INTRODUCTIONFoundation for Lebanon (the “Organization”/“we”) is committed to implement continuous security measures to protect the confidentiality and privacy of your personal and financial data and information.
1- Gathering and usage:For the donations (making and receiving) via its website, the Organization may collect personal and financial data and sensitive information, while maintaining utmost confidentiality. The types of data and information we may request include but are not limited to the title, address, name, email address, date of birth, gender, family information, payment information and account details.
This information may be used:
- To communicate with you;
- To send you important information regarding the site and changes to terms of service.
- Create and manage user accounts
- Protect from criminal behavior
- To allow you to make donations;
- To allow you to accept donations;
- For data analysis, audits, developing and enhancing the Organization’s services, and developing the site;
- For identifying usage trends and determining the effectiveness of promotional campaigns;
- For transferring such information to third party supplier in order to execute a donation/funding.
Such information shall not be disclosed to third parties except in the following cases:
a. Your consent is obtained.
b. For the purpose of communicating payment information to third parties to execute donations in which case the Organization conducts a thorough due diligence on that third party and takes all appropriate steps to ensure that the third party undertakes strict controls to ensure the confidentiality of the data and the personal information.
c. The Organization is complied to do so, to comply to a judicial or regulatory order under applicable laws and regulations.
2- Online CollectionWhen you use the website, we may collect information that does not reveal your explicit identity or does not directly relate to a person, such as but not limited to:
a. Browser and device information: MAC address, operating system version, internet browser type, IP address, etc.
b. We use google analytics in order to track and obtain details of our website’s traffic. To stop Google Analytics from collecting your usage data whilst on the Website, please visit https://tools.google.com/dlpage/gaoptout
3- Adequate Security MeasuresThe Organization takes precautions to protect your information. When you submit sensitive information via the Organization’s website, your information is protected both online and offline. The Organization shall apply adequate security measures on its systems (such as access permissions, anti-virus software…) to prevent the loss, destruction, falsification and leakage of your data and personal information. The Organization shall also ensure that external parties who have access to the data maintain strict controls and confidentiality.
The Organization shall implement the following security measures:
a. On e-services in general:
- Encrypted data transmitted to the Organization’s servers, thus making it unreadable as it flows over the internet.
b. On mobile services:
- Remote data wipe, which can be executed remotely by the Organization or by yourself if the phone is lost or stolen. This action wipes the mobile application data as well as the keys used to encrypt said data and information.
5- Other SitesThe Organization may provide links to third party websites, such as merchants or service providers. If you follow links to websites not affiliated or controlled by the Organization, you should review their privacy and security policies and their terms and conditions, as they may be different from those of the Organization’s sites. The Organization is not responsible for and does not guarantee the security or privacy of these websites, including the completeness, accuracy, or reliability of the information published thereon.
7- Information Security TipsThe Organization highly recommends you to carefully read and follow the below guideline:
Be aware of Social engineering:
- Social engineering is a technique used to manipulate people into performing actions or divulging confidential information by ticking or misleading them to bypass security measures and tools. The purpose is to gather confidential information from people through phone, email, regular mail, unsolicited text messages (SMS) or direct contact and use this information in illegal activities such as committing fraud, gaining unauthorized access to systems, etc.
On e-Services in general:
- Make sure your device is set to automatically lock itself out after not being used for a specified period of time.
- Do not leave the device in question unattended during a valid session.
- Do not store personal or other sensitive information on your device. It is also recommended that you regularly delete the browser history, text messages and files from your device.
- Immediately contact the Organization if you suspect having been hacked, or having responded to a fraudulent or phishing email. Fraudulent emails are emails that appear as if originating from the Organization.
- Make sure you do not enter your personal details on any unsecured website nor reply to suspicious emails asking for personal information.
- Never click on embedded links inside emails originating from unknown or suspicious source.
- Always check the identity and security level of the website you are using.
- Verify that the website address (URL) is secure: The letter “s” in “https” confirms that the site is fully secure.
- Make sure you see the “security lock” icon on the webpage next to the URL and click on it to check the website’s identity.
- Avoid using e-services on public computers.
8- Data Protection regulationThe Organization ensures compliance with the GDPR law, and the Lebanese law 81 dated October 10, 2018 with respect to electronic services and the collection and processing of personal data.
9- Breach NotificationIn the event of data breach, the Organization shall notify you after first becoming aware of said data breach.
10- Your legal rights if you are in the EEAIf you are a resident or citizen of a country in the EEA, you have rights under data protection laws in relation to your personal data. If you wish to exercise any of the rights set out above, please contact us.
You have the right to:
• Be informed
• request access to your personal data.
• have your personal data erased, corrected or restricted if it is inaccurate or requires updating. You may also have the right under certain circumstances to request deletion of your personal data.
• Request the transfer of your personal data to you or to a third party.
We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
• Choose not to be subject to automated decision making
• make a complaint at any time to a data protection regulator.
We would, however, appreciate the chance to deal with your concerns before you approach the data protection regulator so please contact us in the first instance.