The EastWest Institute values your privacy. The following policy outlines ways in which we collect, store and use personally identifiable information online. Except for very limited exceptions further described in the remainder of this Privacy Policy, we do not share any personally identifiable information with third parties.
GDPR Compliance Statement
The EU General Data Protection Regulation (“GDPR”) comes into force across the European Union on May 25, 2018 and brings with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.
The 21st Century brings with it broader use of technology, new definitions of what constitutes personal data and a vast increase in cross-border processing. The new Regulation aims to standardise data protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.
Our Commitment
The EastWest Institute values your privacy and is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always maintained a robust and effective data protection program which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the GDPR.
The EastWest Institute is dedicated to safeguarding the personal information under our remit and in maintaining a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new GDPR regulation.
How We are Preparing for the GDPR
The EastWest Institute already has a consistent level of data protection and security across our organization; however it is our aim to be fully compliant with the GDPR by May 25, 2018.
Our preparation includes:
-
Information Audits – carrying out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed.
-
Policies & Procedures – revising data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including:
-
Data Protection – our main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.
-
International Data Transfers & Third-Party Disclosures – where EastWest Institute stores or transfers personal information outside the EU, we have robust procedures and safeguarding measures in place to secure, encrypt and maintain the integrity of the data.
-
Privacy Notice/Policy – we have revised our Privacy Policy to comply with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
-
Direct Marketing – we have revised the wording and processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials.
-
Data Subject Rights
In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide easy-to-access information via our website of an individual’s right to access any personal information that EastWest Institute processes about them and to request information about:
-
What personal data we hold about them
-
The purposes of the processing
-
The categories of personal data concerned
-
The recipients to whom the personal data has/will be disclosed
-
How long we intend to store your personal data for
-
If we did not collect the data directly from them, information about the source
-
The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
-
The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
-
The right to lodge a complaint or seek judicial remedy and who to contact in such instances
Information Security & Technical and Organisational Measures
The EastWest Institute takes the privacy and security of individuals and their personal information very seriously and takes every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures, including:
Privacy Policy
Information Collection & Use
The following policy outlines ways in which we collect, store and use personally identifiable information online. Except for very limited exceptions further described in the remainder of this Privacy Policy, we do not share any personally identifiable information with third parties.
Registration
In order to use certain parts of the EastWest Institute website, you may need to first complete a registration form to create a username and/or password. During registration you may need to provide contact information. We may use this information to contact you. Any time we do so, we will provide you with clear instructions should you choose not to receive information from us.
Online Donations
The EastWest Institute will not sell, trade or share a donor's personal information with anyone else, nor send donor mailings on behalf of other organizations. We will only share personal information once the donor has given specific permission to do so. Learn more about our donor privacy policy.
Surveys
Occasionally, we may provide you the opportunity to participate in surveys on our site. Participation in these surveys is completely voluntary. We use survey results to further improve this site and its content as well as to enhance our communications with our audiences.
We may use third-party service providers that are verified as GDPR compliant to conduct surveys. Those companies will be prohibited from using our users' personally identifiable information for any other purpose than what has been identified above. We will not share the personally identifiable information you provide through a survey with third parties unless we give you prior notice and a choice to opt out.
Tell a Friend/Forward to a Colleague
If you use referral services to tell a friend/colleague about our site or electronic newsletters, the EastWest Institute will maintain this information in our database to compile aggregate statistics on the effectiveness of our referral program.
Job applicants
If you have applied for employment with the EastWest Institute, the personal information submitted with your job application will be added to our Talent Community and used for recruitment and other customary human resources purposes. For example, we may send you information about new job opportunities within EastWest Institute as well as other career development resources. For further questions/inquiries, please contact recruiting@eastwest.ngo.
Electronic Communications from the EastWest Institute
Newsletters and Products
If you wish to subscribe to our electronic newsletters or receive other materials, we will use your email address to send the requested materials. We always provide a way to unsubscribe or opt out.
Customer Service and Profile
Based upon the personally identifiable information you provide us (i.e., your "profile"), we will send you a welcome email to verify your enrollment when you subscribe to an EastWest Institute electronic newsletter.
Choice/Opt-out
We provide you the opportunity to opt out of having your personally identifiable information used for any of these purposes.
If you no longer wish to receive electronic newsletters and/or promotional communications, you may opt out of receiving them by following the instructions included in each newsletter or communication.
Information Sharing and Disclosure
Aggregate Information (non-personally identifiable)
We sometimes share aggregated demographic information about our user base with partners. This information does not identify individual users. We do not link aggregate user data with personally identifiable information in these cases.
Personally Identifiable Information
We do not share personally identifiable information (your "profile") with third parties, except insofar as that information is required to fulfill a service, such as product fulfillment, that you have requested.
Changes in Business Structure or Ownership
We may disclose or transfer your personal information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of EastWest Institute's business, assets or ownership interest (including any bankruptcy or similar proceedings).
Legal Disclaimer
We reserve the right to disclose your personally identifiable information as required by law and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order or legal process served on the EastWest Institute.
Web Site Tools
Log Files
Web site visits generate certain information that is automatically stored in log files, including Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data.
We only use this information, which in itself does not identify individual users, to analyze trends, to administer the site, to track users' movements around the site and to gather demographic information about our user base as a whole.
Transparent images
We may employ transparent images and Web Beacons (also referred to as Web Bugs) that help us better manage content on our site. Transparent images and Web Beacons are embedded invisibly on web pages.
We may use transparent images in our HTML-based emails and newsletters to help us gauge the effectiveness of our electronic communications. If you would like to opt out of these, please see "Choice/Opt-out." You can also request to receive text-only electronic newsletters, which do not contain transparent images.
Links to Other Sites
This web site contains links to other sites that are not owned or controlled by the EastWest Institute. We are not responsible for the privacy practices or the content of such other sites.
Access to and Removal of Personally Identifiable Information
You may correct, update or deactivate your personally identifiable information by emailing us at gdpr@eastwest.ngo, or by contacting us by telephone or postal mail at the contact information listed below:
The EastWest Institute
10 Grand Central (155 E. 44th Street)
Suite 1105
New York, NY 10017
+1.212.824.4100
Changes in this Privacy Statement
We reserve the right to modify this privacy statement at any time. If we make material changes to this policy, we will notify you here, by email, or by means of a notice on our home page.
GDPR Roles and Employees
The EastWest Institute has appointed a data privacy team to develop and implement our roadmap for complying with the new data protection Regulation. The team are responsible for promoting awareness of the GDPR across the organization, assessing our GDPR readiness, identifying any gap areas and implementing the new policies, procedures and measures.
Any GDPR related questions can be addressed to EastWest Institute’s Data Protection Officer Alex Schulman at gdpr@eastwest.ngo.