Privacy policy | GFI

Privacy notice

Last Updated: December 1, 2020

The Good Food Institute, Inc. (“GFI,” “we,” “us”) respects your privacy.  We collect information from you to provide you assistance, update you on the impact of your contributions, and communicate about new and ongoing initiatives.  We only use that information where we have a proper legal basis for doing so. We maintain and use your information responsibly.

This Privacy Notice explains what information we collect, how we use it and what choices you have about our use of it. This notice is layered, so you can easily select the reason we process your personal information and see what we do with it.

We recognize that information privacy is an ongoing responsibility, and we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies. If our information practices change materially, we will notify you of these changes by posting them on our website.

By providing personal information to us, you agree to the terms and conditions of this Privacy Notice.

We welcome your questions and comments about this Privacy Notice at dataprivacy@gfi.org.

Who manages your data

The Good Food Institute, Inc., a Delaware section 501(c)(3) nonprofit corporation is the controller for the personal information we process, unless otherwise stated.  

Our address is:

1380 Monroe St NW #442 
Washington, DC 20010 
United States

For certain processing activities, The Good Food Institute and each of its affiliates below are joint controllers for the processing of your information:

GFI Europe (Belgium) ASBL 
Drève du Pressoir 38, 1190, 
Forest, Belgium

Associação The Good Food Institute Do Brasil
Avenida Paulista, 807 – 23o Andar – Conjunto 2315
Bela Vista – São Paulo – SP, 01311-100, Brazil

The Good Food Institute Asia Pacific (Hong Kong)
Limited Room 503-9, Yu To San Building
37 Queen’s Road Central, Hong Kong

Alternative Protein Solutions Private Limited (APSPL) 
d/b/a The Good Food Institute India
505, 5th Floor, 123, OM Chambers August Kranti Marg, Kemps Corner
Mumbai 400036 India

The Good Food Institute Israel (R.A.)
Hator 12, Raanana, Israel

How do we get your information?

  1. When you give it to us or give us permission to obtain it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You have subscribed to one of our e-newsletters.
  • You request information about our work or seek our assistance.
  • You wish to make, or have made, a donation to us.
  • You wish to attend, or have attended, an event organized by us.
  • You have applied for a job or a volunteer position with us.
  1. Our partners and service providers share information with us

We also receive personal information indirectly from other sources, including your company/ organization, professional references, publicly available sources, subscription services, and third-party service providers. 

GFI obtains contact details and other personal information regarding media contacts and influencers from a variety of sources including Cision. If you wish to know more about how such information is collected and used, please refer to Cision’s privacy notice at ​www.cision.com/us/legal/privacy-policy/​.

  1. Data we collect automatically, using cookies or similar technologies

We, and our third-party partners, automatically collect certain types of usage information when you visit our website, read our emails, or otherwise engage with us online. We collect this information through a variety of tracking technologies, including cookies, web beacons, pixels, embedded scripts, location-identifying technologies, file information, and similar technologies.

Here are some of the types of information we collect:

  • Log data. When you use our website, our servers record information that your browser automatically sends whenever you visit a website. This log data includes your Internet Protocol address (which we use to infer your approximate location), browser type and settings, internet service provider, platform type, date and time stamp, and other such information. We also collect information about the way you use our website, for example, your history arriving to our website, the pages you visit, how frequently you access the website, whether you open emails or click the links contained in the emails, and other actions you take. 
  • Cookie data. We also use “cookies” (small text files sent by your computer each time you visit our website) or similar technologies to get log data. When we use cookies, we use session cookies that last until you close your browser or persistent cookies that last until you or your browser delete them. For more detailed information about how we use cookies and what types of data we collect, please refer to our Cookie Notice.
  • Device data. In addition to log data, we collect information about the device you are using to access our website, including the type of device, operating system, settings, unique identifiers and crash data. When you access our website from a mobile device, we may collect unique identification numbers associated with your device or our mobile application (including, for example, a UDID, Unique ID for Advertisers (“IDFA”), Google AdID, or Windows Advertising ID), mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, phone number, and, depending on your mobile device settings, your geographical location data, including GPS coordinates (e.g., latitude and/or longitude) or similar information regarding the location of your mobile device, or we may be able to approximate a device’s location by analyzing other information, such as an IP address. 

