Fundraisingbureauet is committed to safeguarding the privacy and rights of constituents and customers of Fundraisingbureauet’s services.
Fundraisingbureauet is a data processor, processing data for civil society organisations in relation to their fundraising activities. Delivering that service entails management of large quantities of data about constituents. We realize the great responsibility that follows from this, and will here share how we comply with applicable legislation including, but not limited to, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data (“GDPR”).
The Policy is shared publicly on our homepage www.fundraisingbureauet.dk.
Scope and acceptance
As data controllers, it is the responsibility of customers to Fundraisingbureauet to gather informed consent from constituents. Fundraisingbureauet only process data, which the data controllers guarantee has been procured in a legal manner.
Whose data we process
Fundraisingbureauet process data about constituents linked to organisations through donations, sign-up for events, shopping or voluntary activities. In the section “What personal data we process”, you can find information about the specific data elements we process.
Fundraisingbureauet as a data processor
Fundraisingbureauet does not determine the purpose and means of processing personal data. Therefore, Fundraisingbureauet is not acting as data controller, but only data processor. The customers of Fundraisingbureauet are data controllers to whom Fundraisingbureauet provide a service.
Fundraisingbureauet collects all relevant information that are necessary to be able to manage donations, subscriptions and sign-ups from the data controller’s constituents, volunteers and other stakeholders. This is done through the IT system OnlineFundraising. In the handling of donations, Fundriaisingbureauet manages contact to gateways, acquirers and other providers of payment options, to secure that the payment is carried through and registered at the data controller. In subsciptions, recurring payment instructions are validated continuously, to secure that payments are carried through in accordance with the instruction. OnlineFundraising manages the payment integration between the data controller’s gateways, acquirers and other providers of payment options and the data controller’s ERP- and CRM-systems.
Why we process personal data
Fundraisingbureauet process personal data in order to help customers reach their fundraising potential and fulfill their purpose of working for a given cause. When organisations purchase our services, donating to their cause is made easier, and they are able to maintain good, long-lasting relationships with their constituents.
Furthermore, the data we process makes it possible to guarantee the identity of the constituent in order to prevent fraud.
What personal data we process
Overall, the data processing categories are:
- Name, address, telephone number and email,
- social security number,
- registration- and bank account number,
- donation details such as amount, time, cause and IP-address for online donation.
Automatically collected data
Fundraisingbureauets digital solutions are based on various different technologies in order to ensure ease of use and security. These technologies can collect data automatically in order to offer the best possible solution, either directly by Fundraisingbureauet or by third parties on our behalf. Cookies and analysis of clickstream data are examples of this.
All visits to a digital solution entail information being sent from users’ browser to a server. By analysing this data Fundraisingbureauet can optimize the digital solutions. Data is collected via third parties on our behalf.
Data about personal computers can be collected for system administration and internal marketing-related analyses. This data is statistical information concerning users’ behaviour in the digital solutions.
Examples of the data that is collected and analyzed
- Date and time of visit
- The IP address of the visitor
- Information about the browser and computer used (type, version, operating system, etc.)
- The URL from the point of referral (the page from which the visitor has come to Fundraisingbureauets solution).
How we share personal data
Fundraisingbureauet will not share personal information with any third party who intends to use the data for marketing purposes. We will only share personal information in the following contexts:
- Associated services: Customers choosing additional data processing providers can ask Fundraisingbureauet to share its data with that service provider. Fundraisingbureauet will only export personal data on instruction from the data controller.
- Public Authorities: The police and other authorities may demand the handover of personal information from Fundraisingbureauet. In that event, Fundraisingbureauet will only hand over the data if there is a court order to do so.
Any constituent has the right to request a copy of their personal data in Fundraisingbureauet possession. The request has to go through the organisation which the constituent has contributed to. Fundraisingbureauet will deliver the requested data to the data controller within 72 hours.
In the event of a person wishing to correct information or opt-out of marketing communication, we again refer to Fundraisingbureauet’s customers. Upon their request or update, Fundraisingbureauet will make sure that the data is updated throughout its system.
Any constituent has the right to request to be forgotten. The request has to go through the organisation which the constituent has contributed to. Fundraisingbureauet will carry out the forget-process within 72 hours, and will have deleted all information from backups after eight weeks.
Disclosure of information
Fundraisingbureauet may disclose your information if we are subject to an obligation to forward or share data in order to comply with a legal obligation. Disclosure may also take place as instructed by a court of law or another authority, or to protect the trademarks, rights, property or security of Fundraisingbureauet. This entails the exchange of information with other companies and organisations for the purpose of protection against fraud.
Data security and retention
– How we keep personal data secure. Fundraisingbureauet utilize reasonable and appropriate physical, technical and administrative procedures and measures to safeguard the information we possess.
More specifically, Fundraisingbureauet:
- guarantee a safe operating environment, allowing only employees and trusted partners access to personal data,
- encrypt payment information using industry-standard encryption methods, and
- use prior authentication for account access, when new users are registered in OnlineFundraising.
Fundraisingbureauet uses iTadel, located in Aarhus, Denmark as the physical location for the data we store. Furthermore, backups of the stored data are kept on a server in Denmark.
How long we store personal data
Fundraisingbureauet only stores personal data for as long as it is necessary for the data controller’s stated purpose, or until the contract with the data controller terminates, while also taking into account our need to answer queries or resolve problems and to comply with legal requirements under applicable laws.
When the personal data we possess in no longer required, related to the above stated, it will be deleted from our systems, however not from backup files, which are kept for 8 weeks before deleted. In the event that backup files are used to recover lost information, the personal data previously deleted will be removed from the restored version of the system.
Subcontractors and export of personal data
Fundraisingbureauet is collaborating with CRM-system providers. When customers to Fundraisingbureauet purchase such services, separate contracts are being made between these parties. In relation to the signing of this contract, Fundraisingbureauet can be instructed to export personal data to the CRM-system provider. We will do so only on instruction from the customer.
In the event that Fundraisingbureauet intends to use subcontractors, customers whose data would be processed by that subcontractor will be asked for acceptance in due time. Fundraisingbureauet will only export data to subcontractors on instruction from the customer. In that case, Fundraisingbureauet is still responsible for the privacy and rights of constituents’ data.
Changes to this Policy
In the event that changes are made to this Policy, the revised Policy will replace this Policy on Fundraisingbureauet’s homepage with an updated revision date. Everyone whose data is being processed by Fundraisingbureauet are encouraged to review the Policy regularly.
In the event of significant changes being made to this Policy or the practice followed by Fundraisingbureauet, customers will be notified directly.
How to contact us