E-VET PLATFORM

SECURITY and PRIVACY POLICY

in accordance with the European Union’s new General Data Protection Regulation (GDPR) , which enters into force on May 25, 2018.

This Security and  Privacy Policy describes the manner in which E-vet platforms collects, uses, maintains and discloses information collected from Volunteers ("volunteer and  user organization") through our applications and websites ("Platforms") by accessing our Services (“Services”). The Platform include all digital properties under that uses the E-vet.org domain, including E-vet.fr domain. This privacy policy applies to the controlled Sites, applications and all products and services offered by E-vet. If you do not agree with this policy, please do not access or use our Services or any aspect of our platform. Updates in this Privacy Policy reflects recent changes in data protection law (e.g. GDPR) and aims to provide volunteers a clearer understanding of how E-vet manages all volunteer Data collected for his user organizations.

 

Applicability

This privacy policy applies to all products and Services (collectively, the “Platforms”) offered by E-vet through E-vet.org and E-vet.fr (collectively, the “Platforms”). In addition, this policy applies to personal data from the European Union that is collected and retained in hosting service providers FIXWEB in the CLOUDFLARE  E-vet.fr use data hosting service providers OVH to host and secure collected information. This Privacy Policy does not concern to any third party applications or software that integrate E-vet platforms Services.

 

1. Data Collected and Received by E-vet

Definition of Information Processing

Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

2. Personal Identification Information

We may collect personally identification information from volunteers in a variety of ways, including, but not limited to, when volunteers visit our platforms, register on the platforms, and in connection with other activities, Services, features or resources we make available on our Sites. volunteers may be asked for, as appropriate, name, email address, and other personal information. We will collect personal identification information from volunteers only if they voluntarily submit such information to us, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, economic, cultural or social identity of that natural person. volunteers can always refuse to supply personally identification information, except that it may prevent them from engaging in certain process related activities. We will never sell your personal information to third parties and we won’t use your name or data in any marketing statements. Only your national organization (E-vet platform user) and hosting/sending organization can have secure access to your data.

 

3. Non Personal Identification Information

We may collect non-personal identification information about volunteers whenever they interact with our Sites and applications. Non-personal identification information may include the browser name, the type of computer and technical information about volunteers means of connection to our Sites, such as the operating system and the Internet service providers utilized and other similar information.

 

4. Other Information

Log Data – Our services will automatically collect information when volunteers and Site Administrators access or use our Sites or Services and records it in log files. Log data may include IP address (or a shortened version of it), previously visited web page addresses, browser type and settings, time and date when Services were used, browser configurations and plugins, language and cookie data. Device Information – E-vet platform collect information about your computer, phone, tablet, or other devices you use to access our Services. This device information includes your connection type and settings when you install, access, update or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services.

 

5. Personal information

E-vet is platform for international volunteer exchange used by worldwide youth organizations. Collected data includes, but not limited to, data that volunteers post, send, receive or share. These include any files or links that volunteer upload to our Services, including pictures and videos, public or private. It also includes all forms of personal information given by the volunteer in their volunteer profile. Personal data will only be accessible through authorized and limited Administrator or user accounts and can only be viewed, or altered, by volunteers belonging to such accounts. E-vet will never share, sell, or exploit any Personal information. Only volunteers and his sending/hosting organization will be able to accesses to this data.

 

6. Web Browser Cookies

E-vet uses "cookies" to identify session.

Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.

One of the primary purposes of cookies is to provide a convenience feature to save you time and to let server to work correctly.

We employ our own customized cookies session cookies that expire after each session which we use to identify

Your national organization, date and time, using your Internet protocol address (IP) from which you visit, what country you visit from, your referrer website URL .

We also follow and note the pages you visit. Your national organization, date and time, using your Internet protocol address (IP) from which you visit, what country you visit from, your referrer website URL.

We also follow and note the pages you visit.

This cookie expires after 3 days. So, in summary, here are our 3 cookies and their function

7. Cookies we use

Cookie Name generated by ColdFusion server	Cookie Expires After	Cookie Function
CFID and CFTOKEN	These cookies persist until the client’s browser deletes them, which can be a considerable length of time.	ColdFusion uses the same client identifiers for the Client scope and the standard Session scope. Because the CFToken and CFID values are used to identify a user over a period, they are normally saved as cookies on the user’s browser.
CFCOOKIES_OK	30 minutes	To remember your cookie acceptance. Cookie acceptance is implied after 60 seconds of staying on the site.

