Open Loop – Privacy Policy

Last Updated: 12/1, 2021

icon_data-policy
Welcome to Open Loop! Open Loop is a global strategic initiative and consortium supported by Facebook that connects policymakers and technology companies, and proposes evidence-based policy recommendations to ongoing regulatory debates.
This Privacy Policy describes Open Loop’s practices for handling your information collected in connection with the Open Loop website.

 

Collection of Information

When you interact with us through our Website, we may collect or receive the following types of information:

Information you provide directly to us.
For certain activities, we may collect the following types of information:

  • Contact information, such as your name (first and last name) and email address;
  • Feedback that you provide to us on the policy prototyping efforts;
  • Other information you choose to provide to us, such as when you send us correspondence or provide feedback to us.

Information we collect automatically.
Depending on your device and your interaction with us, we may also collect certain information automatically when you use our Website, such as:

  • Device attributes, including information such as the operating system, hardware and software versions.
  • Identifiers, including information such as unique identifiers, device IDs, and other identifiers, and Family Device IDs associated with the same device or account.
  • Data from device settings, information you allow us to receive through device settings you turn on.
  • Network and connections, information such as the name of your mobile operator or ISP, language, time zone, mobile phone number, IP address, and connection speed.

How We Use Information
We will use the information described above for the purpose of operating and providing the Website. Specifically, we will use the information for the following purposes:

  • Evaluation of feedback: If you submit to us any feedback on policy prototyping efforts, we may review such commentary and may respond to you or seek further information from you.
  • Publications. We may publish articles, blogs or similar posts regarding policy prototyping efforts and feedback that we have received. Such publications may contain the names of feedback provider and details of the feedback.
  • Communicate with you. We use your email address to communicate with you about the Website and let you know about our Terms and Policies. We also use your information to respond to you when you contact us.
  • Promote safety, integrity and security. We may use the information that we have to verify activity, combat harmful conduct, maintain the integrity of our Website, and promote safety and security on our Website.
  • For any other purposes disclosed to you at the time we collect your information or pursuant to your consent.

How We Share Information
There are certain circumstances in which we may share your information with certain third parties without further notice to you, as set forth below:

  • Academic, research and other relevant institutions. We may share information with academic institutions, non-profit organizations, governmental parties, and industry partners for the purposes of improving the Open Loop program, its design, methodologies, external communications, and publications.
  • Service providers and third-party vendors. We share your information with third-party vendors and service providers that support the Website, for example technical infrastructure service. These services providers are restricted from using your information for any purpose other than to perform services for us.
  • Legal purposes. We may disclose information for legal purposes, such as to respond to subpoenas, court orders, legal process, law enforcement requests, legal claims or government inquiries, detect fraud, and to protect and defend the rights, interests, safety, and security of Facebook, our affiliates, owner, users, or the public.
  • Business transfers. We may share your information in connection with a substantial corporate transaction, such as the sale of a website, a merger, consolidation, asset sale, or in the unlikely event of bankruptcy.
  • With your consent. We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent. We are not responsible for the information you choose to submit.

How We Protect Information
We take measures to help protect information from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction. However, no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100 percent secure. Please note that information collected by third parties may not have the same security protections as information you submit to us, and we are not responsible for protecting the security of such information.

Children’s Information
We do not knowingly collect or store information from children under the age of 13, unless permitted by law. We will delete any information we may have inadvertently received from a child under 13 upon notice. If you have reason to believe that a child under the age of 13 has provided personal information on our Website, please contact us and we will endeavor to delete that information from our databases.

 

Third Party Links

Our Website may contain links to other sites that we do not own or operate (e.g. https://www.cminds.co or https://bidlab.org/en ). Except as provided in this Privacy Policy, we do not provide your information to these third parties without your consent. The linked websites have separate and independent privacy statements, notices and terms of use, which we recommend you carefully review. We do not have any control over such websites, and therefore have no liability or responsibility for the linked websites’ personal information practices.

Data Retention
We retain information relating to the Website until it is no longer necessary to serve the purposes for which it was collected. Reasons we may retain some data for longer periods include security, fraud & abuse prevention, record keeping, complying with legal or regulatory requirements and ensuring the continuity of our Website.

Brazilian residents
Under the Brazilian General Data Protection Law (the LGPD), you have the right to access, rectify, port, erase, and confirm that we process your data. In certain circumstances, you also have the right to object to and to restrict the processing of your personal data or you may withdraw your consent when we process data you provide to us based on your consent. If you would like to exercise any of these rights, please contact us using the details provided below.

 

Additional Information for California Residents

If you are a California resident, the following information also applies to you and supplements the information contained above in the Privacy Policy in relation to your use of our Website.

Information we collect and sources of information.
Our Privacy Policy already describes the information we collect and its sources. This section organizes that information around the personal information categories set forth in the California Consumer Privacy Act (“CCPA”):

  • Identifiers, including for example your name, unique personal identifier, online identifier, Internet Protocol address, email address or other similar identifiers. We obtain this information when you provide it to us or otherwise automatically in the course of your interactions with our Website.
  • Internet or other electronic network activity information, including for example information regarding your interactions with our Website. We obtain this information automatically in the course of your interactions with our Website.
  • Audio, electronic, or similar information. If you use our Website, we may obtain certain electronic information from you. We use this information to analyze context and what is in such content for the purposes described in this Privacy Policy.

How we share personal information.
We do not sell your personal information, but we share information to support our own operational purposes in providing the Website to you, as described in our Privacy Policy above. For example, we share information with our partners, service providers and related companies to secure and improve our Website (such as to identify bugs, repair errors or ensure that services function as intended) or to have them perform services (e.g. hosting the Website).

