Privacy
Last Updated: January 2024
Introduction
Welcome to the Ford Foundation’s (the “Foundation”, “us”, “we”, “our”) Privacy Policy (the “Policy”). In this Policy, we explain what personal data we collect, how we use and protect your personal data, with whom we may share it and the rights that you may have in connection with it. This Policy is incorporated into our Website Terms & Conditions. This Policy applies to personal data we collect, including through our website www.fordfoundation.org (the “Website”), other websites we operate, our events and programs registrations, mobile applications, online portals, surveys, job applications, applications, and any other point of collection (collectively, the “sites”). In addition to applicable laws, additional policies disclosed to you at the time of collection may also apply (e.g., in connection with a specific event or program). By using our sites and/or by providing personal data to us (by any means, whether directly to us when applying for employment, grants or fellowships, attending events or programs, on our website, or in any other interaction with the Foundation), you consent to our use of the personal data in accordance with this Policy.
By visiting our Website, you are accepting the practices described in our Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not use the Website.
How to contact us
If you have any questions about this Policy or if you have a disability that prevents you from accessing this Policy electronically in this format and require it to be provided in an alternate format (e.g., audio, large print), you may contact us by sending an e-mail to [email protected] or writing to:
Attn: Office of Communications
320 E 43rd St
New York, NY 10017
Subject to requirements under applicable laws, you may also contact us with questions about your personal data handled by us at [email protected] with PRIVACY INQUIRY in the subject line.
Data we collect
We collect personal data from you when you voluntarily provide it to us, and when you visit our sites, certain information is automatically collected from you (subject to applicable consent requirements). We collect personal data that you provide to us in various ways including online, via one of our Workday portals, by telephone, and offline, including when you visit our facilities in person as a guest of the Foundation. The types of personal data we may collect from you are described below.
Data you provide directly to us
Contacting Us – When you contact us via phone, email or in person, for any reason including when you: submit a job inquiry; interact with us regarding applications, programs, activities or events; participate in surveys, panels or research; register for and participate in our programs, activities, initiatives and events; interact with our sites; or in conjunction with any other place where you knowingly volunteer information to us, we may collect the following types of data from you:
- Name, address, date of birth, email address and telephone number;
- Organization name, address, email address and telephone number;
- Survey responses;
- Demographic information
- Preferences, information about a disability or requests for accommodations to the extent disclosed to us; and
- Other information or content that you may choose to provide.
Website Visits – When you visit the Website, or sign up for our email newsletter via the Website, we may collect the following types of data from you:
- Name and email address; and
- Any other information that you may choose to provide.
Employment Applicants – If you apply for a position with the Foundation you may be asked to create an account on our Workday portal and we may collect the following types of data during the application process:
- Name, address, email address, and telephone number;
- Resume, work history, work authorization status, education, skills, professional licenses, permits or certifications and references;
- Optional demographic information, such as gender identity, race/ethnicity, sexual orientation, religious affiliations; and
- Any other information you choose to provide during the application process.
If we offer you employment, you may be required to complete a background check and other screenings prior to beginning work, as permitted or required by applicable law.
Grant or Fellowship Applicants – If you apply for a fellowship or grant from the Foundation, or if your employer or organization includes information about you in a grant application or annual report, we may collect the following types of data during the application process:
- Name, address, date of birth, email address, telephone number;
- Citizenship information and visa information;
- Resume, work history, qualifications, education, skills, professional licenses, permits or certifications and references;
- Tax identification/national identification numbers, bank account information for payments;
- Demographic information, such as gender identity, race/ethnicity, disability, sexual orientation; and
- Any other information you choose to provide during the application process.
Suppliers – If you are a third-party who provides products or services to the Foundation you may be asked to create an account on our Workday supplier portal and we may collect the following types of information from you:
- For individual suppliers: name, address, email address, telephone number, citizenship information, visa information, W-9, tax identification numbers, bank account information for payments.
- For organizations that are suppliers: organization name, address, email address and telephone number, W-9, tax identification numbers and bank account information for payments; and
- Other information that you may choose to provide.
Data automatically collected
When you interact with our sites, and subject to applicable consent requirements, we may automatically collect data that is linked to your computer or device, including:
- IP address, the type of browser or device that you are using, referring and exit pages, domain and other system settings and operating system; and
- Information regarding how you interact with the sites including the date and time of your visits, pages visited and links clicked.
