Privacy Policy
1.0 Purpose and Scope
In the regular course of business, UCEP, its subsidiaries and affiliates acquires Personal Information by interaction and communication with potential, current or past volunteers, donors, staff other third parties. UCEP takes seriously its obligations to protect such Personal Information. As evidence of its commitment to privacy, UCEP has established this Privacy Policy about how UCEP collects, uses, processes and stores your Personal Information. UCEP will only process your Personal Information in accordance with this Privacy Policy unless otherwise required by applicable law. The organization takes steps to ensure the Personal Information collected about you is adequate, relevant, not excessive, and processed for limited purposes. This Privacy Policy does not cover aggregate data, data rendered anonymous or data that has been deidentified. Aggregate data relates to a group or category of individuals, from which individual identities have been removed. Data is rendered anonymous if individual persons are no longer identifiable. Deidentified data is data that has had identifiable elements removed, and cannot reasonably identify, relate to, described, be capable of being associated with, or be linked, directly or indirectly, to a particular individual. You are under no obligation to provide Personal Information to UCEP. However, if you do not provide the information, UCEP may not be able to provide the requested service to you. We may revise this Privacy Policy from time to time, and when we do so, we will update the “Revised” date above. If we make material changes to this Privacy Policy, we will notify you by email or by posting a notice on our website. We encourage you to periodically review this Privacy Policy to stay up to date on our privacy practices.
2.0 Data Collected and Purpose
The table below provides an overview of the Personal Information UCEP may collect about you for purposes described herein.
|
Personal Information |
Purpose |
|
Full Name, Telephone Number, Address, Email Address |
A. Communicate with alumni, talent networks job applicants, clients, vendors, contractors, sub-contractors and other third parties concerning UCEP employment opportunities and business operations B. Administer background/clearance checks, legal due diligence/anti-corruption screening, and quality, occupational health and safety standard checks on job applicants, vendors, contractors and sub-contractors c. To verify individual’s identity. d. Recording of working time and timesheet records for contractors and sub-contractors. e. Incident response communications with customers, vendors, contractors, subcontractors and other third parties. f. Administration of safety and protection of UCEP employees, resources, and workplaces. |
|
Business Relationship Status (e.g., visitor, vendor, contractor, sub-contractor) |
Identification purposes for physical site access and security |
|
Emergency Contact/Next of Kin Name and Telephone Number |
Emergency contact use |
|
Date of Birth, Nationality, Citizenship, Country of Birth |
A. To administer eligibility to work checks. B. Administer legal due diligence/anti-corruption screening, and quality, occupational health and safety standard checks on vendors, contractors and subcontractors |
|
Government Issued Identification / Passport Number/ National ID |
A. Accounting/government tax and auditing business purposes for vendors, contractors and sub-contractors. B. To run checks for suitability for work for vendors, contractors and sub-contractors c. To verify individual’s identity. |
|
Medical (e.g., Medical Certificate) |
A. Required by Occupational Health surveillance laws related to individual’s functional ability and fitness for specific work, with any advised restrictions. B. To make reasonable adjustments based on disability. C. Reporting of worksite safety incidents. |
|
Insurance Policy Number |
Administer quality standard checks on vendors, contractors and sub-contractors |
|
Bank Information, including Routing and Account Number |
A. Remuneration for vendor, contractor or sub-contractor services. B. Administer denied parties, legal due diligence/anti-corruption screening for vendors, contractors, or sub-contractors |
|
Job Titles Skills/Work History Experience History Training and Certification Records Evaluations References /Background Check |
A. To administer eligibility to work before employment starts. B. To administer quality, safety and compliance checks and reviews to qualify third party contractors for performing work in accordance with applicable quality standards, including use of individuals who are required to maintain specific qualifications or certifications. C. Manage UCEP business and charity-related operations. |
3.0 How Data is Collected
We use different methods to collect data from and about you:
a. Direct Interactions: You give us your Personal Information when contacting us through candidate profiles, through interviews, or in response to surveys, jobs, through quality and compliance questionnaires, proposals or other means. This includes information you provide when you submit your CV/resume or contact details through our website and email
b. Third Parties or Publicly Available Sources: UCEP may obtain information about you from a representative of your company (if we are sub-contracting services), publicly available online records, background check providers, criminal records check, or past or current professional references you supply to us. The organization will seek information from third parties only once a job offer, or business opportunity has been made and will inform you or your company representative that it is doing so.
