PRIVACY POLICY FOR ONLINEFUNDRAISING APS
OnlineFundraising is committed to safeguarding the privacy and rights of constituents and customers of OnlineFundraising’s services.
OnlineFundraising is a data processor, processing data for civil society organisations in relation to their fundraising activities. Delivering that service entails management of large quantities of data about constituents. We realize the great responsibility that follows from this, and will here share how we comply with applicable legislation including, but not limited to, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data (“GDPR”).
The Policy is shared publicly on our homepage www.onlinefundraising.dk.
SCOPE AND ACCEPTANCE
This Privacy Policy applies to all OnlineFundraising’s business processes. The Policy describes data processing activities carried out by OnlineFundraising, based on the instructions between OnlineFundraising and its customers. The customers are data controllers, and OnlineFundraising functions as data processor.
As data controllers, it is the responsibility of customers to OnlineFundraising to gather informed consent from constituents. OnlineFundraising only process data, which the data controllers guarantee has been procured in a legal manner.
Customers to OnlineFundraising and constituents to these customers accept the practices and terms described in this Privacy Policy.
WHOSE DATA WE PROCESS
OnlineFundraising process data about constituents linked to organisations through donations, sign-up for events, shopping or voluntary activities. In the section “What personal data we process”, you can find information about the specific data elements we process.
ONLINEFUNDRAISING AS A DATA PROCESSOR
OnlineFundraising does not determine the purpose and means of processing personal data. Therefore, OnlineFundraising is not acting as data controller, but only data processor. The customers of OnlineFundraising are data controllers to whom OnlineFundraising provide a service.
OnlineFundraising collects all relevant information that are necessary to be able to manage donations, subscriptions and sign-ups from the data controller’s constituents, volunteers and other stakeholders. This is done through the IT system OnlineFundraising. In the handling of donations, OnlineFundraising manages contact to gateways, acquirers and other providers of payment options, to secure that the payment is carried through and registered at the data controller. In subsciptions, recurring payment instructions are validated continuously, to secure that payments are carried through in accordance with the instruction. OnlineFundraising manages the payment integration between the data controller’s gateways, acquirers and other providers of payment options and the data controller’s ERP- and CRM-systems.
WHY WE PROCESS PERSONAL DATA
OnlineFundraising process personal data in order to help customers reach their fundraising potential and fulfill their purpose of working for a given cause. When organisations purchase our services, donating to their cause is made easier, and they are able to maintain good, long-lasting relationships with their constituents.
Furthermore, the data we process makes it possible to guarantee the identity of the constituent in order to prevent fraud.
WHAT PERSONAL DATA WE PROCESS
Overall, the data processing categories are:
- Name, address, telephone number and email,
- social security number,
- registration- and bank account number,
- donation details such as amount, time, cause and IP-address for online donation.
AUTOMATICALLY COLLECTED DATA
OnlineFundraising’s digital solutions are based on various different technologies in order to ensure ease of use and security. These technologies can collect data automatically in order to offer the best possible solution, either directly by OnlineFundraising or by third parties on our behalf. Cookies and analysis of clickstream data are examples of this.
COOKIES
Cookies are small text files containing letters and numbers which are placed on personal computer or other devices. Cookies are set when users visit a website that uses cookies and can be used to track which pages they have visited, and help them to continue where they left off, or to remember preferred language settings or other preferences.
CLICKSTREAM DATA
All visits to a digital solution entail information being sent from users’ browser to a server. By analysing this data OnlineFundraising can optimize the digital solutions. Data is collected via third parties on our behalf.
Data about personal computers can be collected for system administration and internal marketing-related analyses. This data is statistical information concerning users’ behaviour in the digital solutions.
EXAMPLES OF THE DATA THAT IS COLLECTED AND ANALYZED
- Date and time of visit
- The IP address of the visitor
- Information about the browser and computer used (type, version, operating system, etc.)
- The URL from the point of referral (the page from which the visitor has come to OnlineFundraising’s solution).