Consistent with most websites, and subject to applicable consent requirements for non-essential cookies, we use cookies and pixel tags to collect such activity information. Cookies are small text files used to collect information and pixels are transparent images that allow us to understand how users interact with our Website.
The cookies we use fall into three categories.
Type of Cookie | What it does |
Necessary | Necessary cookies help make the site usable by enabling basic functions like page navigation and access to secure areas of the site. The site cannot function properly without these cookies. |
Functional | Functional cookies record information about the choices you have made and allow us to tailor the site to you. These cookies mean that when you continue to use or come back to the site, we can provide you with our services as you have asked for them to be provided. |
Analytics | Analytics cookies help us understand how our visitors use our sites. These cookies can provide us with information to help us understand which parts of the sites interest our visitors and if they experience any errors. We use these cookies to test different designs and features for our sites and we also use them to help us monitor how visitors reach the sites. We may receive reports based on the use of these technologies. |
Unless otherwise required by law, necessary cookies will be placed when you visit the sites and the other cookies will be placed where you provide opt-in consent. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. If, however, you disable or refuse cookies, please note that some parts of the sites may become inaccessible or not function properly. Please note that browser-management tools for cookies are outside of our control and we cannot guarantee their effectiveness.
Information we receive from third parties
We may receive the following information from third parties:
- Information about your participation in programs, events, activities or social media (e.g., from event organizers providing services to us, event organizers unaffiliated with the Foundation who have rented space in our Center for Social Justice, program leaders or participants, including in annual reports, videos and photographs);
- Information from publicly available sources;
- Service providers, consultants, or vendors providing services to the Foundation;
- Work and qualification information and/or contact information submitted by your employer or organization in connection with a grant or fellowship application or reporting;
- Contact information submitted by your employer or organization in connection with registering as a Foundation supplier through our supplier portal;
- Employment verification (from your previous employer if you provide us with contact information on a grant or fellowship application or in connection with applying for a position);
- Education information (from your previous academic institutions if you provide the names of institutions on a grant or fellowship application or in connection with applying for a position); and
- Reference information (from any references you provided on a grant or fellowship application or in connection with applying for a position).
How we use the data we collect
We may use the personal data you provide us:
- To send email newsletters;
- To process your grant or fellowship applications;
- To administer or run programs, grants, fellowships or events;
- To disburse supplier payments;
- To disburse grant or fellowship funds;
- To respond to your inquiries and/or requests;
- To improve our programs and the efficacy of our grantmaking and operations
- To recommend you or your organization for other fellowships, grants, or other opportunities;
- To solicit grant or fellowship applications;
- For compliance, fraud monitoring and security;
- To provide you information relevant to the programs, grants, fellowship or other activities we think might interest you or your organization;
- To process your employment application, including assessing your qualifications for a job, conducting reference checks, communicating with you about your application and conducting background checks if we offer you a position, as permitted or required by applicable law;
- To send you information regarding changes to our terms and policies; and
- For other purposes disclosed at the time of collection or otherwise compatible with our charitable purposes and applicable law.
We may use data that we collect automatically from our sites:
- To administer, maintain and improve our sites;
- To understand how you found out about us and what services and products may interest you so we can improve our products and services and deliver to you the type of content, features and promotions that you are most relevant to you;
- To understand the demographics of our site visitors;
- To perform data traffic, e-commerce and other trend analyses; and
- For fraud monitoring and prevention and other security purposes.
We may combine this information with data we receive from publicly available sources.
Additionally, we may use your information as we believe to be necessary or allowed: (a) under applicable law; (b) to comply with legal process and our legal obligations; (c) to respond to requests or requirements from public, law and government authorities (including national security and law enforcement requirements) and private parties; (d) to enforce our terms and conditions; (e) to protect our operations; (f) to protect our rights, privacy, safety or property, and/or that of you or others; (g) to allow us to pursue available remedies or limit the damages that we may sustain; (h) to prevent or stop activity we may consider to be, or to pose a risk of being, illegal, unethical, or legally actionable activity; and/or (i) other legitimate purposes such as conducting investigations or responding to governmental or other regulatory requests for information or investigations and for dispute management purposes.
It is always your choice whether to provide your personal data. However, some personal data must be provided to participate in certain programs, activities, or events (such as to sign up for a newsletter, apply for a job, or register to participate in one of our events), so the decision not to provide information might limit or eliminate such functions of our sites or your ability to participate in such programs, activities, or events. Please do not disclose more personal data than is requested.
