Effective Date: November 17, 2013
1. We respect your privacy
At GiveDirectly, we respect your privacy as a donor, supporter, and/or user of our website. We are strongly committed to keeping any personal information we obtain from you or about you secure and to being transparent about the ways in which we use it.
2. Who We Are and How To Contact Us
If you have any questions about how we use your personal information and how we comply with our responsibilities, please contact us as follows:
- Email: firstname.lastname@example.org
- Call: 1-646-504-4837
- Write: PO Box 3221, New York, NY 10008
3. Types of Personal Information We Collect and How We Collect Them
Our primary goals in collecting personal information from users of our website are to further our charitable purposes (for example by taking donations), to thank you for your support, and to share information about our work. For the purposes of the GDPR, GiveDirectly is a "controller" of your personal information collected through the website or otherwise provided to us (for example by you via email).
Personal information is collected (1) directly from you when you provide it to us; (2) from third parties where you have given your permission for it to be shared with us and (3) indirectly as you navigate through the website.
(1) When you make a donation or sign up to receive email updates, we will request personal information, such as your name, e-mail address, mailing address, phone number, as well as ask how you heard about GiveDirectly. We use the personal information you provide to process your donation and/or communicate with you about it. In addition, we may use this personal information to keep you updated about our work if you indicate (by giving consent) that you would like us to do so. You can choose to stop receiving marketing/fundraising information by following the unsubscribe instructions included in the materials you receive or by contacting us at email@example.com or via phone by 1-646-504-4837.
We may share personal information with third party service providers we work with to perform these functions on our behalf, such as processing credit card payments and sending postal mail and email. If you choose to share where you heard about GiveDirectly, we may share that information with specific third parties that are identified, such as GiveWell.
In connection with seeking employment with GiveDirectly, you may decide to submit, through our sites or otherwise, personal information (including your name, address, telephone number, e-mail address and any other personally identifiable information requested on our online and offline forms, as well as an electronic or paper copy of your resume/CV). All information entered into any online or offline forms related to employment or volunteering is held in confidence, and will be viewed only for human resources purposes by GiveDirectly and third parties that assist us with certain functions. This information may be used to assess your qualifications as an employee or volunteer for GiveDirectly, or to analyze general patterns in applications for positions or hiring at GiveDirectly.
(2) When you make a donation to us via a third party, they may provide us with details of your donation and, where you have given that third party permission, they may share with us other personal information such as your name, location, mailing address, and contact details.
(3) When you use our website, we may collect information about you through tracking technologies such as cookies and web beacons. This may include information about your browsing actions such as the frequency with which you visit various parts of the website. We use the information collected primarily to inform our efforts to provide an enhanced experience on the website. Please refer to our Cookie Notice for more information.
From time to time, we may also obtain information about you from third-party sources, such as public databases, social media platforms, or third-party data providers. We take steps to ensure that such third parties are legally or contractually permitted to disclose such information to us.
3.1 The Purposes for which We Use Personal Information
- to provide you with the information or services you have requested, and communicate with you in general
- to analyze, evaluate and improve our work, programmes, services, activities or information
- to provide updates on our work and request donations
- to invite you to talks and events hosted by us
- to thank donors for their support
- to administer any financial transaction between us
- to recruit employees and volunteers
- to ensure we are not contacting people who have told us not to
- to satisfy legal obligations which are binding on us;
- for research purposes;
- for the prevention of fraud or misuse of services; and
- for the establishment, defence or enforcement of legal claims.
3.2 How We Use and Transfer Personal Information
GiveDirectly engages third party vendors to assist us with such functions as hosting our donor personal information database, sending email, modeling our data, and processing online and mail donations and credit card payments. In addition, GiveDirectly consults advisors in making organizational decisions and developing long term plans. These companies and advisors have access to donors' personal information as needed to perform their functions. GiveDirectly requires that they keep such personal information confidential and that they not use such information for purposes other than the functions they are assisting us with.
We do not sell, rent, or give personal donor information to any other party not under the employ of, or in a direct advisory or vendorship role to GiveDirectly. We may disclose to third parties aggregate statistics regarding donations but these statistics do not include any personally identifying information. The information given includes total number of donors and total amount of donations for specific periods of time.
