Social Held is an online platform that matches and connects non-profit organisations with individuals and businesses seeking volunteering opportunities in their local area.
Last revised: December 2019
1. What personal data we collect and how we collect it?
The term “personal data” is defined by the European General Data Protection Regulation (GDPR). You can think of your personal data as any data that allow you to be identified or that can be correlated to you.
- We receive and store any information you knowingly provide to us. Our platform is accessed by individuals in their own capacity and individuals representing non-profit organisations. Users of our platform typically may provide us with:
- Identity data, such as first and last name, information about preferred honorifics (Mr. or Mrs.), company name, similar identifier information.
- Contact data, such as email address, company name, telephone number, country of residence.
- Profile information, such as personal or corporate photo, skills, personal preferences and information relating to their motivations, interests, skills and experiences.
- User activities data, reflecting the experiences the user made via our platform, including the number of hours the user volunteered, number of projects the user took part in, specific skills developed by the user through our platform, as well as reviews and recommendations received and/or given by the user.
- Social login data (via Facebook, Instagram and/or LinkedIn plug-ins)
- Communications data, should the users choose to communicate via our platform.
When you visit or are redirected to the Website, some information may be collected and stored by us automatically. Such data includes:
- Technical data, like browser type and version, language, time zone setting and location, internet protocol (IP) address, log files, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Website.
- Usage data, such as time spent on the Website, click stream and/or similar information reflecting how you interact with the Website.
We may also receive information about you from third parties. Typically, this includes tracking data, which we collect from cookies and similar tracking technologies, such as web beacons, pixels, and mobile identifiers.
2. How do we use your personal information (purpose of processing)? data we collect and how we collect it?
We use the Identity and Contact data that you provide to us to fulfil our functions as the communication platform, to match you with appropriate volunteers and/or help you find suitable volunteering opportunities.
Additionally, we use your personal data to communicate with you.
Also, when in line with the preferences you have shared with us, we provide you with information on our launch and/ or information relating to services through the newsletter.
We use the Technical and Usage data collected to help us screen for potential risk or fraud and more generally to improve and optimise our Website.
3. What are our legal bases for processing of your data?
We will collect, process, and use your personal data and other data to support the delivery of Social Held services. We process your personal data based on the Article 6 of the GDPR relying on the following legal bases:
- to perform our services, Art. 6(1)b
- legitimate interest relating to our services, Art. 6(1)f
- if you have given us your consent to process your data, Art. 6(1)a
- if it is necessary for us to comply with a legal obligations, Art. 6(1)c.
We may also process personal data if it is necessary to protect vital interests of our users and/or other people, or for the performance of an obligation to carry out in the public interest pursuant to Art. 6(1) (d) and (e).
4. Sharing your personal information and data transfers.
We share your personal information with third parties to help us provide the best services and deliver the best products we possibly can. Your personal data will be transferred to third parties only if we have a legal obligation to do so, if the data transfer is necessary for performance of the contract, or if you have consented to the transfer of your data.
Third-party service providers and partner companies will receive your data only if and to the extent necessary for performance of the contract or with your consent. In such cases, the extent to which data are transferred will however be kept to the absolute minimum. To the extent that our service providers come into contact with your personal data, we will make sure that they too will comply with all applicable data protection laws. Please also read the data privacy policies of such third-party providers.
We use cloud services. This means we will transfer your data to a third party – the cloud services provider – and store data on the servers of that provider. In some cases, your data may also be stored on servers outside the European Union (EU) or European Economic Area (EEA). We either ensure through appropriate contracts that such service providers guarantee the same level of data privacy to which you are also entitled in the European Union or we use only providers that are EU-US Privacy Shield certified (https://www.privacyshield.gov/welcome). Both alternatives ensure an appropriate level data privacy.
5. Who do we share your data with?
To be able to offer you the best customer experience possible and to be able to continuously improve our products and services, we rely on third-party vendors and partners. We also use the assistance of third parties to improve our Website. Finally, we use certain tools for our marketing.
Below is the description of the third-party vendors and services we use and for what purposes:
Our Website is built with the help of WordPress platform. WordPress is the service owned by Automattic (Automattic Inc., 60 29th Street #343, San Francisco, CA 94110).