Our purpose in using cookies is to (1) provide custom, personalized content and information; (2) record your consent; (3) recognize and contact you across multiple devices; (4) monitor aggregate metrics such as total number of visitors, traffic, and usage; and (5) diagnose and fix technology problems.  

We collect analytics data or use third-party analytics tools such as Google Analytics to help us identify traffic and usage trends for the website and to help us understand how our audience engages with us. We may also work with third-party partners to employ technologies that permit us to recognize and contact you across multiple devices.

The lawful basis we rely on to process this information is our legitimate interest in using information in a way that is necessary to customize your website experience, provide more relevant content, and tailor our communications to your needs. As used herein, the term “legitimate interest” refers to our interest in use for these purposes.  We rely on your consent when we use nonessential cookies. 

Special Categories of Personal Information

We will not intentionally collect any special categories of data without your explicit consent for one or more specified purposes or as otherwise permitted or required by applicable law. Special categories of data include personal data (a) revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; or (b) concerning health; or (c) concerning a natural person’s sex life or sexual orientation.

Your data protection rights

We must inform you about your rights in relation to the information that we have about you. The rights available to you depend on our reason for processing your information.

Right to access. You have a right to access your personal data in our possession and information about the way we use your data. This right always applies. For privacy and security, we may ask you to verify your identity. There are some exemptions, which means you may not always receive all the information we process. 

Right to rectification. We do our best to keep your data accurate and up to date. If your personal data is inaccurate or incomplete, you have the right to ask that we correct or complete it. This right always applies. If we share your personal data with others and if possible, we will inform them about the correction as well. If you ask us, we will also tell you with whom we shared your personal data. 

Right to erasure. If you wish to have your information removed from our records, you have the right in certain circumstances to request that we do so. We may retain certain data as necessary (a) for reasons of freedom of expression and information; (b) to comply with legal obligations; or (c) for the establishment, exercise, or defense of legal claims.

Right to restrict processing. You may ask us to restrict the processing of all or part of your personal data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it. We will tell you before we lift any restriction on processing. If we share your personal data with others, we will tell them about the restriction if possible. If you ask us, we will also tell you with whom we shared your personal data. 

Right to data portability: You have the right to have the electronically-held information you provided to us disclosed to you or transferred to another organization. This right only applies if we are processing information based on your consent or are under, or in talks about entering into, a contract with you.  We will present your information in a structured, commonly used and machine-readable format where it is technically feasible to do so. 

Right to object: You may ask us at any time to stop processing your personal data, and we will do so:

  • If we are relying on a legitimate interest to process your personal data – unless we demonstrate compelling legitimate grounds for the processing or use the data for the establishment, exercise or defense of legal claims; or
  • If we are processing your personal data for direct marketing.

Right to withdraw consent: if we rely on your consent to process your personal data you have the right to withdraw that consent at any time on the going forward basis.

If you exercise any of the rights above, we will take the required action without undue delay unless the requests are manifestly unfounded or excessive per Art. 12(5) of the GDPR. 

Right to lodge a complaint with the data protection authority: if you have a concern about our privacy practices, including the way we handle your personal data, you can report it to the data protection authority in your jurisdiction.

When do we share your information?

We may share your information with the following trusted parties: 

  1. Our global affiliates, agents, and representatives in the course of our operations. Our affiliates may only process your data for the purposes specified in our data sharing agreements with them, and are required to implement technical and administrative measures to appropriately safeguard your data. We rely on legitimate interest as the lawful basis to share your data for operational purposes.
  1. Third-party companies, service providers, or individuals that we employ to process information on our behalf based on our instructions and only for the purposes specified. These data processors are contractually bound to keep your data secure. We rely on legitimate interest as the lawful basis for sharing information with these third parties.
  1. Online advertisers, including social media sites. If you have consented to receiving marketing communications, we may use your contact information to match to your social media account, to show you GFI content while you use social media services. We rely on your consent as the lawful basis for such processing. 
  1. Law enforcement and government agencies. We are legally obligated to share your information in some circumstances, such as (1) to respond to a subpoena, court order or legal process; (2) to detect, prevent, or otherwise address fraud, security or technical issues; (3) to exercise or protect our rights, property or personal safety or that of others. We rely on legitimate interest and legal obligations as the lawful bases for such sharing.

