“Every problem is solvable, you just need to start simple” Professor Muhammad Yunus

Who we are

Johnson and Johnson Corporate Citizenship Trust (we/us) is a private company limited by guarantee registered in Scotland under company registration number SC327028 and having its registered address at 5 Atholl Crescent, Edinburgh EH3 8EJ and a registered charity with registered charity number SC017977.

We do not have a Data Protection Officer. You may contact us with any queries regarding our processing of your personal data by emailing JJCCTPrivacy@its.jnj.com.

The lead supervisory authority of our data processing activity is the Information Commissioner’s Office (ICO). We also have establishments in Ireland and in Belgium. Where a Data Subject whose Personal Data we process is located in a jurisdiction other than the United Kingdom (but within the European Union), the supervisory authority of that jurisdiction shall be competent to handle complaints.

What we do

We enter into partnerships with NGOs active in the education and or healthcare sectors. By contributing funding, products, knowledge and employees, we hope to strengthen and transform healthcare systems throughout Europe, Middle East and Africa. We focus on providing support to front line healthcare workers in the community based or primary care space.

Interpretation

The following definitions apply in this document:

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data

Data Subject a person who is identified by or identifiable from Personal Data

GDPR the General Data Protection Regulation (2016/679), which is available at: Eur-lex.europa.eu

Personal Data means any information relating to an identified or identifiable natural person

Processor means a person, company, public authority, agency or other body which processes personal data on behalf of the Controller.

Special Categories of Personal Data Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation

This document

This Privacy Notice takes effect from November 2018. It is directed to all natural persons whose Personal Data we process other than our employees, workers, volunteers and members (but it does apply to candidates for any of these roles) to the extent that they are based in the European Union. It applies to Personal Data collected by whatever means including without limit through our website. It sets out information about how we collect Personal Data, the categories of Personal Data we collect, the purpose for which we process Personal Data, the legal basis for this processing, our legitimate interests in processing, how we share Personal Data and the rights of Data Subjects whose Personal Data we process.

On occasion we may also provide more detailed processing information to a Data Subject in a separate privacy notice. Where we do so, that information will prevail over the information in this document.

This Privacy Notice may be updated from time to time. The latest version is published at https://www.jjfemea.org/privacy-policy/. Please check this page for the latest version of our Privacy Notice.

Our status

We are the Controller in relation to all Personal Data which we collect.

How we collect Personal Data

We collect Personal Data in the following main ways:

• Through direct emails from people making enquiries with us
• When communicating with government officials, programme managers and beneficiaries by telephone, in person or by email
• Through online application questionnaires in our Optimy system to gather programme information and reporting
• When assessing eligibility of potential partners, programs or recipients of investments
• From other third parties who provide Personal Data to us in connection with the programmes with which we are involved.
• When people sign up to our newsletter
• When people sign up for our attends events that we organise
• During recruitment processes
• By taking up external references
• When arranging potential secondments of our employees
• Automatically when browsing our website

Categories of Data Subject

• Our external partners and their leadership teams (which may include government officials)
• Project sponsors
• Beneficiaries of and personnel involved in programs funded by us
• Recipients of investments
• Subscribers to our newsletters
• Shareholders, directors and beneficial owners
• Suppliers and representatives of our suppliers
• Visitors to our website
• Visitors to our premises
• Delegates at events we organise
• Candidates for professional, technical and support roles (whether employed or self-employed) (Candidates)

Types of Personal Data we Process

Assessment Data	Information we process in connection with assessing the eligibility of   potential partners, programs and recipients of investments
Candidate Data	Work history, experience, qualifications, job title, information about disabilities and health conditions if this is disclosed by Candidates
Contact Data	Names, addresses, email addresses, telephone numbers, facsimile   numbers, job title, organisation
Cookie Data	IP addresses and information derived from IP addresses such as   geographic location, cookie IDs on your browser, information about   your device, such as browser, device type, operating system, the   presence of apps etc, the date and time you visit our website, the   referring URL and the web search you used to locate and navigate to   our website
Due Diligence Data	Information collected specifically for the purpose of complying with the   client due diligence requirements in The Money Laundering, Terrorist   Financing and Transfer of Funds (Information on the Payer)   Regulations 2017, such as copies of personal identity documents, the   results of screening checks relating to anti-money laundering, anti-   terrorism and sanctions and Personal Data which is gathered when   verifying the destination of funds for investments
Event Data	Contact Data, Identity Data, photographs of delegates
Financial Data	Payment card information, bank account and sort code numbers,   records of our financial transactions with you
Identity Data	Contact Data, dates of birth, passport, driving licence and identity   card  numbers, copies of personal identification documents, copies of   utility bills, bank statements and other documents supplying evidence   of address, organisation memberships and membership numbers,   signatures, excluding Due Diligence Data
Incident Data	Personal Data (including Identity Data) relating to injuries occurring at   our premises including visitors or during delivery or programs or   secondments
Marketing Data	Records of marketing preferences and requests
Media Data	Photographs and videos of our employees, partners and beneficiaries   of programs
Partner Data	Information we process in connection with delivering programs,   managing relationships with our external partners and making   investments, including without limit Personal Data contained in   communications, meeting minutes, or contained in our project   management software
Supplier Data	Personal Data (including Identity Data) relating to our suppliers and/or   their representatives
Testimonial Data	Opinions, testimonies and quotes from individuals involved in   programs, feedback received through surveys

 

Please read the Cookie Policy on JJCCT.org for detailed information about the cookies and other tracking technologies used on our website. The Cookie Policy includes information on how you may disable these technologies. In most cases, we require your consent to the placing of cookies. Where we transfer information to a cookie provider which is capable of identifying you indirectly, please refer to the relevant cookie provider’s privacy notice for further information.

