The WJC respects your privacy and we strongly believe in protecting the integrity and privacy of personal data gathered from our activities with individuals, stakeholders and supporters as well as visitors to our website. For the purposes of the General Data Protection Regulation (GDPR) and any subsequent Dutch legislation addressing data protection, the Data Controller is Stitching Wildlife Justice Commission.
This Policy sets out to demonstrate our commitment to preserving your privacy and safeguarding any personal details you provide to us, whether on this website or by any other means. We wish to show our compliance to the GDPR and its eight principles.
This Policy explains why we collect personal data about individuals and how we use it. It also explains the legal basis for this and the rights you have regarding the way your personal data is used.
We may change this Policy from time to time. If we make any significant changes, we will advertise this on the website or contact you directly with the information.
What information we collect/What kind of information do you collect?
The WJC collects different categories of personal data, these being:
- Name and address details (name, address, place of residence);
- occupational details (work place, work address);
- phone number;
- e-mail address;
- job title;
- if you donate to us and provide your credit/debit card or bank account information, it will be encrypted using SSL technology. We do not store those details on our servers but use third-party credit card processing services.
How we collect personal data/How do you collect my data?
We may collect personal data from you whenever you contact us or have any involvement with us, including:
- Visit our website (see below on Cookies);
- Donate to us or fundraise for us;
- Enquire about our activities or services;
- Sign up to receive news about our activities;
- Post content on our website or social media channels;
- Participate in our events or meetings and provide us with your data;
- Contact us in any way, including online or via e-mail, phone, SMS, social media or post;
- Via third parties insofar as this is in accordance with the law.
How the information is processed/How do you use my information
We will use your personal data in a number of ways, which reflect the legal basis applying to the processing of your data. These may include the following:
- Providing you with the information or services you have asked for;
- Replying to your information requests;
- Asking you for a donation or to upgrade your current donation and manage the payment of those;
- When necessary for carrying out our obligations under any contract between us;
- Maintaining our organisational records and ensuring we know how you prefer to be contacted;
- Analysing the operation of our website and analysing your website behaviour to improve the website and social media channels;
- For carrying out our mission;
- Processing job applications and enquiries for employment/internship;
- Requesting participation in surveys that we may carry out for market research;
- Inviting you to events or promotions we may organise.
How this information is held and secured/How do you keep my information secure and where?
The WJC aims to take reasonable and appropriate administrative, technical, organisational and physical security and risk-management measures in accordance with applicable laws to ensure that your personal data are adequately protected against accidental or unlawful destruction, damage, loss or alteration, unauthorised or unlawful access, disclosure or misuse and any other unlawful forms of processing of your personal data in our possession.
Securing personal data is an important aspect of protecting privacy. We apply policies, standards, risk assessments (both physical and cyber) and supporting security controls at the level appropriate to the risk level and the services provided. In addition, appropriate security controls are communicated to applicable personnel across the organisation in order to support a secure operating environment.
We will take reasonable steps to ensure that our organisation and any third party processors will only have access to personal data where it is necessary for them to carry out their duties. Our organisation and any third party processors will be made aware of their responsibilities under the GDPR. We will take all reasonable steps to ensure that all personal information is held securely and is not accessible to unauthorised persons. As a result, any third parties we use to store and process our data are reviewed in order to make sure they are up to the highest standards.
How we share the information with third parties/Do you pass my details to any other organisations or individuals?
WJC will not sell your personal information and we will not pass your personal information to any third parties except in the circumstances set out in this Policy.
We do not share personal data with other charities or organisations for marketing or fundraising purposes.
We may allow our staff, consultants, or other providers acting on our behalf to access and use your personal information for the purposes for which you have provided it to us or if it serves a legitimate interest in accordance with our organisation and its mission. If we do this, we will not grant those individuals/organisations any rights to use your personal information (or to contact you), except in accordance with our instructions.
Our Legal Basis for Processing Your Personal Data/What kind of legitimacy do you have to use my data
The use of your personal data for the purposes set out above is lawful because one or more of the following applies:
- If you have provided us with personal data for the purpose of requesting information such as through our newsletter, shared business cards or requesting that we carry out a service for you, we will proceed on the basis that you have given consent to us using the data for that purpose, based on the way that you provided us with the data. You may withdraw consent at any time by e-mailing us at firstname.lastname@example.org. This will not affect the lawfulness of the processing of your personal data prior to your withdrawal of consent being received and acted upon.
- If you contacted us or become involved with us in another way (including via social media).
- If it is necessary for us to hold and use your personal data so that we can carry out our obligations under a contract entered into with you or to take steps you ask us to take prior to entering into a contract.
- If it is necessary to comply with our legal obligations, such as processing pursuant to Dutch law or EU regulations.
- If the purpose of our processing is the provision of information or services to you, we may also rely on the fact that it is necessary for your legitimate interests that we provide the information or service requested, and given that you have made the request, we would presume that there is no prejudice to you in our fulfilment of your request.
- If we have identified a necessity to use personal data in order to pursue our legitimate interest in accordance with our mission.
On occasion, we may also collect information about you from the public domain, either directly or from third parties.
Except where permitted by law, we will never collect sensitive personal data about you without your consent.
How you can access and correct the information held/How can I access and correct my information?
You have the right to request details regarding the processing activities that we carry out in relation to your personal data. Such requests must be made in writing. To make a request, please contact us via e-mail at email@example.com
In relation to the GDPR, you also have the following rights:
- To access your personal data;
- To request rectification of data that are inaccurate or out of date;
- To erasure of your data (known as the “right to be forgotten”);
- To object to processing necessary for the purposes of legitimate interests pursued by us;
- To restrict the way in which we are dealing with and using your data;
- To request that your data be provided to you in a format that is secure and suitable for re-use (known as the “right to portability”);
- In relation to automated decision-making and profiling, including profiling for marketing purposes;
- To lodge a complaint with a supervisory authority (Dutch Data Protection Authority).
All these rights are subject to certain safeguards and limits or exemptions. To exercise any of these rights, contact us in writing at firstname.lastname@example.org. We will process your request within a reasonable time and, if appropriate, respond in full no later than one month from our receipt of the request. We may ask for additional information necessary to confirm your identity and process the request before processing the request in full. Requests will be denied in instances where an exemption in the GDPR or another law applies.
Opting out of further correspondence/What if I don’t want you to use my details anymore?
If you have provided us with your details or your details were provided to us by a third party but decide at a later date that you no longer want to receive information from us, would like us to stop processing your data at all or in any particular way, or if you wish to update us that your contact details have changed, simply let us know by sending an email to email@example.com.
This Policy may be changed from time to time. If we make any significant changes, we will advertise this on our website or contact you directly with the information.
Please check this Policy each time you consider giving your personal information to us.
Do you have additional questions?
Updated: May 2018