Last Updated: November 6, 2023
Thank you for choosing to be part of our community at 3BL Associates Consultancy Co. W.L.L., which runs Diversity on Board (“Diversity on Board”, “we”, “us”, or “our”). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our policy, or our practices with regards to your personal information, please contact us at privacy@diversityonboard.org.
This privacy policy aims to give you information on how Diversity on Board collects and processes your personal data. This website is not intended for children and we do not knowingly collect data relating to children.
When you visit our website http://beta.diversityonboard.org/, mobile application, and use our services, you trust us with your personal information. We take your privacy very seriously and are committed to protecting your personal data. In this privacy policy, we seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it. We hope you take some time to read through it carefully, as it is important. If there are any terms in this privacy policy that you do not agree with, please discontinue use of our Sites or Apps and our services.
This privacy policy applies to all information collected through our website (such as http://beta.diversityonboard.org/), mobile application, (“Apps”), and/or any related services, sales, marketing or events (we refer to them collectively in this privacy policy as the “Services”). It is important that you read this privacy policy or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements the other notices and is not intended to override them.
1. What data do we collect?
We collect data within the following categories and sub-categories:
Personal Data
Personal Identification Information (First and last name, username, etc.)
Contact Data (email address, contact number, address, country of origin, etc.)
Publicly Available Information (First name, maiden name, last name, nickname, ID, passport number, current and former address, phone numbers, email addresses, business email, business phone numbers, business entity filings, corporate affiliations, business associates, government licenses, professional licenses, hunting/fishing permits, weapons permits, social media, etc.)
Professional Data (Past and current partners, CV, etc.)
Sensitive Personal Data
Sensitive Personal Information (race, ethnic origin, political or philosophical opinions, religious beliefs, affiliation to union, personal criminal record, or any information in relation to his health or sexual status, etc.).
Please note that any processing of this data for users residing in the Kingdom of Bahrain will be subject to Article 5 of Law No. (30) of 2018 with Respect to Personal Data Protection Law, which can be found here. In addition, no disclosure of your sensitive personal data shall be made without your own prior consent, unless required by law.
Credentials
Member Account Data (Passwords, password hints, and similar security information used for authentication and account access)
Automatically Collected Data
Device/Usage Information. We may collect and analyze:
Device information such as IP addresses, location information (by country and city), unique device identifiers, IMEI and TCP/IP address, browser types, browser language, operating system, mobile device carrier information, etc.;
Information related to the ways in which you interact with the website, Apps, and Services, such as referring and exit web pages and URLs, platform type, the number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, statistical information about the use of the website, Apps, and Services, the amount of time spent on particular pages, the date and time you used the website, Apps, and Services, the frequency of your use of the website, Apps, and Services, error logs, etc.
Cookies and other tracking technologies. We also collect data about your use of our services through the use of Internet server logs and online tracking technologies, like cookies and/or tracking pixels. A web server log is a file where website activity is stored.
A cookie is a small text file that is placed on your computer when you visit a website, that enables us to:
Recognize your computer;
Store your preferences and settings;
Understand the web pages of the Service you have visited and the referral sites that have led you to our Service;
Enhance your user experience by delivering content specific to your inferred interests;
Perform searches and analytics; and
Assist with security administrative functions.
Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads and/or email, and that are designed to provide usage information such as ad impressions or clicks, measure popularity of Services and associated advertising, and to access user cookies. This data allows us to gauge the effectiveness of our communications and marketing efforts.
Geo-Location Information
We may request access or permission to track location-based information from your mobile device, either continuously or while you are using our mobile application in order to provide location-based services. If you wish to change our access permissions, you may do so in your device’s settings. For more information on geo-location information, please see Section 8.
Mobile Device Access
We may request access or permission to certain features from your mobile device, including your mobile device’s storage, and other features. If you wish to change our access permissions, you may do so in your device’s settings.
Data from Third Parties
To the extent permitted by law, we may also collect information from third parties. Depending on the source, this information collected from third parties could include name, contact information, demographic information, information about an individual’s employer, information to verify identity or trustworthiness, and information for other fraud or safety protection purposes.
