Human Rights Watch Privacy Statement July 23, 2019
What is this Privacy Statement?
This Privacy Statement sets out Human Rights Watch, Inc.’s information processing practices in relation to you and your personal data and applies when we collect and process personal data from you through our website and mobile applications. It explains Human Rights Watch’s information processing practices and describes your rights regarding your personal data.
Who is responsible for your information?
"Human Rights Watch" or "HRW" refers to Human Rights Watch, Inc., and its various parts around the world, including its affiliated charities, branch offices and other registered entities (also referred to as "we", "us", or "our").
When and how do we collect your information?
Human Rights Watch collects personal data about you when you:
- Visit our website or use an HRW mobile app;
- Make a donation;
- Volunteer;
- Register for an HRW event;
- Engage in a campaign by signing an online petition;
- Made an inquiry;
- Subscribe to an online publication; or
- Apply for employment.
What personal data do we collect?
We may collect some or all of the following types of information including:
- Personal data. Our websites may collect personal data, information that either directly identifies you or could reasonably be used to identify you. Examples of personal data include your name, contact information, email address, and other information in combination with such identifiers.
- Mobile devices information. If you access our websites on your mobile telephone or mobile device, we may also collect your unique device identifier and mobile device IP address, as well as information about your device's operating system, mobile carrier and your location information. We may also ask you to consent to providing your mobile phone number (for example, so that we can send you push notifications).
- Other information. In some instances, we automatically collect other basic information about you which does not directly identify you, but which may correspond with you or a particular device. We use this information to learn more about how our website is used and to otherwise improve and administer the site. Automated technologies may include the use of web server logs to collect IP addresses, "cookies" and web beacons. Further information about our use of cookies can be found below in the Cookies and other tracking technologies section at the end of this Statement.
Social media:
You can engage with us through social media websites or through features such as plug-ins or applications on Human Rights Watch websites that integrate with social media sites. You may also choose to link your account with us to third party social media sites. When you link your account or engage with us on or through third-party social media sites, plug-ins, or applications, you may allow us to have ongoing access to certain information from your social media account (e.g., name, e-mail address, photo, gender, birthday, the posts or the 'likes' you make).
If you post information when you interact with our websites through social media sites, plug-ins or other applications, depending on your privacy settings, this information may become public on the Internet. You can control what information you share through privacy settings available on some social media sites. For more information about how you can customize your privacy settings and how third party social media sites handle your personally identifiable information, please refer to their privacy help guides, privacy notices and terms of use.
How do we use your personal data?
We use the personal data you provide to us to:
- Provide you with personalized service;
- Operate our website and understand its use, for statistical purposes (number of site visits, average time visitors spend at the site, etc.) and security purposes;
- Manage and process inquiries, registrations, donations and other interactions with you;
- Send you information you have requested or consented to receiving such as newsletters, breaking news, and other information regarding relevant Human Rights Watch Activities.
With whom do we share your personal data?
We do not sell, share, or otherwise disclose the information we collect through our website and mobile applications, except as provided in this Privacy Statement.
We may share your personal data with other Human Rights Watch entities, divisions, and branch offices to serve you, including for the activities listed in this statement.
We may share your personal data with our affiliates and third-party organizations which we feel could be of interest to you, provided you agree to such sharing and such sharing is legal under applicable law. Please see the section on Your choices regarding your information below if you wish to have your information shared this way.
We may disclose information to third parties who provide us with various business services, including monitoring and maintaining the websites and with whom we are working to provide you with services or information. We may also disclose information we collect in special cases, including when we have a reason to believe that such disclosure is necessary to identify, contact, or bring a legal action against someone who may be causing injury to or interference with our rights and property or those of any other person. We may also disclose information when we believe the law requires it and in any situation that involves threats to any person’s physical safety. When required by law, such sharing of information will be subject to an agreement with each such service provider, requiring such service provider to comply with data protection requirements.
