Potato Impact Partners is a US-based social impact organisation. We are part of the Potato Productions group of companies. Thank you for being part of our community at Potato Impact Partners (hereafter referred to as “we”,”us”). We are committed to protecting your personal information and your right to privacy in accordance with the California Consumer Privacy Act ("CCPA") and, where applicable, the EU’s General Data Protection Regulation (GDPR).
When you visit us at https://potatoimpactpartners.com (“website” or “websites”) and use our services, you trust us with your personal information.
This policy sets out
the information we collect about you when you visit our website, use our products or services, or otherwise interact with us;
how we use, share, store, and secure the information; and
how you may access and control the information.
1. What is your personal information?
In this policy, your “personal information” refers to any data, information, or combination of data and information that is provided by you, to us, or through your use of any of our products or services, that relates to an identifiable individual.
2. What information do we collect?
We only collect personal information that you voluntarily provide to us when expressing an interest in obtaining information about us or our products and services, when using features on our website, or when you contact us.
The type of information collected depends on how you have interacted with us and our website. We collect the following types of information that you disclose to us:
Name and Contact Data. We collect contact information that you provide when you register or sign up for our products or services, namely, your name and email address.
Support Data. We collect information that you provide through support channels, for example when you report a problem to us or interact with our support team, including any contact information, documentation, or screenshots you may provide us with.
Preference Data. We collect communication, marketing, and other preferences that you set when you set up your account or profile, or when you participate in a survey or a questionnaire that we send you.
We automatically collect certain information when you visit, use, or navigate our website. They are:
Usage Data. We collect information about your use of or visit to our website, for example your clickstream to, through, and from our website, pages you viewed, page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), or methods to browse away from the page.
We do not collect sensitive data or special category data about you. This includes details about your race, ethnic origin, political, religious, or philosophical beliefs, trade union membership, genetics, biometrics, health, or sexual orientation.
3. How do we use your information?
We use your personal information only for the purposes listed below:
To fulfill our services. To perform the contract we have entered into (or are about to enter into) with you, including to operate our products or services, to provide customer support and personalised features, and to protect the safety and security of our website;
To improve our business. To improve our products and services, such as research and development, customer analysis or segmentation, and only insofar as it does not have any adverse effects on the individual and it cannot reasonably be achieved without using personal information;
To protect our legal rights and interests. To use the information to the extent required by law or to such an extent we reasonably believe is necessary to protect our legal interests. We need to comply with legal or regulatory obligations.
To send you marketing and promotional communications. To send you direct marketing materials or promotional communications. With your express permission, we may publish your information as part of our testimonials or customer stories to promote our products or services.
To deliver targeted advertising to you. We may use your information to develop and display content and advertising (and work with third parties who do so) tailored to your interests and/or location and to measure its effectiveness.
4. Will your information be shared?
Sharing with our group. We share information with other companies in our parent group in order to operate our website and to offer and improve our products and services. We will not share your personal information with any company outside our group for marketing purpose, without your express, specific consent to do so.
Sharing with third parties. We share information with third parties that help us operate, provide, support, improve, and market our products and services, for example third-party service providers who provide website and application development, data storage and backup, infrastructure, billing, payment processing, customer support, business analytics, and other services.
Third-party service providers have access to your personal information only for the purpose of performing their services and in compliance with applicable laws and regulations. We check that these third-party service providers have policies in place to maintain confidentiality and security of all personal information that they process on our behalf and to implement and maintain reasonable security measures to protect the confidentiality, integrity, and availability of your personal information.
We take reasonable steps to confirm that all third-party service providers that we engage process personal information in a manner that provides at least the same level of protection as is provided under this policy. Where any third-party provider is unable to satisfy our requirements, we will require them to notify us immediately and we will take reasonable steps to prevent or stop non-compliant processing. In the event that the third-party provider does not comply with our required actions, we will terminate all services with them immediately, and demand that they provide proof to show that all the data shared with them has been destroyed.
We may share personal information on an aggregated or de-identified basis with third parties for research and analysis, profiling, and similar purposes to help us improve our products and services.
