This post is also available in: hrvatski (Croatian)
Data controller is SOLIDARNA – Foundation for Human Rights and Solidarity, Trg kralja P. Krešimira IV 2, 10 000 Zagreb
Tel: +385 1 55 44 722
‘SOLIDARNA – The Foundation for Human Rights and Solidarity pledges to protect the personal data of donors, collecting only the essential information on donors that are necessary to fulfil our obligations; it agrees to inform donors about using this information and regularly give donors a possibility to choose whether or not their names will be removed from the lists used for charity campaigns. All user data are strictly protected and available only to authorised personnel as necessary for performing their duties. All employees of SOLIDARNA – The Foundation for Human Rights and Solidarity and its business partners are responsible for respecting the privacy protection principles.’)
What kind of personal data do we collect?
· Basic personal data (e.g. first and last name) and data necessary for communication (e.g. address, e-mail, telephone)
• Additional personal data (e.g. OIB (personal ID number) only in case of signing contracts and standing orders)
• Data on communication with the SOLIDARNA Foundation and data on selected (preferred) ways of communication with the SOLIDARNA Foundation
• Data on payments made to the SOLIDARNA Foundation
· Images and video content stored on the basis of express written consent
• Data we collect through cookies placed in your internet browser,
What is the legal basis for the processing of your personal data?
In accordance with the applicable personal data protection legislation, we may process your personal data:
· if you have given us consent (which you can revoke at any time)
• if necessary so that we could fulfil our contract with you (e.g. concerning the standing order)
• if processing is necessary in order to protect the legitimate interest of the SOLIDARITY Foundation
• if required so by law
For what purposes do we process your personal data?
The SOLIDARNA Foundation only processes your personal data for specific and legitimate purposes and will not process them in any way that is inconsistent with those purposes.
1) Based on a legitimate interest or consent obtained, the SOLIDARNA Foundation may contact you through the following communication channels, in order to ensure the implementation of the core activities of the Foundation by sending information on the work and mission of the SOLIDARNA Foundation and by calling to donations or participation in the work of the SOLIDARNA Foundation, as well as to resolve inquiries or administrative processes
1. a) By direct mail (in order to ensure the implementation of the core business of the SOLIDARNA Foundation all our mail recipients at a certain point in the past had a publicly available address or provided consent through the then legally regulated forms. If anything has changed since our initial communication with you, you are free to contact us at firstname.lastname@example.org at any time, in order to stop receiving our direct mail. We invite you to study your data management rights in detail in the Policy below.
2. b) By e-mail or newsletter (in order to answer your inquiries sent to the SOLIDARNA Foundation, resolve an existing open issue, encourage you to make an intangible contribution to the Foundation or to inform you about the work of the SOLIDARNA Foundation, for which you have given us consent by e-mail or by filling in a printed form.
3. c) By telephone (as publicly available information or based on your consent to thank you for your donation)
2) The SOLIDARNA Foundation conducts basic profiling based on a legitimate interest in order to contact you in a way and frequency that best suits you, but also in the interest and in good faith for the mission and work of the SOLIDARNA Foundation by reducing the cost of using specific communication channels. Rest assured that we do not in any way conduct automated data processing with the aim of determining personal aspects of individuals.
How long do we keep your personal information?
Personal data that we process on the basis of your personal consent or on the basis of a legitimate interest are stored permanently, that is until you revoke your consent, which you may do at any time by sending an email to the address email@example.com or, in the event of termination of the relationship without explicit revocation, for five years.
We retain personal data that we process on the basis of the law or a contractual relationship with you as long as this is prescribed by law.
Upon the expiration of the retention period, we delete personal data permanently or anonymise them so that they can no longer be linked to you.
How do we protect your personal data?
We use technical and organizational security measures to protect your personal data from illegal or unauthorised access or use, as well as from accidental loss or loss of part of the data. We have designed them taking into account your IT infrastructure, the potential impact on your privacy and costs, and in line with current technology standards and practices.
Maintaining data security means protecting the confidentiality, integrity and availability of your personal data:
• Confidentiality and integrity: Your personal data is protected from unauthorised or illegal processing and from accidental loss, destruction or damage
• Availability: We will ensure that data controllers have access to your personal data when needed. Our security procedures include: access security, backups, monitoring, review and maintenance, security incident management, and confidentiality agreements that apply to third parties (e.g. printing house) and international organisation (e.g. images).
Who processes your personal data?
Depending on the purposes for which we process your personal data, we may divide the recipients of your personal data into the following categories:
1. a) Within the SOLIDARNA Foundation:
Authorised permanent or contracted employees of the Association
We may share photographs or video material only with your consent
1. b) Third parties required for the SOLIDARNA Foundation to perform its core business
(E.g. printing house, postal service…)
Third parties receive your data in order to realise the selected channel of communication with you. We require third parties to sign the confidentiality agreement and to always comply with applicable laws and personal data protection rules, and to pay special attention to the confidentiality of your personal data.
1. d) Our business partners:
Advertising agencies, marketing and PR agencies and service providers (e.g. MailChimp, Google, Facebook) for sending emails; graphic designers
We require them to always comply with applicable laws and personal data protection rules, and to pay special attention to the confidentiality of your personal data:
Only cookie identification information for remarketing purposes, email address for displaying Google AdWords ads; Google Analytics cookie identification information; Facebook – only cookie identification information for remarketing purposes; email for displaying ads in Facebook Custom Audiences: which help us conduct and analyse the effectiveness of our campaigns and promotional activities, and we may share photographs or video material only with your consent.
Our business partners from items c) and d) may process your personal data only in compliance with our instructions and may not use personal data for their own interest.
What are your options and rights regarding the submitted personal data?
We want to be as transparent as possible, so we offer you the opportunity to choose the way you want us to use your personal data. You choose how – through which channels – you want us to contact you, (for example, email, regular mail, phone). We will try to respect your wishes, but keep in mind that all channels do not allow the same level of communication.
· Right of access – you may always contact our data protection officer (see below: Who can you contact with questions about your personal information?) to find out what personal data we have in the database and from which source we obtained it. Under certain conditions, you have the right to display the personal data you have provided to us, in the most commonly used structured machine-readable form, as well as the right to send personal data to any third party of your choice.
· Right to correction – if you find an error in your personal data or if you think that the data is not complete or accurate, you can request a correction or addition
· The right to restrict processing – you may request restricted processing of personal data (for example, while checking the accuracy of your personal data)
· Right of revocation and deletion – You may revoke your consent to the processing of personal data at any time by contacting our contact person in charge of data protection issues (see below: Who can you contact with questions about your personal data?). In addition, you may request us to delete any of your data.
· Right to complaint – If you have reason to believe we have violated Croatian or European data protection regulations during the processing of your data, please contact us to clarify any issues. You have every right to file a complaint with the Croatian Data Protection Agency or other competent body in case of change in the applicable regulations, and since 25 May 2018 also to the supervisory body within the EU.
Who can you contact with questions about your personal data?
In case of any questions or requests regarding your personal data, their storage and processing, write to us at firstname.lastname@example.org.
Please note that our donors may at any time, in whole or in part, without compensation and explanation request the SOLIDARNA Foundation to stop any communication activity towards them and to stop processing their personal data. You can submit a request in writing at: email@example.com or by direct mail to the above address of the SOLIDARNA Foundation.