Jurisdiction of the European Union's General Data Protection Regulation (GDPR)
This European Union's General Data Protection Regulation Policy (GDPR Policy) reflects changes in data protection law in the jurisdiction of the European Union's General Data Protection Regulation (GDPR). This Policy is effective as of July 1, 2018.
The Before the Flood Foundation is committed to protecting and respecting your privacy.
This GDPR Policy explains when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others, how we keep it safe and secure, and your rights and choices in relation to your information.
Any questions regarding this GDPR Policy and our privacy practices should be sent by email to [email protected]
What type of information do we collect information from you?
The personal information we collect, store and use about you might include:
• Your name and contact details (including postal address, email address and telephone number).
• Information about your expressed interest in Before the Flood and its programs and events.
• Information about your activities on our website and about the device used to access it, for instance, your IP address and geographical location.
• Your bank or credit card details. If you make a donation online or make a purchase, your card information is not held by us; it is collected by our third-party payment processors, who specialize in the secure online capture and processing of credit/debit card transactions.
• Any other personal information shared with us.
Data protection laws recognize certain categories of personal information as sensitive and therefore requiring greater protection.
We do not usually collect sensitive data about you unless there is a clear and valid reason for doing so and applicable data protection laws allow us to.
How and why is your information used?
We may use your information for a number of different purposes, which may include:
• Sending you communications which you have requested and that may be of interest to you. These may include newsletters, project updates, event invitations, fundraising appeals and similar materials.
• Keeping a record of your relationship with us.
• Conducting analysis and market research to better understand how we can improve our services, products or information.
• Notifying you of changes to our services.
How long is your information kept for?
We keep your information for no longer than is necessary for the purposes it was collected for.
The length of time we retain your personal information for is determined by operational and legal considerations. For example, we are legally required to hold some types of information to fulfill our statutory and regulatory obligations.
We review our retention periods on a regular basis.
Who has access to your information?
We do not sell or rent your information to third parties.
We do not share your information with third parties for marketing purposes.
However, we may disclose your information to third parties to achieve the other purposes set out in this Policy.
We may pass your information to our third-party service providers, suppliers, agents, subcontractors, and other associated organizations for the purposes of completing tasks and providing services to you on our behalf (for example, to process donations and send you mailings). However, when we use these third parties, we disclose only the personal information that is necessary to deliver the services, and we have a contract in place that requires them to keep your information secure and prevents them from using it for their own direct marketing purposes.
Please be reassured that we will not release your information to third parties to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
Data protection law requires us to rely on one or more lawful bases to process your personal information. Lawful bases include consent (where you have given consent) and our legitimate interest in operating, managing and promoting our organization, maintaining our relationship with you and protecting the Foundation and our sites, provided that such processing shall not outweigh your rights and freedoms. Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time. Where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact [email protected].
Additional information is provided below about lawful bases for processing of personal information.
Where you have provided specific consent to us using your personal information in a certain way, such as to send you emails, texts, direct mail, and/or telephone outreach. For example, you may have signed up for the Before the Flood newsletter or other news updates, or generously provided donations that we then process.
Performance of a contract
Where we are entering into a contract with you or performing our obligations under it.
Where necessary so that we can comply with a legal or regulatory obligation to which we are subject.
Where it is reasonably necessary to achieve our or others’ legitimate interests (as long as information uses and processing activities are “fair and lawful,” as required by GDPR, and do not unduly impact your rights).
Our legitimate interests as a Foundation involve implementation of our aims and ideals around inspiring the public to take action on key environmental issues. For example, we may:
• send communications which we think will be of interest to you, and respond to your inquiries;
• conduct research to better understand our supporters and to improve the relevance of our communications and fundraising;
• understand how people choose to support the work of the Foundation and what steps they take;
• determine the effectiveness of our campaigns, programs, activities, and outreach;
• enhance, modify, personalize, or otherwise improve our campaigns, programs, activities, and outreach, to better achieve our mission as a Foundation; and
• better understand how people interact with our website.
