Privacy Notice

YIVO understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who visits this website, www.yivo.org (“our website”) and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.

Please read this privacy policy carefully as it contains important information on who we are, how and why we collect, store, use and share your personal information and your rights in relation to your personal information. We are an international charity with relationships with fundraisers, volunteers, supporters and researchers, so we use personal information on a day to day basis in order to operate. Our use of your personal information allows us to make better decisions, fundraise more efficiently and, ultimately, helps us to reach our charitable objectives.

By submitting your personal information to us and on our website, you are consenting to the processing of your information by us in accordance with this privacy notice. In particular you acknowledge and consent that the personal data that we collect from you may be transferred to, processed and stored by us at destinations outside the European Economic Area (EEA), including the USA.

Key terms

Personal information

Any information relating to an identified or identifiable individual.

Special category personal information

Personal information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership

Genetic and biometric data

Data concerning health, sex life or sexual orientation

Important information and who we are

YIVO is the controller for the purposes of the personal information you have provided to us or we have collected from you through your use of our website or for our provision of any product or service to you.

YIVO (operating in the USA, the United Kingdom and the rest of the world) is made up of different entities, consisting of YIVO Institute for Jewish Research (United States Charitable Tax ID# 13-1641082) and YIVO UK (a charity registered with the Charity Commission of England and Wales (registered charity number 1170213)) (collectively YIVO). This privacy policy is issued on behalf of YIVO so when we mention YIVO, "we", "us" or "our" in this privacy policy, we are referring to the relevant YIVO entity responsible for processing your data. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us using the details set out below.

Personal information we collect about you

We may collect and use the following personal information about you:

your name and contact information, including email address, postal or residential address, telephone number and company details
your gender information, if you choose to give this to us
location data, if you choose to give this to us
your billing information, transaction and payment card information
your contact history and payment transaction history
Information about how you use our website, IT, communication and other systems such as IP address, web browser type and version, operating system, a list of URLs starting with a referring site, your activity on our website, and the site you exit to

This personal information is required to accept donations from you, to provide information to you about YIVO’s activities and provide products and services to you. If you do not provide personal information we ask for, it may delay or prevent us from providing services to you.

How your personal information is collected

We collect most of this personal information directly from you—in person, by telephone, text or email and/or via our website. However, we may also collect information:

from publicly accessible sources, e.g. we may supplement information on our supporters with information from publicly available sources such as charity websites and annual reviews, corporate websites, public social media accounts, the electoral register and Companies Registers in order to create a fuller understanding of someone’s interests and support of YIVO;
from social media - depending on your settings or the privacy policies for social media and messaging services like Facebook or Twitter, you might give us permission to access information from those services, for example when you publicly tag us in an event photo;
directly from a third party, e.g. other charitable organisations, fundraising agencies, banks you use to make payments to us, independent event organisers, if you are a researcher and your information is shared with us by another institution for which you do research;
from subcontractors acting on our behalf who provide us with technical, payment or delivery services, and from business partners, advertising networks and search/analytics providers used on our website.
from cookies on our website; and
via our IT systems, e.g. monitoring of our websites and other technical systems, such as our computer networks and connections, communications systems, email and messaging systems.

How and why we use your personal information

Under data protection law, we can only use your personal information if we have a proper reason for doing so, e.g.:

to comply with our legal and regulatory obligations;
for the performance of our contract with you or to take steps at your request before entering into a contract;
for our legitimate interests or those of a third party; or
where you have given consent.

A legitimate interest is when we have a business or organisational reason to use your information, so long as this is not overridden by your own rights and interests. We consider our legitimate interests to include all of the day-to-day activities YIVO carries out with personal information to help us reach our charitable objectives.

We will use your personal information to:

To provide you with the services, products or information you asked for, including:
- to register you as a donor
- to carry out our obligations in respect of the provision of the services to you;
- to manage payments and fees
- to register, administer and personalise information when you sign up to products and services we have developed
To administer your donation or support your fundraising, including processing Gift Aid
To prevent and detect fraud and money laundering, including against you or your organisation/business
To manage, develop and improve our relationship with you, including:
- keeping a record of your relationship with us and updating and enhancing our records
- notifying you about changes to our terms or privacy policy or our services
- sending you correspondence and communicating with you
- responding to or fulfilling any requests, complaints or queries you make to us
- managing our events
To further our charitable objectives
To process applications for funding and for administration of our role in the projects we fund
To monitor the appropriate use of grant funds, including expenditure and consider any funding requests
Share your information within the YIVO operating entities for internal management and administration purposes if required in the performance of contracts and services
To enforce any of our rights against you
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies, including generating reports on our work, services and events and submitting statutory returns
Safeguarding our staff and volunteers and ensuring organisational policies are adhered to
Operational reasons, such as improving efficiency, training and quality control
Ensuring the confidentiality of commercially sensitive information
Statistical analysis to help us manage our organisation, e.g. in relation to our financial performance, donor base, product range or other efficiency measures
Administering our websites and to troubleshoot, perform data analysis, research, generate statistics and surveys related to our technical systems
Testing our technical systems to make sure they are working as expected, preventing unauthorised access and modifications to systems
Ensuring safe working practices, staff administration and assessments, including conducting training and quality control
If required, marketing our services and those of selected third parties to:
- existing and former donors and suppliers;
- third parties who have previously expressed an interest in our services;
- third parties with whom we have had no previous dealings.
To process any application or recommendation for a job or volunteering position with us
External audits and quality checks, e.g. for certain accreditation and the audit of our accounts

The above table does not apply to special category personal information, which we will only process with your explicit consent.

