Donor PolicyEffective date: 05/25/2018
Contact information of the controller
Collection and use of Personal Information
Collection and use of personal information in connection with your donations and any services provided to you by the IJM Global Team
Purpose and legal basis of processing
Art. 6 (1) a) GDPR (processing is based on your consent)
Only if you provide us your consent (which is revocable at any time), we process personal information from you for e.g. marketing purposes or to facilitate your participation in IJM events or activities in which you voluntarily engage.
Art. 6 (1) b) GDPR (processing is necessary for the performance of a contract)
In order to communicate with you and for the performance of our contractual obligations to you (for example, to process your donation, issue receipts, and otherwise support your relationship with the IJM Global Team), we may collect the following personal information from you:
- Contact information such as name, e-mail address, mailing address, phone number
- Billing Information such as credit card number and billing address
- Unique identifiers such as user name, account number, password
- Additional information as needed to support your relationship with IJM, such as minimum age or DOB (to ensure age appropriate content) and tax-payer information (to support tax recovery)
Art.6 (1) c) GDPR (complying with a legal obligation)
In certain circumstances we are obliged to process personal data from you due to a legal obligation, such as anti-corruption stipulations or statutory retention periods.
Art.6 (1) f) GDPR (legitimate interest in transmitting personal data)
We primarily rely on the legitimate interest of the IJM Global Team to provide constituents with desired information about IJM and its work worldwide. Where we process your personal information on the basis of legitimate interests, including sharing of your personal information within the IJM Global Team or with third party processors for such purpose, we do so primarily to provide and improve constituent services and provide constituents a service which is suitable to their requirements. We may use your information to improve and customize our constituent services, and as necessary to pursue our legitimate interests of improving our constituent services and experience; understanding how constituents engage with the IJM Global Team, communicating with constituents in appropriately customized ways, and exploring ways to better engage current and future constituents in the mission of International Justice Mission. We may also process your information for our legitimate interest in providing age appropriate content for children; supporting tax recovery; and maintaining the safety and security of our constituent services, including enhancing protection against spam, harassment, intellectual property infringement, crime, and security risks of all kind. We may further process personal information of constituents who attend in person events or trips for our legitimate interest in providing for the safety and security of all event attendees. The IJM Global Team has a further legitimate interests in processing your personal information as follows:
- We may exchange personal data within IJM’s international affiliate offices for the legitimate interests described above, as well as for administrative purposes.
- e may also process personal data from you in order to defend legal claims.
Additionally, we may collect the following personal information from third party sources, including from public sources:
- Marketing information such as additional forms of contact, indicators or flags used for segmentation purposes.
- Demographic information, including census data or third party research for segmentation purposes.
Surveys or Contests
From time-to-time we may provide you the opportunity to participate in contests or surveys on our website or elsewhere. If you participate, we will request certain personal information from you. Participation in these surveys or contests is completely voluntary and you therefore have a choice whether or not to disclose this information. The requested information typically includes contact information (such as name and shipping address), and demographic information (such as zip code). The legal basis for processing that Personal Data is Art.6 (1) a) GDPR (consent).
Collection and use of Personal Information in connection with your use of our website
Informational use of our website
If you do not register with us or otherwise provide us with personal information, we only process the personal information that your browser transmits to our server. This includes your IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), the access status/HTTP status code, the amount of data transferred in each case, website from which the request comes, browser, operating system and its surface, language and version of the browser software. This processing is technically necessary for us to display our website to you and to ensure the stability and security of the website. The legal basis for such processing is Art.6 (1) f) GDPR.
Links to Other Websites
Social Media Widgets
We currently use the following social media plug-ins:
Facebook Like Button
We have no influence on the data collected and data processing processes, nor are we aware of the full extent of data collection, the purposes of processing, the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.
The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation takes place in particular (also for not logged in users) for the representation of demand-fair advertisement and in order to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Through the plug-ins we offer you the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art.6 (1) f) GDPR.
The data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected with us will be directly assigned to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.
Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers notified below. They will also provide you with further information about your rights in this regard and setting options to protect your privacy.