We do not undertake automated decision making or profiling on Personal Information or Sensitive Personal Information.
4.0 Legal Basis for Processing
To process Personal Information we must have a lawful basis for doing so.
At least one of the following must apply:
a. Consent:
an individual must give clear consent for us to process their personal information and then only for a specific purpose.
b. Contract:
the processing is necessary for a contract that UCEP has with an individual, or because we have asked the individual to take specific steps before entering into a contract.
c. Legal Obligation:
the processing is necessary for UCEP to comply with the law.
d. Vital Interests:
processing is necessary to protect someone’s life.
e. Public Task:
the processing is necessary for UCEP to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
f. Legitimate Interests:
the processing is necessary for the purposes of the legitimate interests pursued by UCEP or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data where the data subject is a child.
Unless otherwise required by applicable data protection law, UCEP relies on legitimate interests for processing Personal Information during the recruitment process, forming contractual business relationships, and complying with legal requirements. Where UCEP relies on legitimate interests as a reason for processing Personal Information, it has considered whether those interests are overridden by the rights and freedoms of individuals affected by that need. UCEP adheres to the following guidelines to ensure that its collection of Personal Information is fair and lawful. Specifically, UCEP:
a. Collects only as much Personal Information as is required by law or needed for reasonable and legitimate business purposes.
b. Collects Personal Information in a non-deceptive manner.
c. Where appropriate, informs individuals which Personal Information is required, and which is optional at the time of collection.
d. Collects Personal Information from individuals consistent with local legal requirements.
UCEP may need to collect Sensitive Personal Information. Where required under applicable local law, such Personal Information will be processed with consent. Where required by applicable local law, consent to transfers or uses of Sensitive Personal Information will be opt-in. Please note that at this time, we do not respond to or honor “do not track,” also known as DNT, signals or similar mechanisms transmitted by web browsers.
5.0 Use and Retention
UCEP uses, stores, retains, and otherwise processes Personal Information only for reasonable business purposes and for only as required for that business purpose or as authorized.
UCEP does not disclose Personal Information to third parties for direct marketing purposes, nor does it sell Personal Information. Processing of Personal Information will comply with contractual, regulatory, and local legal requirements.
UCEP stores and destroys Personal Information based on UCEP data retention policies and procedures. UCEP retains the data for as long as it serves the purpose of processing for which it was collected or subsequently authorized.
Job candidate Personal Information may be processed and retained for immigration requirements as part of the rehire process, including the sharing of that data with legal advisers and government bodies. The length of time data may be stored will be based on laws relating to these requirements.
6.0 Data Privacy Rights
Where permitted or required by applicable law, UCEP extends certain data privacy rights to you. Note that we may be unable to provide you access to your Personal Information in instances where we have destroyed, erased, or anonymized the data, if we are unable to verify your identity using information we have on file for you, or if it would reveal Personal Information about another person. We may also refuse any request if applicable law allows or requires us to do so. We will inform you of the reasons for refusal. If you choose to contact us to submit a request, you will need to provide us with:
• Enough information to identify you (e.g., your full name, address, birthdate, or other identifier).
• A description of what right you want to exercise and the information to which your request relates.
We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or if someone authorized to act on such person’s behalf.
Any Personal Information we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification.
a. The right to request access. You have the right to request UCEP for copies of your Personal Information.
b. The right to request rectification. UCEP relies on you to ensure the information you provide to UCEP about you is accurate, complete and current. If any Personal Information is inaccurate or incomplete, you may request that your Personal Information be corrected or completed. UCEP will correct or delete Personal Information as required by applicable law. You may also request to correct, amend, or delete Personal Information that has been processed in violation of applicable data protection law.
c. The right to request erasure. You have the right to request UCEP delete your Personal Information under certain conditions.
d. The right to withdraw consent. Where you have provided written consent (or positive opt-in) to the collection, processing, or transfer of Personal Information, you may have the legal right to withdraw consent. Where we have processed your Personal Information with written consent (or positive opt-in), you can withdraw that consent at any time. Note – withdrawing consent will not affect the lawfulness of any processing we conducted prior to withdrawl nor will it affect the processing of the Personal Information conducted in reliance on a lawful basis other than consent.
e. The right to request portability. You have the right to request UCEP transfer your Personal Information that we have collected to another organization, or directly to you, under certain conditions.
f. The right to restrict processing. You have the right to request that UCEP restrict the processing of your Personal Information, under certain conditions.
g. The right to opt-out of email marketing. You can opt-out of email marketing communications at any time by selecting the email’s “Opt-out” or “Unsubscribe” link, or following the instructions included in each email subscription communication.
h. The right to file a complaint. If you consider that your privacy rights have not been adequately addressed, you have the right to submit a complaint to the UCEP Privacy Office or with the supervisory authority in your country of residence.