We may disclose personal data (i) if we are required to do so by law, legal process, statute, rule, regulation, or professional standard, or to respond to a subpoena, search warrant, or other legal request; (ii) in response to law enforcement authority or other government official requests; (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss; (iv) in connection with an investigation of suspected or actual illegal activity; or (v) in the event that Human Rights Watch is dissolved or otherwise reorganized. Disclosure may also be required for audits or to investigate a complaint or security threat.
Further information about our use of cookies and similar technologies can be found below in the Cookies and other tracking technologies section at the end of this Statement.
Legal requirements and business transfers
We may disclose personal data (i) if we are required to do so by law, legal process, statute, rule, regulation, or professional standard, or to respond to a subpoena, search warrant, or other legal request; (ii) in response to law enforcement authority or other government official requests; (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss; (iv) in connection with an investigation of suspected or actual illegal activity; or (v) in the event that Human Rights Watch is dissolved or otherwise reorganized. Disclosure may also be required for audits or to investigate a complaint or security threat.
Do we transfer your personal data across national borders?
We are a global organization and may transfer certain personal data across geographical borders to Human Rights Watch entities, authorized service providers or business partners in other countries working on our behalf in accordance with applicable law. Our affiliates and third parties may be based locally or they may be in other countries, some of which have not been determined by the European Commission to have an adequate level of data protection.
When we do, we use a variety of legal mechanisms to help ensure your rights and protections travel with your data:
- we ensure transfers within Human Rights Watch are covered by agreements based on the EU Commission's standard contractual clauses, which contractually oblige each member to ensure that personal data receives an adequate and consistent level of protection wherever it resides within Human Rights Watch;
- where we transfer your personal data outside Human Rights Watch or to third parties who help provide our services, we obtain contractual commitments from them to protect your personal data. Some of these assurances are well recognized certification schemes like the EU - US Privacy Shield for the protection of personal data transferred from within the EU to the United States, or the standard contractual clauses; or
- where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal data is disclosed.
Examples of countries to which we transfer personal data include, but are not limited to, the United States, the United Kingdom and India.
If you would like further information about whether your information will be disclosed to overseas recipients, please contact us as noted below. You also have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments, which may be redacted for reasons of commercial confidentiality) to ensure the adequate protection of your personal data when this is transferred as mentioned above.
Do we collect information from children?
Our website is not intended for children under 16 years of age. We do not knowingly collect personal data from an individual under age 16. If you are under the age of 16, please do not submit any personal data through the website. If you have reason to believe that we may have accidentally received personal data from an individual under age 16, please contact us immediately at privacy@hrw.org.
Your choices regarding your information
You may update, correct, or change your information by contacting us at privacy@hrw.org or by following the instructions below in this Privacy Statement. You may also choose not to receive marketing communications from us by clicking on the unsubscribe link or other instructions in our marketing e-mails or contacting us as noted below.
With respect to cookie-based advertising, please be aware that the Digital Advertising Alliance maintains a website where consumers can opt out from receiving interest-based advertising from some or all of the network advertising companies participating in the program (www.AboutAds.info/choices/).We offer certain choices about how we communicate with you and what personal data we obtain about you and share with others. When you provide us with personal details, if we intend to use those details for marketing purposes, we will provide you with the option of whether you wish to receive promotional e-mail, SMS messages, telephone calls and postal mail from us. At any time, you may opt out from receiving interest-based advertising or marketing from us by contacting us.
How can you update your communication preferences?
We take reasonable steps to provide you with communication about your information. You can update your communication preferences in the following ways.
- Newsletters. If you request electronic communications, such as an e-newsletter, you will be able to unsubscribe at any time by following the instructions included in the communication.
- Mobile devices. If you previously chose to receive push notifications on your mobile device from us but no longer wish to receive them, you can manage your preferences either through your device or the application settings. If you no longer wish to have any information collected by the mobile application, you may uninstall the application by using the uninstall process available on your mobile device.
- E-mail. Contact us by e-mail privacy@hrw.org or postal address 350 Fifth Avenue, 34th Floor, New York, New York 10118. Please include your current contact information, the information you are interested in accessing and your requested changes.