2. How do we collect your data?
Data You Provide Directly to Us
We may collect, use, and store personal data listed in Section 1 that you provide directly to us in a variety of ways, such as when you:
Create a Diversity on Board account;
Contact us or provide feedback;
Subscribe to our newsletter;
Enter competitions, contests or giveaways; or
Make any types of purchases through our website.
Generally, the personal information we collect that is provided directly to us will depend on the context of your interactions with us.
Data That is Automatically Collected
Data that is automatically collected will depend on your interactions with the Services in general. This includes when you:
Login to your Diversity on Board account;
Apply to specific board openings;
Post board openings;
Navigate through different pages of the website;
Subscribe to our newsletter; or
Nominate individuals to join the platform.
As mentioned in Section 1, information that is automatically collected is collected through the use of cookies and other tracking technologies. This includes information that we may ask for your permission to access including your geo-location and mobile device details.
Data Collected From Third Parties
Information that may be collected from third parties may be done through a variety of sources depending on the nature of the data. Such third parties may include but are not limited to:
Public sources;
Social media platforms; and
Marketing and market research firms.
3. How will we use your data?
Overall, we process your data for purposes based on:
Legitimate business interests;
Fulfillment of our contractual obligations with you;
Compliance with our legal obligations; and
Your consent.
We use personal data collected via our Services for a variety of business purposes prescribed below. We process your personal data for these purposes in reliance on our legitimate business interests, in order to, with your consent, enter into a contractual relationship with you, and for compliance with our legal obligations. The nature of the mentioned contractual relationship involves the processing of your data, with specific purposes, in order for us to carry out our Service.
Below, we indicate the specific processing grounds we rely on, accompanied by each purpose.
We use the information we collect or receive:
To facilitate your account’s creation and login process. If you choose to link your account with us to a third party account (such as your Google or LinkedIn account), we use the information you allowed us to collect from those third parties to facilitate account creation and the login process for the performance of the contract.
To send you marketing and promotional communications. We and/or our third party marketing partners may use the personal data you share with us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt-out of our marketing communications at any time (please see Section 6 below).
To send administrative information to you. We may use your personal information to send you product, service and new feature information and/or information regarding any changes to our terms and conditions, and policies.
Fulfill and manage your payments. We may use your information to fulfill and manage your payments and/or refunds made through our Service.
To request feedback. We may use your data to request feedback and to contact you about your use of our Service.
To enable user-to-user communication. We may use your information in order to enable user-to-user communication with each other’s consent.
To enforce our terms, conditions and policies for business purposes, and legal and contractual obligations.
To respond to legal requests and prevent harm. In the event that we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
To manage user accounts. We may use your personal data for the purposes of managing your account and ensuring that it is functioning effectively.
To deliver services to the user. We may use your personal data to provide you with our Service.
To respond to user inquiries and/or offer support to users. We may use your personal data to respond to your inquiries and solve any potential issues that you may face throughout your use of our Service.
For other business purposes. We may use your personal data for other business purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, and to evaluate and improve our Service, marketing, and your user experience. We may use and store this information within an aggregated and anonymized form which does not include any personal and/or individual association to your personal data and characteristics.
In addition, we will not use identifiable personal data without your consent. For further information about your rights within this Policy, please see Section 6 below.
4. Who will your data be shared with?
We limit the sharing and disclosure of your information to only the third parties listed below. Each category clearly outlines the purpose of our data collection and processing practices. Should you wish to revoke your consent, which we consider granted through your continued use of our Service, please reach out to us at privacy@diversityonboard.org.
Functionality and Infrastructure Optimization: We utilize the services of SiteGround Hosting to ensure the optimal functionality and performance of our Service.
Website Hosting: Our website is hosted by SiteGround, and as such, certain information may be shared with them in order to ensure the effective operation and security of our Service.
Our website is hosted by SiteGround. In order to provide and maintain our Services, it is necessary to store and process data on SiteGround's servers. These servers may be located worldwide and your data may be stored and processed on any of them.
SiteGround complies with global privacy standards to ensure the secure storage and handling of your data. It employs physical, electronic, and managerial procedures to safeguard the information it collects. However, please be aware that no method of electronic storage is 100% secure, and while we strive to use commercially acceptable means to protect your personal data, absolute security cannot be guaranteed.
Your data on SiteGround is stored in accordance with their privacy policy and data retention practices. You may review SiteGround's privacy policy for more detailed information about how they handle and protect data.