 

 

8. How E-vet Uses Collected Data

Volunteers are the primary Controllers of volunteer Data. E-vet is a processor of volunteer Data and Controller of other certain data. E-vet will never remove volunteers from E-vet unless specifically instructed by the volunteer himself or his national organization.

E-vet collects and uses volunteer personal information for the following purposes:

• To personalize User experience and improve our service on Evet platform.

• To allow E-vet platform Volunteer organization to provide you requested services and communicate with you

• We continually strive to improve our website offerings based on the information and feedback we receive from you.

• E-vet never contact volunteers unless to assist them for technical reason.

• The host or sending organization of the volunteer can contact volunteer in the form of newsletters, alerts telephone or other ‘push’ technologies.

• We may also use your email address to deliver information that, in some cases, is targeted to your interests, such as info sheets and promotions.

• The contact information volunteers provide will only be used to respond to their inquiries, and/or other requests or questions. If at any time the volunteer would like to unsubscribe from receiving future emails, he need to contact his organization directly. E-vet include detailed administrator contact to each email.

For investigative and preventive measures against Site abuse. Accesses by E-vet back office and E-vet Volunteer access will be logged in the User log file or in personal data file

 

9. Sharing and Disclosure of Information

E-vet will only disclose or share Volunteer information for the following purposes:

• Volunteer’s Request: E-vet will share all Volunteer Data based on Volunteer’s request and instructions.

• Volunteer organization’s Request: E-vet will share all Volunteer Data based on Volunteer organization’s request and instructions.

• Legal Compliance: If requested by legal Authority, E-vet may disclose Volunteer information that we determine to be in accordance or required by any applicable law.

• Enforcement: E-vet also reserves the right to disclose Volunteer information to investigate, prevent, or act against illegal activities, suspected fraud, or situations involving physical threat to any such persons.

• Consent: E-vet may share Volunteer information with other 3rd parties in instances when we have Volunteers’ consent to do so.

• One-time consent can be also required in the following individual scenarios (consent needs to be given only once per User account):

• When the Volunteer logs in after May 25th

• When the Volunteer changes some personal information on their profile

• When the Volunteer will want to use the Email and Messenger capabilities

10. Third Party Service Providers and Partners:

E-vet platform works with third-party service providers and partners to provide website and application strategy, product management, development, hosting, maintenance, backup, storage,

Google Analytics (data collection) - does not contain personal information, but there may be provisions to strip the last digits of the Users IP address.

 

The operations of E-vet do require our staff to have access to systems which store and process Volunteer Data.

This primarily serves the purpose of problem diagnostic or troubleshooting. For example, to diagnose a problem Volunteers may have with E-vet services, our colleagues may need access to your Volunteer Data. All staff and affiliated subcontractors are prohibited from viewing Volunteer Data for any reasons unless absolutely necessary to do so.

 

11. Security

We take the security of your data very seriously at E-vet. As transparency is one of the principles on which our platform is built, we aim to be as clear and open as we can about the way we handle security.

 

12. Changes to Privacy Policy

E-vet has the discretion to update this privacy policy at any time. When we do make changes, we will post a notification on the main page of our Site and send an email to your host/sending organization.

We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect.

You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.

 

13. Privacy Shield

In compliance with the US-EU Privacy Shield Principles, E-vet will make every effort to resolve complaints about Volunteer privacy and our collection of your personal information. EU Volunteers with inquiries or complaints regarding our Privacy Policy should first contact their national organization Data Protection Officer for any questions related to our Privacy Policy or  dataprotectionofficer@e-vet.fr

 

14. User Rights

Users have certain statutory rights in relation to their personal data.

 

The rights to data subject access include the following:

• Know whether a data controller holds any personal data about them.

• Receive a description of the data held about them and a copy of the data.

• Be informed of the purpose(s) for which that data is being processed, and from where it was received.

• Be informed whether the information is being disclosed to anyone apart from the original recipient of the data; and if so, the identity of those recipients.

E-vet platforms must provide a response to data subjects requesting access to their data within 30 calendar days of receiving the Data Subject

Access Request unless local legislation dictates otherwise. Please contact E-vet platform Data Protection Officer for assistance: dataprotectionofficer@e-vet.fr. To establish the correct User identity, E-vet may require the User to provide official government issued proof of identity or require a secondary digital validation.

E-vet.org will provide Users an option to export their data. Please email dataprotectionofficer@e-vet.fr for assistance.

