Last update: July 2018
INTRODUCTION
Protecting the security and privacy of your personal data is important to Sphere. Therefore, Sphere (“Sphere” or “we”) operates its website spherestandards.org (“Service“) in compliance with applicable laws on data privacy protection and data security.
We respect your privacy and duly protect the personal data we process about you (“Personal Data”). All processing of Personal Data is carried out in accordance with General Data Protection Regulation[1] (“GDPR”).
The following describes how we collect, process and share your Personal Data.
We use your Personal Data for providing and improving the Service. By using the Service, you agree to the collection and use of information in accordance with this Policy.
DEFINITIONS
Personal Data: means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
Usage Data: is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Data Controller: means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Protection Policy, we are a Data Controller of your data.
Data Processor (or Service Providers): means any person (other than an employee of the Data Controller) who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
Data subject: is any living individual who is the subject of Personal Data.
User: is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.
WHAT ARE SPHERE’S STANDARDS FOR COLLECTING DATA?
By this Data Protection Policy, Sphere has successfully implemented the GDPR principles that apply to its activity in relation with the customers, partners or suppliers as follows:
WHAT ARE THE LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA?
Data processing is based on one or more of the legal grounds stipulated by GDPR.
WHAT PERSONAL DATA WILL BE PROCESSED?
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to:
We may also collect information how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
WHAT ARE THE PURPOSES OF PROCESSING YOUR PERSONAL DATA?
We use the collected data for various purposes:
Likewise, we may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by using the unsubscribe link or following the instructions provided in any email we send or by contacting us.
WHAT ARE YOUR RIGHTS?
HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION ?
Sphere will retain your Personal Data only for as long as it is necessary for the purposes set out in this Data Protection Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
Sphere will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when the data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.
WHO HAS ACCESS TO YOUR PERSONAL DATA?
We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
WHAT SECURITY MEASURES ARE TAKEN TO PROTECT YOUR DATA ?
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is absolutely secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. We commit to taking all reasonable steps to:
WITH WHOM MAY WE SHARE YOUR PERSONAL INFORMATION?
Sphere may disclose your Personal Data in the good faith belief that such action is necessary to:
TO WHOM DO WE TRANSFER YOUR PERSONAL DATA?
Your information, including Personal Data, may be transferred to—and maintained on—computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside Switzerland and choose to provide information to us, please note that we transfer the data, including Personal Data, to Switzerland and process it there.
Your consent to this Protection Policy followed by your submission of such information represents your agreement to that transfer.
Sphere will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Protection Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other Personal Data.
HOW DOES SPHERE PROTECT CHILDREN’S PRIVACY?
The Service that Sphere provides is intended for general audiences and does not knowingly collect any Personal Data from children. When a Sphere online Service does request age information, and users identify themselves as under 13, the product or service will either block such users from providing Personal Data, or we will ensure consent is obtained from parents for the collection, use and sharing of their children’s Personal Data. At that time, we will provide a description of the information that the child may make publicly available, how we will use the information and other practices. We will not knowingly ask children under the age of 13 to provide more information than is reasonably necessary to provide our services.
Please note that if you grant consent for your child to use Sphere’s online or mobile Service, this may include such general audience communication services as email, instant messaging, and online groups, and your child will be able to communicate with, and disclose Personal Data to, other users of all ages. Parents can review, edit, request the deletion, or prevent further collection or use of their children’s Personal Data or make inquiries regarding this policy by sending an email or a letter to our addressee.
Under no circumstances do we condition a child’s participation in an activity—like contests—on the child’s disclosure of more Personal Data than is reasonably necessary to participate in the activity. On certain sites, we may not permit children to participate at all regardless of consent.
UPDATING THIS DATA PROTECTION POLICY
This Data Protection Policy is updated from time to time. You will find the date of the last update at the top of this page.
COOKIES
When you visit the Sphere website, information is stored on your terminal device in the form of a “cookie”. We are using cookies in accordance with our Cookie Policy.
CONTACT US
If you have any questions, concerns, comments, requests or if you would like further information about this Data Protection Policy, how we handle your Personal Data, please contact us:
Sphere Association
Attention: Data Protection Officer
By email: dataprotection@spherestandards.org
By phone: +41 22 552 5911
By post: Sphere, The Humanitarian Hub, La Voie-Creuse 16, 1202 Genève, SWITZERLAND
[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.