Last Updated: 12/1, 2021
Welcome to Open Loop! Open Loop is a global strategic initiative and consortium supported by Facebook that connects policymakers and technology companies, and proposes evidence-based policy recommendations to ongoing regulatory debates.
Collection of Information
When you interact with us through our Website, we may collect or receive the following types of information:
Information you provide directly to us.
For certain activities, we may collect the following types of information:
- Contact information, such as your name (first and last name) and email address;
- Feedback that you provide to us on the policy prototyping efforts;
- Other information you choose to provide to us, such as when you send us correspondence or provide feedback to us.
Information we collect automatically.
Depending on your device and your interaction with us, we may also collect certain information automatically when you use our Website, such as:
- Device attributes, including information such as the operating system, hardware and software versions.
- Identifiers, including information such as unique identifiers, device IDs, and other identifiers, and Family Device IDs associated with the same device or account.
- Data from device settings, information you allow us to receive through device settings you turn on.
- Network and connections, information such as the name of your mobile operator or ISP, language, time zone, mobile phone number, IP address, and connection speed.
How We Use Information
We will use the information described above for the purpose of operating and providing the Website. Specifically, we will use the information for the following purposes:
- Evaluation of feedback: If you submit to us any feedback on policy prototyping efforts, we may review such commentary and may respond to you or seek further information from you.
- Publications. We may publish articles, blogs or similar posts regarding policy prototyping efforts and feedback that we have received. Such publications may contain the names of feedback provider and details of the feedback.
- Communicate with you. We use your email address to communicate with you about the Website and let you know about our Terms and Policies. We also use your information to respond to you when you contact us.
- Promote safety, integrity and security. We may use the information that we have to verify activity, combat harmful conduct, maintain the integrity of our Website, and promote safety and security on our Website.
- For any other purposes disclosed to you at the time we collect your information or pursuant to your consent.
How We Share Information
There are certain circumstances in which we may share your information with certain third parties without further notice to you, as set forth below:
- Academic, research and other relevant institutions. We may share information with academic institutions, non-profit organizations, governmental parties, and industry partners for the purposes of improving the Open Loop program, its design, methodologies, external communications, and publications.
- Service providers and third-party vendors. We share your information with third-party vendors and service providers that support the Website, for example technical infrastructure service. These services providers are restricted from using your information for any purpose other than to perform services for us.
- Legal purposes. We may disclose information for legal purposes, such as to respond to subpoenas, court orders, legal process, law enforcement requests, legal claims or government inquiries, detect fraud, and to protect and defend the rights, interests, safety, and security of Facebook, our affiliates, owner, users, or the public.
- Business transfers. We may share your information in connection with a substantial corporate transaction, such as the sale of a website, a merger, consolidation, asset sale, or in the unlikely event of bankruptcy.
- With your consent. We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent. We are not responsible for the information you choose to submit.
How We Protect Information
We take measures to help protect information from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction. However, no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100 percent secure. Please note that information collected by third parties may not have the same security protections as information you submit to us, and we are not responsible for protecting the security of such information.
We do not knowingly collect or store information from children under the age of 13, unless permitted by law. We will delete any information we may have inadvertently received from a child under 13 upon notice. If you have reason to believe that a child under the age of 13 has provided personal information on our Website, please contact us and we will endeavor to delete that information from our databases.
Third Party Links
We retain information relating to the Website until it is no longer necessary to serve the purposes for which it was collected. Reasons we may retain some data for longer periods include security, fraud & abuse prevention, record keeping, complying with legal or regulatory requirements and ensuring the continuity of our Website.
Under the Brazilian General Data Protection Law (the LGPD), you have the right to access, rectify, port, erase, and confirm that we process your data. In certain circumstances, you also have the right to object to and to restrict the processing of your personal data or you may withdraw your consent when we process data you provide to us based on your consent. If you would like to exercise any of these rights, please contact us using the details provided below.
Additional Information for California Residents
Information we collect and sources of information.
- Identifiers, including for example your name, unique personal identifier, online identifier, Internet Protocol address, email address or other similar identifiers. We obtain this information when you provide it to us or otherwise automatically in the course of your interactions with our Website.