Except for the purposes outlined herein, we will not trade, share or sell your personal information to anyone else.

Transfer of data

GFI is a global organization that operates in many countries in partnership with its affiliates. When we transfer your information to our affiliates outside of the European Economic Area (EEA) we do so based on the use of Controller-to-Controller Standard Contractual Clauses, also known as Model Clauses, between GFI-US and each of the affiliate organizations that ensure appropriate safeguards and enforceable data subject rights and effective legal remedies according to the European Commission.

When we transfer your information to a service provider that stores or otherwise processes your data outside of the EEA, we require them to sign a Data Processing Agreement that allows data transfers only (a) to countries recognized by the European Commision as having an adequate level of protection or (b) pursuant to Controller to Processor Standard Contractual Clauses. Our service providers are required to promptly notify us if they are unable to comply with these requirements.

How do we protect your information?

We care about the security and integrity of your information. We Implement and maintain industry standard physical, technical, and administrative safeguards, including performing regular self-assessments to prevent unauthorized disclosure of, or access to, personal data. We limit access to personal data and require that employees and agents authorized to access personal data maintain the confidentiality of that data. We hold our service providers to at least the same data privacy and security standards to which we hold ourselves.

However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%. If, despite our efforts, we learn of a security breach involving your personal information, we will take reasonable steps to investigate the situation and notify you as required by law so appropriate protective steps can be taken.

Our website may contain links to and from third party websites of our business partners. If you follow a link to any of these websites, please note that these websites have their own privacy notices, statements, or policies that govern your interactions with them. We encourage you to read them.  

Information about children

We do not knowingly collect or store any personal data of persons under the age of 16 and we do not offer any of our services directly to children under the age 16.

How to contact us

If you reside outside the EEA:

Mail: 
The Good Food Institute
attn:  Data Privacy
1380 Monroe St NW #442 
Washington, DC 20010 USA

Email: dataprivacy@gfi.org  

For individuals in the European Economic Area, GFI has appointed The Good Food Institute Europe (Belgium) ASBL as GFI’s representative pursuant to Art. 27 of the GDPR. 

Mail:  
GFI Europe (Belgium) ASBL 
Drève du Pressoir 38, 1190
Forest, Belgium

Email: GFIEuropeDataPrivacy@gfi.org


Newsletter subscribers

Purpose and lawful basis for processing

We collect your information to inform you about our resources, and update you about industry news, opportunities, and upcoming events. We’ll only use your information with your consent in order to send you marketing materials by email or text. Each time we send you a marketing email, we give you the option to unsubscribe. 

We rely on legitimate interest as the lawful basis to process the data to improve our marketing activities and send you non-marketing transactional emails to inform you about updates to our privacy policies and changes to your subscription preferences among other matters, and on compliance with legal obligations in case of data breach notifications. 

What information do we collect

We ask for your name and email address to subscribe to the newsletter. We also collect your IP address and gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our newsletter.

Why do we need it

We need this information to be able to perform individual outreach about new resources and opportunities and to send you other communications that you have requested.

When do we share your information

We use external service providers for data processing to support us in carrying out all our marketing activities. These service providers process data only per our instructions and solely for the purposes described in this notice. 

How long do we keep it

We keep your details to send you marketing communications only until you choose to unsubscribe. 

What are your rights 

We rely on your consent to process the personal data you provide to us to subscribe to our newsletters and other marketing communications. This means you have the right to withdraw your consent, or to object to further processing of your personal data for this purpose at any time. Please use the instructions in the email to unsubscribe from further communications or email us at dataprivacy@gfi.org


Event/webinar attendees

Purpose and lawful basis for processing

Our purpose for collecting this information is to facilitate the event and enable access. The lawful basis we rely on for processing your personal data is your consent.

What information do we collect

When you register to participate in one of our events, we will ask you to provide your name, email address, company/ organization, professional title, address, billing address, and payment information if payment is required. If you participate as a presenter or panelist, we may also collect your photograph and presentation materials. 

