RightsCon Data Usage Policy/Notice

Last Updated: September 30th, 2021

Access Now ("Organization", "Access Now", "we", or "us") advocates for and respects your right to privacy and is committed to protecting it through our compliance with the practices described in this notice, including when you visit our websites and engage with us, online and offline.

This notice describes our practices for collecting, using, maintaining, protecting, and disclosing the personal data we may collect from you or that you may provide when you visit our websites, our Digital Security Helpline, RightsCon pages, events and campaigns (in addition to existing policies pertaining to events, such as the RightsCon Participation and Privacy Notice), or other digital properties, services, communications, or forms that link or refer to this notice (together, our "Access Now Assets"). This notice applies to the personal data collected through our Access Now Assets, regardless of the country where you are located.

The Access Now Assets may include links to third-party websites, plug-ins, services, social networks or applications. Clicking on those links or enabling those connections may allow the third party to collect or share data about you. We do not control these third-party websites, and we encourage you to read the privacy notice of every website you visit.

We do not rent or sell visitor or donor information to third parties. We will not transfer or share this information unless compelled by law, or under the specific conditions listed below, and we will vigorously challenge any subpoena or other demand by government or private organizations or individuals to access it.

Please read this notice carefully to understand our policies and practices for processing and storing your personal data. By engaging with our Access Now Assets, you accept and consent to the practices described in this notice. This notice may change from time to time (see Changes to Our Data Notice). Your continued engagement with our Access Now Assets after any such revisions indicates that you accept and consent to them, so please check the notice periodically for updates.

Data We May Collect About You

Though we strive to collect as little personal data as we need to further our mission, we do collect and use different types of data from and about you when you visit our Access Now Assets, or subscribe to our campaigns or mailing lists, including:

  • Personal data that we could reasonably use to directly or indirectly identify you, such as your name, postal address, email address, telephone number, user name or other similar identifier, or any other information the website collects that is defined as personal or personally identifiable information under applicable law ("personal data").
  • Information that does not directly or indirectly reveal your identity or directly relate to an identified individual, such as demographic information (for example, age, nationality, geographical information), statistical, or aggregated information. Statistical or aggregated data does not directly identify a specific person, but we may derive non-personal statistical or aggregated data from personal data. For example, we use the open source analytics platform Piwik to track visitor usage patterns.
  • With Piwik, we log IP addresses (which include location data), browser, operating system, visiting time (local and server), session, actions per visit, pageviews per visit, returning visitors, and referring site information. The data we collect through Piwik is stored on our own servers, and will never be shared with others. Find the Piwik Privacy Policy here: https://piwik.org/privacy/.
  • Technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, or operating system and platform.
  • When you submit information on our site using third party forms, like the registration form powered by EventBrite, data may be collected by those vendors and processed subject to their terms of service.
  • Other details about your Access Now Assets interactions, including the full Uniform Resource Locators (URLs), clickstream to, through, and from our Access Now Assets (including date and time), products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, or any phone number used to call our telephone number(s).

Social Media Information

We have pages on social media sites like Instagram, Facebook, Twitter, and Instagram (“Social Media Pages”). When you interact with our Social Media Pages, including by tagging our pages or using our hashtags, we will collect personal data that you elect to provide to us, such as your contact details and social media username(s). In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.

Age of Majority and Personally Identifiable Information

Access Now’s Access Now Assets and services are not intended for, or designed to attract, individuals under the age of majority pursuant to applicable law, or those persons under the age of 18. We do not knowingly collect personally identifiable information from any person under the age of majority pursuant to applicable law, or those persons under the age of 18.

Treatment of Data as Personal Data

If we combine or connect non-personal, technical, or demographic data with personal data so that it directly or indirectly identifies an individual, we treat the combined information as personal data.

How We Collect Data

We use your personal data to provide you with information, offer you services, communicate with you, or to conduct other business operations, such as using data to improve and personalise your experiences. 

Examples of how we may use the personal data we collect include to:

  • Present our Access Now Assets and provide you with the information, services and support that you request from us.
  • Meet our obligations and enforce our rights arising from any contracts with you, including for billing or collections, or comply with legal requirements.
  • Fulfil the purposes for which you provided the data or that were described when it was collected.
  • Notify you about changes to our Access Now Assets, products or services.
  • Ensure that we present our Access Now Assets content in the most effective manner for you and for your computer.
  • Administer our Access Now Assets and conduct internal operations, including for troubleshooting, data analysis, testing, research, statistical and survey purposes.
  • Improve our Access Now Assets, products or services, marketing, or client relationships and experiences.
  • Protect our Access Now Assets, employees or operations.

