Privacy Policy

Your personal data is data which by itself, or with other data available to us, can be used to identify you. The Centre for Information Resilience, which is responsible for coordinating the Myanmar Witness projects, takes the protection of your personal data and its confidential treatment extremely seriously. By means of this data protection notice, we wish to inform you of how your personal data is processed and protected and about your data protection rights.  


Who is responsible for your information

 

The data processing controller for the Myanmar Witness project is:

 

The Centre for Information Resilience

International House

24 Holborn Viaduct

London

EC1A 2BN

United Kingdom

 

Should you have any queries or concerns in relation to data processing, please feel free to get in touch with us at hello@info-res.org


The information that we collect about you 


We may collect and process the following information about you: 

Information that you give us: This is information about you that you give to us by filling in forms or corresponding with us by telephone, post, email, or otherwise. It may include, for example, your name, email address, and telephone number; your age, gender, and location or; information about your professional role and organisational affiliations. It may also include data contained in files that you provide to us when you upload them via our online submissions form.


Information that our website and other systems collect about you: 

  • If you visit our website it will automatically connect some information about you and your visit, including the Internet protocol (IP) address used to connect your device to the Internet and some other information such as your browser type and version and the pages on our site that you visit. As is common with almost all professional websites, our website uses cookies, which are tiny files that are downloaded to your computer to improve your experience. They help us to improve our website and to deliver a better and more personalised service. The type of cookies [RW1] that are downloaded can be found here

  • If you exchange emails, telephone conversations, or other electronic communications with our employees and other staff members, our information technology systems, such as our email provider,  will record details of those conversations


Other information: We may also collect some information from other sources.
For example: 

  • If we have a business relationship with the organisation that you represent, your colleagues or other contacts may give us information about you such as your contact details or details of your role in the relationship. 

  • We may collect information from third-party data providers or publicly available sources for anti-money laundering, background checking, or similar purposes, and to protect our organisation and comply with our legal and regulatory obligations.


The uses that we make of your information 

​ We only collect and process your personal data if we have a legal basis which include:

  • Legitimate interest. We process your personal data based on our legitimate interests in communicating with you and managing your interactions with you.

  • Compliance with applicable laws or performance of a contract. We process your personal data as necessary for the performance of a contract or as necessary for us to comply with a relevant legal obligation (e.g. where we are required to make disclosures to courts or regulators.)

  • Public interest. We process your personal data for the performance of a task carried out in the public interest (e.g., namely the documentation of possible human rights violations.)

  • Consent. In limited circumstances, we will use your consent as the basis for processing special categories of information or prior to sending you electronic communications.

 

We may use your information for the following purposes:

  • To document, verify and investigate violence and possible incidents of human rights abuses In Myanmar and to support efforts to pursue greater accountability for those abuses

  • To operate, manage, develop and promote our organisation, including managing and administrating events, resources, and other services we may provide to you

  • To manage and process inquiries and other interactions with you

  • To operate our website and understand its use for statistical and security purposes and to improve its functionality and use

  • to protect our organisation from fraud, money-laundering, breach of confidence, theft of proprietary materials, and other financial or business crimes;  

  • to comply with our legal and regulatory obligations; 

  • sending you information you have requested or consented to receive, such as reports or information regarding relevant activities

 

We will tell you, when we ask you to provide information about yourself if the provision of the requested information is necessary for compliance with a legal obligation or, on the other hand, if it is purely voluntary and there will be no implications if you decline to provide the information. Otherwise, you should assume that we need the information for our organisation or compliance purposes (as described above). If you are uncertain as to our need for information that we requested from you, please contact the representative asking for the information, or contact us (see below), with your query. 

If we are using your sensitive personal data (including personal data relating to your racial or ethnic origin, political, religious, and philosophical beliefs, trade union membership, sexual orientation, or health, we will only do so with your explicit consent or, if otherwise, only to the extent permitted by applicable law.

Disclosure and international transfer of your information 


We may disclose personal information about you, where reasonably necessary for the various purposes set out above: 

  • To any of our officers, agents, employees, staff, suppliers, or subcontractors insofar as reasonably necessary for the purposes as set out in this Privacy Policy. All our staff, sub-contractors, and suppliers are contractually obliged to protect your information and handle it under strict terms of confidentiality and security

  • to trusted partners on a specific, case-by-case basis, and only where necessary in the pursuit of our legitimate interests – for example where we are collaborating with another human rights or organisation to investigate a specific incident of suspected human rights abuses. If these partners are not domiciled within the UK or EU, we will ensure strict independent conditions of confidentiality.

  • to your colleagues within the organisation that you represent; 

  • to service providers who host our website or other information technology systems or otherwise hold or process your information on our behalf, under strict conditions of confidentiality and security;. We operate security protocols to varying degrees of stringency, depending on the sensitivity of client information. If you have security concerns, contact us to discuss this.

  • to a person who takes over our organisation and assets, or relevant parts of them; or 

  • in exceptional circumstances: 

  • to competent regulatory, prosecuting, and other governmental agencies, or litigation counterparties;  or 

  • where we are required by law to disclose. 


We do not sell, share, or otherwise disclose the information we collect except as provided in this Privacy Statement.

These disclosures may involve transferring your personal information overseas. In those cases, where we transfer personal data to our service providers, we will ensure that our arrangements with them are governed by data transfer agreements, designed to ensure that your personal information is protected.

Please contact us (see below) if you would like to know whether any such agreements are in place or, if so, to see a copy.


Retention and deletion of your information 

We will delete the information that we hold about you when we no longer need it.  How long we retain your personal data depends on the purpose for which it was obtained and its nature. We will keep your personal data for the period necessary to fulfill the purposes described in this Statement unless a longer retention period is permitted or required by law. In specific circumstances, we may store your personal data for longer periods of time, for example where your data is being used for the purpose of documenting possible human rights violations and relevant legal proceedings are planned or ongoing.

Are we responsible for the websites to which we link?

We do not endorse and are not responsible for the content of third-party websites or resources, and our privacy statement does not apply to any sites that are not affiliated with CIR, even if you access them via a link on our site. You should review the privacy policies of any third-party site before providing any information.

Your rights 

You have a right of access to the personal information that we hold about you, and to some related information, under data protection law. You can also require any inaccurate personal information to be corrected or deleted. You may have the right to object to our processing of some or all of your personal information (and require them to be deleted) in some other circumstances. 

If you wish to exercise any of these rights, please Contact us as set out below. You can also lodge a complaint about our processing of your personal information with the Information Commissioners Office.

Contact us 

We welcome questions, comments and requests regarding this privacy statement and our processing of personal information. Please send them to hello@info-res.org


Changes to this policy 

Any changes we make to this privacy statement in the future will be posted to our website and also available if you contact us.

Please check back frequently to see any changes.