EU PRIVACY POLICY
Jurisdiction of the European Union’s General Data Protection Regulation (GDPR)
This European Union’s General Data Protection Regulation Policy (GDPR Policy) reflects changes in data protection law in the jurisdiction of the European Union’s General Data Protection Regulation (GDPR). This Policy is effective as of July 1, 2018.
Any conflicts with Global Deal for Nature’s overarching Privacy Policy will be resolved in favor of greater privacy protection for data in GDPR jurisdiction.
Global Deal for Nature is committed to protecting and respecting your privacy.
This GDPR Policy explains when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others, how we keep it safe and secure, and your rights and choices in relation to your information.
Any questions regarding this GDPR Policy and our privacy practices should be sent by email to [email protected].
What type of information do we collect information from you?
The personal information we collect, store and use about you might include:
• Your name and contact details (including postal address, email address and telephone number).
• Information about your expressed interest in Global Deal for Nature and its programs and events.
• Information about your activities on our website and about the device used to access it, for instance, your IP address and geographical location.
• Your bank or credit card details. If you make a donation online or make a purchase, your card information is not held by us; it is collected by our third-party payment processors, who specialize in the secure online capture and processing of credit/debit card transactions.
• Any other personal information shared with us.
Data protection laws recognize certain categories of personal information as sensitive and therefore requiring greater protection.
We do not usually collect sensitive data about you unless there is a clear and valid reason for doing so and applicable data protection laws allow us to.
How and why is your information used?
We may use your information for a number of different purposes, which may include:
• Sending you communications which you have requested and that may be of interest to you. These may include newsletters, project updates, event invitations, fundraising appeals and similar materials.
• Keeping a record of your relationship with us.
• Conducting analysis and market research to better understand how we can improve our services, products or information.
• Notifying you of changes to our services.
How long is your information kept for?
We keep your information for no longer than is necessary for the purposes it was collected for.
The length of time we retain your personal information for is determined by operational and legal considerations. For example, we are legally required to hold some types of information to fulfil our statutory and regulatory obligations.
We review our retention periods on a regular basis.
Who has access to your information?
We do not sell or rent your information to third parties.
We do not share your information with third parties for marketing purposes.
However, we may disclose your information to third parties to achieve the other purposes set out in this Policy.
We may pass your information to our third-party service providers, suppliers, agents, subcontractors, and other associated organizations for the purposes of completing tasks and providing services to you on our behalf (for example, to process donations and send you mailings). However, when we use these third parties, we disclose only the personal information that is necessary to deliver the services, and we have a contract in place that requires them to keep your information secure and prevents them from using it for their own direct marketing purposes.
Please be reassured that we will not release your information to third parties to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
Lawful Processing
Data protection law requires us to rely on one or more lawful bases to process your personal information. Lawful bases include consent (where you have given consent) and our legitimate interest in operating, managing and promoting our organization, maintaining our relationship with you and protecting the Foundation and our sites, provided that such processing shall not outweigh your rights and freedoms. Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time. Where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact [email protected].
Additional information is provided below about lawful bases for processing of personal information.
Specific Consent
Where you have provided specific consent to us using your personal information in a certain way, such as to send you emails, texts, direct mail, and/or telephone outreach. For example, you may have signed up for the Global Deal for Nature newsletter or other news updates, or generously provided donations that we then process.
Performance of a contract
Where we are entering into a contract with you or performing our obligations under it.
Legal obligation
Where necessary so that we can comply with a legal or regulatory obligation to which we are subject.
Legitimate interests
Where it is reasonably necessary to achieve our or others’ legitimate interests (as long as information uses and processing activities are “fair and lawful,” as required by GDPR, and do not unduly impact your rights).
Our legitimate interests as a Foundation involve implementation of our aims and ideals around inspiring the public to take action on key environmental issues. For example, we may:
• send communications which we think will be of interest to you, and respond to your inquiries;
• conduct research to better understand our supporters and to improve the relevance of our communications and fundraising;
• understand how people choose to support the work of the Foundation and what steps they take;
• determine the effectiveness of our campaigns, programs, activities, and outreach;
• enhance, modify, personalize, or otherwise improve our campaigns, programs, activities, and outreach, to better achieve our mission as a Foundation; and
• better understand how people interact with our website.
When we legitimately process your personal information in this way, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information where our interests are overridden by the impact on you, for example, where use would be excessively intrusive (unless we are otherwise required to by law).
When we use sensitive personal information, we require an additional legal basis to do so under data protection laws, so we will either do so on the basis of your explicit consent or implement another route legally available to us.
Fundraising and Marketing Communications
We may use your contact details to provide you with information about the vital work we do, our fundraising appeals and opportunities to support us, and other campaigns or products we think may be of interest to you.
Email/Text/Phone
We will only send you marketing and fundraising communications by email, text and telephone if we deem it in our legitimate interest to do so or you have explicitly provided your prior consent. You may opt out of our communications at any time by clicking the unsubscribe link at the end of our emails.