How long do we retain your personal data?
How long we retain your personal data depends on the purpose for which it was obtained and its nature. We will keep your personal data for the period necessary to fulfill the purposes described in this Statement unless a longer retention period is permitted or required by law. In specific circumstances we may store your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.
Do we have security measures in place to protect your information?
Human Rights Watch takes steps to protect your information from unauthorized access. We implemented a SSL certificate and enforced https traffic on our site. All data transmitted to and from our website, are encrypted to provide an additional level of security. You can read more about the security measures taken by our third-party vendor, Engaging Networks, who provides the following services for HRW: online advocacy, event registration and donation pages, and email message deployment.
While we take reasonable measures to protect the information you submit via the website against loss, theft, and unauthorized use, disclosure, or modification, we cannot guarantee its absolute security. No internet, email, or mobile application transmission is ever fully secure or error free. Email or other messages sent through the website may not be secure. You should use caution whenever submitting information through email or the website and take special care in deciding which information you provide us.
Are we responsible for the websites to which we link?
We are not. HRW does not endorse and is not responsible for the content of third-party websites or resources, and our privacy statement does not apply to any sites that are not affiliated with HRW, even if you access them via a link on our site. You should review the privacy policies of any third-party site before providing any information.
General Data Protection Regulation
We only collect and process your personal data if we have a legal basis which include:
- Legitimate interest. We process your personal data based on our legitimate interests in communicating with you and managing your interactions with you.
- Compliance with applicable laws or performance of a contract. We process your personal data as necessary for the performance of a contract or as necessary for us to comply with a relevant legal obligation (e.g. where we are required to make disclosures to courts or regulators.)
- Public interest. We process your personal data for the performance of a task carried out in the public interest (e.g., the tracking of human rights violations.)
- Consent. In limited circumstance we will use your consent as the basis for processing special categories of information or prior to sending you electronic communications.
EU Data Subject Rights
If you are an EU Data Subject, you have the following rights of this EU Data Subject Rights section. To exercise these rights, please email us at privacy@hrw.org with a description of your request.
- Right to Access. You have right to access personal data that Human Rights Watch holds about you.
- Right to Rectification. You have a right to request us to correct your personal data where it is inaccurate or out of date.
- Right to be Forgotten (Right to Erasure). You have the right, under certain circumstances, to have your personal data erased. Your information can only be erased if your data is no longer necessary for the purpose for which it was collected, and we have no other legal ground for processing the data
- Right to Object to Processing. You have the right to object to the processing of your personal data at any time, on legitimate grounds, except if otherwise permitted by applicable law, or to lodge a complaint with a supervisory authority. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
- Right to Restrict Processing. You have the right to restrict the processing of your personal data, but only where:
- its accuracy is contested, to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- you have objected to processing of your data, and verification of overriding grounds is pending.
- Right to Data Portability. You have the right to data portability, which requires us to provide personal data to you or another controller in a commonly used, machine readable format, but only where the processing of that information is based on (i) your consent; or (ii) the performance of a contract to which you are a party.
- Right to Decline Automated Decision Making. You have the right to not be subject to decisions based solely on automated decision making, which produce legal or significant effects for you, except where these are (i) necessary for a contract to which you are a party; (ii) authorized by law; (iii) based on your explicit consent.
Even where such decisions are permitted, you can contest the decision and require Human Rights Watch to exercise human intervention.
We currently do not use automated decision making (including automated decision making using profiling) when processing your personal data. If we ever use an automated decision-making solution, you have a right to request that a decision based off your personal data cannot be solely decided via an automated process.
Your California Privacy Rights
Section 1798.83 of the California Civil Code permits California residents to request from a business, with whom the California resident has an established business relationship, certain information about the types of personal data the business has shared with third parties for those third parties' direct marketing purposes and the names and addresses of the third parties with whom the business has shared such information during the immediately preceding calendar year. You may make one request each year by emailing us at privacy@hrw.org or by writing us at Human Rights Watch 11500 W. Olympic Blvd., Suite 608 Los Angeles, CA 90064 USA.