Using your own third-party software. If you use any third-party software in connection with our products or services, for example any third-party software that our website integrates with, you might give the third-party software provider access to your account and information. Policies and procedures of third-party software providers are not controlled by us, and this policy does not cover how your information is collected or used by third-party software providers. We encourage you to review the privacy policies of third-party software providers before you use the third-party software.
Links to other websites. Our website may contain links to third-party websites over which we have no control. If you follow a link to any of these websites or submit information to them, your information will be governed by their policies. We encourage you to review the privacy policies of third-party websites before you submit information to them.
Sharing for legal obligations. We may share your information with government and law enforcement officials to comply with applicable laws or regulations, for example when we respond to claims, legal processes, law enforcement, or national security requests.
Business transfers. If we are acquired by a third party as a result of a merger, acquisition, or business transfer, your personal information may be disclosed and/or transferred to a third party in connection with such transaction. We will notify you if such transaction takes place and inform you of any choices you may have regarding your information.
5. How do we store and secure information?
We use data hosting and other cloud service providers whose data centres may not be in the United States of America. We have taken steps to satisfy ourselves that the service providers we use take reasonable steps to protect the personal data that they hold.
We have also adopted the following measures to protect the security and integrity of your personal information:
Information is encrypted using TLS/SSL technology;
Access to your personal information is restricted to personnel or service providers on a strictly need-to-know basis, who will only process your information on our instructions and who are subject to a duty of confidentiality; and
Our information collection, storage, and processing practices are reviewed regularly.
We have put in place procedures to deal with any suspected privacy or data protection breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
While we implement safeguards designed to protect your information, please note that no transmission of information on the Internet is completely secure. We cannot guarantee that your information, during transmission through the Internet or while stored on our systems or processed by us, is absolutely safe and secure.
We only retain personal information for so long as it is reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Your information will be stored securely and used for internal purposes only. It can be removed upon your request, after which we will ensure that your information is deleted, or if this is not possible, it will be anonymised so that you cannot be identified from the information. We periodically review the basis and appropriateness of our data retention policy.
6. What are your rights?
You have the right to:
be informed of what we do with your personal information;
request a copy of personal information we hold about you;
require us to correct any inaccuracy or error in any personal information we hold about you;
request erasure of your personal information (note, however, that we may not always be able to comply with your request of erasure for record keeping purposes, to complete transactions, or to comply with our legal obligations);
object to or restrict the processing by us of your personal information (including for marketing purposes);
request to receive some of your personal information in a structured, commonly used, and machine readable format, and request that we transfer such information to another party;
withdraw your consent at any time where we are relying on consent to process your personal information (although this will not affect the lawfulness of any processing carried out before you withdraw your consent). (Note also that the withdrawal of your consent may affect the services that you receive from us.)
You may opt out of receiving marketing materials from us by using the unsubscribe link in our communications, or by contacting us. Please note, however, that even if you opt out from receiving marketing materials from us, you will continue to receive notifications or information from us that are necessary for the use of our products or services.
As a security measure, we may need specific information from you to help us confirm your identity when processing your privacy requests or when you exercise your rights.
We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) calendar days after receiving your request, we will inform you in writing within that period of the time by which we will be able to respond to your request. Note that for withdrawal of consent and erasure of data, we will generally process your request within 10 days, and if that is not possible within 30 days.
Do note that we may not be obliged to comply with your requests under certain conditions as prescribed by the applicable law. In such an event, we will notify you accordingly of the basis for not acceding to your request.
Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable laws.
7. Do we collect information from individuals under the age of 16?
Our products and services are not directed to individuals under the age of 16. We do not knowingly collect personal information from individuals under 16. If we become aware that an individual under 16 has provided us with personal information, we will take steps to delete such information. Please contact us if you believe that we have mistakenly or unintentionally collected information from an individual under the age of 16.
8. International transfer of personal information
Personal information provided to us by users outside of the United States may be transferred to other countries such as the United States, where data protection laws may differ from those of your home country. By providing us with your information you acknowledge that your information will be transferred to the U.S. and processed on servers in the U.S. However, all reasonable steps will be taken to protect your privacy in accordance with the applicable data protection laws.