Direct Mail
We may send you marketing and fundraising communications by direct mail unless you have told us that you would prefer not to hear from us.
Your choices
You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us, you can indicate your choices on the site used to collect your information.
We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted, and we will retain your details on a suppression list to help ensure that we do not continue to contact you. In some instances, we may still need to contact you for administrative purposes.
We’re committed to putting you in control of your data, so you are also free to opt out of your information being used at any time by contacting [email protected].
Your Rights
Under EU data protection law, you have certain rights over the personal information that we hold about you. Here is a summary of the rights that we think apply:
Right of access
You have a right to request access to the personal data that we hold about you.
You also have the right to request a copy of the information we hold about you, and we will provide you with this unless legal exceptions apply.
If you want to access your information, please send a description of the information you would like to see and proof of your identity by mail to the address provided below.
Right to have your inaccurate personal information corrected
You have the right to have inaccurate or incomplete information we hold about you corrected. The accuracy of your information is important to us, so we’re working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change email address, or if you believe any of the other information we hold is inaccurate or out of date, please contact us via email or mail (see below).
Right to restrict use
You have a right to ask us to restrict the processing of some or all of your personal information if there is a disagreement about its accuracy, or we’re not lawfully allowed to use it.
Right of erasure
You may ask us to delete some or all of your personal information; we will do so as far as we are required to. In many cases, we will anonymize that information, rather than delete it, if legally allowable.
Right for your personal information to be portable
If we are processing your personal information (1) based on your consent, or in order to enter into or carry out a contract with you, and (2) the processing is being done by automated means, you may ask us to provide it to you or another service provider in a machine-readable format.
Right to object
You have the right to object to processing where we use your personal information (1) based on legitimate interests, (2) for direct marketing, or (3) for statistical/research purposes.
If you want to exercise any of the above rights, please email us at [email protected]. We may be required to ask for further information and/or evidence of identity. We will endeavor to respond fully to all requests within one month of receipt of your request, however, if we are unable to do so, we will contact you with reasons for the delay.
Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details, we recommend you consult the GDPR guidance published by the Irish Data Privacy Commission @ http://gdprandyou.ie/.
Keeping your information safe
When you give us personal information, we take steps to ensure that appropriate technical and organizational controls are in place to protect it.
Keeping your information up to date
We take reasonable steps to ensure your information is accurate and up to date.
Where possible we use publicly available sources to identify address and other contact changes.
We appreciate your sharing with us any changes in your contact details.
Links to other websites
Our website may contain links to other websites run by other organizations. This Policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other websites, even if you access those using links from our website.
In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site (except as described above) and recommend that you check the privacy Policy of that third-party site.
16 or Under
We are concerned about protecting the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information. Further, as noted in our Terms of Use at https://www.globaldealfornature.org/terms/, you must be 13 years of age or older to use our website. If you believe that the website has information from or about anyone at or under 13 years of age, or from anyone at or under 16 years of age in GDPR-compliant countries, please notify us at [email protected].
Vulnerable circumstances
We are committed to protecting vulnerable supporters, customers and volunteers, and appreciate that additional care may be needed when we use their personal information. In recognition of this, we observe good practice guidelines in our interactions with vulnerable people.
Transferring your information outside of Europe
As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Economic Area (“EEA”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EEA. You should be aware that these countries may not have similar data protection laws to the GDPR. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.
If you use our services while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.
Changes to this policy
Please check this page regularly to ensure that you have no questions or concerns regarding the changes. If we make any significant changes, we will note those on our landing page.
Review of this Policy
We keep this Policy under regular review. This Policy was last updated in October 16, 2018.
How and why is your information used?
We may use your information for a number of different purposes, which may include:
• Sending you communications which you have requested and that may be of interest to you. These may include newsletters, project updates, or invitations to take further action;
• Highlighting your participation in a campaign by displaying your first name and first initial of your last name, country, and the campaign you took action online or in printed or PDF materials;
• Contacting you to thank you for signing, donating or verifying your identity via email, phone/text or direct mail;
• Keeping a record of your relationship with us;
• Conducting analysis to better understand how we can improve our services, products or information;
• Notifying you of changes to our services.
How long is your information kept for?
We keep your information for no longer than is necessary for the purposes it was collected for. The length of time we retain your personal information is determined by operational and legal considerations. For example, we are legally required to hold some types of information to fulfill our statutory and regulatory obligations. We review these retention periods on a regular basis. If you request that we stop sending you updates and other communications or delete your information, we will honor your request and keep the minimum amount of information possible to prevent fraud and to help ensure that you are not contacted again.
How can I unsubscribe?
If at any time you would like to unsubscribe from an email list, you may do so by clicking on the “Unsubscribe” link included at the bottom of every campaign email that you receive from us.