We take industry standard security measures to protect personal information under our control from loss, misuse, and breach, but like with every website, there are risks associated with uploading your information online.

When you are asked for your personal data, you are sharing that information with Access Now alone, unless stated otherwise. We use this information to further our mission, by ensuring our work serves users at risk around the world and reaches the stakeholders whose decisions impact our fundamental human rights online.

You retain the right to view and request copies, deletion, and modification of the personal data we collect from you. Contact [email protected] to start exercising these rights.

Please read the section below titled “Additional Notice to Individuals in the EEA and the UK” for further information applicable to individuals in the EEA and the UK.

All information collected by Access Now staff, whether in person or through email and online, is protected by confidentiality agreements. We do not have a backup policy for our communications. Each employee, as they see fit, may retain the content of specific communications they receive and send, but we work to keep this information stored securely.

Site visitor information collected and analyzed through Piwik analytics is stored on our own servers. Some data we collect from you on our website, including mailing list subscription and campaign information, is stored in our contact relationship database (CRM).

The accessnow.org website is stored on servers of Virtual Road, a project of Qurium – The Media Foundation. Find their policies and contact information here: https://www.qurium.org.

Disclosure of Your Personal Data

We do not rent or sell visitor information to third parties. We will not transfer or share this information unless compelled by law, or under the specific conditions listed below, and we will vigorously challenge any subpoena or other demand by government or private organizations or individuals to access it.

From time to time, we may share your personal data with:
  • Any member of our corporate group, which means our subsidiaries, our ultimate holding company and its subsidiaries, and affiliates.
  • Business partners, suppliers, service providers, sub-contractors and other third parties we use to support our business (such as analytics and search engine providers that assist us with Access Now Assets improvement and optimisation).
  • To fulfil the purpose for which you provide it. For example, if you give us an email address to subscribe to a newsletter, we will transmit the contents of that email to the email address provided.

We may also disclose your personal data to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • To a buyer or other successor in the event of merger, divestiture, restructuring, reorganisation, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, where one of the transferred assets is the personal data we hold.
  • To comply with any court order, law, or legal process, including responding to any government or regulatory request.
  • To enforce or apply our terms of use and other agreements.
  • To protect the rights, property, or safety of our business, our staff, our partners, or others. This includes exchanging information with other companies and organisations for the purposes of cybersecurity, fraud protection and risk reduction.
  • Additional parties not listed above, for purposes that we will disclose in writing (including via email) when you provide the data, if permitted by law. If required by applicable law, we will obtain your consent before disclosing your data in these additional circumstances.

Additional Notice to Individuals in the EEA and the UK 

  • Scope. This section provides additional information to individuals in the European Economic Area (“EEA”) and the United Kingdom (“UK”).
  • Data Controller. Access Now is the controller for personal data  covered by this notice. You can contact us at [email protected]
  • Purposes and Legal Bases for Processing. This notice (the section titled “How We Use Your Personal Data”) describes the purposes for which we process your personal data. Under applicable UK and EEA data protection laws, we are required to specify the legal basis or bases under which we are allowed to process personal data. Processing of your personal data for the purposes described above is necessary for legitimate business interests as described in the section titled “How We Use Your Personal Data”. From time to time, we may ask for your consent to use your personal data for certain specific reasons. When we process personal data based on your consent, you may withdraw your consent at any time by contacting us.
  • Categories of Recipients of Personal Data. We describe the categories of recipients of the personal data in the section titled “Disclosure of your personal data” above.
  • Transfers of Personal Data. We transfer personal data as described in the “Transfer of Your Personal Data” section in this notice.
  • Data Retention. We keep personal data for as long as needed to provide you with the services that you request; as needed for the purposes outlined in this notice or at the time of collection; as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements; or to the extent permitted by law. To determine the appropriate retention period for your personal data, we will consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we use your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 
  • Your Rights. You may have the right to: (a) access the personal data we hold about you; (b) request we correct any inaccurate personal data we hold about you; (c) request we delete any personal data we hold about you; (d) restrict the processing of personal data we hold about you; (e) object to the processing of personal data we hold about you; and/or (f) receive any personal data we hold about you in a structured and commonly used machine readable format or have such personal data transmitted to another company. Please note that we may ask you to verify your identity before responding to such requests. If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time, but this will not affect any processing of your data that has already taken place.
To exercise any of your rights in connection with your personal data, please contact us at [email protected]. You also have the right to complain to a Data Protection Authority in your country about our collection and use of your personal data.

