I. Purpose/Executive Summary

This Privacy Policy describes how Open Technology Fund (“Open Technology Fund,” “OTF,” “we,” “us,” and/or “our”) handles personal data we collect from employees, contractors, consultants, and other individuals (collectively, “personnel”) who currently work or previously have worked for OTF, as well as individuals who have applied for employment to or been recruited by OTF. This Policy explains the types of personal data we collect, how we may use and share the data, and the choices that are available to you with respect to our handling of your data.

II. Information We Collect

We collect different types of information depending on whether individuals are current or former personnel, have/had a direct or indirect relationship with OTF through an Employer of Record (“EOR”), or have/had applied for or are recruited for a job at Open Technology Fund. We collect information you provide directly to us as well as information on you that we obtain from third parties. OTF only collects data related to the determination of hiring an applicant and/or the retention and maintenance of an employment record. The sources of information collected for an employment applicant, personnel, or former personnel will depend on the information provided in the hiring process and/or the employment relationship.     

We may also collect information about your use of our organization’s technology and resources, including email, instant messaging, file share and employee collaboration platforms, IT assistance, and employee training tools. Note, information is received by Open Technology Fund in various forms, including verbally, in hard-copy, and in electronic form. It may be delivered in-person or via phone, email, fax, website, social media, etc.

III. Categories of Personal Information Collected and Purpose

Personal Information collected by Open Technology Fund may be collected/retained for the following purposes and reasons, including but not limited to:

OBJECTIVETYPE OF PERSONAL INFORMATIONBASIS FOR COLLECTION AND/OR RETENTION
Recruitment/Employee Management
Managing the workforce: recruiting, managing work, evaluating the work performance of employees, developing and managing organizational structure, managing staff and team management, managing business travel, talent management and work growth counseling, training, managing, and approving work leave, succession planning, and provision of references on request.		– Identification data;
– Data related to the personnel’s position;  
– Salary data and related financial data;
– Health data related to employment; and
– Information about committing or allegedly committing a criminal offense or an offense.		– An offer of employment or other offer to which the employee is a party;
– For the proper assessment of a potential candidate; and
– To fulfill the employment or other contract to which the employee is a party.
Benefits
Salary Agenda, Employee Benefits, and Payments: salary, rewards, other incentives and benefits, compliance with statutory social security, and tax regulations.		– Identification data;
– Data related to the employee’s position;  
– Salary data and related financial data;
– Information on insurance and indemnity;
– Information on the social security system; and
– Beneficiary and/or dependent information.		– To comply with the legal obligations applicable to Open Technology Fund; and
– To fulfill the employment or other offer to which the employee is a party.
Emergency
Communication with employees and their contact persons in case of urgency.		– Identification data; and
– Data related to the employee’s position.		Necessary to protect the vital interests (namely, health) of the employee in the event of an emergency.
Legal Obligations
The fulfillment of our legal obligations, including obligations arising from employment and immigration laws, tax laws, and regulations relating to health and safety at work.		– Identification data;
– Employee demographic information;
– Data related to the employee’s position;
– Salary data and related financial data;
Information on insurance and indemnity; and
– Information on the social security system health data.		Necessary to comply with the legal obligations applicable to Open Technology Fund.
Protective Measures
Detection or prevention of inappropriate behavior or violation of the Open Technology Fund rules/policies, including the protection of our intellectual property, confidential information, and other tangible and/or intangible property.		– Identification data;
– Data related to the employee’s position; and
– Information on asset use and organization systems.		Necessary for the legitimate interests of Open Technology Fund to protect assets of the organization.
Legal Proceedings
For the purposes of any potential and/or ongoing litigation or inquiries concerning OTF, its personnel, or one of our partners.		– Identification data;
– Data related to the employee’s position; and
– Information on asset use and company systems.		Necessary for Open Technology Fund’s legitimate interests to claim OTF’s rights against third parties or to defend against third-party claims against OTF in possible litigation or to defend and meet the requirements of an administrative inquiry.

IV. How We May Share Your Information

We may share your Personal Information as necessary for the purposes described in this Privacy Notice. For example, we may share your Personal Information with the following parties: 

  • Service Providers: We use service providers to operate, host, and facilitate our operations and business (including human resources operations). These include hosting, technology, and communication providers; security and fraud prevention consultants; analytics providers; background and reference check screening services; and external benefit providers, such as payroll, retirement account administration, benefits provision, occupational health, and IT services. Open Technology Fund takes commercially reasonable measures to confirm that Personal Information shared with service providers is furnished with adequate security measures and protected from unauthorized access.  
  • Business Transfers: Your Personal Information may be transferred to a third party if we undergo a merger, acquisition, bankruptcy, or other transaction in which that third party assumes control of our organization (in whole or in part).
  • Professional Consultants: We may share your Personal Information with our professional consultants.
  • Funding: We may share your Personal Information with our funders, but only to the extent necessary to comply with regulatory requirements and contractual commitments.
  • Legal Obligations: We may also share your Personal Information with third parties for purposes of fulfilling our legal obligations under applicable law, regulation, court order, or other legal process, such as preventing, detecting, and investigating security incidents and/or potentially illegal or prohibited activities; protecting the rights, property, or safety of you, us, or another party; enforcing any agreements with you; responding to claims; and resolving disputes.
  • Consent: We may share your Personal Information for additional purposes with your consent and/or at your direction.

