PRIVACY POLICY
(Last amended March 2024)
This Privacy Policy applies to the processing of your personal data as part of your visit to one of the following websites: cchr.org or cchrint.org (hereinafter: “Websites”), or your communication with us via email, telephone, fax and our social media channels.
In this Privacy Policy, we explain the purposes for which we process your personal data and on which legal basis we do so. In order to consult the processing activities based on your consent (which can be withdrawn at any time), please see Article 3 below.
If you want more information on how we process personal data, social plugins and other types of tracking technology, you are kindly referred to our Cookie Policy.
-
WHO ARE WE?
- Your personal data are processed on the basis of applicable data protection legislation by the Church of Scientology International, 6331 Hollywood Boulevard, Los Angeles, CA 90028, United States of America (hereinafter: “CSI,” “we,” “us,” “our”). You can contact us via email at privacy@cchr.org. The Citizens Commission on Human Rights (CCHR) was originally formed in 1969 as a global watchdog committed to investigating and exposing human rights violations in the field of mental health. From its headquarters in Los Angeles, CCHR coordinates activities amongst its chapters around the world.
- Where reference is made in this Privacy Policy to laws or regulations, possible amendments to these laws or regulations are implicitly included.
-
We reserve the right to change and adapt this Privacy Policy on our own initiative. In that case, those changes and adaptations will be communicated to you via our Websites at least two weeks before those changes and adaptations will become applicable. Any further use of our Websites will be subject to the amended Privacy Policy.
-
WHICH OF YOUR PERSONAL DATA DO WE PROCESS?
-
When you use our Websites or our social media channels, we may process the following categories of personal data:
- Technical information, such as information concerning your device, IP address, browser type, geographical location and operating system;
- Browsing behavior, such as the length of your visit, the links you click, the pages you visit and the frequency with which you visit a page.
-
When you communicate with us by filling out a contact form on our Websites, or via email, telephone, fax or social media channels, we may process the following categories of personal data:
- Identity information you provide us with, such as your first name, last name, gender, birth date, age, the company you work for, preferences, interests and language;
- Contact details you provide us with, such as your email address, postal address, country, telephone number and mobile telephone number;
- Content of the communication, such as your request or question;
- Technical information of the communication, such as with whom you communicate at our end, date and time of the communication;
- Publicly available information about you, such as information publicly available on your social media profile;
- Any other personal data you provide us with, such as how you found out about us.
-
When you request a free kit (such as the Citizens Commission on Human Rights Free Information Kit), we may process the following categories of personal data:
- Identity information you provide us with, such as your title, role, first name, last name, gender, birth date, age, preferences and interests;
- Contact details you provide us with, such as your email address, postal address, country, telephone number and mobile telephone number;
- Order details, such as the free kit you requested, date and time of the order or any other order comments you provide us with;
- Other information, such as how you found out about us.
-
When you place an order (books, booklets, DVDs or other educational tools), we may process the following categories of personal data:
- Identity information you provide us with, such as your first name, last name, gender, birth date, age, preferences and interests;
- Contact details you provide us with, such as your email address, postal address, country, telephone number and mobile telephone number;
- Order details, such as the title of the book you purchased, date and time of the order or any other order comments you provide us with;
- Payment details, such as the amount you paid for your purchase.
-
When you make a contribution or donation to us, whether monthly or not, we process:
- Identity information you provide us with, such as your title, first name and last name;
- Contact details you provide us with, such as your email address, postal address, country, telephone number and mobile telephone number;
- Information necessary to carry out the registration or donation, such as criteria needed to evaluate whether you fulfill the criteria for participation;
- Payment details, such as the amount you paid for your registration (in case of a donation or paid registration);
- Technical details of the application or contribution, such as date and time;
- Any other personal data you provide us with.
- We receive most of your personal data directly from you, but it may happen that we receive additional information about your preferences and browsing behavior from partners such as Google. If you require more information about the personal data these parties process about you and make available to others, you are kindly requested to consult their respective Privacy Policies.
-
When you use our Websites or our social media channels, we may process the following categories of personal data:
-
FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA AND WHAT IS THE LEGAL BASIS FOR THIS?
