GDPR - EU Privacy Policy

Privacy Policy

Revised 01/28/2020

This Privacy Policy ("Policy") applies to website users in the European Union. For the US and other countries, please see our Privacy Policy for the US.

For the purposes of the European Union's General Data Protection Regulations ("GDPR"), ("CommunityPetition", "we", "us") is a data controller. CommunityPetition is not obligated by the GDPR to appoint a Data Protection Officer. However, CommunityPetition has appointed VeraSafe, a local EU-based representative, as a point of contact for all EU-based data privacy questions. VeraSafe can be contacted here using this contact form:

Alternatively, VeraSafe can be contacted by postal mail at either of these addresses:

VeraSafe Czech Republic s.r.o.
Klimentská 46
Prague 1
Czech Republic

VeraSafe Ireland LTD
North Point Business Park
New Mallow Road
Cork T23AT2P, Ireland

CommunityPetition respects individual privacy and values the confidence of its users, customers, employees, business partners and others. Not only does CommunityPetition strive to collect, use and disclose personal information in a manner consistent with the laws of the countries in which it does business, it also has a tradition of upholding the highest ethical standards in its business practices.

CommunityPetition takes seriously the issue of safeguarding your privacy online. This Policy applies to the two websites owned and operated by CommunityPetition: (the "Website"). This Policy describes how CommunityPetition collects and uses the personal information you provide on the Websites and your options regarding the ways in which your personal information is used.

How CommunityPetition Collects Personal Information
CommunityPetition collects personal information directly in the following ways:

CommunityPetition collects personal information indirectly in the following ways:

CommunityPetition collects information when it is available from external publicly available sources.
For example, depending on your privacy settings for social media services, we may access information from those accounts or services.
CommunityPetition also automatically collects the following types of your personal information when you visit the Websites: In general, we may combine your personal information from these different sources for the purposes set out in this Policy.
Types of Personal Information CommunityPetition uses
Special categories of personal information

The GDPR recognises certain categories of personal information as sensitive and therefore requiring more protection, for example: information about your health, ethnicity or political opinions. Where CommunityPetition collects and/or uses these special categories of personal data (for example, information about your political opinions contained within a petition), we will only do so if there is a valid reason and where the GDPR allows us to do so.

Why CommunityPetition Collects Personal Information
Your personal information, however provided to us or obtained by us, will be used for the purposes specified in this Policy. In particular, we may use your personal information:
Supporter research

The website may select locally relevant petitions for you based on your IP address.

We may display interest-based advertisements to you on Facebook through Facebook's Custom Audiences tool. We would not share your name or contact information with Facebook; rather, we would share a unique code based on your email address. See the Custom Audiences Terms of Service for more information.

Communications for marketing or promotional purposes

We may use your contact details to provide you with information about our work, services, and/or products which we consider may be of interest to you (for example, updates about a petition you previously signed, information about petitions relating to similar campaigns, or information about other ways in which you can assist one of the campaigns we help).

Where we do this via email, SMS or telephone, we will not do so without your prior consent (unless allowed to do so via applicable law).

Where you have provided us with your consent previously but do not wish to be contacted by us about our work, services and/or products in the future, please let us know by email at [email protected]. You can also opt out of receiving emails from CommunityPetition at any time by clicking the "unsubscribe" link at the bottom of our emails.

Lawful bases for Processing Personal Information

The GDPR requires us to rely on one or more lawful bases to use your personal information. We consider the grounds listed below to be relevant:

The GDPR allows us to collect and process your personal information if it is reasonably necessary to achieve our or others' legitimate interests (as long as the processing in question is fair, balanced and does not unduly impact your rights).

In broad terms, our "legitimate interests" means the interests of running CommunityPetition as a company aiming to encourage engagement with important social and political issues. For example: providing information about the issues which we consider to be important, or, where appropriate, putting members in contact with one another.

When we process your personal information to achieve such legitimate interests, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted by law).

Your rights and how to exercise them

Where we rely on you consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for marketing or fundraising purposes or to unsubscribe from our email list at any time. You also have the following rights:

To exercise any of these rights, please contact us using our Help Request Form or contact us via the details contained in section 13 below.

Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you contact us using the details in section 13 below. We may ask you for additional information to confirm your identity and for security purposes, before disclosing personal information requested to you.

You are further entitled to make a complaint about us or the way we have processed your personal information to the data protection supervisory authority in your home country. You can find out the identity of the authority in your country, and its contact information, here.

Will we share your personal information?

In general, we may disclose your personal information to selected third parties in order to achieve the purposes set out in this Policy. Please note that, where required under applicable data protection law, we will not do so without your consent.

Non-exhaustively, those parties may include:

Petition signers' name, comments, and limited demographic information (city, state, country) are published on the petition. Petition signers' personal data could be forwarded to public officials as part of the petition campaign.

CommunityPetition reserves the right to share personal data if necessary for the purpose of merging with or partnering with other organizations(s).

Other than as described here, CommunityPetition would only share personal data with the informed consent of our website users and members.

Security/storage of and access to your personal information

CommunityPetition is committed to keeping your personal information safe and secure and we have appropriate and proportionate security policies and organisational and technical measures ni place to help protect your information.

This includes corporate policies and staff training regarding how your personal information should be handled, as well as physical security, encryption, and network security for IT infrastructure. Your personal information is only accessible by appropriately trained staff.

CommunityPetition has self-certified with the US Department of Commerce that it adheres to the seven Privacy Shield principles.

International transfers of your personal information

Given that we are an organisation headquartered in the USA, users of the services available on the Websites will have their personal information transferred to CommunityPetition's infrastructure in the USA. Such transfers are adequately secure in the eyes of the European Commission due to CommunityPetition's use of "Privacy Shield."

The EU-U.S. Privacy Shield Frameworkprovides a method for companies to transfer personal data to the USA from the European Union (EU) in a way that the European Commission considers offers sufficiently equivalent protection for your personal information as EU law

How long will we retain your personal information?

In general, unless still required in connection with the purpose(s) for which it was collected and/or processed, we remove your personal information from our records six years after the date it was collected. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of erasure (please see section 7 above), we will remove it from our records at the relevant time.

Please note that, if you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to comply with your request and avoid sending you unwanted materials in the future.

Links and third parties

We link our websites directly to other sites. This Policy does not cover external websites and we are not responsible for the privacy practices or content of those sires. We encourage you to read the privacy policies of any external websites you visit via links on our website.

How to contact us

If you have questions or concerns about this Policy or about the way in which CommunityPetition processes your personal information, please contact CommunityPetition's Security Officer by email: [email protected].

Cookie policy

CommunityPetition uses web "cookies" and similar technologies to track users' movements around the Websites, and for other features and services.

Obligatory vs Voluntary Participation

Providing personal information to us which we have requested from you is voluntary. However, website users who do not provide data will not be able to use many of the services offered

Changes to this Policy
CommunityPetition reserves the right to change the Policy, but will notify users of such changes through email and/or by posting a notice on the site. In the event of any material change, this notification will be prior to that change becoming effective. If the change involves the use of a user's personally identifiable information then the notice to users will contain directions on how users can opt-out of the change.