New! Get help applying for federal funding through the Just Transition Fund’s Federal Access Center. Learn More.
Last Updated – August 10, 2022
It is important that you read this Policy, together with any other privacy or fair processing policy we may provide on specific occasions when we are collecting or processing your personal information, so that you are fully aware of how and why we are using your personal information.
This Policy describes the types of personal information we may collect from you or that you may provide when you visit the website www.rockpa.org (our “Website“), and our practices for collecting, using, maintaining, protecting, and disclosing that information.
“Personal information” is information relating to you or other individuals from which you or they can be identified.
We collect several types of personal information from and about users of our Website, including information about:
We collect your personal information directly from you when you provide it to us. This will include personal information you provide:
We also collect your personal information through our use of automatic data collection technologies – see further in the “Automatic Data Collection Technologies” section below.
We may also collect or receive personal information about you from various third parties and public sources, including but not limited to:
As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information from and about your equipment, browsing actions, and patterns, including:
“Do Not Track” – Certain laws, including that of California, require that we inform you on our response to Do Not Track signals. As there is not an industry or legal standard for recognizing or honoring these signals at this time, we don’t respond to them.
The information we collect automatically is statistical data we may use to improve our Website and to deliver a better and more personalized service, including by enabling us to:
The technologies we use for this automatic data collection may include:
Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see the “Choices About How We Use and Disclose Your Personal Information” section below.
Pages of our Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit RPA, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
We have set out below the purposes for which we use your personal information. RPA is required under EU and UK data protection law to identify a legal basis for using your personal information – we have highlighted these in brackets below:
If you do not provide RPA with the personal information required to perform our contract with you or comply with our legal or statutory obligations (highlighted as such in the list above), we may not be able to provide those relevant services to you. If you consent to RPA’s use of your personal information and this consent forms the legal basis of our processing of that personal information, you are entitled to withdraw it at any time – see the “Your Rights With Respect To Your Personal Information” section below for more detail.
We may disclose personal information that we collect or that you provide as described in this Policy:
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your personal information:
If you do not wish to have your email address/contact information used by RPA to notify you of upcoming events or for our newsletter or other services, you can opt-out by checking the relevant box located on the form on which we collect your data or by sending us an email stating your request to [email protected]. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions. This opt out does not apply to information provided to RPA as a result of a service engagement or other transactions.
If our processing of your personal information is subject to EU and UK data protection law, you have a number of rights. These include, in certain circumstances:
You may exercise these rights at any time by contacting RPA using the details in the “Contact Information” section of this Policy.
We may not be able to accommodate a request relating to your personal information in certain circumstances prescribed by law. Please contact us using the details in the “Contact Information” section of this Policy if you would like more information.
We will only retain your personal information for as long as reasonably necessary to fulfil the purposes for which we use it, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
We share your personal information within the RPA Group. For our clients and individuals with whom we deal who are located in Europe and the UK, this may involve transferring your personal information outside of the European Economic Area (“EEA”) and UK to countries whose laws are not deemed to provide a level of protection for personal information that is of the same standard as enjoyed under data protection law in Europe and the UK.
We ensure your personal information is protected by requiring all of our group companies to follow the same rules when processing your personal information. We may also share your personal information with contractors, service providers and other third parties supporting our business when needed. Many of these third parties are based outside of the EEA and the UK, so their processing of your personal information will involve a transfer of data outside of the EEA and UK.
Whenever we transfer your personal information out of the EEA or UK whether internally within our group or externally to other parties, we ensure proper protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Alternatively, in certain circumstances we may transfer personal information outside the EEA or UK relying on specific derogations under applicable EU and UK data protection law, including where you (or the relevant individual) have provided your (or their) explicit, informed consent to the transfer; the transfer is necessary for the purposes of being able to enter into or perform a contract with you (or another individual) at your (or their) request; or, the transfer is needed in connection with a legal claim (or possible legal claim).
Please contact us if you want further information on the specific mechanisms used by us when transferring your personal information out of the EEA or UK.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. For example, all information you provide to us is stored on our secure servers behind firewalls. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Website like message boards. The information you share in public areas may be viewed by any user of the Website.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. To the fullest extent legally permitted, we are not responsible for circumvention of any privacy settings or security measures contained on the Website.
We may revise and update this Policy from time to time in our sole discretion. All changes are effective immediately when we post them, and apply to all access to and use of the Website and handling of your personal information thereafter. It is our policy to post any changes we make to our Policy on this page. If we make material changes to how we treat our users’ personal information, we will notify you through a notice on the Website home page. The date the Policy was last revised is identified at the top of the page.
To ask questions or comment about this Policy and our privacy practices or if you are based in Europe or the UK and wish to exercise your rights under data protection law as described above, please contact us at:
Rockefeller Philanthropy Advisors
6 West 48th St.
New York, NY 10036
Email: [email protected]
Before we can respond, we may need to ask you to verify your identity and/or clarify the nature and scope of your request.
If you are concerned about how RPA uses your personal information and we are unable to resolve your issue, you have the right to make a complaint to the supervisory authority in your place of work or residence or the place in which the relevant infringement has taken place.