UCEP will not discriminate against individuals for exercising any of their privacy rights allowed or required by applicable data protection law or regulation.
7.0 Sharing and Onward Transfer
UCEP shares Personal Information in the following ways:
a. Affiliates: UCEP shares information among UCEP subsidiaries and affiliates for the purposes described in this Privacy Notice where consistent with applicable legal requirements.
b. Third-Party Suppliers: UCEP shares Personal Information to selected affiliated or trusted third party suppliers to perform services on behalf of the organization. These trusted third-parties include, but are not limited to Information Technology Providers, Cloud Providers, Data Hosting Services, Denied and Restricted Party Screening Providers, Background Check Providers, and Data Storage Providers.
c. Other Third Parties: UCEP discloses certain Personal Information to other third parties: i. where required by law or legal process (e.g., to tax and social security authorities); ii. where UCEP determines it is lawful and appropriate; iii. to protect UCEP’s legal rights (e.g., to defend a litigation suit or under a government investigation or inquiry) or to protect its employees, resources, and workplaces; or iv. in an emergency where health or security is at stake.
e. Public Security/Law Enforcement: UCEP may be required to disclose Personal Information in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.
UCEP will take steps designed to comply with all applicable local laws when Processing Personal Information, including any local law conditions for and restrictions on the transfer of Personal Information. UCEP may also protect data through other legally valid methods, including international data transfer agreements or Standard Contractual Clauses that have been recognized by Data Protection Authorities as providing an adequate level of protection to the Personal Information we process globally. UCEP will ensure all transfers of Personal Information are subject to appropriate safeguards as defined by data protection laws and regulations.
8.0 Data Security
UCEP has adopted and maintains reasonable and appropriate information security policies, processes and/or procedures to safeguard Personal Information from loss, misuse, unauthorized access, disclosure, alteration, destruction, and other Processing. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. As such, we cannot promise, ensure, or warrant the security of any Personal Information that you may provide to us.
UCEP’s information security processes provide for the classification of information and the assignment of protection requirements and information security controls based on the classification of information. The safeguards used to protect Personal Information is commensurate with the level of risk involved.
9.0 Exceptions
Under certain limited or exceptional circumstances, UCEP may, as permitted or required by applicable laws and regulations, process Personal Information without providing notice, access or seeking consent. Examples of such circumstances may include investigation of specific allegations of wrongdoing, violation of company policy or criminal activity; protecting employees, the public, or UCEP from harm or wrongdoing; cooperating with law enforcement agencies; auditing financial results or compliance activities; responding to court orders, subpoenas or other legally required disclosures; meeting legal or insurance requirements or defending legal claims or interests; satisfying labor laws or agreements or other legal obligations; collecting debts; protecting UCEP’s information assets, intellectual property and trade secrets; in emergency situations, when vital interests of the individual, such as life or health, are at stake; with respect to access requests, where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy or the privacy interests of others would be jeopardized; and in cases of business necessity.
10.0 Complaints and Questions
If you feel that your rights have not been adequately addressed, you have the right to submit a complaint to the UCEP Privacy Office: info@ucepcommunity.org or with the supervisory authority in your country of residence.
If you have any questions about this statement or our handling of personal information, please contact the Privacy Office by e-mail at info@ucepcommunity.org.
11.0 Terms and Definitions
Data Privacy
means the legal rights and expectations of individuals to control how their Personal Information is collected and used.
Personal Information
means any information relating to describing, reasonably capable of being associated with, or capable of reasonably being linked, directly or indirectly, to an identified or identifiable natural person.
Processing
means any operation or set of operations that is performed upon Personal Information.
Sensitive Personal Information
has definitions that vary from country to country. For example, European data protection laws treat certain categories of Personal Information as especially sensitive, e.g., biometric, information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information specifying medical or health conditions, or sex life. In the United States, sensitive information includes, but is not limited to, Social Security numbers, bank account numbers, passport information, healthcare related information, medical insurance information, credit and debit card numbers, drivers’ license and state ID information, information from children under the age of 13, biometric information.
