may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes. In such cases, we may use this information indefinitely without further notice to you.
8. Other Website.
This Policy applies only to the Site. If you visit any unaffiliated website linked to the Site, you are subject to that entity’s own privacy policies, which we do not control or monitor. You should review the privacy policies of all third-party websites before you visit them. ROSA has not reviewed all of the sites linked to the Site and it makes no representations or warranties as to the privacy practices, functioning or content of any site linked to the Site.
9. International Use.
We are based in the United States and our computer servers are located in the United States. Accordingly, all personal data in our possession and control is collected and processed by us in the United States. Any party that provides personal data to us is thereby transferring such data to the United States. Access to the Site from countries or territories where such access is illegal or contrary to applicable rules or regulations is prohibited. Those who access the Site from outside the United States do so on their own initiative and are responsible for compliance with local laws, rules and regulations.
10. Children’s Privacy.
The Site is not targeted toward, and we do not seek or desire to collect information from, children under the age of 13 in the United States (or age 16 outside the United States). Therefore, we will not knowingly request information from persons under such ages. Please do not provide any personal data to us for any reason unless you are at least the age of 13 in the United States (or age 16 outside the United States), and please caution your children not to do so. If a child under the age of 13 in the United States (or age 16 outside the United States) has provided personal data to us through the Site without verifiable parental consent, a parent or guardian may inform us at email@example.com and we will use commercially reasonable efforts to delete such information within a reasonable period of time, subject to applicable law and this Policy.
11. California Privacy Rights / “Do Not Track” Signals.
ROSA does not respond to Do Not Track (DNT) signals. However, some third-party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, certain web browsers allow you to set the DNT signal on your browser so that third parties (particularly advertisers) know that you do not want to be tracked. You should consult your web browser’s “help” feature for instructions on how to set the DNT signal.
Third parties that have content embedded on ROSA’s website may set cookies on a user’s browser and/or obtain information about the fact that a web browser visited the Site from a certain IP address. ROSA does not control or monitor such practices. You should contact such third parties directly to opt out.
12. Security Measures.
We have implemented appropriate technical and organizational measures to ensure a level of security of personal data appropriate to the risk. The security of your data is important to us, but remember that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. Further, we do not and cannot guarantee perfect security of networks, servers and databases we operate or that are operated on our behalf, or that the physical, technical, or managerial safeguards maintained by us or our third-party service providers will never fail or be breached.
14. How You Can Reach Us.
15. How You Can Reach Us.