HOW WE SHARE PERSONAL DATA
OnlineFundraising will not share personal information with any third party who intends to use the data for marketing purposes. We will only share personal information in the following contexts:
- Associated services: Customers choosing additional data processing providers can ask OnlineFundraising to share its data with that service provider. OnlineFundraising will only export personal data on instruction from the data controller.
- Public Authorities: The police and other authorities may demand the handover of personal information from OnlineFundraising. In that event, OnlineFundraising will only hand over the data if there is a court order to do so.
RIGHTS
Any constituent has the right to request a copy of their personal data in OnlineFundraising possession. The request has to go through the organisation which the constituent has contributed to. OnlineFundraising will deliver the requested data to the data controller within 72 hours.
In the event of a person wishing to correct information or opt-out of marketing communication, we again refer to OnlineFundraising’s customers. Upon their request or update, OnlineFundraising will make sure that the data is updated throughout its system.
Any constituent has the right to request to be forgotten. The request has to go through the organisation which the constituent has contributed to. OnlineFundraising will carry out the forget-process within 72 hours, and will have deleted all information from backups after eight weeks.
DISCLOSURE OF INFORMATION
OnlineFundraising will only disclose customer information to a third party in accordance with the terms of this Privacy Policy.
OnlineFundraising may disclose your information if we are subject to an obligation to forward or share data in order to comply with a legal obligation. Disclosure may also take place as instructed by a court of law or another authority, or to protect the trademarks, rights, property or security of OnlineFundraising. This entails the exchange of information with other companies and organisations for the purpose of protection against fraud.
DATA SECURITY AND RETENTION
– How we keep personal data secure. OnlineFundraising utilize reasonable and appropriate physical, technical and administrative procedures and measures to safeguard the information we possess.
More specifically, OnlineFundraising:
- guarantee a safe operating environment, allowing only employees and trusted partners access to personal data,
- encrypt payment information using industry-standard encryption methods, and
- use prior authentication for account access, when new users are registered in OnlineFundraising.
OnlineFundraising uses iTadel, located in Aarhus, Denmark as the physical location for the data we store. Furthermore, backups of the stored data are kept on a server in Denmark.
HOW LONG WE STORE PERSONAL DATA
OnlineFundraising only stores personal data for as long as it is necessary for the data controller’s stated purpose, or until the contract with the data controller terminates, while also taking into account our need to answer queries or resolve problems and to comply with legal requirements under applicable laws.
When the personal data we possess in no longer required, related to the above stated, it will be deleted from our systems, however not from backup files, which are kept for 8 weeks before deleted. In the event that backup files are used to recover lost information, the personal data previously deleted will be removed from the restored version of the system.
SUBCONTRACTORS AND EXPORT OF PERSONAL DATA
OnlineFundraising is collaborating with CRM-system providers. When customers to OnlineFundraising purchase such services, separate contracts are being made between these parties. In relation to the signing of this contract, OnlineFundraising can be instructed to export personal data to the CRM-system provider. We will do so only on instruction from the customer.
In the event that OnlineFundraising intends to use subcontractors, customers whose data would be processed by that subcontractor will be asked for acceptance in due time. OnlineFundraising will only export data to subcontractors on instruction from the customer. In that case, OnlineFundraising is still responsible for the privacy and rights of constituents’ data.
CHANGES TO THIS POLICY
In the event that changes are made to this Policy, the revised Policy will replace this Policy on OnlineFundraising’s homepage with an updated revision date. Everyone whose data is being processed by OnlineFundraising are encouraged to review the Policy regularly.
In the event of significant changes being made to this Policy or the practice followed by OnlineFundraising, customers will be notified directly.
This Privacy Policy was last updated May 4th 2018.
HOW TO CONTACT US
If you have any comments, questions, requests or complaints in relation to this Privacy Policy, please do not hesitate to contact us by sending an email to kontakt@onlinefundraising.dk or by post to St. Kongensgade 59a, 1264 Copenhagen, Denmark. Your enquiry will be handled with confidentiality, and we strive to ensure that we get back to you in a timely manner.