For conference attendees, you may have the option to download a mobile app for participant communication and information sharing. The app may store the device identifier associated with your mobile device, but neither we nor the app provider will collect any personal data through the mobile device. 

We frequently take photos and record audio and/or video of our events, and may make and store photographs containing your likeness and recordings of your voice and likeness. We may associate your image and the sound of your voice with your name if you are identified during the recording or identify yourself by name.

Why do we need it

We use this information to process your registration and payment for the event if applicable; send event-related communications and updates regarding the event; print your badge at the event; send you event-related materials and recordings; contact you about future events; and request feedback via post-event surveys or otherwise; and improve our event administration. We will email you a reminder before the event you registered for, and email you after the event with a recording of the webinar.

We may use, edit, copy, exhibit, publish, or distribute photos and audio or video recording for any charitable purpose.

When do we share your information 

We share your information with our service providers that process your information at our direction and only for purposes specified in our contract with them. When you join one of our events via Zoom, Zoom may store the meeting metadata, including your IP address, device info, user profile, email, photos, and recordings, none of your personal information collected by Zoom is shared with us. For more information, please refer to their privacy policy at https://zoom.us/privacy

How long do we keep it

We will retain your information as long as necessary to fulfill the purposes described in this notice or until you ask us to remove  it. 

What are your rights

To the extent we rely on your consent to process your personal data, you have the right to object to further processing or withdraw your consent at any time. 
For more information about your rights, please see Your Data Protection Rights.

GFIdeas participants

Purpose and lawful basis for processing

We only collect personal data that is necessary to enable your participation in the GFIdeas community and allow you to connect with other individuals in the alternative protein field and access relevant resources. We rely on your consent as the lawful basis to share and otherwise process your information.

What information do we collect

When you request membership in GFIdeas, you’ll be asked to submit your name, email address, LinkedIn profile, and the country you live in. You’ll also be asked several questions about your current work or education, and about your interest and background in alternative protein.

All information except your email will be displayed in our GFIdeas Directory if you choose to opt-in to the directory, which is password-protected and accessible to other GFIdeas community members. 

Why do we need it

We collect this information to make it easier for you and other GFIdeas members to connect with people with similar or complementary interests and skills within the alternative protein field. 

Most of the information we collect when you apply for GFIdeas is publicly posted in our directory to help you and other GFIdeas members get the most out of our community. We do not publicly share your email. We do, however, keep your email on file in case we need to email you with updates about GFIdeas that may affect your user experience. And, of course, if you sign up for regular newsletters, we’ll send those to you, too!

If you opt-in to be added to either the technical or business seminar series or both, we will use your email to communicate with you about upcoming seminars and share resources and recordings from prior events.

Your email will be stored within GFI’s organizational records, along with your preferences for whether (or how often) you receive email communications from us.

Who do we share it with

Most of your data will be shared in a password-protected directory housed in Airtable intended to facilitate fruitful connections among GFIdeas members. We will also share your information with our service providers, including Airtable and Salesforce, that only process your information at our direction and to fulfill the purposes described in this notice.

How long do we keep it

Your information will be stored until you ask us to remove it. Once a year, we will send you an email reminding you that you’re a member of GFIdeas, and we’ll ask you if you’d like to update or remove your information at that time.

Donors and followers

Purpose and lawful basis for processing

We only collect personal data that is reasonable or necessary to build authentic, well rounded professional relationships with you, understand how your personal, professional, and philanthropic interests may align with giving opportunities at GFI, and secure philanthropic funding. We rely on these legitimate interests and on our legal obligations as the lawful bases for processing your data.

When you make a gift to us, we use the information you provide as necessary for the performance of the contract between you and us in connection with your donation. If you do not provide the necessary data to us or our payment service provider, we will not be able to process your donation.

We also use your data to comply with our legal obligations, including tax reporting. 

We will only send you our newsletter and other marketing communications by email if you opt-in to receive them and rely on your consent as the lawful basis for such communications. You may opt out of receiving marketing emails at any time by following the instructions contained in each email we send you.

What information do we collect

When you make an online donation, we collect your name, email, billing address in order to process the transaction. We may also collect additional information about your donation, including the amount and purpose of your donation, dedication information, your professional affiliation if your employer participates in the company match program, and any other comments you may choose to provide. 