Please note that your use of our Service constitutes your agreement to your data being transferred to and stored on SiteGround's servers. If you do not wish for your information to be stored in this way, we regret that you may not be able to use our Services.
Remember that the revocation of your consent to this part of our Privacy Policy will restrict your access to and use of the Diversity on Board platform.
5. When will we need to share your data with third parties?
As mentioned in Section 4, we may use third parties in the provision of our services to you and may share your personal data with such third parties. Third parties are not permitted to do anything with your personal data which is outside of the scope specified by us. They are committed to securing and retaining your personal data only for a specified period.We may disclose your personal data to third parties in instances where:
We or they need to provide you with products or services, in which they have asked you for your consent to share it, and you have agreed; or
When we or they have a legitimate business reason for doing so.
We may disclose your personal data to third parties in instances where we and they have a legal obligation to do so. For example, to assist with detecting and/or preventing fraud where we or they have a requirement in connection with regulatory reporting, litigation or asserting or defending legal rights and interests.We may disclose your personal data to appropriate authorities if we believe that it is reasonably necessary to comply with a law, regulation, legal process, or to protect the safety of any person, or to address fraud, security, or technical issues, or to protect our rights or the rights of those who use our services.More specifically, we may need to process your data or share your personal information in the following situations:
Vendors, Consultants and Other Third-Party Service Providers: We may share your data with third party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include: payment processing, data analysis, email delivery, hosting services, customer service and marketing efforts. We may allow selected third parties to use tracking technology on the Services or Apps, which will enable them to collect data about how you interact with the Services or Apps over time. This information may be used to, among other things, analyze and track data, determine the popularity of certain content and better understand online activity. Unless described in this Policy, we do not share, sell, rent or trade any of your information with third parties for their promotional purposes. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organization apart from us. They will hold it securely and retain it for the period we instruct.
Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
Third-Party Advertisers: We may use third-party advertising companies to serve ads when you visit the Services or Apps. These companies may use information about your visits to our Website(s) and other websites that are contained in web cookies and other tracking technologies in order to provide advertisements about goods and services of interest to you.
Affiliates: We may share your information with our affiliates, in which case we will require those affiliates to honor this privacy policy. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
Business Partners: We may share your information with our business partners to offer you certain products, services or promotions.
Other Users: When you share personal information (for example, by posting comments, contributions or other content to the Services or Apps) or otherwise interact with public areas of the Services or Apps, such personal information may be viewed by all users and may be publicly distributed outside the Services or Apps in perpetuity. Similarly, other users will be able to view descriptions of your activity, communicate with you within our Services or Apps, and view your profile.
6. What are your data protection rights?
(A) If you are a user located in the Kingdom of Bahrain, under the PDPL, you have the following rights which we are committed to providing you with:
Right of Request to Access: You have the right to get access to your personal data that we have stored with other supporting information. (Commonly known as a “data subject access request”).
Right of Rectification/Correction: You have the right to ask us to rectify your personal data that we hold about you if it is inaccurate or ask us to complete your personal data that we hold about you if it is incomplete.
Right to Erasure: You have the right to ask us to erase your personal data that we hold about you under certain circumstances.
Right to Object: You have the right to object to the processing of your personal data under certain circumstances.
Right to Request Restriction: You have the right to request restriction of processing of your personal data. You can withdraw consent at any time where we are relying on consent to process your personal data.
Right to lodge a complaint with the Supervisory Authority.
Right to not be subjected to automated individual decision-making, including profiling.
(B) If you are a user located within the European Union, your rights are governed by the GDPR. If you are a user located within the United Kingdom,your rights are governed by the Data Protection Act 2018 by virtue of the GDPR.
If you fall within the above groups, your rights are as follows:
The right to access: You have the right to request Our Company for copies of your personal data. We may charge you a small fee for this service.
The right to rectification: You have the right to request that Our Company correct any information you believe is inaccurate. You also have the right to request Our Company to complete the information you believe is incomplete.
The right to erasure: You have the right to request that Our Company erase your personal data, under certain conditions.
The right to restrict processing: You have the right to request that Our Company restrict the processing of your personal data, under certain conditions.
The right to object to processing: You have the right to object to Our Company’s processing of your personal data, under certain conditions.
