PRIVACY POLICY

1. ABOUT US

The online platform at https://www.makeitbright.com where the Challenge takes place as defined by the Governing Rules (Platform) is organized by JT International SA (JTI), registered address at 8 Rue Kazem-Radjavi, 1202 Geneva, Switzerland, and with the collaboration of its affiliates.

We are committed to protecting and respecting your privacy. This Privacy Policy (“Privacy Policy”) (together with any other documents referred to in it) sets out the basis on which we process personal information that we collect from you or that you provide to us. When we say “us”, “our” or “we”, we refer to JTI and its Affiliates.

We are the data controller of the personal data that is collected about you in accordance with this Privacy Policy. Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it. If you have any questions about this Privacy Policy, including any requests to exercise your rights, please contact us at MakeItBright_Privacy@jti.com.

 

2. INFORMATION WE COLLECT ABOUT YOU

Personal data that you give us, including via:

  • Registration. When we collect data, we indicate the mandatory fields via asterisks where such data is necessary for us to:
    • create your user account and to register on the Platform;
    • assess your application to participate in the Challenge as defined by the Governing Rules;
    • answer to a request that you have sent us;
    • comply with legal requirements.
  • Messages, postings and uploads. We collect personal data from you when you provide, post or upload it to our Platform, such as when you register for the Challenge, when you upload deliverables (e.g., documents, presentations, audio/video files) submitted as part of your participation in the Challenge, when you chat or exchange messages with other participants, mentors, jury members, Challenge administrators and organizers, etc., post announcements, or use public message boards.
  • Correspondence. We keep a record of any correspondence between you and us, such as information that you send when you report a problem, or any other information relating to you which you may provide to us.
  • Technical information. We collect information, such as your internet (IP) protocol address, browser type and version, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Platform.

Information that we collect automatically from a third-party source, including:

Social Media Authentication Information. If you register on our Platform using social media authentication (such as Facebook, LinkedIn, Twitter, etc.), we will access certain personal data (e.g., name, email) from your social media profile according to the terms and conditions of those platforms.

 
3. HOW WE USE YOUR INFORMATION

We use your information to:

  • allow you to take part in the Challenge on the Platform;
  • enable you to personalize your user profile/account;
  • send you relevant information (e.g. confirmation of your registration in the Challenge) by email and/or any other communication means;
  • enable you to communicate and interact (e.g. team member messages or invitations to join a team);
  • publish an announcement that you are a finalist or winner of the Challenge or any step of the Challenge;
  • enable us to provide technical support;
  • in accordance with applicable laws and where required with your consent, use the information you give us on our Platform for electronic direct marketing (e.g. receiving our newsletters, invitations to upcoming challenges or events and other communications that we think may interest you).
  • reach out to you with messages that might interest you through the social media platforms on which you are present (such as Facebook, Instagram, LinkedIn); Should you prefer not to see our messages in your feed, then you can adjust your advertising preferences on these platforms, or object by contacting us at MakeItBright_Privacy@jti.com.
  • comply with our legal obligations, including court orders and other legal or regulatory requirements.

 

We collect, use and share the information that we have in the ways described above: 

  • as necessary to provide the Challenge and related services on the Platform and fulfill the Governing Rules;
  • consistent with your consent, where applicable; necessary for our legitimate interests (to improve and develop our business operations and service offering, or those of a third party)
  • as necessary to comply with our legal obligations.

 We have set out below in a table format descriptions of the ways we intend to use your personal data and the legal basis we rely on to do so.

Purpose / Activity

Legal basis for processing

To manage your queries, feedback and complaints, and handle requests for data access or correction, or the exercise of other rights relating to personal data

·       Performance of a contract with you

·       Necessary for our legitimate interests (to improve and develop our business operations and service offering, or those of a third party)

·       Necessary to comply with our legal obligations

To improve the quality of our services and maintain information security

·       Necessary for our legitimate interests (to improve and develop our business operations and service offering, or those of a third party)

·       Necessary to comply with our legal obligations

To manage our business operations and IT infrastructure, in accordance with our internal policies and procedures

·       Necessary for our legitimate interests (for running our business, the provision of administration and IT services, network security, to prevent fraud)

·       Necessary to comply with our legal obligations

To comply with applicable laws and regulatory obligations (including laws and regulations outside your country of residence), for example, laws and regulations relating to public health and tobacco, Anti-money laundering Policy, Global Economic Sanctions Policy, Anti-Bribery and Corruption Policy and other; comply with legal process and court orders; and respond to requests from public and government authorities (including those outside your country of residence)

·       Necessary for our legitimate interests (to protect our business, shareholders, employees and customers or those of a third party)

·       Necessary to comply with our legal obligations

To establish and defend legal rights to protect our business operations, and those of our group companies or business partners, and secure our rights, privacy, safety or property, and that of our group companies or business partners, you, or other individuals or third parties; to enforce our terms and conditions; and pursue available remedies or limit our damages.

