Skip to content

Privacy Policy

This Privacy Policy is issued by Ocean Risk and Resilience Action Alliance Inc. (“ORRAA Inc.”).  We co-host with the Global Resilience Partnership of Stockholm University, the Ocean Risk and Resilience Action Alliance (“ORRAA” or the “Alliance”) and we act as Secretariat for the Alliance.  This Policy and any documents we mention in this Policy are meant to inform you on which personal data about you we collect, use, disclose, share, or otherwise process when you are engaging with ORRAA Inc. through our website. Please read this Policy carefully to understand our views and practices on how we protect your personal data.

1. ABOUT US

ORRAA Inc. is the controller with respect to your data. This means that we determine the purpose and manner in which your personal data is processed, as specified in this Policy.

ORRAA Inc. cares about protecting your right to privacy in all the regions where we operate and while complying with local laws, we are committed to protecting the personal data of our users.

2. HOW DO WE DEFINE PERSONAL DATA?

Personal data is information related to a person that can be used to identify that person such as name, email address, telephone number, address, bank account information, and location data.

Personal data is data about you which you provide to us when interacting with our websites and by using our services and which helps us know who you are. It also includes data collected when you visit our websites such as IP address and other online identifiers.

3. WHAT PERSONAL DATA IS PROCESSED AND WHY?

The personal data we process, as well as the purposes and legal basis for such processing, will differ depending on your relationship with ORRAA Inc.

When website users request or attempt to download resources, we may ask for an email address and, optionally, name, title, and organisation or affiliation. This helps ensure the resources can be shared properly. We also use the information to provide metrics to our grantors, donors, and stakeholders. These metrics are anonymised and not considered personal data.

When signing up for Alliance mailing lists, we collect an individual’s email address and, optionally, name, title, and affiliation. We use this information to send emails and updates.

When registering for Alliance events, we collect certain information such as email, name, organisation, and phone number. We use this information to invite individuals to events or to participate in programs, to ensure safety of our events and grant access to event locations, and to provide information related to upcoming events and programs. In the case of event access, your data may be shared with the event facility.

When attending Alliance events, we may collect photo and video (images and footage) which may contain personal information including name and affiliation. We use these to showcase the Alliance’s work on our website(s) and to donors, grantors, and stakeholders.

When applying to a position at ORRAA Inc., we collect your email address and information you provide us in the content of your email, cover letter, resume or CV, and other material as applicable.

When donating to the Alliance through ORRAA Inc. or paying ORRAA Inc. (such as when providing award funds or purchasing services), we collect data associated with the payment method used. We use this data to process payments and deliver goods purchased.

When browsing the ORRAA Inc. website, we use cookies and other technologies to improve the experience of using the website(s) and to ensure the security of the sites. More information is available in the section on cookies below. We also collect data that can identify you indirectly (e.g., IP address, other online identifier).  This data is used in the analytics described in the section below.

When we distribute funds to sub-recipients, grantees, contractors, etc., we collect names, addresses, bank account information, and in some cases social security numbers (SSNs) for tax reporting.

You can read ORRAA’s Data Protection Policy here.

4. HOW DO WE USE COOKIES?

We and our service providers use cookies, web beacons, and other technologies to receive and store certain types of information whenever you interact with us or third-parties that use our services.  This information helps us recognise you, customise your website experience and make our marketing messages more relevant.  Examples of this information include, but are not limited to: pages you visit, type of browser/device/hardware, IP based geographic location and search terms.  These technologies also enable us to prevent fraud or other harmful activities. You can read ORRAA’s Cookies Policy here.

5. WHAT ANALYTICS TOOLS DO WE USE?

In order to understand the navigational trends on our websites we use third-party analytics tools which collect information which your browser sends when you visit our web page. Here are examples of tools which we use and information about their privacy policies.

  • Google Analytics 4 (GA4)

When you visit our website(s), we utilise Google Analytics to collect information about your device, how you utilise our site, frequency of visits, what parts of the site you interact with, and your location. None of this information is shared with third-parties and is used to enhance our site and provide a better user experience to you.

6. TO WHOM WE DISCLOSE YOUR PERSONAL DATA?

ORRAA Inc. considers all personal data confidential and only shares it within ORRAA Inc., with partners as necessary for the delivery of services or activities, or with the person who provided the information.

ORRAA Inc. may share anonymised, aggregated data with our donors and partners and with Alliance members to fulfill the requirements of our awards.

