Privacy policy
- Dated 14 March 2023 -
The present document supplements MAKE.ORG’s Terms of Service and concerns Make.org’s commitments relative to the respect of the regulations in force concerning the processing of personal data and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and applicable as of 25 May 2018 (hereinafter “the GDPR”).
In this framework, Make.org will be the data controller.
DESCRIPTION OF PROCESSING
Make.org is particularly sensitive to the protection of personal data in general and of its users’ personal data in particular. For Make.org, this is one of the fundamental digital values and an essential condition for the freedom of conscience. To this end, Make.org is committed to limiting the quantity of personal data collected to that which is strictly necessary for the functioning of its site and its services.
Make.org has filed a declaration with the Data Protection Commission under number 2005312 and has chosen to name a DPO in order to guarantee the best level of protection possible.
Make.org will only process personal data that is strictly necessary to carry out its activities.
Why are we processing your personal data?
-
Registration and user account management
-
Which categories of personal data do we collect?
-
Name, first name, age, email, password
-
If registering via Google or Facebook Connect: profile picture, email address, name, Google or Facebook ID
-
On which legal ground do we rely for this processing?
Contractual necessity to perform the applicable terms and conditions
-
Allow account holders to participate in consultations
-
Which categories of personal data do we collect?
-
Reactions to the proposals and proposals submitted for consultation
-
Account data above
-
On which legal ground do we rely for this processing?
Consent
-
Allow non-account holders to participate in consultations
-
Which categories of personal data do we collect?
-
Reactions to the proposals
-
Truncated IP address
-
On which legal ground do we rely for this processing?
Contractual necessity to perform the applicable terms and conditions
-
Analysis and moderation of content generated by participants (interaction with proposals, moderation of comments to ensure seriousness and quality of feedback, aggregate reporting to our client(s) where appropriate)
-
Which categories of personal data do we collect?
-
Reactions to the proposals
-
Proposals submitted for consultation
-
Account details
-
On which legal ground do we rely for this processing?
Contractual necessity to perform the applicable terms and conditions
-
Informing via email users who submitted a proposal if needed (confirmation of publication of the proposal on our website, following-up and asking questions regarding the content of the proposal)
-
Which categories of personal data do we collect?
Proposal posted by users, along with their first name and email address
- On which legal ground do we rely for this processing?
Contractual necessity to perform the applicable terms and conditions
-
Informing users who voluntarily subscribed via email about the results of the consultation in which they took part and/or about new consultation projects
-
Which categories of personal data do we collect?
Email address
- On which legal ground do we rely for this processing?
Your consent
-
Organising workshops with participants who voluntarily register
-
Which categories of personal data do we collect?
-
Email address, first name, whether their organisation is linked to the topic of the consultation
-
Profession, age and organisation (optional)
-
On which legal ground do we rely for this processing?
Contractual necessity to perform the applicable terms and conditions
-
Maintaining and administering our website:
-
Which categories of personal data do we collect?
Please see the information we provide below on cookies and our consent management platform.
- On which legal ground do we rely for this processing?
Contractual necessity to perform the applicable terms and conditions
-
Improving and optimizing our website and consultation projects
-
Which categories of personal data do we collect?
Please see the information we provide below on cookies and our consent management platform.
- On which legal ground do we rely for this processing?
Your consent for cookies provided through the consent management platform.
-
Responding to your queries when you contact us
-
Which categories of personal data do we collect?
Names, email address, enquiry
- On which legal ground do we rely for this processing?
Our legitimate interest in handling your questions and requests (or pre-contractual measures if we then conclude a contract)
-
Track users' interactions with Make.org platforms for scientific research, analysis and statistical purposes.
-
Which categories of personal data do we collect?
Age group and gender of participants, level of education of participants, socio-professional and socio-demographic information, situational information (linked to the subject of the consultation), sessionId, reactions to proposals, proposals submitted for consultation
- On which legal ground do we rely for this processing?
Our legitimate interest in handling your questions and requests (or pre-contractual measures if we then conclude a contract)
With the exception of the categories of personal data identified as optional, refusal to provide the above data will prevent the user from submitting proposals for consultation (for registered users) and/or reacting to proposals submitted for consultation (for non-registered users).