We collect but not retain credit card or other payment account details, which are processed by one of the third party vendors, such as Stripe. We encourage you to review their privacy policies carefully. 

We also collect other personal information that you may share in conversations or other interactions with us, including your address, telephone number, date of birth, marital status, family status, educational history, professional affiliation, social media account pages, and communication preferences.

We may obtain information about you from public records and from databases when conducting due diligence.

Why do we need it

We need this information to tailor our engagement plan, process your donations, contact you regarding your donations, update you on the impact of your contributions, and provide other updates that we think will be of interest to you. 

When do we share your information

We share your personal information with our employees, agents, and affiliates to support our operations, our service providers to process it based on our instructions, and our affiliates to enable them to develop authentic, well-rounded, professional relationships with you and better coordinate our philanthropic campaigns. We rely on these legitimate interests as the lawful basis to share your information. For more information on our sharing practices, please read here.

GFI and each of its affiliates are considered joint controllers for the purposes of data protection law with respect to the shared information. This is because we jointly dictate the purposes for which your personal information is used and the means by which we use your personal information. GFI and its affiliates have arranged to work together to respond to your questions and your requests to exercise any of your data protection rights. 

We transfer your information outside the European Economic Area to our affiliates and service providers abroad. We make sure that such data transfers are subject to appropriate safeguards. For more details, please see Transfer of Data.

How long do we keep it 

We will retain your information as long as necessary to fulfill the purposes described in this notice and to comply with our legal obligations, including our tax reporting requirements and data breach notifications.  If you ask us to delete your data or to be removed from our marketing lists, we will keep only basic data to prevent further unwanted processing.

What are your rights

You have a right to object to our processing at any time as we process your data for our legitimate interests. For more information on your rights, please see Your Data Protection Rights.

Job applicants and interns

Purpose and lawful basis for processing

Our purpose for processing your information is to assess your suitability for a role you have applied for and to help us develop and improve our recruitment process.  The lawful basis we rely on for processing your personal data is article 6(1)(b) of the GDPR, which allows processing necessary to perform a contract or to take steps, at your request, prior to entering into a contract. 

If you provide us with any optional special category data, such as health or ethnicity information, we rely on your consent as the lawful basis.  We also rely on your consent to obtain data regarding your criminal record and credit history if required for the role.

What information do we collect 

We collect your contact details, information about your previous experience, education, references, and answers to questions relevant to the role that you are applying for.  We will also ask you to voluntarily provide demographic information, including information about your gender, race, ethnicity, health status, and veteran status for statistical purposes. This information will be kept separate from your application and used solely for the purpose of monitoring, informating, and reporting on our diversity efforts. This information, or your decision not to provide it, will not affect your application in any way.  

If we choose to make you an offer of employment, we may ask for your consent to obtain a consumer report or a background check report from an authorized third-party provider.  A report may include information about your creditworthiness; court, administrative, and criminal records; general reputation; and personal characteristics to the extent permitted by law. 

Why do we need it

We use all the information that you provide during the recruitment process to evaluate your application, to keep records related to our hiring practices,  match applicants to other career opportunities,  and to fulfill legal or regulatory requirements, including compliance with employment and immigration laws.   We will use your contact information, including your email address to inform you about the status of your application.  

When do we share it

We will only share your information with third party service providers as necessary to review your application, facilitate the interview process, and conduct reference,  background, and employment eligibility checks.  If you use our online application system, your details will be collected by our data processor Greenhouse on our behalf. We only share your information internally with teams directly involved in the hiring process. We will not share your information with any third parties for marketing purposes. 

GFI occasionally advertises employment opportunities on behalf of its international affiliates. If you apply for one of these postings, your information will be shared with the hiring team in the country where the position is located. For more information please refer to Transfer of Data and When Do We Share Your Information?

How long do we need it

We will only keep the information for as long as necessary to fulfill the purposes described above.

What are your rights

To the extent that we rely on your consent to process certain types of personal information that you provide voluntarily, you may withdraw your consent at any time by contacting us. 

Questions

For more information, please contact us at dataprivacy@gfi.org