ORRAA Inc. does not use, share, or sell any personal data for commercial purposes.

We may provide personal data to third-parties in the following situations.

  • To public authorities, auditors, or institutions competent to exercise inspections on ORRAA Inc., which may ask us to provide information, based on their legal obligations. Such public authorities or institutions may be relevant data protection authorities or authorities for consumer protection.
  • For compliance with legal requirements or for protection of the rights and assets of ORRAA Inc. or other entities or people, such as courts of law.
  • To third-parties performing services on our behalf, such as a transcribing service or training provider. ORRAA Inc. remains responsible for your data and has contractual terms and procedures to ensure confidentiality is respected.

7. WHERE IS YOUR PERSONAL DATA STORED?

As of the date of this Policy, ie June 2023 data collected through our website is stored in the UK and the US.  Data collected through third-party websites may be stored at the third-party’s location.  This is subject to change as ORRAA Inc. data collection needs, websites, and other services change.

8. PROTECTION OF PERSONAL DATA:

ORRAA Inc. uses mechanisms to ensure the adequate protection of personal data. Including but not limited to the following.

  • Employing the principle of least privilege
  • Auditing access rights on a regular basis
  • Performing security testing of our platforms
  • Utilising stringent change control processes
  • Preparing for incident response and disaster recovery situations

9. HOW LONG DO WE STORE YOUR PERSONAL DATA?

ORRAA Inc. will store your data only for the period of time necessary or required by law. If you have entered into a contract with ORRAA Inc., we will store your data for up to seven (7) years or as required by law.

10. DO WE PROCESS PERSONAL DATA FROM CHILDREN?

We do not generally engage or provide services to children; however, from time to time, they appear on site visits or as beneficiaries of ORRAA Inc projects, in such situations, the services rendered are provided with the consent of parents and parents will be asked to consent for any data collected for children under the age of 16.

11. HOW DO WE KEEP YOUR DATA SECURE?

ORRAA Inc. constantly evaluates and upgrades the security measures implemented to ensure a secure and safe personal data processing environment. ORRAA Inc. has implemented the following controls to protect your personal data: physical security measures, access control, organisational security measures, and incident management procedures.

12. WHAT HAPPENS IF YOU DO NOT AGREE TO YOUR PERSONAL DATA BEING PROCESSED?

If you refuse to have your personal data processed, depending on your relationship with us, we might not be able to provide you with our products or services, we will not be able to enter into a contract with you, or otherwise interact with you as described in this Policy.

13. WHAT ARE YOUR RIGHTS?

When we process your personal data, it is very important to know that you have the following rights:

  • The right of access: you have the right to obtain a confirmation whether or not we process your personal data, how we process it, and what kinds of data we process about you.
  • The right to request the rectification or erasure of personal data: you have the right to request, the rectification of inaccurate or incomplete personal data which we have about you, or the erasure of your personal data.
  • The right to request the restriction of processing: you have the right to ask for the restriction of processing in cases where:
  • you believe that your data is inaccurate and wish for us to verify said data;
  • the processing is unlawful, however you do not want us to erase your personal data, but to restrict the use of data; and
  • the data is no longer needed as described in the Policy above, however, it is required for legal purposes.
  • The right to withdraw your consent for processing: when the processing is based on your consent unless governed by litigation.
  • The right to data portability: you have the right to receive a copy of your personal data which was provided to us within the confines of the contract or agreement.

You may exercise your rights at any time.

For any questions regarding your rights please write to us at Info@OceanRiskAlliance.org.

14. CHANGES TO THIS PRIVACY POLICY

This Privacy Policy may be updated from time to time.

We will post the updates here so we encourage you to check this page.

If you do not agree with the changes, you may exercise your rights as described in section 13.

15. HOW CAN YOU CONTACT US FOR PRIVACY PURPOSES?

You may address any question regarding this document to Info@OceanRiskAlliance.org.

This Privacy Policy is current as of June 2023.

Finally – if in doubt talk to us

If you have any queries, comments or complaints regarding the Website or these Terms and Conditions, just get in touch. You can write to us at the address below or email us at: Info@OceanRiskAlliance.org.  

Ocean Risk and Resilience Action Alliance Inc. 

2336 Wisconsin Avenue NW, # 32043

Washington DC 20007 

United States / USA

EIN 83-3580499