We process the following Special Categories of Personal Data:

• Incident Data
• Special Categories of Personal Data included in Candidate Data

We may process Personal Data relating to criminal convictions which is collected as Assessment Data, Program Data or Due Diligence Data.When the provision of Personal Data is a statutory requirement or a requirement necessary to enter into a contract

It is a legal requirement for us to verify the identity of natural persons and the beneficial owners of corporate entities who will receive investments from us.

It is a requirement before entering into any contract with us to provide us with your name and address. You must also provide us with the Personal Data (if any) which is required for us to perform our services.

If you do not provide us with your Personal Data in the above circumstances, we will be unable to provide our services to you.

Purpose of processing

We process or may process Personal Data for the following main purposes:

Purpose	Categories of Personal Data affected
To assess eligibility of potential partners, programs and recipients   of   investments	Assessment Data, Contact Data, Identity Data
For the purpose of preventing money laundering or terrorist   financing	Due Diligence Data, Identity Data
To comply with legal obligations	All Personal Data
To ensure the continuity of our activities following a   reorganisation or   transfer to a successor	All Personal Data
To deliver program objectives and engage with partners	Contact Data, Identity Data, Partner Data
To measure the impact of our activities	Partner Data, Testimonial Data
To organise and invite delegates to events and to follow up with   delegates who have attended our events	Event Data, Marketing Data
To keep a record of your consent or request not to receive marketing   information from us	Contact Data, Marketing Data
To process payments	Identity Data, Financial Data
To keep accounting records	Financial Data
To give updates to subscribers and the public on our activities and   recent programs	Marketing Data, Testimonial Data, Media Data
To assess a Candidate’s suitability for a position within our organisation	Identity Data, Career
To optimise your use of our website	Cookie Data

 

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us using the contact information at the end of this document.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Lawful basis for processing

We only process Personal Data where we have a lawful basis for doing so.

Personal Data other than Special Categories of Personal Data and Personal Data relating to criminal convictions

We will process Due Diligence Data to which this section applies where this is necessary for the prevention of money laundering or terrorist financing as a task which is carried out in the public interest. We will process other Personal Data where processing is necessary for compliance with a legal obligation.

We will process Assessment Data, Identity Data, Partner Data and Financial Data to perform our contracts with you and/or to take steps at your request prior to entering into a contract.

We may request your consent to certain forms of marketing communications and where we do so, consent is the basis upon which we will process your Personal Data for that purpose. We may ask you to consent to other forms of processing from time to time and where we do, consent will be the legal basis for that processing.

Unless we are processing Personal Data for the prevention of money laundering or terrorist financing or on the basis of consent, we rely or also rely upon our legitimate interests in processing as set out below.

 

Legitimate interest	Categories of Personal Data affected  (in each case excluding Special Categories of Personal Data and   Personal Data relating to criminal convictions)
Assessing eligibility of potential partners, programs and recipients of   investments	Assessment Data, Contact Data, Identity Data
Ensuring the continuity of our activities following a reorganisation or   transfer to a successor	All Personal Data
Delivering program objectives and engaging with partners	Contact Data, Identity Data, Partner Data
Measuring the impact of our activities	Partner Data, Testimonial Data
Organising and inviting delegates to events, following up with   delegates who have attended our events	Contact Data, Marketing Data
Informing the public, visitors to our website and newsletter   subscribers  about our activities	Marketing Data, Testimonial Data, Media Data
Monitoring website usage patterns	Website Technical Data
Promoting our charitable aims and purposes	Marketing Data, Event Data, Program Data
Optimising your use of our website	Cookie Data

 

Special Categories of Personal Data and Personal Data relating to Criminal Convictions

We collect statistical information relating to health to assess the impact of our programs; however this is not capable of identifying individuals. We will only process Personal Information relating to health where you have provided us with your explicit consent.

We will process Special Categories of Personal Data and Personal Data relating to criminal convictions on the basis of your explicit consent where no other legal basis for the processing is available. In general, we process all Personal Data relating to health and criminal convictions on the grounds that processing is necessary for reasons of substantial public interest or to comply with our obligations as an employer.

Retention periods

We will retain your Personal Data only for as long as is necessary to achieve the purposes (or any compatible purposes) for which it is processed unless you have asked us to retain the Personal Data for a longer period. The retention period applying to Personal Data will depend upon the applicable legal and regulatory requirements, which may change over time, and also upon events occurring after the time of collection, such as the occurrence of a legal claim or the exercise of a data subject right (such as the right to request that we do not use your Personal Data for marketing purposes).