- Internet or other electronic network activity information, including for example information regarding your interactions with our Website. We obtain this information automatically in the course of your interactions with our Website.
How we share personal information.
Your rights provided under the CCPA.
Under the CCPA, California residents have the following rights:
- Right to Know. You have the right to request that we disclose to you the personal information we collect, use, or disclose over the past 12 months, and information about our data practices;
- Right to Request Deletion. You have the right to request that we delete your personal information that we have collected from you;
- Right to Non-Discrimination. We will not discriminate against you for exercising any of these rights.
Please note that to protect your information, we may need to verify your identity before processing your request. In some cases, we may need to collect additional information to verify your identity, such as a government issued ID.
Under the CCPA, you may exercise these rights yourself or you may designate an authorized agent to make these requests on your behalf. We may request that your authorized agent have written permission from you to make requests on your behalf and may need to verify your authorized agent’s identity.
To exercise your rights under the CCPA, or if you are an agent authorized to exercise a right under the CCPA, you can email firstname.lastname@example.org or contact us by mail at the address provided below.
We do not share personal information with third parties for their own direct marketing purposes.
Additional Information for Individuals in the European Union, Switzerland and the United Kingdom
Our legal basis for processing data.
We collect, use and share data in the ways described above on the basis of the following:
- Legitimate interests. We rely on this legal basis to further understanding who is accessing and using the Website; prevent and address fraud, unauthorized use of the Website, breaches of our terms and policies, or other harmful or illegal activity.
- Compliance with a legal obligation. We rely on this legal basis for processing data when the law requires it, including, for example, if there is a valid legal request for certain data.
When we process your data as necessary for the purposes of legitimate interests, you have the right to object to, and seek restriction of, our processing. To exercise your rights, you can email email@example.com. In evaluating an objection, we will evaluate several factors, including: reasonable user expectations; the benefits and risks to you and third parties; and other available means to achieve the same purpose that may be less invasive and do not require disproportional effort. Your objection will be upheld and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons.
Your rights provided under the GDPR
Under the General Data Protection Regulation, you have the right to access, rectify and erase your data under certain circumstances. You also have the right to object to and restrict certain processing of your data. Please note that to protect your information, we may need to verify your identity before processing your request. In some cases, we may need to collect additional information to verify your identity, such as a government issued ID. To exercise your rights under the GDPR, you can email firstname.lastname@example.org or contact us by mail at the address provided below.
If you live in a country or territory listed below (the “European Region” which includes countries in the European Union), the data controller responsible for your information when you use the Website is Facebook Ireland Limited:
- Andorra, Austria, Azores, Belgium, Bulgaria, Canary Islands, Channel Islands, Croatia, Czech Republic, Denmark, Estonia, Finland, France, French Guiana, Germany, Greece, Guadeloupe, Hungary, Iceland, Ireland, Isle of Man, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Madeira, Malta, Martinique, Mayotte, Monaco, Netherlands, Norway, Poland, Portugal, Republic of Cyprus, Réunion, Romania, San Marino, Saint Barthélemy, Saint-Martin, Slovakia, Slovenia, Spain, Sweden, Switzerland, Vatican City, and the United Kingdom and its sovereign bases in Cyprus (Akrotiri and Dhekelia).
You can contact Facebook Ireland Limited online or by post at:
c/o Facebook Ireland Limited
4 Grand Canal Square, Grand Canal Harbour
Dublin 2, Ireland
You may also contact the Data Protection Officer for Facebook Ireland Limited. In addition, you have the right to lodge a complaint with our lead supervisory authority, the Irish Data Protection Commissioner, or with your local supervisory authority.
If you do not live in one of the countries or territories listed above, the data controller responsible for your information when you use the Website is Facebook, Inc.
If you are in Brazilian territory, the data controller responsible for your information is Facebook, Inc. Contact the DPO for Facebook, Inc. You also have the right to petition the Brazilian Data Protection Authority by contacting the DPA directly.
Changes to this Policy
c/o Facebook, Inc. 1601 Willow Road Menlo Park, CA 94025