·       Necessary for our legitimate interests (to protect our business, shareholders, employees and customers or those of a third party)

·       Necessary to comply with our legal obligations

 

4. HOW WE SHARE YOUR INFORMATION

All information you provide to us is stored on our secure servers.

Due to the global nature of our business, for the purposes set out above, we, from time to time, share your personal data to parties (including with our Group Companies) located outside Switzerland and outside of the EEA (including the USA and other countries which have data protection legislation which are different to those of the EU, including countries which have not been found by the European Commission to provide adequate protection for personal data).

We share personal data we collect about you to our service providers; business partners; suppliers and sub-contractors for the purposes of fulfilling the services. JTI relies on a Service Provider (Agorize, SAS with its registered office at 34 rue du Faubourg-Saint-Antoine 75012 Paris) to host and support the Platform.

When we share such information, we will take steps to ensure that your information is adequately protected and transferred in accordance with the requirements of data protection law. This may involve the use of data transfer agreements in the form approved by the European Commission or another mechanism recognized by data protection law as ensuring an adequate level of protection for personal data transferred outside the EEA (for example, the standard contractual clauses). Where we share your information with our Group Companies, these internal transfers are governed by our intra-group data sharing agreement.

We may also share your personal data to third parties in the following circumstances:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If JTI or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property, or safety of JTI, our customers, or others.

 

5. ACCESS TO YOUR INFORMATION

Profile. When you use our Platform, your profile is fully visible to all Participants.

Wall posts, messages and deliverables.  When you post on a message board/wall, it can be viewed by all Participants. You can send messages to the team members, individual participants, challenge administrators or mentors. Deliverables pertaining to the Challenge, can be viewed by other members of your team (if applicable), challenge administrators, jury members and team mentors. 

Social Media and other communication channels. Social media platforms that may provide you with connecting services to use our Platform may have access to your information. If you decide to share your personal data with us by using social media authentication, the latter’s privacy policies will apply to you. We do not control the collection or processing of your information by such platforms.

 

6. HOW LONG WE KEEP YOUR INFORMATION

We will only keep your information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

We retain your personal data as long as you have an account with us. If you close your account, your personal data will be immediately deleted.

If your account is suspended or blocked, we will keep your data for a period of between 2 and 5 years to prevent you from circumventing the terms and conditions of our Platform.

Information you have shared with others (e.g. through messages, chats or on message boards/walls) will remain visible after you close your account, but the information will be anonymized. Your profile may continue to be displayed in the services of others (e.g. search engine results) until the user refreshes their cache.

We may also retain your personal data for an additional period to the extent necessary to assert or defend against legal claims.

 

7. HOW WE KEEP YOUR PERSONAL DATA SECURE

Once we have received your information, we will use appropriate procedures and security features to try to prevent unauthorized access, and to prevent your information being accidentally lost. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your information on our instructions, and they are subject to a duty of confidentiality.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. We have put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

8. YOUR RIGHTS REGARDING PERSONAL DATA

Data protection legislation provides you with certain rights when it comes to the processing of your information. If you are based in the EU, you have the following rights with respect to our processing of your personal information:

 

Rights

What does this mean?

Your right to be informed

 

 

 

You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this Privacy Policy.

Your right of access

You have the right to obtain access to your information (if we are processing it), and other certain other information (similar to that provided in this Privacy Policy).

Your right to rectification

 

You are entitled to have your information corrected if it is inaccurate or incomplete.

Your right to erasure

 

You can request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.

Your right to restrict processing

 

You have the right to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.

Your right to data portability

 

You have the right to obtain and reuse your personal information for your own purposes across different services.

Your right to object

You have the right to object to certain types of processing, on grounds relating to your particular situation.

 

If you wish to exercise any of the rights set out above, please contact us by email address below. Further information about your rights can be obtained from the data protection regulator in your country.

If you are not satisfied with our response to your request or believe our processing of your information does not comply with data protection law, you have the right to lodge a complaint to the data protection authority in the jurisdiction where you live or work, or in the place where you think an issue in relation to your data has arisen.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that your information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

 

9. LINKS TO OTHER WEBSITES

Our Platform can contain links to other websites, plug-ins or applications. Clicking on those links or enabling those connections may allow third parties to collect or share information about you. We do not control these third-party websites and are not responsible for their privacy statements. We encourage you to read the privacy policy of every website you visit.

