Last updated February 2021
As a nonprofit organization engaged in the provision of services to our community, Community For Global Innovation Inc. (the “Nonprofit”), is committed to protecting the privacy of confidential and personal information, including personal data relating to individuals who may be clients, staff, agents, lawyers, students, job applicants, volunteers or others inside or outside the Nonprofit. The policy of the Nonprofit is to comply with any applicable rules of professional conduct which impose a duty to preserve and protect confidential client information upon associated personnel.
This Privacy Statement is intended to summarize the Nonprofit’s data protection practices generally, and to advise its clients, interested students, job applicants, website visitors, volunteers, and other third parties about the Nonprofit’s privacy policies that may be applicable to them.
This Privacy Statement is specifically addressed to parties outside the Nonprofit who: (1) provide personal information, including but not limited to information that identifies you as an individual or relates to an identifiable person, such as name, postal address, telephone number, email address, etc. (“Personal Information”) to the Nonprofit; or (2) who visit or use the Nonprofit’s website at cfgi.world (“Website”).
Our Collection of Personal Information
The Nonprofit only collects Personal Information that is voluntarily provided. Any Personal Information that we collect is provided to us by you, or by a third-party who you have authorized to provide us with your Personal Information.
Providing Personal Information about Others
If you provide the Nonprofit with Personal Information about third parties, you warrant to the Nonprofit that any Personal Information that you provide to the Nonprofit about any third parties was obtained by you with full consent, and that the individual has not communicated to you that they wish to opt out of receiving communication from the Nonprofit or having the Nonprofit collect information about him or her or them.
The Website is hosted and operated in the United States (“U.S.”). By using the Website, you acknowledge that any Personal Information about you, regardless of whether provided by you or obtained from a third party, is being provided to the Nonprofit in the U.S. and will be hosted in the U.S.
Use and Disclosure of Personal Information
If you do provide Personal Information to the Nonprofit, the Nonprofit may use that Personal Information to:
Provide you with services, if you are or become a client of the Nonprofit, and/or respond to any requests or inquiries you may have;
Invite you to seminars, panel events, conferences and other engagements;
Contact you (unless you tell us that you prefer us not to) regarding immigration developments that may be of interest to you;
Carry out, monitor and analyze our business or Website operations;
Collect anonymous traffic data and geographic location, derived from your IP address, and perform web analytics by using software and cookies;
Enter into or carry out contracts of various kinds; and
Comply with any applicable laws or regulations.
We do not disclose any Personal Information to unrelated parties outside of the Nonprofit, except to our agents or data processors or other contractors acting on our behalf and at our direction, subject to appropriate confidentiality, privacy and information security commitments provided by the receiving party; where we believe it necessary to provide a service which you have requested; as permitted or required by law; or as otherwise authorized or directed by you.
We reserve the right to disclose Personal Information that we believe to be necessary or appropriate in the following circumstances:
As required by law, such as to comply with a subpoena, or similar legal process;
When we believe in good faith that disclosure is necessary to protect the Nonprofit’s rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
To enforce the Nonprofit’s Terms of Service or other contract, to the extent any is applicable; and
To allow the Nonprofit to pursue available remedies or limit the damage it may sustain.
Confidentiality of Client Information
Consistent with its professional obligations, the Nonprofit’s policy is to exercise the utmost discretion regarding the information our clients entrust to us. The Nonprofit accepts and processes client information in a manner that is always subject to the client’s direction and control, and the Nonprofit maintains reasonable and appropriate, although not infallible, security precautions. It never purposefully trades, sells or shares your information with any unrelated parties except as necessary or appropriate to conduct the Nonprofit’s legal and business activities; subject to appropriate confidentiality, privacy and information security commitments provided by the receiving party; to further your interests; or as permitted or required by law, or as authorized or directed by you. Please feel free to raise any questions, concerns or specific directions you may have regarding the privacy and security of your information to to email@example.com.
Client Credit Card Information
Legitimate Business Interest under the GDPR
Specifically for EU data subjects visiting our Website, we collect your Personal Information in furtherance of our legitimate interest to carry out our business in favor of the well-being of the Nonprofit. Our use of your Personal Information is based on the legitimate grounds that:
The use is necessary in order to fulfill our commitments to you under our Terms of Service or applicable client fee agreements;
The use is necessary in order to protect your vital interests or those of another person or entity;
We have a legitimate interest in using your information – for example, to provide and update our Website or Services, to improve our Website or Services so that we can offer you an even better user experience, to safeguard our Website or Services, to communicate with you, to measure, gauge, and improve the effectiveness of our advertising, and better understand user retention and attrition, to monitor and prevent any problems with our Services, and to personalize your experience; and/or
You have given us your consent.
