Login
Recover password
Registration

Members can log in to create events, publish stories, share resources and modify their password and newsletter subscription.

E-mail *
First name *
Last name *
Language preference *
Newsletter options *

By clicking below to submit this form, I hereby agree to the Sphere’s Privacy Policy and terms of use.

Data Protection Policy

Last update: July 2018

 

INTRODUCTION

Protecting the security and privacy of your personal data is important to Sphere. Therefore, Sphere (“Sphere” or “we”) operates its website spherestandards.org (“Service“) in compliance with applicable laws on data privacy protection and data security.

We respect your privacy and duly protect the personal data we process about you (“Personal Data”). All processing of Personal Data is carried out in accordance with General Data Protection Regulation[1] (“GDPR”).

The following describes how we collect, process and share your Personal Data.

We use your Personal Data for providing and improving the Service. By using the Service, you agree to the collection and use of information in accordance with this Policy.

 

DEFINITIONS

Personal Data: means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).

Usage Data: is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Data Controller: means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Protection Policy, we are a Data Controller of your data.

Data Processor (or Service Providers): means any person (other than an employee of the Data Controller) who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.

Data subject: is any living individual who is the subject of Personal Data.

User: is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.

 

WHAT ARE SPHERE’S STANDARDS FOR COLLECTING DATA?

By this Data Protection Policy, Sphere has successfully implemented the GDPR principles that apply to its activity in relation with the customers, partners or suppliers as follows:

  • Legality, fairness and transparency – processing of Personal Data is based on legal grounds, that must be provided to the Data Subject regarding the identity of the company performing such processing and the purpose of carrying out the processing.
  • Purpose limitation – the purpose of processing Personal Data is specified, explicit and legitimate. Personal Data are not processed for any other purposes.
  • Minimising data – ensuring that Personal Data is adequate, relevant and limited to what is necessary for that purpose.
  • Accuracy of data – Personal Data is accurate and updated.
  • Limiting storage – Personal Data is stored for a reasonable period to achieve the purpose for which they were collected.
  • Integrity and confidentiality – Personal Data is processed in a manner to ensure appropriate security and confidentiality and to prevent unauthorised access.
  • Responsibility – Sphere takes all responsibility and efforts in terms of the processing means.

 

WHAT ARE THE LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA?

Data processing is based on one or more of the legal grounds stipulated by GDPR.

  • Performance of a contract – Personal Data required for the execution of a contract to which the Data Subject is part (labour contract, services contract);
  • Legitimate interest – the interest must be balanced with the fundamental rights of individuals with regard to Personal Data. Processing of Personal Data for marketing purposes also constitutes a legitimate interest, and the processing of Personal Data necessary to monitor the premises or property or to prevent fraud;
  • Legal obligation – considers the fulfilment of the legal requirements by the employer to exercise attributions;
  • Consent – when the consent is obtained by the company for processing Personal Data, the consent is expressed as a valid legal basis while given freely; understandably and clearly; clearly distinctly from other information; and actively, meaning that pre-ticked boxes are not valid for a particular and revocable purpose.

 

WHAT PERSONAL DATA WILL BE PROCESSED?

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to:

  • Email address ;
  • First name and last name ;
  • Phone number ;
  • Address, state, province, postal code, city and country;
  • Cookies and Usage Data ;

We may also collect information how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

 

WHAT ARE THE PURPOSES OF PROCESSING YOUR PERSONAL DATA?

We use the collected data for various purposes:

  • to provide and maintain our Service;
  • to notify you about changes to our Service;
  • to allow you to participate in interactive features of our Service when you choose to do so;
  • to provide customer support ;
  • to gather valuable information that we analyze so that we can improve our Service;
  • to monitor the usage of our Service;
  • to detect, prevent and address technical issues.

Likewise, we may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by using the unsubscribe link or following the instructions provided in any email we send or by contacting us.

 

WHAT ARE YOUR RIGHTS?