 

10. USE OF COOKIES

Technical Information. When you visit our Platform, we collect information relating to the devices you use and the networks to which you are connected. This technical information includes your IP address, log-in information, bandwidth used, time of visit, browser type and version, browser plug-ins types and versions, operating system, information about your visit including the URL clickstream, download/upload errors, pages visited, page interactions, and other connection data held in our logs. We collect this information using different technologies, like cookies.

A cookie is a file that records information relating to your navigation on our Platform (date and time the pages were loaded; browser used and language; pages viewed, frequency and duration of visits to the Platform number of visits, sources of the visit, location) and can facilitate your visits to the Platform.

At any time, you can delete cookies, refuse installation of new cookies or be notified before a new cookie is installed by configuring your browser following the instructions below. Please note that if you uninstall a cookie or refuse the installation of cookies, you may not be able to use some of our services on our Platform.

By continuing to use our Platform you agree to the use of cookies on your computer.

Types of cookies

We use the following types of cookies:

  1. Session cookies for Platform management. When you access the Platform, a cookie “token” with a unique encrypted session id code is passed to your computer. This token then controls your access to the Platform for that session and is deleted once you close your browser or log off from the Platform. These cookies also allow us to identify your device and preferences when you return to our Platform, such as customized features, language and regional preferences. These cookies are an essential part of the Platform delivery system, and you will not be able to fully use our Platform without these cookies enabled. [The information gathered by these cookies is anonymous and is used only to improve your experience on our Platform.]
  2. Persistent cookies for Platform management. If you register on the Platform and select the "Remember me" option, a persistent cookie is passed to your computer. This cookie is not deleted when you leave the Platform or close your browser, but is saved on your computer. This cookie contains an encrypted user id code that identifies your computer upon future visits and automatically logs you into the Platform. This cookie is functional, and is designed to remember your preferences, to make your experience on our Platform better. [It does not contain any personal information that could be used to identify you. ]
  3. Analytics cookies. We use Google Analytics and Hotjar to monitor traffic on our Platform. When you visit our Platform, these programs set certain cookies that record statistical information about your visits to the Platform. We measure the number of visits, the number of pages viewed as well as visitors' activity on the Platform and their frequency of return. This helps us improve our Platform and its functionality, for example, by ensuring that users can navigate it intuitively. These cookies do not store any personal information that could be used to identify you.
  4. Social media tracking.

Facebook pixel. The cookies are used to differentiate requests from different browsers and to store helpful information that an application can use later. They are also used to associate browsing information to customer records. In particular, cookies are used to anonymously define new visitors, help analyze clickstream data, and track historical activity on the website.

Facebook processes data on an advertiser's behalf in order to measure the performance and reach of advertising campaigns and report back insights about the people who saw and interacted with the ads.

LinkedIn Insights Tag enables the collection of data regarding members’ visits to our website, including the URL, referrer, IP address, device and browser characteristics, timestamp, and page views. This data is encrypted, then de-identified within seven days, and the de-identified data is deleted within 90 days. LinkedIn does not share the personal data with JTI, it only provides aggregated reports about our website audience and ad performance. This also provides retargeting for website visitors, enabling us to show personalized ads off its website by using this data, but without identifying the member.

What cookies are installed?

Cookies installed by the Service Provider:

Cookie

Description

Duration

_agorize_session

 

Contains information about the navigation session and allows the user to access the Platform

Expires at the end of the session.

cookies_policy_accepted

Saves a user's choice regarding cookies

13 months

hide_profile_incomplete

Helps users filling their information on the Platform

13 months

 

Third-party cookies:

Cookie

Description

Duration

Google analytics:

 

 

_gid

Used to distinguish users.

Google Analytics

24 hours

_gat

Used to throttle request rate.

Google Analytics

1 minute

_ga

Used to distinguish users.

Google Analytics

13 months

Hotjar

 

 

_hjIncludedInSample

 

Session cookie to let Hotjar know whether a user is included in the sample which is used to generate funnels.

Hotjar

365 days

Facebook

 

 

Facebook Pixel

 

Used to measure the performance and reach of the advertising campaigns and to provide retargeting for website visitors.

Facebook members can hide or block ads showing on their account: https://www.facebook.com/help/146952742043748?helpref=related

 

3 months

LinkedIn

 

 

LinkedIn Insights Tag

 

Used to measure the performance and reach of the advertising campaigns and to provide retargeting for website visitors.

LinkedIn members can control the use of their personal data for advertising purposes through their account settings.

3 months

 

 

11. CONTACT US

If you have any questions about this Privacy Policy, or our information handling practices, including any requests to exercise your rights, you can contact us (in English) by email at MakeItBright_Privacy@jti.com.

 

12. UPDATES

This Privacy Policy was updated in January 2020. We reserve the right to amend this Privacy Policy from time to time to reflect changing legal requirements or our processing practices. Any such changes will be posted on this Platform and will be effective upon posting.