Personal Data Policy
Our goal is to maintain your trust and confidence in us by treating your personal information with respect and by giving you control over it.
PERSONAL DATA CONTROLLER:
Maria Liv Claudi Pedersen
Designers Without Borders Dk (in this document also referred to as the ‘association’)
2200 København N
PURPOSES AND LEGAL BASIS FOR THE PROCESSING OF YOUR PERSONAL DATA
We process your personal information for the following purposes:
We register information about you in order to communicate with you, inform you about our work and, if you are a member of the association or a donor, to charge an annual membership fee or a monthly donation fee.
As mentioned above, our processing of your personal data takes place on the basis of the balance of interests rule in Article 6 (1) of the Data Protection Regulation. 1, letter f.
The legitimate interests are to be able to inform you about the work that you support, either as a member, donor, volunteer or sponsor.
In connection with the work of the board, the information about the board is collected with the legitimate reason and purpose to be able to run the association and have an active board with decision-making rights, which can sign relevant and necessary documents in connection with the operation (e.g. agreements with the bank, sponsors, cooperation agreements, insurances etc).
WHAT WE DO WITH YOUR INFORMATION
The association stores and processes information about the following groups;
- Board members
For the first three groups, we collect general information. All information is collected with the consent and directly from the person to whom the information relates.
Members/donors: The general information collected for members/donors is name, address, email address, telephone number and payment information.
The association does not have access to the members’ payment information. Upon your registration of payment information, a third party approved in accordance with international security standards (PCI DSS – Payment Card Industry Data Security Standard) registers and stores the necessary payment information for use in collecting subscriptions.
For volunteers and sponsors, only name and email addresses are collected.
For the board name, address and e-mail addresses are collected.
In connection with the signing of important documents, sensitive personal information is collected from the board, such as: CPR number, copy of passport / driving license / health insurance certificate.
These documents are deleted immediately after active and relevant use and are not posted on dropbox, with whom we do not have a data processor agreement, and where we therefore do not store sensitive personal information.
For information about the processing of data in connection with our Facebook profile, please refer to Facebook as data controller. See www.facebook.com
We do not pass on information about you to facebook.
We do not collect information on members, volunteers or sponsors who, according to the Personal Data Regulation, are described as sensitive.
Members who receive one-way communication as newsletters receive it only with consent. This consent may be withdrawn at any time.
Unsubscription from our newsletter service can be done directly to the association or digitally via the unsubscribe newsletter option in the most recently received newsletter.
The information collected is stored in the association’s membership systems, which are hosted services (data processor) and with whom the association has a data processing agreement approved according to GDPR. These data processors are: Donorbox (donorbox.com) and mailchimp (www.mailchimp.com).
None of the information collected by the association is passed on to a third party.
We only store your personal information for as long as and if there is a legitimate reason for this, as described in this personal data policy.
We collect, store, record, organize, structure or delete personal data using one.com’s systems. This data may be located in emails. We therefore have an approved data processing agreement with one.com and do not store information longer than necessary, and in relation to financial and legal requirements. As a general rule, emails are deleted after 5 years.
It is the personal data controller’s assessment that the storage of the collected data takes place with the necessary security, as data is protected by firewalls, antivirus systems (TotalAV) and access can only take place after encrypted login on the mentioned data systems.
Only the personal data controller has access to these logins. Log-in is changed at regular intervals to avoid abuse.
In addition to the above persons, the companies where the member database is hosted have access to data. Reference is made to the data protection plan of these companies.
For the collection of data relating to users of our Facebook profile, please refer to Facebook’s personal data policy at www.facebook.com
There is an ongoing monitoring of possible security flaws in the association’s databases. This is done in collaboration with the companies where the databases are hosted. In the event of a security leak, the Danish Data Protection Agency and the persons covered by the leak will be informed.
The contact person for the Danish Data Protection Agency is the personal data controller in the association.
The association’s procedures and processing of data are reviewed every six months to ensure that new initiatives and changes in the regulation are implemented in a timely manner.
TRANSFER TO RECIPIENTS IN THIRD COUNTRIES, INCLUDING INTERNATIONAL ORGANIZATIONS
We do not transfer your personal information to recipients outside the EU and the EEA.
YOUR CHOICES AND RIGHTS
Under the Data Protection Regulation, you have a number of rights in relation to our processing of information about you.
If you want to make use of your rights, please contact the personal data controller.
The right to withdraw consent
We may process certain personal data based on your separate consent. You have the right to withdraw your consent at any time. You can do this by contacting the data controller.
Right to view information (right of access)
You have the right to access the information we process about you, as well as a number of additional information.
Right to rectification (correction)
You have the right to have incorrect information about yourself corrected.
Right to delete
You have the right to have information about you deleted.
Right to limitation of data
In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to have the processing restricted, we may in future only process the information – apart from storage – with your consent, or for the purpose of establishing, enforcing or defending legal claims, or to protect a person or important societal interests.
Right to object
In certain cases, you have the right to object to our lawful processing of your personal data. You can also object to the processing of your information for direct marketing.
Right to transmit information (data portability)
In certain cases, you have the right to receive your personal information in a structured, commonly used and machine-readable format and to have this personal information transferred from one data controller to another without hindrance.
You can read more about your rights in the Danish Data Protection Agency’s guide to the data subjects’ rights, which you will find at www.datatilsynet.dk.
Complaint to the Danish Data Protection Agency
You have the right to lodge a complaint with the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data. You will find the Danish Data Protection Agency’s contact information at www.datatilsynet.dk