To the extent required by applicable laws, we will seek your separate consent for collecting and processing your sensitive personal data. “Sensitive personal data” has different definitions under applicable law, but in general includes, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, social security number, driver’s license, or other government issued identification number, financial account, including credit card information. Please do not provide the Foundation any sensitive personal data unless specifically requested and necessary for your interactions with the Foundation.
Sharing your data
We do not sell your personal data. However, we may share your personal data in the following circumstances:
- Within the Foundation: We may share your personal data within the Foundation. A list of our global presence can be found at https://www.fordfoundation.org/our-work-around-the-world.
- Our vendors and service providers: We use a variety of vendors and service providers that help us with our administrative, operational and logistical activities such as maintaining our sites, email and document management, shipping, payment processing, managing our institutional and individual relationships and facilitating programs or events. We require these companies and individuals to use your information only as necessary to provide the applicable services to us.
- Organizational and funding partners, grantees, co-sponsors, co-hosts: We may also occasionally share your personal data with our organizational and funding partners, grantees, or co-sponsors or co-hosts of our programs, activities, initiatives, and events from time to time. Although our treatment of your personal information is governed by this Policy, our partners’, grantees’, co-sponsors’, or co-hosts’ treatment of your personal information will be governed by their respective privacy practices.
- Legal requirements: We may also disclose your personal data when we reasonably believe it is required by law, subpoena or other legal process, including to meet national security or law enforcement requirements, as well as to honor user access rights, as applicable.
- Protection of rights: We may transfer personal information to protect our rights, privacy, safety or property, including our employees, contractors and agents, when we are required or permitted to do so by law.
- At your request: We may transfer information to a third party if you request us to do so.
- Fraud detection: We may disclose information when we believe in good faith that it is necessary to investigate fraud.
Do not track
Some browsers have a “Do Not Track” feature. At this time, the Website does not respond to these Do Not Track requests or similar signals that users may employ.
Links to third-party sites
As a convenience to you, the sites may contain links to other websites or link with other platforms. The Foundation does not control these third-party sites and is not responsible for their privacy practices or content. Unless this Policy is expressly noted as controlling (e.g., our Workday portals), you should refer to the privacy statements of such third-party sites to find out how they collect and use your information.
Social media
We maintain a social media presence, such as a Facebook page, an Instagram page and a Twitter feed. You can interact with us through social media, such as by posting content, sharing material from our sites, and using our social media plug-ins. When you interact with us using social media, we may receive information such as your user ID, your profile picture, photos you post, and similar information, which is often determined by your privacy settings at social media sites. We may use the information for the same types of purposes we describe throughout this Policy. Your use of social media sites is primarily governed by the site operators’ privacy policies and terms of service, and the information you share with us and with others is largely controlled by the privacy settings you have established at those sites.
Your choices regarding your personal data
Any request for a copy of or to delete your Personal Information may be made in writing and we will endeavor to respond within a reasonable period in compliance with applicable data protection legislation. If you wish to review, update, correct, or remove the information we have for you, please email [email protected].
Children under 13 and minors under 18
The Foundation does not knowingly collect information from or about children without verifiable parental consent. If you are a parent or guardian and believe your child under 13 may have provided personal information through the Website, please contact us at [email protected] and we will take all reasonable measures to delete such information from our databases and to not use such information for any purpose (except where necessary to protect the safety of the child or others as required or allowed by law).
The Foundation also does not knowingly collect information from or about minors under the age of 18. Minors under 18 years of age may have the personal information that they provide to us through the Website deleted by sending an email to [email protected] requesting deletion. Please note that, while we make reasonable efforts to comply with such requests, deletion of your personal information does not ensure complete and comprehensive removal of that data from all systems.
International transfers
We may transfer your personal data to the recipients described in this Policy including those recipients located in countries which may have a less stringent standard of data privacy laws compared to those in your country of residence. The Ford Foundation is headquartered in the US but operates globally and has affiliates and offices in countries outside the US. The Foundation will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Policy and where required by applicable law, no transfer of your personal data will take place to an organization or a country unless there are adequate controls in place including the security of your personal data.