Automatic collects information of visitors to our Website automatically and uses it to help us with keeping the Website functional, convenient and useful. You can find out more about data collected by these third party services by checking out Automattic’s privacy notice: https://automattic.com/privacy-notice/.
5.2. Google Analytics
You can prevent the collection and processing of information generated by the Google cookie by placing an opt-out cookie or deactivating Google Analytics in the menu of your terminal device. In the alternative, you can also install a browser plug-in, which you will find here: https://tools.google.com/dlpage/gaoptout/.
5.5. Social plug-ins
To help you share our products and keep you up to date with what is happening at the Social Held, we use social plug-ins on our Website. You will find following social plug-in buttons on our Website:
- Facebook (operator: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, U.S.A.);
- Instagram (operator: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland);
- LinkedIn (operator: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland).
These plug-ins routinely collect data from you and transfer such data to servers of the provider. Once activated, such plug-ins may also record your IP address. In addition, activated social plug-ins will place a cookie with a clear ID when the relevant Website is accessed.
These plug-ins also allow providers to create profiles of your user behaviour. A cookie is placed whether or not you are a member of the social network. If you are a member of a social network and are logged in when you visit our Website, data and information about your visit to our Website may be linked to your profile on the social network.
Please note that we have no control over the exact extent to which your data will be collected by social network providers.
For more information about the extent, type, and purpose of data processing and about rights and settings to protect your privacy, please refer to the data privacy policies of the relevant social network provider. These are available at the following addresses:
We collect information about visitors to our Website in order to improve our products and services through cookies and tracking pixels (a.k.a. web beacons).
Cookies help us to work better and provide lots of assistance in the background to make the process of being our customer a lot easier for you.
In the meantime, your browser offers extensive setting options to manage cookies. For example, you can deactivate cookies in your browser or limit cookies to certain Websites. You can also program your browser to first notify you before a cookie is placed. You can also choose these settings on your mobile terminal devices. You can at any time manage cookies by changing the settings of your devices, delete cookies, or block cookies altogether.
You can also visit our Website even if you block cookies on your terminal device. If you block cookies, the display of our Website may however be impaired and not all functions may be available to you.
Tracking pixels are small graphics in HTML e-mails or on Websites. When you access such a Website, your access to the tracking pixel will be recorded in a log file. This allows statistical analysis, which, in turn, can be used to improve our Services. You can set your e-mail program or your browser so that HTML e-mails will be displayed as text only, thereby preventing the use of some tracking pixels.
Here is the list of all cookies and tracking pixels we use on our Website, including the purpose of processing and duration of storage:
7. How long we store your data?
Your personal data will be stored for as long as it is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we may have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for up to ten years after they stop being customers to comply with legal requirements.
8. Rights of the Data Subjects under GDPR
If you qualify as the “data subject” under the terms of the European General Data Protection Regulation (GDPR), you have the right to:
- request information on personal data processed by us about you as provided by Art. 15 GDPR.
- in accordance with Art. 16 GDPR, to immediately demand the correction of incorrect data or completion of incomplete personal data stored with us;
- pursuant to Art. 17 GDPR, to request deletion of your personal data stored by us, unless the processing of the data is required for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data as far as the accuracy of the data is disputed by you or the processing is unlawful;
- in accordance with Art. 20 GDPR, to receive your personal data provided to us in a structured, standard and machine-readable format or to request transmission to another controller;
- in accordance with Art. 7 (3) GDPR, to revoke at any time the consent you previously granted to us. As a result, we will be no longer able to continue the data processing based on this consent for the future;
- in accordance with Art. 77 GDPR, users have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or Social Held’s legal address for this purpose.
- also, if your personal data is processed based on a legitimate interests in accordance with Art. 6 (1) (f) GDPR, you have the right to file an objection against the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons based on your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which shall be implemented by us without you specifying any particular situation.
If you would like to exercise these rights, please contact us via email at email@example.com. Please include any information that would help us identify you in our database, such as your full name and email address.
We put great effort and will continue to attempt to establish internal procedures to ensure that your personal information is both accurate and protected from accidental loss, unauthorised access, use, alteration or disclosure.
We limit access to your personal data to those employees, team members, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We also have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Our Website is monitored for security.
heroes in Vienna
heroes in Vienna