The right to data portability: You have the right to request that Our Company transfer the data that we have collected to another organization, or directly to you, under certain conditions.
(C) If you are a user located within the state of California, you are granted specific rights regarding access to your personal information. California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below. If you are under 18 years of age, reside in California, and have a registered account with the Service, you have the right to request removal of unwanted data that you publicly post on the Service. To request removal of such data, please contact us using the contact information provided within Section 17, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services or Apps, but please be aware that the data may not be completely or comprehensively removed from our systems.
(D) If you are a user located within a state in Canada which is regulated by the PIPEDA, your rights are safeguarded through 10 principles, which we strive to maintain. These are as follows:
Accountability: Our Company is responsible for personal data under its control and appoints someone to be accountable for its compliance with these fair information principles.
Identifying Purposes: The purposes for which your personal data is being collected is identified by us before or at the time of the collection.
Consent: Your knowledge and consent is required for the collection, use, or disclosure of personal data.
Limiting Collection: Collection of your personal information is limited to the purposes prescribed within this Policy and is kept as long as required to serve those purposes.
Limiting Use, Disclosure, and Retention: Unless you consent to otherwise or unless required by law, our Company shall only use or disclose your personal data for the purposes for which it was collected.
Accuracy: Personal data shall be as accurate, complete, and up-to-date as possible in order to properly satisfy the purposes for which it is to be used. Any updates to your personal data can be made directly on your account settings or by contacting us directly at privacy@diversityonboard.org
Safeguards: Personal data shall be protected by appropriate security relative to the sensitivity of the information.
Openness: Our Company has published this Policy to provide users with detailed information about our policies and practices relating to the management of personal data, which is publicly and readily available.
Individual Access: Upon request, users shall be informed of the existence, use, and disclosure of their personal data and given access to that data. Additionally, as a user, you shall be able to challenge the accuracy and completeness of the data and have it amended as appropriate. In order to do so, please see Sections 5(E) and 18.
Challenging Compliance: Users shall have the right to challenge compliance with the above principles.
(E) If you make a request in line with your related rights above, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: privacy@diversityonboard.org or post to us at:
3BL Associates Consultancy Co. W.L.L
Flat/Shop No. 71, Building 20,
Road/Street 385, AL-MUTHANNA AVENUE,
MANAMA CENTER, Capital Block: 305
Kingdom of Bahrain, PO BOX 2922
(F) As we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal. In addition, we reserve the right to assume consent and your understanding of this Policy by virtue of your continued use of our Apps and Services.
If you are resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to file a complaint to your local data protection supervisory authority. You can find their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
(G) In the event that you would like to terminate your Diversity on Board account, our Service allows you to do so yourself through your account settings. This method allows users a 30-day restoration period of your Diversity on Board account before permanently deleting all of your data. Alternatively, you have the option of contacting us via email at privacy@diversityonboard.org to ensure your account’s deletion.
7. Do we use cookies and other tracking technologies?
We may use cookies and other tracking technologies to collect and store your information, to keep you signed in and to understand how you can use our website.
We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store data. For more information about cookies and tracking technologies in regard to what types of data we may collect through them, please see Section 1 under the category ‘Automatically Collected Data.’
For further information about cookies, please visit allaboutcookies.org.
8. Do we use Google Maps?
We do use Google Maps for the purpose of providing a better Service.
This website uses Google Maps APIs. You may find the Google Maps APIs Terms of Service here. To better understand Google’s Privacy Policy, please refer to this link.
By using our Google Maps API implementation, you agree to be bound by Google’s Terms of Service. Moreover by using our implementation of the Google Maps APIs, you agree to allow us to gain access to information about you including personally identifiable information (such as usernames) and non-personally identifiable information (such as location). This agreement shall be in effect through your use of our Service.
The following information will be collected:
Location
For a full list of what we use information for, please see Sections 3 and 5.
You agree to allow us to obtain or cache your location. You may revoke your consent at any time. We use information about location in conjunction with data from other data providers.
The Maps APIs that we use store and access cookies and other information on your devices. If you are a user currently in the European Economic Area (EU countries, Iceland, Liechtenstein and Norway), please take a look at our EU User Consent Policy located within Section 6(B).
8. Is your information transferred internationally?
We may transfer, store, and process your information in countries other than your own.