3.3 Lawful Basis for Processing Personal Information
Where the GDPR applies to our operations, we are required to rely on one or more lawful bases to collect and use your personal information. Where this is the case, we rely on the following lawful bases:
- Consent: We may ask for your consent to use your personal information for certain purposes, for example, by asking you to agree to receive email marketing from us. You always have the right to withdraw your consent (see section 4.2).
- Legitimate interests: We may process personal information on the basis that there is a legitimate interest, either to us or to a third party, and the processing is reasonably necessary to further that interest. Where we process your personal information on this basis, we do so after careful consideration whether the same objective could be achieved through other means and whether you would expect us to process your personal information, and whether you would consider it reasonable to do so (in other words, we check that our use is fair, balanced and does not unduly impact your rights).
Our legitimate interests, for example, include the pursuit of our charitable purposes, and administration – so for instance we will rely on the legitimate interest ground to communicate with you in most instances such as to process your donations.
- Contract: We may process your personal information where we have a contract with you, in order to fulfil that contract, or to take steps at your request prior to entering into one.
- Legal obligation: We may rely on this basis where the processing of your personal information is necessary for us to comply with a legal obligation to which we are subject (for example, reporting to tax authorities).
3.4 Disclosure of Personal Information to third parties
(1) to comply with law or regulation,
(2) to our professional advisors (e.g. lawyers), where necessary to protect our interests,
(3) to protect your safety or security (including fraud protection),
(4) to protect the security of our website and any property that belongs to us, our personnel or other users, and/or
(5) in the event that we transfer or receive any business or assets (in which case we will disclose personal information to the prospective transferor or transferee) or if substantially all of our assets are acquired by a third party (in which case personal information held by us may be one of the transferred assets), as part of a restructure or otherwise.
Otherwise we will generally inform you and may ask for your consent before we share your personal information with a third party.
3.5 Personal Information Protection and Security
All personal information is stored securely. We endeavor to protect your personal information and employ both appropriate technical and procedural methods, such as commercially reasonable administrative, technical, and physical safeguards against accidental or unlawful destruction or loss, or unauthorized disclosure, access or use. Please be aware that, despite our best efforts, no security measures are perfect or impenetrable and any transmission of personal information is at your own risk.
3.6 Data Retention Period
Personal information that we process shall not be kept for longer than is necessary in connection with the purposes for which it was collected and/or is used.
In some cases, we may keep your personal information for longer, for instance where we are required to do so in accordance with legal or regulatory requirements (such as tax and accounting).
In specific circumstances we may also retain your personal information for longer so that we have an accurate record of your dealings with us in the event of any complaints or challenges.
4. Your Individual Rights
In general, please note that we will honor your requests to exercise your rights to the extent possible and required under applicable law. Certain of these rights (including those set out in this section 4, including 4.1 and 4.2 below) may only be available to you if you are located within the EU when you access our website or otherwise engage with us.
You can send us an email at firstname.lastname@example.org or contact us via phone at 1-646-504-4837 to request access to, correct or delete your personal information, or fulfil any of the rights below. We may not accommodate a request if we cannot confirm your identity, or we can rely on exemptions – for instance we may not change personal information if we believe the change would violate any law, regulation, legal requirement or applicable policy or cause the information to be incorrect. Specifically, under the GDPR, your rights in relation to the personal information we hold are expressed as follows. You also have the right;
- Of access to the personal information we hold (see 4.1 below)
- To rectification of any personal information we hold
- To erasure of your personal information
- To restrict processing of your personal information
- To data portability of your personal information
- To object to processing; and
- To not be subject to automated decision-making including profiling
Please note that you also have the right to lodge a complaint with your local data protection authority about how we use your personal information if you are located in the UK or the EU. Please always consider raising your concern with us first by contacting us using the contact details in section 2.
4.1 Accessing your Personal Information
Individuals can find out if we hold any of their personal information by making a "subject access request" under the GDPR. If we do hold personal information about you, we will (subject to entitlement and exemptions):
- Give you a description of it;
- Tell you why we are holding it;
- Tell you who it could be disclosed to; and
- Let you have a copy of the information in an intelligible form
You may request a copy of the personal information by emailing us at email@example.com or via phone by 1-646-504-4837.
4.2 Withdrawing your consent
Under the GDPR, where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. You may exercise your right to withdraw your consent in relation to your personal data being used at any time by written notice to us via email to firstname.lastname@example.org or via phone by 1-646-504-4837. Withdrawing your consent does not affect the lawfulness of processing based on consent before its withdrawal.
Date last revised: March, 2019