Promotional communications

We have a legitimate interest in processing your personal information for promotional purposes (see above ‘How and why we use your personal information’). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.

We will always treat your personal information with the utmost respect and never sell or share it with other organisations outside YIVO for marketing purposes.

If promotional communications are sent to you, you have the right to opt out of receiving promotional communications at any time by sending us a blank email message to YIVO at info@yivo.org.

Who we share your personal information with

We may share your personal information with:

the YIVO entities operating the USA, Israel, Argentina, Poland and the United Kingdom and the rest of the world;
third parties we use to help deliver our services to you, e.g. delivery companies, event or seminars organisers, payment service providers;
other third parties we use to help us run our organisation and may process data on our behalf, e.g. website hosts, IT services providers, internet service providers, marketing agencies, analytics and search engine providers;
third parties approved by you, e.g. social media sites you choose to link to or third party payment providers;
credit reference agencies;
our insurers and brokers, or professional advisers and external auditors;
our or your banks;
if you are a researcher, volunteer advisory panels, any joint funders of research, host institutions and external members of our committees;
law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations; and
if you are a donor, we may share information with co-beneficiaries.

Some of our suppliers run their operations outside the European Economic Area (EEA). In these circumstances, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law, and appropriate safeguards are in place.

We may also need to share some personal information with other parties, if we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets; and/or if substantially all of our assets are acquired by a third party, personal information held by us may be one of the transferred assets. Usually, information is anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

Where your personal information is held

Information may be held at our offices where YIVO operates and/or stored at the offices or on servers of third party agencies, service providers, representatives and agents as described above (see above: ‘Who we share your personal information with’).

The information that we collect from you will be transferred to, processed and stored at a destination outside the European Economic Area (" EEA "). It will be processed by staff operating worldwide (including outside the EEA ) who work for us or for one of our service providers. For more information, including on how we safeguard your personal information when this occurs, see below: ‘Transferring your personal information out of the EEA’.

How long your personal information will be kept

Generally, we will keep your personal information while you are a donor for us or volunteer with us or we are providing products and services to you or vice versa. Thereafter, we will keep your personal information for as long as is necessary:

to respond to any questions, complaints or claims made by you or on your behalf;
to show that we treated you fairly;
to keep records required by law.

Different retention periods may apply for different types of personal information. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. When it is no longer necessary to retain your personal information, we will delete or anonymise it.

Transferring your personal information out of the EEA

To deliver services to you and manage the day-to-day running of our organisation across our international operations, it is necessary for us to share your personal information outside the European Economic Area (EEA), eg:

with our offices outside the EEA, including our offices in the USA;
with your and our service providers which may be located outside the EEA;
if you are based outside the EEA;
where there is an international dimension to the services and products we are providing to you.

These transfers are considered restricted transfers and subject to special rules under European and UK data protection law.

Non-EEA countries may not have the same data protection laws as the United Kingdom and EEA. We will seek your explicit for the above-mentioned restricted transfers of data outside the EEA.

We will also ensure the transfer complies with data protection law and appropriate safeguards are in place for your information to be secure.

If you would like further information please contact us (see ‘How to contact us’ below).

Your rights

You have the following rights, which you can exercise free of charge:

Access	The right to be provided with a copy of your personal information (the right of access)
Rectification	The right to require us to correct any mistakes in your personal information
To be forgotten	The right to require us to delete your personal information—in certain situations
Restriction of processing	The right to require us to restrict processing of your personal information—in certain circumstances, e.g. if you contest the accuracy of the data
Data portability	The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
To object	The right to object: —at any time to your personal information being processed for direct marketing (including profiling); —in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests.
Not to be subject to automated individual decision-making	The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

If you would like to exercise any of those rights (known as “subject access request”), please contact us as per the details in section ‘How to contact us’. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

Keeping your personal information secure

We have appropriate security measures to prevent personal information from being accidentally lost, or used or accessed unlawfully. We limit access to your personal information to those who have a genuine need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How to complain

We hope that we can resolve any query or concern you may raise about our use of your information.

The data protection legislation gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. Please refer to the contact details of the data protection supervisory authority in the country in which you wish to raise a complaint.

Changes to this privacy policy

We reserve the right to make changes to this privacy policy. Any changes we make to our privacy policy in the future will be posted on this page of our website. Please check back frequently to see any updates or changes to our privacy policy. Continued use of our Site will signify that you agree to such changes.

How to contact us

YIVO Institute for Jewish Research
Address: 15 West 16th Street, New York, NY 10011-6301
Phone: (212) 246-6080 (If calling from outside the USA, please dial 001 before the number)
Fax: (212) 292-1892
Email: info@yivo.org