DROP4DROP Privacy Policy
Our commitment to your privacy:
This UK privacy policy (‘Privacy Policy’) sets out how drop4drop UK (‘we’, ‘us’ or ‘our’ being interpreted accordingly) uses and protects the personal information about you that we collect or that you provide, whether through our website at www.drop4drop.org (‘Website’) or by other means.
Future changes to our privacy policy:
We may modify this Privacy Policy at any time so please check that you have seen the latest version. We will aim to post changes to the practices outlined in this Privacy Policy at least 30 days prior to them being implemented.
Personal information we collect
We collect personal information from you in various ways, for example:
• If you supply personal information about yourself when using this website;
• When you supply personal detail in the course of registering support
• When you make a donation through our website or any third-party fundraising partner, PayPal – www.paypal.com, in which PayPal will provide us with information. See also section headed Third Party Platforms below;
• When you sign-up to receive newsletters or email notifications from us;
• If you contact the drop4drop team directly via the Website or e-mail.
• The type of personal information we collect includes your name, email address, home (or work) address, phone number and other personal details which you may choose to provide.
• Any credit card or debit card data you provide is securely handled by our third-party payment processors as we use from time to time. We never have access to, or store, your payment details.
Use of personal data
We may use your Personal Data about you for the following purposes:
• By registering on the mailing list, the User’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning drop4drop.
• Email addresses are stored and managed by third party provider MailChimp (The Rocket Science Group, LLC). This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User. These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.
• Fundraising or direct marketing purposes. Only where you have expressly consented to us doing so in accordance with applicable law, we may contact you for these purposes by email;
• Administering any on-going donations or support you provide;
• Providing you with news about us or any projects, campaigns or events that we may be involved in;
We may also contact you for other purposes that you consent to from time to time.
Legal obligations
We aim to collect and process your Personal Data in accordance with applicable laws that regulate data protection and privacy. This includes but is not limited to national laws implementing the EU Data Protection Directive (95/46/EC), which will be replaced on 25 May 2018 by the General Data Protection Regulation (2016/679).
Disclosing personal data to third parties
We never sell, trade or rent Personal Data. We do not disclose Personal Data to third parties without your consent unless we are legally required to do so or where we need assistance of third party data processors (acting under our instructions) who we may need to assist us to respond to your enquiry. We will take reasonable steps to ensure that Personal Data is only used by those third parties for specific, lawful purposes in accordance with this Privacy Policy.
International transfers
Personal Data that we collect will be processed by staff, volunteers and contractors who are based at our offices in the UK. However, given the international nature of our organisation, by providing us with Personal Data, you agree that we may share Personal Data with our offices in other parts of the world in accordance with this Privacy Policy, including the United States.
We have also contracted with a third-party platform provider, Salesforce.com, Inc (‘Salesforce’) to manage our customer relationship management (‘CRM’). This means that your Personal Data may be hosted by Salesforce. Salesforce is signed up to the EU-US Privacy Shield Framework which means that they are committed to protecting personal data to standards that meet those applicable legal standards in the UK and EU. For more information about their respective privacy policies, please see:
• Salesforce: http://www.salesforce.com/company/privacy/
You should be aware that, in general, legal protection for personal data under applicable law in the United States (and other non-EU countries) may not be equivalent to the protection provided in the European Union and/or under UK law. In all cases, Personal Data you provide will only be disclosed to staff, volunteers and contractors who share our commitment to treating Personal Data responsibly and we always aim to make sure your Personal Data is treated to the same security standards you would expect in the United Kingdom.
Your access rights
In accordance with your legal rights under applicable law, you can request to receive information regarding the Personal Data that we collect about you; what we use that Personal Data for and who it may be disclosed to. Please write to our UK team @ info@drp4drop.org. Where applicable law allows, we may require further information to verify your identity or locate the specific information you seek before we can respond in full.
Security to protect personal data
We employ appropriate technical and organisational security measures to protect Personal Data from being accessed by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. We also endeavour to take all reasonable steps to protect Personal Data from external threats. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of all data disclosed or transmitted to us.
We will make any legally-required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored Personal Information to you via email in the most expedient time possible and without unreasonable delay.
Data retention
We will retain certain Personal Data in respect of financial transactions for at least as long as the law requires us to for tax or accounting purposes. In respect of the holding of Personal Data for fundraising or direct marketing purposes, we will retain this data for a limited period in line with recommendations of the ICO and other competent regulatory authorities.
Third party platforms
This Website will link to third party websites that operate outside our control. For example, if you wish to make a donation to us, we will direct you to a third-party platform, PayPal, which is also subject to its own terms and regulations. If you sign up to our mailing list, your email address will be stored and managed in MailChimp (The Rocket Science Group, LLC). We will ensure that your Personal Data is processed by those parties we appoint as data processors in accordance with your reasonable expectations and only as set out in this Privacy Policy. If you access any other third-party website using the links provided on this Website, the operators of those websites may collect personal data about you under their own privacy policies, so you should check the terms of any applicable privacy policy when you visit such third-party website.
Contact
If you have further queries or requests relating to how we use Personal Data, please contact the UK team at info@drop4drop.org If you are not satisfied with our response or believe we are processing your Personal Data not in accordance with applicable law you can complain to the ICO.
Governing law
This Privacy Policy is subject to English law. To the maximum extent legally permitted, you agree that any dispute relating to use of your Personal Data as referred to under this Privacy Policy is subject to the exclusive jurisdiction of the courts of England and Wales.
Latest update: 23rd May 2018