Cookies and other tracking technologies
We use cookies, other tracking technologies, and third-party analytics tools to better understand who is using the website and how people are using it. These tools collect information sent by your device or the website and other information that assists us in improving the website. This information may be used to analyze and track data, determine the popularity of certain content, and better understand your online activity, among other things.
1. Third party analytics tools
- Google Analytics allows us to better understand who is using the website and how people are using it. Google Analytics uses cookies to collect and store information such as website pages visited, places where users click, time spent on each website page, Internet Protocol address, type of operating system used, location-based data, device ID, search history, gender, age, and phone number. Please see http://www.google.com/policies/privacy/partners/ for information about how Google Analytics uses this information, and visit https://tools.google.com/dlpage/gaoptout for information about the Google Analytics Opt-out Browser Add-on. Google may track your activity over time and across websites.
- Chartbeat provides real-time analytics to web sites and blogs. The interface tracks visitors, load times, and referring sites on a minute-by-minute basis. We use this information to improve the website. Please see https://chartbeat.com/privacy for information about how Chartbeat uses this information. Chartbeat may track your activity over time and across websites.
2. Cookies, Web beacons, and other technologies
We, along with third-parties, use cookies, local storage objects, Web beacons and other technologies. These technologies are used for tracking, analytics and personalization and optimization of the website. We use cookies and other tracking technologies on the website to help us understand and save your preferences and interests so we can personalize your future visits and compile aggregate data about website traffic and website interaction so that we can offer better website experiences and tools in the future.
- Cookies are small files that are transferred to and stored on your computer through your Web browser (if you allow it) that enable the website’s or service provider’s system to recognize your browser and capture and remember certain information. You can instruct your browser to stop accepting cookies. But if you do not accept cookies, you may not be able to use all portions of all functionality of the website. Persistent cookies remain on the visitor’s computer after the browser has been closed. Session cookies exist only during a visitor’s online session and disappear from the visitor’s computer when they close the browser software. Flash cookies (also known as local shared objects) are data files that can be created on your computer by the websites you visit and are a way for websites to store information for later use. Flash cookies are stored in different parts of your computer from ordinary browser cookies. You can disable the storage of flash cookies. For additional information about managing and disabling flash cookies, please visit http://helpx.adobe.com/flash-player/kb/disable-local-shared-objects-fla….
- Web beacons are small strings of code that provide a method for delivering a graphic image on a Web page or in an email message for the purpose of transferring data. You can disable the ability of Web beacons to capture information by blocking cookies.
3. Third party service providers and business partners
We may disclose your information to service providers we have retained (as processors) to perform services on our behalf (either in relation to services performed for our clients, or information which Human Rights Watch uses for its own purposes, such as marketing). These service providers are restricted from using or disclosing the information except as necessary to perform services on our behalf or to comply with legal requirements. These activities could include any of the processing activities that we carry out as described in the above section, How do we use your personal data?
Information collected from other Websites and mobile applications and Do Not Track policy
Your browser or device may offer you a "Do Not Track" option, which allows you to signal to operators of websites, web applications, mobile applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and/or across different websites or applications. Our website does not support Do Not Track requests at this time, which means that we or our analytics providers or other third parties with which we are working may collect information about your online activity both during and after your use of the website.
Contact us
If you have any questions, would like further information about our privacy and information handling practices, would like to discuss opt-outs or withdrawing consent, or would like to make a complaint about a breach of the Act or this Statement, please contact us at this address: privacy@hrw.org. or by mail sent to 350 Fifth Avenue, 34th Floor, New York, New York 10118 United States, Attention: Operations
Changes to this Statement
We may update this Statement from time to time. When we do, we will post the current version on this site, and we will revise the version date located at the bottom of this page.
We encourage you to periodically review this Statement so that you will be aware of our privacy practices.
This Statement was last updated on July 23, 2019.
This Statement replaces the Privacy Statement dated May 25, 2018.