Who has access to your information?
We do not rent or sell your personal information.
When you sign a petition, the target of the campaign is sent a final list including the redacted name, of the individual, country, and any comments of everyone who signed. Where the target is a government body or official that requires petition signers to be constituents, we may also provide your postal code and full address if collected.
We may also pass your information to our third-party service providers, suppliers, agents, subcontractors, and other associated organizations for the purposes of completing tasks and providing services to you on our behalf (for example, to process donations and send you mailings). However, when we use these third parties, we disclose only the personal information that is necessary to deliver the services, and we have a contract in place that requires them to keep your information secure and prevents them from using it for their own direct marketing purposes.
Please be reassured that we will not release your information to third parties to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
How do we keep your information safe?
We use standard industry practices, such as firewalls and encryption, to safeguard your personally identifiable information against unauthorized access, alteration, disclosure, misuse, or destruction. All donations, including the transmission of payment details and other personal information, are handled over secure, encrypted connections.
As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Economic Area (“EEA”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EEA. You should be aware that these countries may not have similar data protection laws to the GDPR. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.
If you use our services while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services. We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.
How can you update and correct your personal information?
You can review and update your personal information at any time by contacting us at [email protected]. For users in Europe and other countries that adhere to GDPR standards, you also have the right to:
• Restrict or Erase: You can ask us to limit our use of your information or ask us to delete some or all of your personal information from our records if there is no compelling reason for us to hold on to it. In some cases, we will anonymize that information, rather than delete it, if allowable.
• Object: You can object, on legitimate grounds, to the processing of your personal information, including direct marketing and profiling. And you have a right to have inaccurate personal information corrected if requested.
• Access or Take your data: You can ask us to confirm whether we are processing your personal information. You can also make a reasonable request for a copy of that information or to have it transferred to another data controller to the extent possible.
• Complain: You can complain to the UK Information Commissioner’s Office or your country’s data protection authority.
Exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details, we recommend you consult the General Data Protection Regulation (GDPR) guidance published by the Irish Data Privacy Commission.
What is the lawful basis for processing your information?
Data protection law requires us to rely on one or more lawful bases to process your personal information. Lawful bases include consent (where you have given consent) and our legitimate interest in operating, managing and promoting our organization, maintaining our relationship with you, and protecting the website, provided that such processing shall not outweigh your rights and freedoms. Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time. This includes the option to unsubscribe from an email list at any time or to contact us to request to be excluded from our promotion or text messaging lists, if applicable. Where we rely on legitimate interests, you have the right to object.
If you have any questions about the lawful bases upon which we collect and use your personal data, please contact us at [email protected].
Additional information is provided below about lawful bases for processing of personal information.
· Specific Consent: Where you have provided specific consent to us using your personal information in a certain way, such as to send you emails, texts, direct mail, and/or telephone outreach. For example, you may have signed up for a newsletter or provided donations that we then process.
· Performance of a contract: Where we are entering into a contract with you or performing our obligations under it.
· Legal obligation: Where strictly necessary so that we can comply with a legal or regulatory obligation to which we are subject.
· Legitimate interests: Where it is reasonably necessary to achieve our or others’ legitimate interests as long as information uses and processing activities are “fair and lawful,” as required by the GDPR, and do not unduly impact your rights.
Processing your Sensitive Personal Data: We do not seek to collect or otherwise process your sensitive personal information (i.e. about race or ethnicity, political opinions, religious or philosophical beliefs, etc.) except where the processing is required or permitted by applicable law; or we have obtained your prior explicit consent.
Links to other websites
Our website may contain links to other websites run by other organizations. This Policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other websites, even if you access those using links from our website.
In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site (except as described above) and recommend that you check the privacy Policy of that third-party site.
Users 16 and under
We are concerned about protecting the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.
Further, as noted in our Terms of Use you must be 13 years of age or older to use our website. If you believe that the website has information from or about anyone at or under 13 years of age, or from anyone at or under 16 years of age in GDPR-compliant countries, please notify us at [email protected].
Vulnerable circumstances
We are committed to protecting vulnerable supporters and volunteers and appreciate that additional care may be needed when we use their personal information. In recognition of this, we observe good practice guidelines in our interactions with individuals. If you require additional measures be put in place to protect your data please notify us at [email protected].
How can I get more information?
If you have any questions about this Privacy Policy, your personal information, or data protection on this site, please contact us at [email protected]. For your protection, we may only share and update the personal information associated with the specific email address that you use to send us your request, and we may need to verify your identity before doing so. We will comply with such requests in a reasonably timely manner. Please do not send sensitive personal information, passwords, banking details, or credit/debit card details via email.
Changes to this policy
Please check this page regularly to ensure that you have no questions or concerns regarding the changes. If we make any significant changes, we will note those in the footer of all web pages, and we will provide the date of the last revision at the top of the Privacy Policy page.