Transfers outside of the European Economic Area (EEA)

We transfer or may transfer Personal Data outwith the EEA where this is necessary for the performance of our professional services, is part of our secure business processes or if the Personal Data is Website Technical Data, where any of the following apply:

• The transfer is made to a country which has been determined by the European Commission to provide appropriate safeguards for the rights of Data Subjects
• The transfer is made to a company or group of companies which have implemented ‘binding corporate rules’ approved by the relevant regulator.
• The transfer is made on the basis of standard contractual clauses approved by the European Commission

We may additionally transfer Personal Data to countries outside of the EEA where this is necessary for the performance of our professional services where any of the following apply:

• Our action is outside the scope of the GDPR or does not constitute a transfer within the meaning of the GDPR
• The transfer is necessary for the performance of our contract with you or is a step preparatory to entering into a contract with you and is taken at your request
• The transfer is necessary for the conclusion or performance of a contract with a third party which is in your interest
• The transfer is necessary for the establishment, exercise or defence of legal claims
• The transfer is necessary to protect your vital interests
• The transfer is made from a register which is open to the public or to those with a legitimate interest
• With the explicit consent of the Data Subject

Recipients of Personal Data

We transfer or may transfer Personal Data to the following recipients:

 

Recipient or category of recipient	Categories of Personal Data affected
Our external partners	Identity Data, Matter Data, Financial Data
Providers of services to us, including our IT service providers, self-employed consultants, translators, insurers and our professional advisers including without limit advocates, insurance brokers, auditors and accountants	All of the Personal Data we process
Third parties with whom we are co-organising events	Identity Data (limited to name and organisation)
Business contacts	Contact Data
Companies House, HMRC and other public authorities and bodies	Identity Data, Matter Data
Law Enforcement Agencies	All of the Personal Data we process
Awards bodies and publishers of professional directories (only with your authority)	Contact Data, Matter Data (only where confidentiality has been waived)
Media organisations and/or the public	Contact Data (limited to name, job title and organisation), Partner Data (with permission), Testimonial Data
Successors in title to our business	All of the Personal Data we process

 

We transfer or may transfer Website Technical Data to Google in connection with our use of Google Analytics.
Your legal rights

You have the right to:

Request access to your Personal Data (commonly known as a "data subject access request"). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.

Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Complain to the supervisory authority in connection with our processing of your personal data. You can exercise this right by contacting the Information Commissioner’s Office at https://ico.org.uk/.

Security

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know.

Our websites may contain links to other websites of interest. However, once you have used one of these links to leave our website, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Notice. You should exercise caution and look at the privacy notice applicable to the website in question.

Contact us

If you have any questions about our processing of Personal Data or would like to exercise one of your legal rights, please contact email us at JJCCTPrivacy@its.jnj.com.

Guidance on data protection law is available at the Information Commissioner’s Office.

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Information about our use of cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.

We use the following cookies:

• Essential cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
• Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
• Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
• Targeting cookies: These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose, in accordance with our Privacy Notice where the information concerned is capable of identifying the individual website user.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

Cookie	Purpose	Expiry
Essential Cookies
PHPSESSID	Preserves user session state across page requests.	For the length of the session
Analytical/performance
_at.hist.#	Used by the social sharing platform AddThis to store the user’s usage history of the AddThis sharing widget	Persistent
_ga	Registers a unique ID that is used to generate statistical data on how the visitor uses the website	2 years
_gat	Used by Google Analytics to throttle request rate	For the length of the session
_gid	Registers a unique ID that is used to generate statistical data on how the visitor uses the website	For the length of the session
collect	Used to send data to Google Analytics about the visitor’s device and behaviour. Tracks the visitor across devices and marketing channels	For the length of the session
vuid	Provided by Vimeo.com and collects data on the user’s visits to the website, such as which pages have been read.	2 years
Targeting
_atuvc	Updates the counter of a website’s social sharing features	13 months
_atuvs	Ensures that the updated counter is displayed to the user if a page is shared with the social sharing service, AddThis	For the length of the session
_at.cww	Used by the social sharing platform AddThis	Persistent
at-lojson-cache-#	Used by the social sharing platform AddThis	Persistent
at-rand	Used by the social sharing platform AddThis	Persistent
bt2	Used by the social sharing platform AddThis to keep a record of the parts of the site that have been visited in order to recommend other parts of the site	255 days
di2	Geolocation, which is used to help providers determine how users who share information with each other are geographically located (state level)	13 months
uid	Creates a unique, machine-generated user ID. AddThis, which is owned by Clearspring Technologies, uses the user ID to make it possible for the user to share content across social networks and provide detailed statistics to various providers.	1 year
uvc	Detecs how often the social sharing service, AddThis, encounters the same user.	13 months
vc	Used by the social sharing platform AddThis	1 year
xtc	Registers the user’s sharing of content via social media	13 months

 

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

Managing your cookie preferences

In most cases we will need your consent in order to use cookies on this website, other than for use of essential cookies. Where we wish to use cookies that require your consent you will be asked whether you consent to the use of cookies via the pop-up on our website.