You have the following choices to modify or delete your personal information from our database:

• Send mail to your organization to modify or   delete your profile

• Send an email to EvetExit@e-vet.org

 

In the event that E-vet becomes aware that platform security is compromised or nonpublic Volunteer information has been disclosed to unrelated third parties as a result of external activity, including but not limited to external security attacks, E-vet shall take reasonable measures which it deems appropriate, including but not limited to internal investigation and reporting, and notification to and cooperation with law enforcement authorities, notwithstanding other provisions of this Privacy Statement. If you become aware of such a breach, please email dataprotectionofficer@e-vet.fr E-vet becomes aware that a Volunteer's personal information provided to E-vet has been disclosed in a manner not in accordance with this Privacy Statement, E-vet shall make reasonable efforts to notify the affected Volunteer, as soon as reasonably possible and as permitted by law, of what information has been disclosed, to the extent that E-vet knows this information.

 

 

15. Data Subject Access Request Procedure

Data Subject Access Request (“DSAR”) can be made only

• by the national organization user of E-vet platform

• by the volunteer or a volunteer’s legal representative for information held by the platform about that volunteer.

The Data Subject Access Request provides the right for data subjects to see or view their own personal data as well as to request copies of the data.

A Data Subject Access Request must be made in writing and can only be made via any of the following methods: email, post, or platform.

DSARs made online must be treated like any other Data Subject Access Requests when they are received, though the organization will not provide personal information via social media channels.

Requirements for a valid DSAR

To be able to respond to the Data Subject Access Requests in a timely manner, data subject access requests can now be made in any form, including through email, phone call or web contact forms:

• Provide E-vet or his user organization with sufficient information to validate his/her identity (to ensure that the person requesting the information is the data subject or his/her authorized person).

 

16. Data Protection Officer

User organization and Volunteer, please contact e-vet Data Protection Officer for any questions related to our Security and Privacy Policy. dataprotectionofficer@e-vet.fr

 

17. Data Deletion

If Volunteer requires deletion of their data, we require an agreement of his sending/host organization.

When we have all agreements, the following is how data deletion will be treated: Majority data concerning address (except city), email, phone will be deleted open request Name and first name will be replaced by “*” to keep statistics of activity alive.

Users may email dataprotectionofficer@e-vet.fr to request data deletion or fill out the GDPR User Rights form on the site.

 

18. Data Retention

Information storage and security

E-vet use data hosting service providers FIXWEB in the CLOUDFLARE  E-vet.fr use data hosting service providers OVH to host and secure collected information, and we use technical measures to secure all data. Despite the thorough security measures and safeguards that E-vet implements to protect data, no security system is impenetrable and due to the inherent nature of the Internet, E-vet cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is safe from intrusion by others. E-vet platforms has policies in place in case of such situation and will respond to requests about this within a reasonable timeframe. 

Please contact dataprotectionofficer@e-vet.fr for more information.

 

19. How long we keep information

How long we keep the information we collect about you depends on your host/sending organization, as described in further detail below.

In case of online application to activity, the data is kept for a maximum of 30 days and then deleted unless your national organization transfer your data to main database.

Volunteer information: We retain Volunteer information until volunteer ask to delete, which then we will continue retaining the data in modified version. In particular: Admin Notes, IPs, Access History, Payment History and activity will stay on database. E-vet maintains this practice due to the following reason:

Volunteer’s account will not let identify you, but allow your sending/hosting organization to keep up to date activity statistics

 

Various data storage systems and backups have different lifecycle policies. Our database backups are encrypted, incremental and full re-cycle in 30 days. It is impossible to erase Volunteer data inside encrypted incremental backups in real-time.

 

E-vet platform may also retain some of the Volunteer data as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support our Volunteer’s operations and to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies any specific Volunteers, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about any Volunteers.

 

Marketing and Promotional information: If Volunteers have elected and provided consent to receive promotional emails from E-vet platform.

 

20. Exemptions

An individual does not have the right to access information recorded about someone else, unless they are an authorized representative, or have parental responsibility.

E-vet is not required to respond to requests for information unless it is provided using Volunteer organization channel with sufficient details to enable the location of the information to be identified, and to satisfy itself as to the identity of the data subject making the request.

 

 

21. No Guarantees for Factors Beyond E-vet platform Control

While this Privacy Statement expresses E-vet standards for maintenance of confidential data, it is not able to guarantee that the standards will always be met. There may be factors beyond E-vet control (e.g., "script kiddies, crackers and other malcontents, hurricanes, tornados, acts of God, loss of power, diseases, loss of mind, body and soul") that may result in disclosure of data. Therefore, E-vet Platforms disclaims any warranties or representations relating to maintenance or nondisclosure of confidential information.