"Human Rights Watch" or "HRW" refers to Human Rights Watch, Inc., and its affiliates in various parts around the world, including its affiliated charities, branch offices and other registered entities (also referred to as "we", "us", or "our"). HRW is the data controller to which this policy refers to.
When and how do we collect your information?
Human Rights Watch collects personal data about you when you:
- Visit our website or use an HRW mobile app;
- Make a donation;
- Register for an HRW event;
- Engage in a campaign by signing an online petition;
- Make an inquiry;
- Subscribe to an online publication; or
- Apply for employment.
We may also collect personal data about you from third-party sources, including, but not limited to, information posted on social media and other publicly-available sources.
What personal data do we collect?
We may collect some or all of the following types of information, some of which may constitute personal data under applicable law, including:
- Basic contact information. Our websites may collect personal data, information that either directly identifies you or could reasonably be used to identify you. Examples of personal data include your name, contact information, email address, and other information in combination with such identifiers.
- Mobile devices information. If you access our websites on your mobile telephone or mobile device, we may also collect your unique device identifier and mobile device IP address, as well as information about your device's operating system, mobile carrier and your location information as “strictly necessary” for the delivery of services or website content. We may also ask you to consent to providing your mobile phone number (for example, so that we can send you push notifications). If you are accessing our website using your mobile device while located in the EU, UK, EEA or other countries with similar laws., you have the option to opt-in and provide your consent for our collection of this information (except where the collection is “strictly necessary” for the delivery of website content).
You can engage with us through social media websites or through features such as plug-ins or applications on Human Rights Watch websites that integrate with social media sites. You may also choose to link your account with us to third party social media sites. When you link your account or engage with us on or through third-party social media sites, plug-ins, or applications, you may allow us to have ongoing access to certain information from your social media account (e.g., name, e-mail address, photo, gender, birthday, the posts or the 'likes' you make).
General Data Protection Regulation
We only collect and process your personal data if we have a legal basis, which may include:
- Legitimate interest. We process your personal data based on our legitimate interests in communicating with you and managing our interactions with you.
- Performance of a contract. We process your personal data as necessary for the performance of a contract with you or at your request prior to entering into a contract.
- Compliance with applicable laws or We process your personal data as necessary for us to comply with a relevant legal obligation (e.g. where we are required to make disclosures to courts or regulators).
- Public interest. We process your personal data for the performance of a task carried out in the public interest (e.g., the tracking of human rights violations).
- Consent. In limited circumstances, we will use your consent as the basis for processing special categories of information or prior to sending you electronic communications.
How do we use your personal data?
We use the personal data you provide to us to:
- Manage and process inquiries, registrations, donations and other interactions with you;
- Fundraise, including learning more about our donors and identifying sources of potential donations;
- Send you information you have requested or consented to receiving such as newsletters, breaking news, and other information regarding relevant Human Rights Watch Activities;
- Support your engagement in campaigns, including signing petitions, taking actions and other forms of digital advocacy
- Provide you with personalized service and with content and advertisements we believe may be of interest to you; and
- Operate our website and understand its use, for statistical purposes (number of site visits, average time visitors spend at the site, etc.) and security purposes.
We may also use information about you or use suggestions, comments, and ideas that do not personally identify you for any purpose, except where we are required to do otherwise under applicable law. We may combine, aggregate or de-identify any of the information we collect from you through any other online or offline source and use it for the aforementioned purpose.
With whom do we share your personal data?
We do not sell, share, or otherwise disclose the information we collect through our website and mobile applications, except as provided in this Privacy Statement.
We may share your personal data with other Human Rights Watch entities, divisions, and branch offices to serve you, including for the activities listed in this statement.
We may share your personal data with our affiliates and third-party organizations which we feel could be of interest to you, provided you agree to such sharing and such sharing is legal under applicable law. Please see the section on Your choices regarding your information below if you wish to have your information shared this way.
We may allow third parties who provide us with various business services, including monitoring and maintaining the websites and with whom we are working to provide you with services or information to process your information.
We may disclose personal data (i) if we are required to do so by law, legal process, statute, rule, regulation, or professional standard, or to respond to a subpoena, search warrant, or other legal request; (ii) in response to law enforcement authority or other government official requests; (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss; (iv) in connection with an investigation of suspected or actual illegal activity; or (v) in the event that Human Rights Watch is dissolved or otherwise reorganized. Disclosure may also be required for audits or to investigate a complaint or security threat.
Do we transfer your personal data across national borders?
