13. Notice to European Users
The information provided in this section applies only to individuals in the
European Economic Area and United Kingdom (collectively, "Europe").
Personal information. References to "personal information" in this Privacy Policy are equivalent to "personal data" governed by European data protection legislation.
Controller and Representative. Breakthrough Energy Foundation is the controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation.
Legal bases for processing. The legal bases of our processing of your personal information as described in this Privacy Policy will depend on the type of personal information and the specific context in which we process it. However, the legal bases we typically rely on are set out in the table below. We rely on our legitimate interests as our legal basis only where those interests are not overridden by the impact on you (unless we have your consent or our processing is otherwise required or permitted by law). If you have questions about the legal basis of how we process your personal information, contact us at
[email protected].
Processing purpose (click link for details) Details regarding each processing purpose listed below are provided in the section above titled "How We Use Your Personal Information". | Legal basis |
---|
| Processing is necessary to perform the contract governing our provision of the Services or to take steps that you request prior to signing up for the Services. If we have not entered into a contract with you, we process your personal information based on our legitimate interest in providing the Services you access and request. |
| These activities constitute our legitimate interests. |
| Processing is necessary to comply with our legal obligations. |
| Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Services. |
Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.
Sensitive personal information. We ask that you not provide us with any sensitive personal information (e.g., social security number, government-issued identification, payment card information, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services, or otherwise to us.
Retention
We retain personal information where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested; to comply with applicable legal, tax or accounting requirements; to establish or defend legal claims; or for fraud prevention). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
"Live" user data (username, email and contact preferences, sign-in information [whether a link to a Facebook or Twitter ID or a password if the user is using our internal authentication]) is stored without any active plans on purging old or inactive data.
User generated content (comments, documents, or other files) is retained indefinitely unless a request or order is received to remove it.
Backup data (which may contain the above user-specific information) is retained for up to 1 year.
A user may request, in accordance with standards such as GDPR, to have their data removed from our live system, and it will eventually expire out of the backups once the retention period has ended.
Your rights
European data protection laws give you certain rights regarding your personal information. If you are located within Europe, you may ask us to take the following actions in relation to your personal information that we hold:
- Access. Provide you with information about how we process your personal information and give you access to your personal information.
- Correct. Update or correct inaccuracies in your personal information.
- Delete. Delete your personal information.
- Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Restrict. Restrict the processing of your personal information.
- Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
Please contact us at
[email protected] to submit these requests. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us at
[email protected] or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
Cross-Border Data Transfer
If we transfer your personal information from the European Economic Area to a country outside of it and are required to apply additional safeguards to your personal information under European data protection legislation, we will do so. Please contact us at
[email protected] for further information about any such transfers or the specific safeguards applied.