Addresses of the respective plug-in providers and URL with their data protection information:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; weitere Informationen zur Datenerhebung: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications sowie http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook hat sich dem EU-US-Privacy-Shield unterworfen, https://www.privacyshield.gov/EU-US-Framework.
Recipients of your Personal Information
- IT service providers
- Companies that assist with customer service, shipping, or event registration
- Companies that provide other services to support our relationship with you
- Companies that provide demographic and market research assistance
In addition, any office within the IJM Global team may share personal information you provide it to the International Justice Mission headquarters (“IJM Global”) office in the United States, or another member of the IJM Global Team, so that the receiving IJM office may engage with users located in their country and as otherwise necessary to manage the provision of suitable services to constituents as appropriate for their needs.
We may also disclose your personal information to third parties:
- as required by law such as to comply with a subpoena, or similar legal process;
- when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request; or
- with your prior consent to do so.
Transfers of personal data to countries outside the EU
- When we use external service providers based outside the European Economic Area to process your personal information, we do so pursuant to the standard contractual clauses for data processors approved by the European Commission to ensure an appropriate level of data protection. These service providers have been carefully selected by us, commissioned in writing and are bound by our instructions. They are regularly checked by us. The service providers will not pass this data on to third parties, but will delete it after fulfilment of the contract and the conclusion of legal storage periods, unless you have consented to further storage.
- When a member of the IJM Global team located within the EU, or otherwise serving as a controller for data subject to GDPR, transfers personal information to the IJM Global office or any other office within the IJM Global Team located outside of the EU, we rely on the standard contractual clauses for data controllers approved by the European Commission to ensure an appropriate level of data protection.
General information and your rights
IJM maintains a donor portal, available at: https://ijm.force.com/ From the donor portal, donors may change or delete their own personal information.
Where you have provided your consent, you have the right to withdraw your consent to our processing of your personal information. For example, you may choose to stop receiving all or certain types of communication by following the unsubscribe instructions included in these emails or you can contact us at firstname.lastname@example.org. You can further choose to withdraw your consent to our processing of your personal information related to an online account (e.g., donor portal) by closing your account through your account settings and then emailing email@example.com to request that your personal information be deleted, except for information that we are required to retain. This deletion is permanent and your account cannot be reinstated.
Correcting, Deleting and Updating Your Personal Data
To review and update or delete your personal information, contact us at firstname.lastname@example.org. We will respond to your request to access within 10 days. If you are a donor, you may use our donor portal to update your personal information.
We may post customer testimonials/comments/reviews on our website which may contain personal information. We do obtain the customer's consent via email prior to posting the testimonial to post their name along with their testimonial. If you wish to update or delete your testimonial, you can contact us at email@example.com. The legal basis for that processing is Art.6 (1) a) GDPR.
We will retain your information for as long as your account is active or as needed to provide you services. If you wish to cancel your account or request that we no longer use your information to provide you services, contact us as described in this policy. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
The security of your personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our website, you can contact us at firstname.lastname@example.org. When you enter sensitive information (such as a credit card number) on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL).
The personal information collected when you make a contribution or purchase items by credit card is kept for the purposes of tracking your order and to provide a receipt of the transaction. This information is stored on an encrypted, secure server managed by a third-party commercial credit card processing institution.
Your rights in respect of your Personal Data
You have the right of access (Art.15 GDPR), rectification (Art.16 GDPR), erasure (Art.17 GDPR), restriction of processing (Art.18 GDPR) and the right to data portability (Art.20 GDPR). In addition, you have the right to object to processing that is based on Art.6 (1) f) GDPR. You also have the right to lodge a complaint with the data privacy supervisory authority.
If you have given us your consent to process personal data for specific purposes, this consent is the legal basis for processing your personal data. Consent can be revoked at any time without affecting the legality of the processing carried out on the basis of the consent until revocation. The revocation can take place form-free and should be directed if possible to the contact information provided in this policy.
International Justice Mission
PO Box 58147
Washington, DC 20037