Your rights provided under the CCPA.
Under the CCPA, California residents have the following rights:

  • Right to Know. You have the right to request that we disclose to you the personal information we collect, use, or disclose over the past 12 months, and information about our data practices;
  • Right to Request Deletion. You have the right to request that we delete your personal information that we have collected from you;
  • Right to Non-Discrimination. We will not discriminate against you for exercising any of these rights.

Please note that to protect your information, we may need to verify your identity before processing your request. In some cases, we may need to collect additional information to verify your identity, such as a government issued ID.

Under the CCPA, you may exercise these rights yourself or you may designate an authorized agent to make these requests on your behalf. We may request that your authorized agent have written permission from you to make requests on your behalf and may need to verify your authorized agent’s identity.

To exercise your rights under the CCPA, or if you are an agent authorized to exercise a right under the CCPA, you can email admin@openloop.org or contact us by mail at the address provided below.

We do not share personal information with third parties for their own direct marketing purposes.

 

Additional Information for Individuals in the European Union, Switzerland and the United Kingdom

If you are a user in the European Union, Switzerland or the United Kingdom the following information also applies to you and supplements the information contained above in the Privacy Policy in relation to your use of our Website. The data controller responsible for the personal data of individuals in the European Union and the United Kingdom is Facebook Ireland Limited.

Our legal basis for processing data.
We collect, use and share data in the ways described above on the basis of the following:

  • Contractual necessity. The majority of the processing of personal data described in this Privacy Policy is justified on the basis that it is necessary for the performance of a contract and specifically, for the purposes of our Terms of Use. For example, we rely on this legal basis to grant you access to our Website and to communicate with you regarding the Website.
  • Legitimate interests. We rely on this legal basis to further understanding who is accessing and using the Website; prevent and address fraud, unauthorized use of the Website, breaches of our terms and policies, or other harmful or illegal activity.
  • Compliance with a legal obligation. We rely on this legal basis for processing data when the law requires it, including, for example, if there is a valid legal request for certain data.

When we process your data as necessary for the purposes of legitimate interests, you have the right to object to, and seek restriction of, our processing. To exercise your rights, you can email admin@openloop.org. In evaluating an objection, we will evaluate several factors, including: reasonable user expectations; the benefits and risks to you and third parties; and other available means to achieve the same purpose that may be less invasive and do not require disproportional effort. Your objection will be upheld and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons.

Data transfers
Information controlled by Facebook Ireland Limited may be transferred or transmitted to, or stored and processed in, the United States or other countries for the purposes described in this policy. These data transfers are necessary to provide the services set forth in our Terms of Use. For transfers from the European Economic Area (EEA) to countries outside the EEA, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission to protect your Personal Information. We use standard contract clauses approved by the European Commission and rely on the European Commission’s adequacy decisions in relation to certain countries, as applicable, for data transfers from the EEA and the United Kingdom to the United States and other countries. No data subject to this Privacy Policy is transferred under Facebook’s Privacy Shield certification.

Your rights provided under the GDPR
Under the General Data Protection Regulation, you have the right to access, rectify and erase your data under certain circumstances. You also have the right to object to and restrict certain processing of your data. Please note that to protect your information, we may need to verify your identity before processing your request. In some cases, we may need to collect additional information to verify your identity, such as a government issued ID. To exercise your rights under the GDPR, you can email admin@openloop.org or contact us by mail at the address provided below.

Contact information
If you live in a country or territory listed below (the “European Region” which includes countries in the European Union), the data controller responsible for your information when you use the Website is Facebook Ireland Limited:

  • Andorra, Austria, Azores, Belgium, Bulgaria, Canary Islands, Channel Islands, Croatia, Czech Republic, Denmark, Estonia, Finland, France, French Guiana, Germany, Greece, Guadeloupe, Hungary, Iceland, Ireland, Isle of Man, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Madeira, Malta, Martinique, Mayotte, Monaco, Netherlands, Norway, Poland, Portugal, Republic of Cyprus, Réunion, Romania, San Marino, Saint Barthélemy, Saint-Martin, Slovakia, Slovenia, Spain, Sweden, Switzerland, Vatican City, and the United Kingdom and its sovereign bases in Cyprus (Akrotiri and Dhekelia).

You can contact Facebook Ireland Limited online or by post at:

Open Loop
c/o Facebook Ireland Limited
4 Grand Canal Square, Grand Canal Harbour
Dublin 2, Ireland

You may also contact the Data Protection Officer for Facebook Ireland Limited. In addition, you have the right to lodge a complaint with our lead supervisory authority, the Irish Data Protection Commissioner, or with your local supervisory authority.

If you do not live in one of the countries or territories listed above, the data controller responsible for your information when you use the Website is Facebook, Inc.

If you are in Brazilian territory, the data controller responsible for your information is Facebook, Inc. Contact the DPO for Facebook, Inc. You also have the right to petition the Brazilian Data Protection Authority by contacting the DPA directly.

Changes to this Policy
We may update or modify this Privacy Policy at any time without prior notice. When we update the Privacy Policy, we will revise the “Last Updated” date above and post the new Privacy Policy. We recommend that you review the Privacy Policy each time you visit the Website to stay informed of our privacy practices. Any changes will be effective when we post the revised policy.

Questions
If you have any questions about this Privacy Policy or our practices, please contact us at admin@openloop.org or by mail at:

Open Loop
c/o Facebook, Inc. 1601 Willow Road Menlo Park, CA 94025