Retention Period
We will store your personal data until it is no longer needed to fulfill the purpose(s) for which it was collected or as otherwise required or permitted by applicable law.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Individuals in specific jurisdictions
Individuals in Brazil
If you are a Brazilian resident, your personal data was collected or is being processed in Brazil, you have certain rights relating to your personal data under the applicable Brazilian data privacy laws, including: (i) confirmation of the existence of the processing; (ii) access to the data; (iii) rectification of incomplete, inaccurate, or outdated data; (iv) anonymization, blocking or elimination of unnecessary or excessive data or data processed in noncompliance with the provisions of Brazilian data protection laws; (v) portability of the data to other providers of services or goods, through express request; (vi) elimination of personal data processed with the consent of the data subject, except in the situations provided under Brazilian data protection laws (Section 16 of the Lei Geral de Proteção de Dados (“LGPD”)); (vii) information regarding public and private legal entities with which the controller has performed shared use of data; (viii) information on the possibility of not providing consent and the effects of consent denial; and (ix) withdrawal of consent.
If you would like to request a copy of your personal information being held by us, or request that it is deleted or to update and/or correct your personal information or request that we provide a copy to another data controller of your personal information that you have provided to us, please contact us using the contact information provided in this Policy under the section “How to Contact Us” above. We will need enough information to ascertain your identity as well as the nature of your request. We will aim to respond to your request within 15 days of receipt of the request. Where we were unable to do so within 15 days, we will notify you of the soonest practicable time within which we can respond to your request. There are certain exemptions and restrictions of these rights under the Brazilian data privacy laws that enable personal information to be retained, processed, or withheld from access and we will inform you of these if applicable.
The sections “International Transfers” and “Retention Period” above are also applicable under the Brazilian data protection law.
You can contact our data protection officer by using the contact information provided under the section “How to Contact Us” above.
Individuals in the US and California
California Users – Shine the Light Disclosure
California residents who provide personal information in obtaining products or services for personal, family, or household use are entitled to request and obtain from us once a calendar year information about the customer information we shared with third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. As discussed elsewhere in this Privacy Policy, we do not currently share the personal information of California residents with third parties for their own direct marketing purposes. However, if you have further questions about our privacy practices and compliance with California law, please contact us using the contact information in this Policy.
Individuals in China
In general, as a resident in China, you will have the right to review, make corrections or supplements, and request photocopies of your personal data. You also have the right to request us to cease to collect, use, process or transmit your data. If required by the applicable Chinese law, you have the right to request us to transfer your information to another data controller designated by you. You may contact us using the contact information provided in this Policy under “How to Contact Us” for more information on your privacy rights under the applicable Chinese laws or to exercise your rights.
Individuals in Colombia
In accordance with the provisions of the Colombian personal data protection regime, if you reside in Colombia, you have the following rights:
Data Subject Rights
You have the following rights under Colombian data protection law (Article 8 of Law 1581 of 2012):
- To know, update and rectify your personal data, processed by a data controller or data processor. This right can be exercised, among other, regarding partial data as well as in respect to data that is incomplete or fragmented, incorrect, or those whose processing is expressly forbidden or has not been authorized;
- To request proof of the authorization granted to the data controller, unless authorization for the processing is not required (in accordance with the provisions of Article 10 of Law 1581 of 2012);
- Be informed by the data controller or the data processor, upon request, regarding the processing of your personal data;
- To file complaints with the Superintendency of Industry and Commerce for violations of the provisions of the data protection regime:
- To revoke the authorization and/or request the deletion of the data when the principles, rights and constitutional and legal guarantees are not respected in the processing of the data; and
- To access, free of charge, your personal data that has been subject to processing.
Procedure for Data Subjects to Exercise Their Rights
As a data subject, you may exercise your rights by using the contact details under section “How to Contact Us” above in the following manner:
- You will be able to make enquiries to request evidence of the authorization, information about the data that has been collected and to understand the processing of the data.
The data subject, representatives and/or attorneys may file enquiries regarding the personal data kept in the Foundation’s databases in accordance with the following rules:
The request will be analyzed to verify the identification of the data subject. If the request is made by a person other than the data subject and the capacity of such person is not verified in accordance with the laws in force, the request will be rejected.
All inquiries will be resolved within a maximum of 10 business days as from the date of receipt of the inquiry. If it is not possible to answer the inquiry within this time, the interested party will be informed, providing the reasons for the delay and providing a date in which the inquiry will be answered (which cannot exceed 5 business days after the expiration of the original period of time).
- You will be able to file request (i.e. claims) for the update, correction, deletion or revocation of the authorization.
A data subject who considers that the data contained in the Foundation’s databases must be subject to correction, update, or deletion, or notice any alleged breach of any of the duties, may file a claim according to the following rules:
The request will be analyzed to verify the data subject’s identification. If the request is made by a person other than the data subject and the representation is not verified in accordance with the regulations in force, the request will be rejected.