We are a global organization and may transfer certain personal data across geographical borders to Human Rights Watch entities, authorized service providers or business partners in other countries working on our behalf in accordance with applicable law. Our affiliates and third parties may be based locally or they may be in other countries, some of which have not been determined by authorities where you are located to have an adequate level of data protection.
When we do, we use a variety of legal mechanisms to help ensure your rights and protections travel with your data:
- we ensure transfers within Human Rights Watch are covered by agreements based on the EU Commission's standard contractual clauses for international data transfers, which contractually oblige each member to ensure that personal data receives an adequate and consistent level of protection wherever it resides within Human Rights Watch;
- where we transfer your personal data outside Human Rights Watch or to third parties who help provide our services, we utilize an appropriate transfer mechanism to protect your personal data, such as the EU standard contractual clauses; or
- where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal data is disclosed.
Examples of countries to which we transfer personal data include, but are not limited to, the United States, the United Kingdom and India.
If you would like further information about whether your information will be disclosed to overseas recipients, please contact us as noted below. You also have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments, which may be redacted for reasons of commercial confidentiality) to ensure the adequate protection of your personal data when this is transferred as mentioned above.
Do we collect information from children?
Our website is not intended for children under 16 years of age. We do not knowingly collect personal data from an individual under age 16. If you are under the age of 16, please do not submit any personal data through the website. If you have reason to believe that we may have accidentally received personal data from an individual under age 16, please contact us immediately at email@example.com.
Your choices regarding your information
You may update, correct, or change your information by contacting us at firstname.lastname@example.org or by following the instructions below in this Privacy Statement. You may also choose not to receive marketing communications from us by clicking on the unsubscribe link or other instructions in our marketing e-mails or contacting us as noted below.
With respect to cookie-based advertising, please be aware that the Digital Advertising Alliance maintains a website where consumers can opt out from receiving interest-based advertising from some or all of the network advertising companies participating in the program (www.AboutAds.info/choices/).We offer certain choices about how we communicate with you and what personal data we obtain about you and share with others. When you provide us with personal details, if we intend to use those details for marketing purposes, we will provide you with the option of whether you wish to receive promotional e-mail, SMS messages, telephone calls and postal mail from us. At any time, you may opt out from receiving interest-based advertising or marketing from us by contacting us. If you are located in the EU, UK or EEA you are automatically opted-out and may opt-in should you desire to do so.
How can you update your communication preferences?
We take reasonable steps to provide you with communication about your information. You can update your communication preferences in the following ways.
- Newsletters. If you request electronic communications, such as an e-newsletter, you will be able to unsubscribe at any time by following the instructions included in the communication.
- Mobile devices. If you previously chose to receive push notifications on your mobile device from us but no longer wish to receive them, you can manage your preferences either through your device or the application settings. If you no longer wish to have any information collected by the mobile application, you may uninstall the application by using the uninstall process available on your mobile device.
- E-mail. Contact us by e-mail email@example.com or postal address 350 Fifth Avenue, 34th Floor, New York, New York 10118. Please include your current contact information, the information you are interested in accessing and your requested changes.
How long do we retain your personal data?
How long we retain your personal data depends on the purpose for which it was obtained and its nature. We will keep your personal data for the period necessary to fulfill the purposes described in this Statement unless a longer retention period is permitted or required by law. In specific circumstances we may store your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings. You may contact us through the provided channels to request deletion of your information.
Do we have security measures in place to protect your information?
Human Rights Watch takes steps to protect your information from unauthorized access. We implemented a SSL certificate and enforced https traffic on our site. All data transmitted to and from our website, are encrypted to provide an additional level of security. You can read more about the security measures taken by our third-party vendor, Engaging Networks, who provides the following services for HRW: online advocacy, event registration and donation pages, and email message deployment.
While we take reasonable measures to protect the information you submit via the website against loss, theft, and unauthorized use, disclosure, or modification, we cannot guarantee its absolute security. No internet, email, or mobile application transmission is ever fully secure or error free. Email or other messages sent through the website may not be secure. You should use caution whenever submitting information through email or the website and take special care in deciding which information you provide us.
Are we responsible for the websites to which we link?
We are not. HRW does not endorse and is not responsible for the content of third-party websites or resources, and our privacy statement does not apply to any sites that are not affiliated with HRW, even if you access them via a link on our site. You should review the privacy policies of any third-party site before providing any information.
EU UK, EEA Data Subject Rights
If you are an EU, UK or EEA Data Subject, you have the following rights. To exercise these rights, please email us at firstname.lastname@example.org with a description of your request.
- Right to Access. You have right to access personal data that Human Rights Watch holds about you.
- Right to Rectification. You have a right to request us to correct your personal data where it is inaccurate or out of date.