Our website is hosted by SiteGround. In order to provide and maintain our Service, it is necessary to store and process data on SiteGround's servers. These servers may be located worldwide and your data may be stored and processed on any of them, and by those third parties with whom we may share your personal information (see Section 4 above), in Bahrain, United States, United Arab Emirates, and other countries.
SiteGround complies with global privacy standards to ensure the secure storage and handling of your data. It employs physical, electronic, and managerial procedures to safeguard the information it collects. However, please be aware that no method of electronic storage is 100% secure, and while we strive to use commercially acceptable means to protect your personal data, absolute security cannot be guaranteed.
Your data on SiteGround is stored in accordance with their privacy policy and data retention practices. You may review SiteGround's privacy policy for more detailed information about how they handle and protect data.
Please note that your use of our Service constitutes your agreement to your data being transferred to and stored on SiteGround's servers. If you do not wish for your information to be stored in this way, we regret that you may not be able to use our Service.
Remember that the revocation of your consent to this part of our Privacy Policy will restrict your access to and use of the Diversity on Board platform.If you are a resident in the European Economic Area, then these countries may not have data protection or other laws as comprehensive as those in your own country. We will however take all necessary measures to protect your personal information in accordance with this privacy policy and applicable law.
EU-U.S. Privacy Shield Framework: In particular, Our company complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States and has certified its compliance with it. As such, we are committed to subjecting all personal information received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.
Our company is responsible for the processing of personal information it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. With respect to personal information received or transferred pursuant to the Privacy Shield Framework, our company is subject to the regulatory enforcement powers of the U.S. FTC. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
9. How long do we keep your personal data?
We keep your information for as long as necessary to fulfill the purposes outlined in this privacy policy unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). No purpose in this policy will require us keeping your personal information for longer than the period of time in which users have an account with us.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
For more information on your personal data rights, please see Section 6.
10. How do we keep your personal data safe?
We aim to protect your personal information through a system of organizational and technical security measures.
We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Services or Apps is at your own risk. You should only access the services within a secure environment.
11. Do we collect information from minors?
We do not knowingly collect data from or market to children under 18 years of age.
We do not knowingly solicit data from or market to children under 18 years of age. By using the Services or Apps, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services or Apps. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under age 18, please contact us at privacy@diversityonboard.org.
12. Data breach
A privacy breach occurs when there is unauthorized access to or collection, use, disclosure or disposal of personal information. You will be notified about data breaches when 3BL Associates Consultancy Co. W.L.L. becomes aware that you are likely to be at risk of serious harm. For example, a data breach may be likely to result in serious financial harm or harm to your mental or physical well-being.
In the event that 3BL Associates Consultancy Co. W.L.L. becomes aware of a security breach which has resulted or may result in unauthorized access, use or disclosure of personal information 3BL Associates Consultancy Co. W.L.L will promptly investigate the matter and notify the applicable Supervisory Authority not later than 72 hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.
14. Controls for do-not-track features
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy policy.
15. Links to other websites
Our platform includes resource links that direct users to external websites. Please be aware that this Policy does not extend to these external sites and we have no control over their data collection and processing practices. As such, we cannot be held responsible for the protection and privacy of any information you provide while visiting such sites. We strongly encourage users to exercise caution and review the privacy policies of any external sites visited to understand how they handle your personal data. These external websites are not governed by this Privacy Policy.
16. Updates to this policy
As we strive to ensure compliance with relevant laws, updates will be made where necessary.
The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy policy frequently to be informed of how we are protecting your personal data.
17. Contacting us about this policy
You have the right to be notified upon request of the complete data collected concerning you. This includes the right to ask questions and/or make any comments related to this policy. In order to do so, you may contact us via email at privacy@diversityonboard.org or by post to:
3BL Associates Consultancy Co. W.L.L
PO BOX 2922,
Flat/Shop No. 71, Building 20,
Road/Street 385, AL-MUTHANNA AVENUE,
MANAMA CENTER, Capital Block: 305
Kingdom of Bahrain
18. Contacting us to review, update, or delete your personal data
Based on the laws of some countries, you may have the right to request access to the personal information we collect from you, change that information, or delete it in some circumstances. To request to review, update, or delete your personal information, please contact us at privacy@diversityonboard.org. We will respond to your request within 30 days.