We use both persistent cookies and session cookies. A persistent cookie stays in your browser and will be read by us when you return to our website or a partner site that uses our services. Session cookies only last for as long as the session lasts (usually the current visit to a website or a browser session).
We use the following types of cookies:
Strictly necessary cookies. These are cookies that are required for the operation of our site. They include, for example, cookies that enable you to log in to secure areas of our website.
Analytical/performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our Site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users can easily find what they are looking for.
Targeting cookies. These cookies record your visit to our site, the pages you have visited, and the links you have followed.
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our website.
10. EEA data subject rights
If you are an individual located in the EEA only, to the extent required by and in accordance with applicable law, you will have the following rights with regard to your Personal Data:
Right of access. You may request details of your Personal Information that we hold. We will confirm whether we are processing your Personal Information and we will disclose supplementary information including the categories of Personal Information, the sources from which it originated, the purpose and legal basis for the processing, the expected retention period, and the safeguards regarding Personal Information transfers to non-EEA countries, subject to the limitations set out in applicable statutes, regulations and other laws.
Right of correction. We will comply with your request to edit and update incorrect Personal Information promptly.
Right to be forgotten. At your request, we will delete your Personal Information promptly if:
it is no longer necessary to retain your Personal Information;
you withdraw the consent which formed the basis of your Personal Information processing;
you object to the processing of your Personal Information and there are no overriding legitimate grounds for such processing;
the Personal Information was processed illegally; or
the Personal Information must be deleted for us to comply with our legal obligations.
to comply with our legal obligations;
in pursuit of a legal action;
to detect and monitor fraud; or
for the performance of a task in the public interest.
We will inform any third parties we might have shared your Personal Information with of your deletion request.
We will decline your request for deletion if processing of your Personal Information is necessary.
Right to restrict processing of your Personal Information. At your request, we will limit the processing of your Personal Information if:
you dispute the accuracy of your Personal Information;
your Personal Information was processed unlawfully and you request a limitation on processing, rather than the deletion of your Personal Information;
we no longer need to process your Personal Information, but you require your Personal Information in connection with a legal claim; or
you object to the processing pending verification as to whether an overriding legitimate ground for such processing exists.
Right to notice related to correction, deletion, and limitation on processing. In so far as it is practicable, we will notify you of any correction, deletion, and/or limitation on processing of your Personal Information.
Right to data portability. At your request, we will provide you free of charge with your Personal Information in a structured, commonly used and machine readable format, if: (i) you provided us with Personal Information; (ii) the processing of your Personal Information is based on your consent or required for the performance of a contract; or (iii) the processing is carried out by automated means.
Right to object. Where we process your Personal Information based upon our legitimate interest then you have the right to object to this processing.
Right not to be subject to decisions based solely on automated processing. You will not be subject to decisions with a legal or similarly significant effect (including profiling) that are based solely on the automated processing of your Personal Information, unless you have given us your explicit consent or where they are necessary for a contract with us.
Right to withdraw consent. You have the right to withdraw any consent you may have previously given us at any time. If you withdraw your consent, this will not affect the lawfulness of our collecting, using and sharing of your Personal Information up to the point in time that you withdraw your consent. Even if you withdraw your consent, we may still use your information that has been fully anonymized and does not personally identify you.
Right to complain to a supervisory authority. If you are not satisfied with our response, you have the right to complain to or seek advice from a supervisory authority and/or bring a claim against us in any court of competent jurisdiction.
11. Changes to this policy
12. How can you contact us about this policy?
If you have questions or comments about this policy, you may email us at firstname.lastname@example.org.
Please contact us in the first instance if you have any questions or concerns. If you have unresolved concerns, you have the right to file a complaint with a data protection authority in the country where you live or work, or where you feel your rights have been infringed.
If you are resident in the European Union and you believe we are unlawfully processing your personal information, you also have the right to file a complaint to your local data protection supervisory authority. You can find their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
Last updated 20 September 2023