- Right to be Forgotten (Right to Erasure). You have the right, under certain circumstances, to have your personal data erased. Your information can only be erased if your data is no longer necessary for the purpose for which it was collected, and we have no other legal ground for processing the data
- Right to Object to Processing. You have the right to object to the processing of your personal data at any time, on legitimate grounds, except if otherwise permitted by applicable law, or to lodge a complaint with a supervisory authority. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
- Right to Restrict Processing. You have the right to restrict the processing of your personal data, but only where:
- its accuracy is contested, to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- you have objected to processing of your data, and verification of overriding grounds is pending.
- Right to Data Portability. You have the right to data portability, which requires us to provide personal data to you or another controller in a commonly used, machine readable format, but only where the processing of that information is based on (i) your consent; or (ii) the performance of a contract to which you are a party.
- Right to Decline Automated Decision Making. You have the right to not be subject to decisions based solely on automated decision making, which produce legal or significant effects for you, except where these are (i) necessary for a contract to which you are a party; (ii) authorized by law; (iii) based on your explicit consent.
Even where such decisions are permitted, you can contest the decision and require Human Rights Watch to exercise human intervention.
We currently do not use automated decision making (including automated decision making using profiling) when processing your personal data. If we ever use an automated decision-making solution, you have a right to request that a decision based off your personal data cannot be solely decided via an automated process.
Your California Privacy Rights
Section 1798.83 of the California Civil Code permits California residents to request from a business, with whom the California resident has an established business relationship, certain information about the types of personal data the business has shared with third parties for those third parties' direct marketing purposes and the names and addresses of the third parties with whom the business has shared such information during the immediately preceding calendar year. You may make one request each year by emailing us at email@example.com or by writing us at Human Rights Watch 11500 W. Olympic Blvd., Suite 608 Los Angeles, CA 90064 USA.
Cookies and other tracking technologies
1. Third party analytics tools
Matomo, is a GDPR compliant web analytics software platform. It provides detailed reports on our website and its visitors in compliance with privacy rights and GDPR standards. This is the only analytics tool we use in the EU, UK, EEA area.
2.Cookies, Web beacons, and other technologies
- Cookies are small files that are transferred to and stored on your computer through your Web browser (if you allow it) that enable the website’s or service provider’s system to recognize your browser and capture and remember certain information. You can instruct your browser to stop accepting cookies. If you are located in the EU,UK or EEA you must opt-in to the use of non-essential cookies. But if you do not accept cookies, you may not be able to use all portions of all functionality of the website. Persistent cookies remain on the visitor’s computer after the browser has been closed. Session cookies exist only during a visitor’s online session and disappear from the visitor’s computer when they close the browser software. Flash cookies (also known as local shared objects) are data files that can be created on your computer by the websites you visit and are a way for websites to store information for later use. Flash cookies are stored in different parts of your computer from ordinary browser cookies. You can disable the storage of flash cookies. For additional information about managing and disabling flash cookies, please visit http://helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash.html.
- Web beacons are small strings of code that provide a method for delivering a graphic image on a Web page or in an email message for the purpose of transferring data. If you are located in the EU/UK or EEA you must opt-in to web beacons. You can disable the ability of Web beacons to capture information by blocking cookies.
3. Third party service providers and business partners
We may disclose your information to service providers we have retained (as processors) to perform services on our behalf (either in relation to services performed for our clients, or information which Human Rights Watch uses for its own purposes, such as marketing). These service providers are restricted from using or disclosing the information except as necessary to perform services on our behalf or to comply with legal requirements. These activities could include any of the processing activities that we carry out as described in the above section, How do we use your personal data?
Information collected from other Websites and mobile applications and Do Not Track policy
Your browser or device may offer you a "Do Not Track" option, which allows you to signal to operators of websites, web applications, mobile applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and/or across different websites or applications. Our website does not support Do Not Track requests at this time, which means that we or our analytics providers or other third parties with which we are working may collect information about your online activity both during and after your use of the website.
If you have any questions, would like further information about our privacy and information handling practices, would like to discuss opt-outs or withdrawing consent, or would like to make a complaint about a breach of the Act or this Statement, please contact us at this address: firstname.lastname@example.org. or by mail sent to 350 Fifth Avenue, 34th Floor, New York, New York 10118 United States, Attention: Data Protection Officer
Changes to this Statement
We may update this Statement from time to time. When we do, we will post the current version on this site, and we will revise the version date located at the bottom of this page.
We encourage you to periodically review this Statement so that you will be aware of our privacy practices.
This Statement was last updated on December 16,2022.