Finally, we manage the contractual relationship with our clients (the sponsors of the consultations). For this purpose, we process the names, professional details and job titles of our clients' contact persons and representatives.
OBLIGATIONS OF MAKE.ORG
Make.org commits to :
- processing data solely for the objective of its activity ;
- guaranteeing the confidentiality of personal data ;
- ensuring that third parties authorised to process personal data :
- are committed to respecting confidentiality or have an appropriate legal obligation to respect confidentiality;
- have the necessary training as concerns the protection of personal data ;
- take into account the principles of Privacy by Design, whether in terms of tools, products, applications or services.
DATA RECIPIENTS AND TRANSFERS
The following may, within the limits of their respective functions, have access to personal data:
- people responsible for operating the service, those with the responsibility of dealing with users and complaints, those responsible for logistical and IT services as well as their superiors ;
- data processors – once a contract is signed between data processors and Make.org that details the responsibilities of data processors in terms of the protection of the security and confidentiality of data ;
- the partners for campaigns, about which users will have been informed of their participation.
- to a competent law enforcement agency, regulatory authority, government agency, court or other third party if disclosure is necessary: (i) under applicable law or regulation, (ii) to exercise, establish or defend our rights, or (iii) to protect your vital interests or those of another person;
- to other persons to whom we have your consent to disclosure.
Our servers are located within the European Union, where the data on our site is stored.
COMMUNICATION TO THIRD PARTIES
Personal data processed in connection with Make.org’s activity cannot be divulged to third parties, except for the cases allowed for above or by legal or regulatory provisions.
COOKIES
When you connect to our site, cookies are placed on your terminal. These are mainly cookies that are essential for the operation of our website. Subject to obtaining your consent, we also use cookies to improve your experience, increase the performance of our site and optimise our citizen consultations. The information contained in cookies is not intended to identify you personally and is never used for any purpose other than those stated on our cookie management page. To learn more and change your preferences, please visit this page
EXERCISE OF USER RIGHTS
Users have the right to access their personal data, the right to rectify their personal data, the right to erase their personal data, the right to limit the processing of their personal data, the right to portability of their personal data, the right not to be subject to an automated individual decision (including profiling) or the right to define directives concerning the fate of personal data after death. Users also have the right to object to the processing of their personal data by Make.org.
Users may withdraw their consent to the processing of their personal data by Make.org at any time, it being understood that such withdrawal will not affect the lawfulness of previous processing based on consent.
Users may exercise the above rights by any means, and in particular by sending an e-mail to the address: contact-ie@make.org. If users believe that their data rights are not respected by Make.org, they may in any case submit a complaint to a data protection authority. For more information, please contact the Data Protection CommissionOpen in a new window in France (Commission nationale de l'informatique et des libertés) (available here: https://www.cnil.fr/fr/contacter-la-cnil-standard-et-permanences-telephoniquesOpen in a new window) or your local data protection authority (contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries are available here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htmOpen in a new window).
SECURITY AND CONFIDENTIALITY OF PROCESSING
Make.org will take all necessary measures to preserve and ensure the respect of the integrity and confidentiality of personal data.
Make.org is committed notably to implementing technical and organisational measures making it possible to ensure, to the extent that is possible, a level of appropriate security and confidentiality with respect to the risks associated with processing and the nature of personal data.
DATA RETENTION
We retain the personal data we collect for as long as necessary for the purposes for which the personal data was collected and/or where we have a continuing legitimate interest in doing so (for example to provide the consultation service to you). Personal data related to consultations is kept for a period of three years after the last visit to the site or after the last login to the account.
However, in some cases we are obliged to retain personal data beyond this period in order to comply with applicable legal requirements (for example, tax or statutory accounting requirements). Where retention of personal data is no longer necessary for the purposes for which it was collected, there is no longer a legitimate interest in processing the personal data and there is no further legal obligation to retain the personal data we will delete or anonymise the personal data or, if this is not possible (for example, because the personal data has been stored in a back-up archive), we will store the personal data securely and separate it from any further processing until deletion is possible.
DATA PROTECTION OFFICER
The data protection officer designated pursuant to Article 37 of the European Data Protection Regulation is Fieldfisher Belgium, contact-ie@make.org, l'Arsenal, Bd Louis Schmidt 29 box 15, 1040 Brussels, Belgium.