If you have questions or concerns, at any time, regarding JA Worldwide’s Data Privacy, contact email@example.com for assistance.
JA Worldwide Data Protection Statement
As a not-for-profit organization, data assets are valuable resources owned by JA Worldwide and must be managed to safeguard constituent information and minimize potential reputational risk to the organization. Implementing and managing access controls to our systems and data is one of the ways JA Worldwide protects its data.
The General Data Protection Regulation (EU) 2016/679 (GDPR) was adopted in 2016 and became enforceable on May 25, 2018. The GDPR purports to apply to organizations outside the EU that process personal data of EU citizens (data subjects) related to (i) offering goods or services to EU data subjects or (ii) monitoring the behavior of EU data subjects. Accordingly, as a not-for-profit organization based in the United States, JA Worldwide may be required to comply with the GDPR in processing the personal data of EU data subjects.
Although JA Worldwide’s core activities do not involve the kind of processing activities that trigger the highest level of regulation under the GDPR (e.g., large scale, regular and systematic monitoring of individuals or large scale processing of special categories of data), JA Worldwide produces, collects, and uses many different types of data in fulfilling its mission in the course of its operations and in furtherance of its charitable purposes.
Each person assigned user credentials to any JA Worldwide–managed enterprise system must take appropriate administrative, technical, and physical safeguards designed to (i) ensure the security and confidentiality of data, (ii) protect against any reasonably anticipated threats or hazards to the security or integrity of such Information, (iii) protect against unauthorized access to or use that could result in harm or inconvenience to any constituent.
Each assigned user will use care in protecting JA Worldwide data against unauthorized disclosure and in no event use less than a reasonable standard of care. JA Worldwide data shall not be disclosed without consent and may not be posted publicly. Reasonable methods shall be used to ensure internal data is accessed by or shared with authorized individuals or individuals with a legitimate need to know. All access shall be approved by an appropriate data owner and tracked in a manner sufficient to be auditable. Before granting access to external third parties, contractual agreements which outline responsibilities for security of the data shall be approved by the responsible department executive.