When we legitimately process your personal information in this way, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information where our interests are overridden by the impact on you, for example, where use would be excessively intrusive (unless we are otherwise required to by law).
When we use sensitive personal information, we require an additional legal basis to do so under data protection laws, so we will either do so on the basis of your explicit consent or implement another route legally available to us.
Fundraising and Marketing Communications
We may use your contact details to provide you with information about the vital work we do, our fundraising appeals and opportunities to support us, and other campaigns or products we think may be of interest to you.
We will only send you marketing and fundraising communications by email, text and telephone if we deem it in our legitimate interest to do so or you have explicitly provided your prior consent. You may opt out of our communications at any time by clicking the unsubscribe link at the end of our emails.
We may send you marketing and fundraising communications by direct mail unless you have told us that you would prefer not to hear from us.
You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us, you can indicate your choices on the site used to collect your information.
We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted, and we will retain your details on a suppression list to help ensure that we do not continue to contact you. In some instances, we may still need to contact you for administrative purposes.
We’re committed to putting you in control of your data, so you are also free to opt out of your information being used at any time by contacting [email protected]
Under EU data protection law, you have certain rights over the personal information that we hold about you. Here is a summary of the rights that we think apply:
Right of access
You have a right to request access to the personal data that we hold about you.
You also have the right to request a copy of the information we hold about you, and we will provide you with this unless legal exceptions apply.
If you want to access your information, please send a description of the information you would like to see and proof of your identity by mail to the address provided below.
Right to have your inaccurate personal information corrected
You have the right to have inaccurate or incomplete information we hold about you corrected. The accuracy of your information is important to us, so we're working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change email address, or if you believe any of the other information we hold is inaccurate or out of date, please contact us via email or mail (see below).
Right to restrict use
You have a right to ask us to restrict the processing of some or all of your personal information if there is a disagreement about its accuracy, or we're not lawfully allowed to use it.
Right of erasure
You may ask us to delete some or all of your personal information; we will do so as far as we are required to. In many cases, we will anonymize that information, rather than delete it, if legally allowable.
Right for your personal information to be portable
If we are processing your personal information (1) based on your consent, or in order to enter into or carry out a contract with you, and (2) the processing is being done by automated means, you may ask us to provide it to you or another service provider in a machine-readable format.
Right to object
You have the right to object to processing where we use your personal information (1) based on legitimate interests, (2) for direct marketing, or (3) for statistical/research purposes.
If you want to exercise any of the above rights, please email us at [email protected] We may be required to ask for further information and/or evidence of identity. We will endeavor to respond fully to all requests within one month of receipt of your request, however, if we are unable to do so, we will contact you with reasons for the delay.
Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details, we recommend you consult the GDPR guidance published by the Irish Data Privacy Commission @ http://gdprandyou.ie/.
Keeping your information safe
When you give us personal information, we take steps to ensure that appropriate technical and organizational controls are in place to protect it.
Keeping your information up to date
We take reasonable steps to ensure your information is accurate and up to date.
Where possible we use publicly available sources to identify address and other contact changes.
We appreciate your sharing with us any changes in your contact details.
Links to other websites
Our website may contain links to other websites run by other organizations. This Policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other websites, even if you access those using links from our website.
16 or Under
We are committed to protecting vulnerable supporters, customers and volunteers, and appreciate that additional care may be needed when we use their personal information. In recognition of this, we observe good practice guidelines in our interactions with vulnerable people.
Transferring your information outside of Europe
As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Economic Area (“EEA”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EEA. You should be aware that these countries may not have similar data protection laws to the GDPR. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.
If you use our services while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.
Changes to this policy
Please check this page regularly to ensure that you have no questions or concerns regarding the changes. If we make any significant changes, we will note those on our landing page.
Review of this Policy
We keep this Policy under regular review. This Policy was last updated in October 16, 2018.