The Council on American-Islamic Relations, New York, Inc. ("CAIR-NY") is committed to ensuring the privacy of all our users. We support the right to privacy and against government surveillance and intrusion. This policy represents our commitment as an organization to your right to privacy, giving you a clear explanation about how we use your information and your rights over that information.
This policy applies to all online systems offered by CAIR-NY to the public, through our website.
References to ‘we’, ‘us’ and ‘our’ are to CAIR-NY.
CAIR-NY is the registered data controller to which the policy refers. Our full details can be found at the end of this policy and please feel free to contact us with any questions related to it. This policy was last updated on June 29, 2018 and is reviewed every 12 months.
What types of information do we collect and how?
The type and amount of information we receive and store depends on how you use our website. You can access most of the pages on our websites without telling us who you are and without revealing any personal information.
We collect personal information in the following ways:
· When you request a workshop or to co-sponsor an event with us
· When you make a donation to us online through the donation form on our website, through Facebook, as an ACH payment, or over the phone
· When you report an incident to us by: completing our online form, sending us an email, by phone, or by social media
· When we contact you for further details, when following up on an incident you have reported
· When we follow up with you for further details on an incident you have reported
· When you apply for a job, internship or volunteering opportunity with us
If you choose to provide it, we can collect the following types of personal information from you:
- Email address
- Phone number
- Credit card details
- Additional information including but not limited to educational level, income, citizenship status, disabilities, ethnicity and religion, for reporting incidents.
How do we use information collected?
We use your personal information collected via our websites for the following purposes:
- To update you on our campaigns and activities
- To effectively respond to and deal with your query in the event that you contact us
- To respond to and process any incident report that you make
- To ask you to donate or get involved in our campaigns
- To process donations that we receive from you
- To undertake email actions to subscribers to our mailing list
- To administer and progress your applications for employment, internship or volunteering opportunities with us
- To compile statistical information
- To fulfil any legal obligations, including the provision of legal services
- Any other processing for which you have given your consent
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Legal basis of processing
Data protection law requires us to have a legal justification to process your personal information. We use the following depending on the type of data and the type of processing:
Consent We require your consent to send you our communications for example to send you emails to update you on our work and our campaigns and to request donations. We will only process your information in this way if you consent. If you apply for a job with us and provide us with sensitive personal information (including details of your race, ethnicity, gender) we will only process that information with your consent.
To fulfil a contractual obligation
If you donate to us we will process the personal data you provided to process that donation.
We will process your personal information to fulfil any legal obligations placed upon us, such as the prevention of fraud or money-laundering. We will also process your personal information if lawfully required to do so by a legal authority or a court of law.
For example where you are applying for an employment, internship or volunteering opportunity with us, processing certain information is necessary for such purposes.
We take appropriate security measures to ensure that we keep your information secure, accurate and up to date. We also take care to ensure that we have secure systems for processing payments through our payment services provider, including encryption of your payment card information. However, the transmission of information over the Internet is never completely secure, so while we do our best to protect personal information, we cannot guarantee the security of information transmitted to our websites.
On our website we sometimes have links to third-party websites or applications. This policy does not apply to such pages or applications hosted or operated by other organizations. These other sites may have their own privacy policies which apply to them.
Sharing of your personal information
We will only share your personal information in the following circumstances:
Hosting and processing arrangements
Our websites are hosted by third-party service providers and therefore any personal details you submit through them may be processed by that third-party service provider.
We also use other third-parties to process your personal details including to process online payments.
All third-party services providers process your personal information only on CAIR-NY’s behalf and are bound by contractual terms that are compliant with data protection law.
Payment processing and fraud
Your card details may be submitted to us by payments online, through the donation form on our website, through Facebook, as an ACH payment or over the phone. Where submitted, your card details may be disclosed to banks or relevant financial institutions to arrange payments. In the case of a suspected fraudulent transaction, your details may be further disclosed for the sole purpose of performing further checks (for example, including but not limited to, disclosure to a credit checking agency).
We may also share your personal information with your permission, or if we are legally required to disclose your information in circumstances where this cannot be reasonably resisted.
Retention period for data
We only hold your personal information on our systems for as long as is necessary for the purposes outlined above. We remove personal data from our systems once it is no longer required, in line with our guidelines on how long important information must remain accessible for future use or reference, as well as when and how data can be destroyed when it is no longer needed.
The length of time each category of data will be retained will vary depending on how long we need to process it for, the reason it was collected and in line with any statutory requirements. After this time the data will either be deleted or we may retain a secure anonymized record for research and analytical purposes.
Access to and your rights over your personal information
The personal data we hold about you is yours. You have the following rights over your information:
- To be informed how your data is being processed
- To access your data
- To rectify any data that is inaccurate
- To instruct us to delete your data, save where we are under a legal obligation to retain said data
- To restrict our processing of your data (which includes contacting you via email) at any time. All our email communications to you will contain an unsubscribe link.
- To object to your data being stored.
- To move your data
If you wish to exercise any of these rights or have any questions about this policy you may contact us in the following ways:
By email: email@example.com
By telephone: +1 (646) 665-7599
If you wish to lodge a complaint about our handling of your personal data please get in touch with us on the details above with the details of your complaint; we aim to respond to all complaints within 14 working days.
If you are dissatisfied with how we have handled your complaint you may lodge a complaint with European Data Protection Supervisor, via the following website: https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en