The claim must contain the following information: (i) the identification of the data subject; (ii) the data subject’s contact details (physical e.g., home address and/or electronic address e.g., email and contact phone numbers); (iii) the documents proving the identity of the data subject, or their representation; (iv) a clear and precise description of the personal data regarding which the data subject seeks to exercise any of their rights; (v) the description of the facts that led to the claim; (vi) the documents that they intend to enforce; (vii) a signature and identification number.
If the claim is incomplete, the Foundation will request the data subject/interested party to rectify the claim, within five (5) days after the receiving the claim. If the applicant has not provided the information required within two months, the Foundation will conclude that he / she has suspended the claim.
Once the complete claim has been received, a note saying “claim being processed” will be included in the database together with the reason within no more than 2 business days. This note will be left in place until the claim is resolved.
The maximum time within which the Foundation will answer the data subject’s claim will be fifteen 15 business days from the day after the date the claim is received. When it is not possible to answer the claim within that timeframe, the Foundation will communicate the reasons for the delay to the relevant interested party together with the date in which the claim will be answered. This will not exceed eight (8) business days after the expiration of the first deadline.
Individuals in Egypt
If you are an Egyptian citizen or a resident in Egypt, you have certain rights relating to your personal data under the applicable data privacy laws, including to: (i) know, view, have access and obtain your personal data; (ii) refrain from your prior approval to retain or process your personal data; (iii) correct, modify, delete, add or update your personal data; (iv) specify the processing of your personal data within a defined scope; (v) know of any breach or violation occurred with regards to your personal data; and (vi) object to the processing of your personal data or its results whenever they contradict with your fundamental rights and freedoms.
As discussed in this Policy, your personal data will not be retained for a period longer than the period necessary to fulfill its intended purpose. We shall delete any Personal Data in our possession upon the satisfaction of the designated purpose. Further, in case of retention of such data for any legitimate reason after the satisfaction of its purpose, the data shall be retained in a form that does not allow the identification of the Data Subject.
The Foundation does not knowingly collect information from or about children without verifiable parental consent. If you are a parent or guardian and believe your child under 18 may have provided personal information through the Website, please contact us at [email protected] and we will take all reasonable measures to delete such information from our databases and to not use such information for any purpose (except where necessary to protect the safety of the child or others as required or allowed by law).
The Foundation also does not knowingly collect information from or about minors under the age of 21. Minors under 21 years of age may have the personal information that they provide to us through the Website deleted by sending an email to [email protected] requesting deletion. Please note that, while we make reasonable efforts to comply with such requests, deletion of your personal information does not ensure complete and comprehensive removal of that data from all systems.
Individuals in Indonesia
If you are a resident in Republic of Indonesia you have the certain rights relating to your personal data under the applicable Indonesian data privacy laws, including to: (i) request correction or erasure of personal data about you that is inaccurate; (ii) request the erasure of your personal data; (iii) request for access on your historical personal data which has been provided to us; and (iv) make a complaint to a supervisory authority.
If you would like to request a copy of your personal data being held by us, or request that it is deleted or to update and/or correct your personal data or request that we provide a copy to another data controller of your personal data that you have provided to us, please contact us using the contact information provided in this Policy under the section “How to Contact Us”. We will need enough information to ascertain your identity as well as the nature of your request. We will aim to respond to your request within one calendar month of receipt of the request. Where we were unable to do so within the calendar month, we will notify you of the soonest practicable time within which we can respond to your request (and within three months from the date of your request). There are certain exemptions and restrictions of these rights under Indonesian data privacy laws that enable personal information to be retained, processed, or withheld from access and we will inform you of these if applicable.
Transfers
If we transfer your personal data from Indonesia to overseas, we will do so in accordance with the Ministry of Communication and Information-Technology of Republic of Indonesia (“MCIT”) i.e., ensuring that applicable Indonesian laws and regulations on cross border personal data exchange are implemented.
Retention
Personal data kept in any applicable electronic systems will be encrypted and kept for at least five years (unless otherwise required by applicable Indonesian laws/regulations). If you are no longer a user of the Foundation’s services, under Indonesian laws, the Foundation is required to retain your personal data for at least five years (calculated from the date that your use of the Foundation’s services ends).