  1. The right to be informed – you are entitled to know what Personal Data we are processing regarding you, and you can request a copy of such data. This is why we’re providing you with the information in this Data Protection Policy.
  2. The right of access – you have the right to obtain access to your Personal Data, and other information (similar to that provided in this Data Protection Policy).
  3. The right to rectification – you are entitled to have your Personal Data corrected if it is inaccurate or incomplete.
  4. The right to erasure – you have the right to request the deletion or removal of your Personal Data where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
  5. The right to restrict processing – you have rights to ‘block’ or suppress further use of your Personal Data. When processing is restricted, we can still store your Personal Data, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
  6. The right to data portability – you have rights to obtain and reuse your Personal Data for your own purposes across different services.
  7. The right to object – you have the right to object to certain types of processing, including processing for direct marketing (which we do only with your consent).

 

HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION ?

Sphere will retain your Personal Data only for as long as it is necessary for the purposes set out in this Data Protection Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

Sphere will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when the data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

 

WHO HAS ACCESS TO YOUR PERSONAL DATA?

We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

 

WHAT SECURITY MEASURES ARE TAKEN TO PROTECT YOUR DATA ?

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is absolutely secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. We commit to taking all reasonable steps to:

  • protect your Personal Data from unauthorised access and improper use;
  • secure our IT systems and safeguard the information;
  • ensure we can restore your information in situations where the data is corrupted or lost in a disaster recovery situation.

 

WITH WHOM MAY WE SHARE YOUR PERSONAL INFORMATION?

Sphere may disclose your Personal Data in the good faith belief that such action is necessary to:

  • comply with a legal obligation;
  • protect and defend the rights or property of Sphere;
  • prevent or investigate possible wrongdoing in connection with the Service;
  • protect the personal safety of users of the Service or the public;
  • protect against legal liability.

 

TO WHOM DO WE TRANSFER YOUR PERSONAL DATA?

Your information, including Personal Data, may be transferred to—and maintained on—computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

If you are located outside Switzerland and choose to provide information to us, please note that we transfer the data, including Personal Data, to Switzerland and process it there.

Your consent to this Protection Policy followed by your submission of such information represents your agreement to that transfer.

Sphere will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Protection Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other Personal Data.

 

HOW DOES SPHERE PROTECT CHILDREN’S PRIVACY?

The Service that Sphere provides is intended for general audiences and does not knowingly collect any Personal Data from children. When a Sphere online Service does request age information, and users identify themselves as under 13, the product or service will either block such users from providing Personal Data, or we will ensure consent is obtained from parents for the collection, use and sharing of their children’s Personal Data. At that time, we will provide a description of the information that the child may make publicly available, how we will use the information and other practices. We will not knowingly ask children under the age of 13 to provide more information than is reasonably necessary to provide our services.

Please note that if you grant consent for your child to use Sphere’s online or mobile Service, this may include such general audience communication services as email, instant messaging, and online groups, and your child will be able to communicate with, and disclose Personal Data to, other users of all ages. Parents can review, edit, request the deletion, or prevent further collection or use of their children’s Personal Data or make inquiries regarding this policy by sending an email or a letter to our addressee.

Under no circumstances do we condition a child’s participation in an activity—like contests—on the child’s disclosure of more Personal Data than is reasonably necessary to participate in the activity. On certain sites, we may not permit children to participate at all regardless of consent.

 

UPDATING THIS DATA PROTECTION POLICY

This Data Protection Policy is updated from time to time. You will find the date of the last update at the top of this page.

 

COOKIES

When you visit the Sphere website, information is stored on your terminal device in the form of a “cookie”. We are using cookies in accordance with our Cookie Policy.

 

CONTACT US

If you have any questions, concerns, comments, requests or if you would like further information about this Data Protection Policy, how we handle your Personal Data, please contact us: 

Sphere Association
Attention: Data Protection Officer
By email: dataprotection@spherestandards.org
By phone: +41 22 552 5911
By post: Sphere, The Humanitarian Hub, La Voie-Creuse 16, 1202 Genève, SWITZERLAND

 

[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.