-
In the table below, we explain the purposes for which we process your personal data and on which legal basis we do so. We rely on the following legal bases:
- Your consent, in which you are informed of what this consent means before you freely give your consent;
- A contract with you, in order to perform that contract or in order to take steps prior to entering into a contract with you;
- A legal obligation that we have to comply with;
- Our legitimate interest, such as continuous improvements of our Websites, social media channels, materials and services to ensure that you have the best experience possible, to keep them safe from misuse and illegal activity, to disseminate and promote them and to make them available to you, including the Church of Scientology’s Social Betterment and Humanitarian Programs.
-
In the table below, we explain the purposes for which we process your personal data and on which legal basis we do so. We rely on the following legal bases:
-
TO WHOM DO WE SHARE YOUR PERSONAL DATA?
-
We rely on third parties, for example, to:
- Provide you our Websites (such as a hosting provider); or
- Target our promotional information (such as a marketing company); or
- Process your order (such as a transport company to deliver you the materials); or
- Process your payment (such as a payment service provider or a credit checking agency).
- These third parties are only allowed to process your personal data on our behalf and upon our written instruction. We also warrant that all those third parties are selected with due care and are committed to observing the safety and integrity of your personal data.
- We may share your personal data with Citizens Commission on Human Rights International and other national, regional or local Organizations of the Church of Scientology, such as local Churches, Missions, Social Betterment and Humanitarian Programs. For example, we share your request with your local Church or Mission in order to follow up on your request. However, we will ensure that all Scientology Organizations will take due care that all processing of your personal data is in line with what is set out in this Privacy Policy.
- We may be legally obliged to share your personal data with competent law enforcement agents or representatives, judicial authorities, governmental agencies or bodies, including competent data protection authorities.
- We do not send your personal data in an identifiable manner to any other third party than the ones mentioned in Articles 4.1, 4.2 and 4.3 without your explicit consent to do so. However, we may send anonymized data to other organizations that may use those data for improving materials and services as well as to tailor the marketing, displaying and selling of those materials and services.
-
We rely on third parties, for example, to:
-
WHERE DO WE PROCESS YOUR PERSONAL DATA?
-
We process your personal data both within and outside the European Economic Area (EEA), including in the USA. In order to process your personal data for the purposes outlined above, we may also transfer your personal data to third parties who process on our behalf outside the EEA. Each entity outside the EEA that processes your personal data will be bound to observe adequate safeguards with regard to the processing of your personal data. For CSI, such safeguards result from the fact that we are directly bound by compliance with EU legislation in the context of personal data protection. For third parties, such safeguards may be the consequence of:
- The recipient country having legislation in place which may be considered equivalent to the protection offered within the EEA; or
- A contractual arrangement between us and that entity; or
- An approved certification mechanism, as may be adopted by the European Commission.
- We may transfer anonymized and/or aggregated data to organizations outside the EEA. Should such transfer take place, we will ensure that there are safeguards in place to ensure the safety and integrity of your data and all rights with respect to your personal data you might enjoy under applicable mandatory law.
-
We process your personal data both within and outside the European Economic Area (EEA), including in the USA. In order to process your personal data for the purposes outlined above, we may also transfer your personal data to third parties who process on our behalf outside the EEA. Each entity outside the EEA that processes your personal data will be bound to observe adequate safeguards with regard to the processing of your personal data. For CSI, such safeguards result from the fact that we are directly bound by compliance with EU legislation in the context of personal data protection. For third parties, such safeguards may be the consequence of:
-
WHAT QUALITY ASSURANCES DO WE COMPLY WITH?
- We do our utmost best to process only those personal data which are necessary to achieve the purposes mentioned above.
-
Your personal data are only processed for as long as needed to achieve the purposes listed under Article 3 above or up until such time where you withdraw your consent for processing them. Your withdrawal of consent may imply that you can no longer use the whole or part of our Websites. We will de-identify your personal data when they are no longer necessary for the purposes outlined above, unless there is:
- An overriding interest of CSI, or any other third party, in keeping your personal data identifiable; or
- A legal or regulatory obligation or a judicial or administrative order that prevents us from de-identifying them.