Your Privacy Rights under the GDPR
The GDPR includes the following rights for EU data subjects who provide their information to the Nonprofit in connection with our provision of legal services or when visiting our Website:
The right to be informed about how we store, use, or share your data;
The right to access your data;
The right to rectify your data;
The right to have us erase your data;
The right to prevent us from processing your data;
The right to request copies of your data from us in a commonly-used and machine-readable format, free of charge, for the purposes of transfer to a third party, where technically feasible;
The right to object to use or sharing of your data; and
The right not to be subject to automated decision-making, including profiling.
If you have any questions about these rights, you may contact us at firstname.lastname@example.org.
With the exception of processing payments, for which third party payment processors are the Payments Data Controllers; the Nonprofit is the “data controller,” as defined under the GDPR, or the legal entity which determines the purposes and means of the processing of personal data of the clients of the Nonprofit and visitors to its Website. The Nonprofit is responsible for collecting your consent, managing consent-revoking, enabling right to access, etc. If you wish to revoke consent for us to store, use, or share your personal data, you may contact us at email@example.com.
Data Processor. The Nonprofit is the “data processor,” as defined under the GDPR, or the legal entity which processes your personal data. The Nonprofit maintains records of any processing activities it performs, and is able to show how the Nonprofit complies with data protection principles under the GDPR. It has effective policies and procedures in place.
To opt-out of certain advertising cookies, you may wish to visit the Network Advertising Initiative (NAI) website by clicking here.
Social Media Features and Widgets
Links to Other Websites
Do Not Track Signals
The Nonprofit does not knowingly collect, maintain or process Personal Information submitted online by anyone under the age of 18. If you are under 18, please do not attempt to send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under age 18, we will delete that information as quickly as possible. If you believe that a child under 18 may have provided us with Personal Data, please contact us at firstname.lastname@example.org.
The Nonprofit maintains reasonable and appropriate physical, electronic and procedural safeguards intended to maintain the confidentiality of Personal Information provided by a visitor to this Website. The Nonprofit does not guarantee that these safeguards will always work or that its security measures are infallible.
The Nonprofit has internal policies and procedures in place to effectively detect, report, and investigate a data breach. The GDPR defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.” The Nonprofit will notify you of a personal data breach where the personal data breaches are likely to present a risk to data subjects to data protection authorities (“DPAs”) without undue delay, and within 72 hours if feasible, after becoming aware of the breach; and communicate high-risk breaches to affected data subjects without undue delay. The Nonprofit will provide you with: (i) contact details of the Data Protection Officer (DPO) or other contact person, (ii) a description of the nature of the breach, (iii) likely consequences of the breach, (iv) measures the organization has taken or proposes to take to address the breach, and (v) advice on steps that EU data subjects can take to protect themselves.
Data Protection Officer
The Nonprofit is not formally required to designate a Data Protection Officer (“DPO”) because it is not: (1) a public authority; (2) an organization that carries out regular and systematic monitoring of individuals on a large scale; or (3) an organization that carries out large scale processing of special categories of data, such as health information or information about criminal convictions. Nonetheless, the Nonprofit voluntarily elects to appoint Sophie M. Alcorn as the DPO for this Nonprofit. Ms. Alcorn is responsible for data protection compliance and can answer any questions you may have about your Personal Information. She may be reached at email@example.com.
Our Response to Your Requests
If you make any requests regarding your Personal Information, we will not charge you for compliance with the request. The Nonprofit will respond and comply within one month. The Nonprofit reserves the right to refuse or charge for requests that are manifestly unfounded or excessive. If we refuse your request, we will tell you why we are refusing your request. You have the right to complain to the relevant supervisory authority and to a judicial remedy, but you must do so within one month of our refusal.
Complaints. Without prejudice to any other administrative or judicial remedy, every EU data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement of the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
Data Protection Impact Assessment (DPIA)
Please Note: The Nonprofit is not required to undergo a DPIA because data processing is not likely to result in a high risk to data subjects, such as in cases where: (1) new technology is being deployed; (2) profiling operations may significantly affect individuals; or (3) processing is on a large scale and involves special categories of data.
Your California Privacy Rights
Under California Civil Code Section 1798.83, California clients and Website visitors are entitled to request information relating to whether a business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. Section 1798.83 is not applicable to the Nonprofit, as the Nonprofit has less than 20 employees. Nevertheless, if you have any questions or concerns, please let us know by emailing us at firstname.lastname@example.org.
Consultants, Suppliers and Vendors
In order to support its provision of legal services to its clients, from time to time, the Nonprofit may maintain business information about prospective or ongoing consultants, suppliers, and vendors. The Nonprofit uses this information for internal purposes and does not share this data with unrelated third parties. The Nonprofit requires consultants, suppliers, and vendors to maintain data protections consistent with reasonable and appropriate obligations of data processors. Any prospective consultants, suppliers, or vendors with questions about our policies and expectations should contact email@example.com.
If you change your mind about receiving information from us or have any questions or concerns about the use of information volunteered by you, please send us a request specifying your new choice. Please contact us at firstname.lastname@example.org.
Additionally, you may reach us by postal mail at:
Community For Global Innovation Inc.
PO Box 391600, Mountain View, CA 94039