General Data Protection Regulation (GDPR) Statement

Lincoln Institute of Land Policy
General Data Protection Regulation (GDPR) Statement

 

Effective October 1, 2023

 

Beginning May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) went into effect. These regulations provide EU residents with greater control over what, how, why, where, and when their personally identifiable data is used, stored, processed or shared.  The regulations expand these rights beyond the borders of the EU, applying to organizations, such as ours, that process personal data of EU residents on behalf of our participants and end users.  Lincoln Institute of Land Policy (“Lincoln Institute”, “we”, “us” or “our”) has been committed to the privacy of our participants and end users, wherever located, since our inception and complying with GDPR principles is no exception.

Lincoln Institute is committed to periodically reviewing our policies and verifying our compliance with applicable law and our internal standards. This GDPR Statement (“Statement”) describes how Lincoln Institute collects, stores, uses, and shares certain personally identifiable information that we receive in the United States (“U.S.”) from the European Union; the European Economic Area, the United Kingdom, and Switzerland. In this Policy, the European Union, the European Economic Area, the United Kingdom, and Switzerland are collectively referred to as the “EU.”

I. Definitions

Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. For purposes of this Statement, the Lincoln Institute of Land Policy is the controller.

Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, including: (a) Collection, recording, organization, structuring, storage; (b) Adaptation or alteration, (c) Retrieval, consultation, use, (d) Disclosure by transmission, dissemination, or otherwise making available, (e) Alignment or combination, and (f) Restriction, erasure, or destruction.

Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Processors generally include technology vendors, data centers, and cloud service providers.

II. Personal Data We Collect

As a data controller, we adhere to the principles of the GDPR with respect to Personal Data provided by: (i) individuals who visit our website and voluntarily provide their information, and (ii) our participants, vendors, contractors, affiliates, and agents.

Lincoln Institute provides educational programs, research, and various types of assistance with land use projects and related policymaking.  Through providing such services, the Personal Data we may collect and use may include:

  • Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
  • Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
  • Commercial information such as products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Geolocation data
  • Professional or employment-related information
  • Education information
  • Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

III. Purposes of Personal Data Collection and Use

Lincoln Institute collects, uses and processes Personal Data for the purposes of:

  1. Providing information about our services and projects;
  2. Providing services and support, including book purchases and fulfillment;
  3. Communicating with business partners, vendors, agents and contractors about business matters;
  4. Providing mailings and/or email subscriptions to our news and publications;
  5. Analyzing information in order to improve business practices and services;
  6. Conducting related tasks for legitimate business purposes;
  7. Other purposes disclosed at the time of collection; and
  8. Compliance with legal requirements.

Lincoln Institute will only process Personal Data in ways that are compatible with the purpose for which Lincoln Institute collected the Personal Data, or for purposes that the individual or participant providing the Personal Data authorizes. Before we use your Personal Data for a purpose that is materially different than the purpose for which it was collected or that you authorized, we will provide you with the opportunity to opt out.

We may use your personal data to send you updates (by email, text message, telephone or post) about our products and services. We will always treat your personal data with the utmost respect and never sell it to other organizations outside the Lincoln Institute.

You have the right to opt out of receiving communications at any time by: Contacting us at privacy@lincolninst.edu or using the “Update Subscription Preference” link in emails.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further products and services in the future, or if there are changes in the law, regulation, or the structure of our business.

IV. How Personal Data is Collected

We collect most of this personal data directly from you—in person, by telephone, text or email, and/or via our website. However, we may also collect information:

  • From publicly accessible sources;
  • Directly from a third party;
  • From a third party with your consent;
  • From cookies on our website; and
  • Via our IT systems, including door entry systems and reception logs; and automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems.

V. Who We Share Personal Data With

We routinely share personal data with:

  • Our affiliates and related entities
  • Service providers we use to help deliver our products and services to you;
  • Other third parties we use to help us run our business;
  • Third parties approved by you, including social media sites you choose to link your account to or third-party payment providers;
  • Credit reporting agencies;
  • Our insurers and brokers; and
  • Our bank[s]

We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you. We may also share personal data with external auditors. We may also release information to outside parties when such release is necessary or appropriate to enforce or apply the terms of any of the Lincoln Institute’s user or license agreements; investigate or respond to allegations of fraud, intellectual property infringement, or other unlawful activity; protect the rights, property or safety of the Lincoln Institute, the Lincoln Institute’s users, or others; to protect the Lincoln Institute’s operations; or to permit the Lincoln Institute to pursue available remedies or limit the damages that the Lincoln Institute may sustain.

VI. Disclosures for National Security, Regulatory Obligations, or Law Enforcement

Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities or to meet national security, regulatory, or law enforcement requirements.

VII. Security

Lincoln Institute maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction.

VIII. How Long Your Personal Information Will Be Kept

We will keep your personal information while you have an account with us or while we are providing products or services to you. Thereafter, we will keep your personal information for as long as is necessary to respond to any questions, complaints or claims made by you or on your behalf; to show that we treated you fairly; or to keep records required by law.

We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information.

IX. Access Rights

You may have the right to access the Personal Data that we hold about you and to request that we correct, amend, restrict processing, or delete it if it is inaccurate or processed in violation of applicable law. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, restriction of processing, or deletion of your Personal Data, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity. If your Personal Data was provided to us by a Lincoln Institute participant or end user, we may facilitate your access to such data by directing you to the participant or end user that provided your data to us.

X. Staff and Responsibilities

Everyone who works for or with Lincoln Institute has responsibility for ensuring data is collected, stored, processed, and shared appropriately. Only employees who need to access or know the Personal Data in order to accomplish their work have access to such Personal Data. Our employees that have access to Personal Data must ensure that it is handled and processed in line with this policy and data protection principles.  Lincoln Institute has designated data protection officers to oversee its information security policies and procedures, including its compliance with applicable law. The data security team shall review and approve any material changes to this policy as necessary.

XI. Questions and Concerns

Any questions, concerns, or comments regarding this Statement or our use of your Personal Data, should be directed to:

Lincoln Institute of Land Policy, Inc.
113 Brattle Street
Cambridge, MA 02138-3400

Attn: GDPR

Or

Email: privacy@lincolninst.edu

 

You also have the right to lodge a complaint in relation to the processing of your data. If you wish to lodge a complaint, you may contact the Information Commissioner’s Office.

We reserve the right to amend this Policy from time to time consistent with GDPR requirements and other applicable law.