- You understand that an essential aspect of our marketing efforts pertains to making our marketing materials more relevant to you. We do this by customizing your unique profile based on relevant characteristics as outlined in Article 2 of this Privacy Policy and then using this profile to provide you with communications, promotions, offerings, newsletters and other promotional information about materials and services that may interest you.
- We will take appropriate technical and organizational measures to keep your personal data safe from unauthorized access or theft as well as accidental loss by tampering or destruction. Access by our staff members or third parties’ personnel will only be on a need-to-know basis and be subject to strict confidentiality obligations. You understand, however, that safety and security are best-efforts obligations which can never be guaranteed.
- If you are registered to receive promotional information, such as communications, promotions, offerings and newsletters, via email or other person-to-person electronic communication channels, you can change your preferences for receiving such promotional information by clicking the opt-out link provided in such promotional information.
-
If you are registered to receive paper promotional information, such as magazines, communications, promotions, offerings and newsletters, you can object to receiving further promotional information on paper by submitting a request to our Data Protection Officer in accordance with Article 7.8 of this Privacy Policy.
-
WHAT ARE YOUR RIGHTS?
- You have the right to request access to all personal data processed by us pertaining to you, meaning that you have the right to ask us for a copy of your personal data. We reserve the right to charge a reasonable administrative fee for multiple subsequent requests for access that are clearly submitted for causing nuisance or harm to us. Each request must specify which data categories you wish access to and for what processing activities.
- You have the right to rectification, i.e., to ask that any personal data pertaining to you that are inaccurate, are corrected free of charge. If you submit a request for correction, your request needs to be accompanied by proof of the flawed nature of the data for which correction is asked.
- You have the right to withdraw your earlier given consent for processing of your personal data.
-
You have the right to erasure, i.e., to request that personal data pertaining to you be deleted if these data are no longer required in light of the purposes outlined in Article 3 above or if you withdraw your consent for processing them. However, you need to keep in mind that a request for deletion will be evaluated by us against:
- Our and a third party’s interests which may override your interests; or
- Legal or regulatory obligations or administrative or judicial orders which may contradict such deletion.
-
You have the right to restriction instead of deletion, i.e., to request that we limit the processing of your personal data if:
- We are verifying the accuracy of your personal data; or
- The processing is unlawful and you oppose the deletion of your personal data; or
- You require your personal data to establish, exercise or defend a legal claim, while we do no longer need your personal data for the purposes listed above; or
- We are verifying whether our legitimate interests override your interests if you exercise your right to object (see below).
-
You have the right to object to the processing of personal data for direct marketing purposes and, in addition, if:
- There are justified reasons connected with your particular situation that warrant such objection; and
- The processing is based on our legitimate interest and our legitimate interests do not override your interests.
- You have the right to data portability, i.e., to receive from us in a structured, commonly used and machine-readable format all personal data you have provided to us if the processing is based on your consent or a contract with you and the processing is carried out by automated means.
-
If you wish to submit a request to exercise one or more of the rights listed above, you can contact our Data Protection Officer by sending an email to privacy@cchr.org. An email requesting to exercise a right will not be construed as consent with the processing of your personal data beyond what is required for handling your request. Such a request should meet the following conditions:
- State clearly which right you wish to exercise; and
- State clearly the reasons for exercising your right if such is required; and
- Your request should be dated and signed; and
- Your request should be accompanied by a digitally scanned copy of your valid identity card proving your identity. If you use the contact form, we may ask you for your signed confirmation and proof of identity.
We will promptly inform you of having received your request. If the request meets the conditions above and proves valid, we will honor it as soon as reasonably possible and at the latest thirty (30) days after having received your request.
If you have any complaints regarding the processing of your personal data by us, you may always contact our Data Protection Officer by sending an email to privacy@cchr.org. If you remain unsatisfied with our response, you are free to file a complaint with competent data protection authorities (see the list of national authorities at edpb.europa.eu/about-edpb/board/members_en).