GDPR Compliance Statement
The EU General Data Protection Regulation (“GDPR”) comes into force across the European Union on May 25, 2018 and brings with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.
The 21st Century brings with it broader use of technology, new definitions of what constitutes personal data and a vast increase in cross-border processing. The new Regulation aims to standardise data protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.
The EastWest Institute values your privacy and is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always maintained a robust and effective data protection program which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the GDPR.
The EastWest Institute is dedicated to safeguarding the personal information under our remit and in maintaining a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new GDPR regulation.
How We are Preparing for the GDPR
The EastWest Institute already has a consistent level of data protection and security across our organization; however it is our aim to be fully compliant with the GDPR by May 25, 2018.
Our preparation includes:
Information Audits - carrying out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed.
Policies & Procedures - revising data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including:
Data Protection – our main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.
International Data Transfers & Third-Party Disclosures – where EastWest Institute stores or transfers personal information outside the EU, we have robust procedures and safeguarding measures in place to secure, encrypt and maintain the integrity of the data.
Direct Marketing - we have revised the wording and processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials.
Data Subject Rights
In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide easy-to-access information via our website of an individual’s right to access any personal information that EastWest Institute processes about them and to request information about:
What personal data we hold about them
The purposes of the processing
The categories of personal data concerned
The recipients to whom the personal data has/will be disclosed
How long we intend to store your personal data for
If we did not collect the data directly from them, information about the source
The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
The right to lodge a complaint or seek judicial remedy and who to contact in such instances
Information Security & Technical and Organisational Measures
The EastWest Institute takes the privacy and security of individuals and their personal information very seriously and takes every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures, including:
Information Collection & Use
In order to use certain parts of the EastWest Institute website, you may need to first complete a registration form to create a username and/or password. During registration you may need to provide contact information. We may use this information to contact you. Any time we do so, we will provide you with clear instructions should you choose not to receive information from us.
Occasionally, we may provide you the opportunity to participate in surveys on our site. Participation in these surveys is completely voluntary. We use survey results to further improve this site and its content as well as to enhance our communications with our audiences.
We may use third-party service providers that are verified as GDPR compliant to conduct surveys. Those companies will be prohibited from using our users' personally identifiable information for any other purpose than what has been identified above. We will not share the personally identifiable information you provide through a survey with third parties unless we give you prior notice and a choice to opt out.
Tell a Friend/Forward to a Colleague
If you use referral services to tell a friend/colleague about our site or electronic newsletters, the EastWest Institute will maintain this information in our database to compile aggregate statistics on the effectiveness of our referral program.
If you have applied for employment with the EastWest Institute, the personal information submitted with your job application will be added to our Talent Community and used for recruitment and other customary human resources purposes. For example, we may send you information about new job opportunities within EastWest Institute as well as other career development resources. For further questions/inquiries, please contact firstname.lastname@example.org.
Electronic Communications from the EastWest Institute
Newsletters and Products
If you wish to subscribe to our electronic newsletters or receive other materials, we will use your email address to send the requested materials. We always provide a way to unsubscribe or opt out.
Customer Service and Profile
Based upon the personally identifiable information you provide us (i.e., your "profile"), we will send you a welcome email to verify your enrollment when you subscribe to an EastWest Institute electronic newsletter.
We provide you the opportunity to opt out of having your personally identifiable information used for any of these purposes.
If you no longer wish to receive electronic newsletters and/or promotional communications, you may opt out of receiving them by following the instructions included in each newsletter or communication.
Information Sharing and Disclosure
Aggregate Information (non-personally identifiable)
We sometimes share aggregated demographic information about our user base with partners. This information does not identify individual users. We do not link aggregate user data with personally identifiable information in these cases.
Personally Identifiable Information
We do not share personally identifiable information (your "profile") with third parties, except insofar as that information is required to fulfill a service, such as product fulfillment, that you have requested.
We reserve the right to disclose your personally identifiable information as required by law and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order or legal process served on the EastWest Institute.
Web Site Tools
Web site visits generate certain information that is automatically stored in log files, including Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data.
We only use this information, which in itself does not identify individual users, to analyze trends, to administer the site, to track users' movements around the site and to gather demographic information about our user base as a whole.
We may employ transparent images and Web Beacons (also referred to as Web Bugs) that help us better manage content on our site. Transparent images and Web Beacons are embedded invisibly on web pages.
We may use transparent images in our HTML-based emails and newsletters to help us gauge the effectiveness of our electronic communications. If you would like to opt out of these, please see "Choice/Opt-out." You can also request to receive text-only electronic newsletters, which do not contain transparent images.
Links to Other Sites
This web site contains links to other sites that are not owned or controlled by the EastWest Institute. We are not responsible for the privacy practices or the content of such other sites.
Access to and Removal of Personally Identifiable Information
You may correct, update or deactivate your personally identifiable information by emailing us at email@example.com, or by contacting us by telephone or postal mail at the contact information listed below:
The EastWest Institute
708 Third Avenue
New York, NY 10017
Changes in this Privacy Statement
We reserve the right to modify this privacy statement at any time. If we make material changes to this policy, we will notify you here, by email, or by means of a notice on our home page.
GDPR Roles and Employees
The EastWest Institute has appointed a data privacy team to develop and implement our roadmap for complying with the new data protection Regulation. The team are responsible for promoting awareness of the GDPR across the organisation, assessing our GDPR readiness, identifying any gap areas and implementing the new policies, procedures and measures.
Any GDPR related questions can be addressed to EastWest Institute’s Data Protection Officer Gail Pierre at firstname.lastname@example.org.