Open Technology Fund does not sell or otherwise disclose employee Personal Information for monetary or other commercial consideration to any third parties.

V. Monitoring

It may be necessary for us to monitor our staff in various ways for safety and security and to protect our staff. We may monitor our staff in the following ways:

  • Electronic communications transmissions.
  • Key Card/fob entry onto and in Open Technology Fund properties;
  • Open Technology Fund-owned computers and technical assets, including OTF-issued telephones;
  • Computer Internet access or usage; or
  • Electronic communications transmissions.

VI. Rights Specific to Residents of the European Union, European Economic Area, and the UK

This section applies only to individuals under this Policy from within the European Union (EU), the European Economic Area (EEA), and the UK, and only if we collect through the Services any information from you that is considered “Personal Data,” as defined in the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

Personal Data includes any information relating to an identified or identifiable natural person, who could be identified either directly or indirectly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person (which may include some or all your Information as defined in this Privacy Policy).

A. Identify and Contact Details of Controller and EU Representative

Unless otherwise stated, we are the Data Controller for the Information we process. Please see section VI.E of this policy for OTF’s designated EU Representative.

B. Your Data Protection Rights

To the extent the GDPR and Data Protection Act 2018 apply, and we hold your information in our capacity as a Data Controller as defined under those laws, you may request that we:

  • Restrict the way that we process and share your information;
  • Transfer your information to a third party;
  • Provide you with access to your information;
  • Remove your information if no longer necessary for the purposes collected;
  • Update your information so it is correct and not out of date; and/or
  • Object to our processing of your information.

You may also revoke your consent for processing of your information. If you wish to object to the use and processing of your information or withdraw consent to this Privacy Policy, please see section VI.E of this policy for OTF’s designated EU Representative.

The requests above will be considered and responded to in the time period stated by applicable law. Note, certain information may be exempt from such requests.  We may require additional information from you to confirm your identity in responding to such requests. Complying with such requests may also impact our ability to provide services to you as personnel, including, for example, process payroll or communicating with you.

You have the right to lodge a complaint with the supervisory authorities applicable to you and your situation. Please see section VI.E of this policy for instructions on how to lodge a complaint.

C. Lawful Basis for Processing Your Information

The lawful basis for our processing of your Personal Data will depend on the purposes of the processing. Depending on what Personal Data we collect from you and how we collect it, we may also rely on various grounds for handling your Personal Data, including the following reasons:

  • Processing on the basis of legitimate business interests. We process Personal Data on the basis that the processing is necessary for our legitimate business interests, such as communicating with you during the recruitment process or evaluating your job performance during your employment with us.
  • Processing on the basis of performance of a contract. Examples of situations in which we process Personal Data as necessary for performance of a contract include direct depositing payroll into your bank account.
  • Processing because we are under a legal obligation to do so. Examples of situations in which we must processes Personal Data to comply with our legal obligations include: (i) providing your Personal Data to governmental bodies if  required by applicable laws; (ii) retaining business records required to be retained by applicable laws; and (iii) complying with court orders or other legal process.

If the processing of your Personal Data is based on your consent, the GDPR and Data Protection Act 2018 also allow users the right to access, revoke, or modify your consent at any time. Please see section VI.E below for instructions on how to review or modify your consents.  

D. Consent to Transfer

We are operated in the United States, and we have operations and service providers in the United States and other countries. Please be aware that information, including your Personal Data, that we collect will be transferred to, stored, and processed in the United States and other countries, which are jurisdictions in which the privacy laws may not be as comprehensive as those in the country where you reside and/or are a citizen.  We maintain measures to address the transfer of your Personal Data between our group organizations, and between us and our third-party providers in accordance with applicable data protection laws and regulations.

E. Representative

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:

  • European Union (EU)
  • United Kingdom (UK)
  • Switzerland

Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website: https://prighter.com/q/18716869240

VII. Changes to Our Privacy Policy

We may change this privacy policy from time to time. Each version of this policy is identified by its effective date.

VIII. Contacting Open Technology Fund

If you have questions or concerns regarding this Policy, please contact us using the information provided below.

Open Technology Fund

1015 7th Street NW, 3rd Floor

Washington, DC 20001 USA

[email protected]