Breaches
Where there is a personal data breach, where applicable, you will be notified in writing with reasons for the failure within 14 days of the Foundation becoming aware of the breach. Such notification may be provided to you online or via e-mail if you have previously agreed to these methods.
Individuals in Kenya
Under Kenyan law, data relating to a person’s gender/sex is sensitive personal data and requires a higher threshold of protection. The Foundation will therefore obtain your consent when collecting and processing data related to your gender/sex and other sensitive personal information as noted above.
In general, as a resident in Kenya, you will have the right to review, make corrections or supplements, and request photocopies of your personal data. You also have the right to request us to cease to collect, use, process or transmit your personal data, to object to the processing of any of your personal data or to request for the deletion of false or misleading data about you. If required by the applicable Kenyan law, you have the right to request us to transfer your information to another data controller designated by you. You may contact us using the contact information provided in this Policy under “How to Contact Us” above for more information on your privacy rights under the applicable Kenyan laws or to exercise your rights. We will consider and respond to your request as required or permitted by law.
Individuals in Mexico
Access, Rectification, Cancellation and Opposition (ARCO) Rights and Consent
At any time, you have the right to revoke your consent for us to transfer and/or process your personal data, as well as the right to limit its use or disclosure. In order to exercise these rights, please contact us and our Data Protection Officer (“DPO”) using the contact details under section “How to Contact Us” above. Please provide clear details of your request. If you do choose to exercise these rights, you agree that we will be unable to consider you for any employment vacancy, grants or fellowships, events or programs, on our Website or otherwise.
Where applicable under Mexican laws, we will obtain your express and written consent to process any sensitive personal data.
If personal information we hold about you, is incorrect, please contact us and our Data Protection Officer (“DPO”) using the email address provided under section “How to Contact Us” above. Please note that you will be able to use this email address to exercise all your rights under the Federal Law on the Protection of Personal Data, including your ARCO rights, as well as providing any updates to your personal data.
In summary, the procedure you need to follow to exercise your ARCO rights:
- Please email us using the email address provided under section “How to Contact Us” above (at office-of-[email protected]) stating: (i) the ARCO right you wish to exercise; and (ii) the date, manner and place through which you provided to us your personal data.
- Attach (i) a copy of your official ID (where you are acting on your own behalf); or copy of the public deed containing the power of attorney of your legal representative as well as copy of his/her official ID; and (ii) the email address to which you wish to receive a response.
- Your request will be answered within a period of no more than 20 days after the receipt of your request through a written notice that will be sent to the address that you will have provided in your request, or to your preferred email address. Where possible and appropriate, we will process your request within no more than 15 days after your request has been accepted (within applicable business hours).
Individuals in South Africa/Nigeria
If you are a resident in South Africa or Nigeria you have the certain rights relating to our personal information under the applicable South African and Nigerian data privacy laws, including to: (i) check whether we hold personal data about you and to access such information (subject to applicable laws); (ii) request correction or erasure of personal data about you that is inaccurate; (iii) object to the processing of your personal data; and (iv) make a complaint to a supervisory authority in your country of residence or to our home supervisory authority.
If you would like to request a copy of your personal information being held by us, or request that it is deleted or to update and/or correct your personal information or request that we provide a copy to another data controller of your personal information that you have provided to us (where technically feasible), please contact us using the information in the “How to Contact us” section of the Policy. We will need enough information to ascertain your identity as well as the nature of your request. We will aim to respond to your request within one calendar month of receipt of the request. Where we were unable to do so within the calendar month, we will notify you of the soonest practicable time within which we can respond to your request (and within three months from the date of your request). There are certain exemptions and restrictions of these rights under the South African/Nigerian data privacy laws that enable personal information to be retained, processed or withheld from access and we will inform you of these if applicable.
Regarding international transfers, please contact us using the information in “How to Contact Us” section above if you want further information on the specific mechanism used by us when transferring your personal data out of South Africa/ Nigeria (as applicable).
In South Africa, in appropriate circumstances, we may retain information for a longer period than what is permitted under section 14(1) of the Protection of Personal Information Act, such as where this is necessary for historical, statistical or research purposes, with due compliance of additional safeguards applicable to such information.
Changes to This Policy
We may update portions of this Policy from time to time and will alert you that changes have been made by indicating on the Policy the date it was last updated. You can find the date of the last update at the top of the Policy. When you visit this Website, you are accepting the current version of this Policy as posted on the Website at that time. We recommend that you revisit this Policy on occasion to learn of any changes.