Transfer of Your Personal Data

We and our service providers are based in a number of countries around the world, including the United States. If you are accessing the Access Now Assets from a country outside the United States, your personal data may be transferred from your current location to the offices and servers of Access Now and its authorized third-party business vendors located globally, including in the United States, and processed globally. These other countries may have different privacy laws that may or may not be as comprehensive as your own. 

When we transfer your personal data out of the country in which you are located, we will take steps to ensure that your personal data receives an adequate level of security protection where it is processed and your rights continue to be protected. By submitting your personal data or engaging with our Access Now Assets, you acknowledge that we may transfer, store, or process your personal data as described in this notice.

Our Access Now Assets may, from time to time, contain links to and from the websites of our partner networks, affiliates, or plug-ins enabling third-party features. If you follow a link to any third-party website or engage a third-party plug-in, please note that these third parties have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these third parties.

Data Security

The security of your personal data is very important to us. We use physical, electronic, and administrative safeguards designed to protect your personal data from loss, misuse and unauthorised access, use, alteration or disclosure. We store all personal data you provide to us on servers employing security protections.

Information submitted through our session submission form or any other action forms is encrypted through a Secured Socket Layer (SSL) connection, which protects the information while in transit. The RightsCon.org website is secured using Hypertext Transfer Protocol Secure (HTTPS), which utilizes a SSL certificate. HTTPS provides a secure channel over which data can be transferred from your computer to the web servers that host the Site. Please note, however, that several pages on the Site contain mixed content (including Twitter feeds and YouTube videos) that is not necessarily secured by HTTPS.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Access Now Assets, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Access Now Assets. 

Any transmission of personal data is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on the Access Now Assets.

What Are Your Rights?

You have a number of rights in relation to your personal data. These can differ by country, but can be summarized in broad terms as follows:

I. Right of access

You have the right to confirm with us whether your personal data is processed, and if it is, to request access to that personal data including the categories of personal data processed, the purpose of the processing, and the recipients or categories of recipients. We do have to take into account the interests of others though, so this is not an absolute right. We may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

II. Right to rectification

You may have the right to rectify inaccurate or incomplete personal data concerning you.

III. Right to erasure

You may have the right to ask us to erase personal data concerning you.

IV. Right to restriction of processing:

In limited circumstances, you may have the right to request that we restrict processing of your personal data, however where we process Employee Data and Sensitive Employee Data for the Processing Purposes we think that we have a legitimate interest in processing it may override a request that you make.

V. Right to data portability

You may have the right to receive personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and you may have the right to transmit that data to another entity.

VI. Right to object and rights relating to automated decision-making:

Under certain circumstances you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, including profiling, by us and we can be required to no longer process your personal data. You may also have the right to request human intervention in relation to decisions based solely on automated processing, to express your view and to contest the decision.

To exercise any of these rights, please contact us as stated below in the Contact Us section. We do not discriminate based on whether you choose to exercise your choice and rights. We try to respond to all legitimate requests within a reasonable time. Occasionally it may take us longer, if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

If you would like to make a request to access, review, or correct the personal data we have collected about you, or to discuss how we process your personal data, please refer to the Contact Us section. 

To help protect your privacy and security, we will take reasonable steps to verify your identity before granting you access to your personal data. Depending upon the circumstances and the request, we may not be permitted to provide access to personal data or otherwise fully comply with your request; for example, where producing your information may reveal the identity of someone else. We may charge an appropriate fee for complying with your request where allowed by applicable law, and/or to deny your requests where they may be unfounded, excessive, or otherwise unacceptable under applicable law. If your request is denied, you will receive an explanation as to the reasons for this denial, unless prohibited by applicable law or regulations. 

In addition, and where granted by applicable law, you may have the right to lodge a complaint with a data protection authority in the country where you are habitually resident, where you work, or where the alleged infringement took place, if you consider that we have infringed applicable data protection legislation when processing your personal data.

Changes to Our Data Notice

We will post any changes we may make to our data notice on this page. If the changes materially alter how we use or treat your personal data we will notify you through a notice on the RightsCon homepage. Please check back frequently to see any updates or changes to our data notice.

Questions, comments and requests regarding this notice and our data practices are welcomed and should be addressed to [email protected].