At Novi, we understand that the privacy and security of your personal information is an important issue to you and we are committed to protecting it. We aim to be completely transparent on how we collect, process, and store your personal information.
The processing of your information is carried out by or on behalf of Novi (who is the ‘controller’ of the personal information collected as set out below).
Please take the time to read this policy carefully. If you have any questions about it or would like to update your communication preferences, please contact us by email at: firstname.lastname@example.org
By using this website (www.novi.ngo), you consent to us using cookies that can track your activity. Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners to help provide a customized experience, as well as to provide reporting information.
Cookies will be used for the following purposes only: to store your chosen location and return you to the correct website upon your return.
Our website also uses Google Analytics to gather and store information that your browser sends to the server when using the website. This data includes your IP address, webpages you’ve accessed, and documents you’ve downloaded. For more information about Google Analytics and its privacy practices, please see: https://support.google.com/analytics/topic/2919631
We also use visitor tracking pixels from Facebook. These are tiny graphics files that allow user behavior to be tracked after they have been redirected to our website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes.
The data collected in this way is anonymous to us; we do not see the personal data of individual users. However, this data is stored and processed by Facebook. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy https://www.facebook.com/about/privacy/. A cookie may also be stored on your computer for these purposes.
i. Directly from you: we collect personal information when you communicate with us using any media or in person. You may give us information to sign up for one of our events, ask about our activities, donate to us, purchase our publications, or fundraise on our behalf.
ii. From other organizations or sources: your information may be shared with us by independent event organizers, for example, a marathon or fundraising site. These independent third parties will only do so when they have told you your personal information will be shared and, generally, when you have indicated that you wish to support us. You should check these organizations’ privacy policies when you provide your personal information to understand how they will use and share it.
Your personal information may also be given to us indirectly by you when it is shared with us by third parties acting on our behalf, for example sub-contractors in technical, payment and delivery services. To the extent we have not done so already, we will notify you when we receive personal information about you from them and tell you how and why we intend to use that personal information.
iii. When information is publicly available: we may collect and combine information that is publicly available with information we already hold to better understand our supporters and improve our work. This may include:
a. Information publicly available on social media platforms like Facebook (please see below for the Facebook’s ‘Custom Audience’ program), Twitter, or Instagram: we may collect personal information when you have used social media platforms to contact us. Please check your privacy settings or their privacy policies as you might have given us permission to access information from those accounts.
b. Information publicly available on newspapers, articles or other websites.
c. Information publicly available when researching/analyzing supporters as explained in section 3 below.
iv. When you visit our websites: we may automatically collect technical information from your computer or device such as IP address, and via cookies and similar technologies. Please see our Cookies Policy above for more information.
We may combine your personal information from one or more of these sources for the purposes set out in this policy.
We may collect, store and use the following kinds of personal information:
a. Identity data, including your name, username, date of birth (for example, if you donate, volunteer, or sign up for an event).
b. Contact data, including your email address, mailing address, and phone number (for example, if you sign up to receive updates from us).
c. Financial data, including bank or payment card details (for example, if you donate).
d. Transaction data, including details of your giving.
e. Technical data such as your IP address, when you browse our website.
f. Marketing data such as your preferences for receiving communications from us.
g. Media data such as photographs, video and audio recordings.
h. Any other information you provide us as above (see How we obtain your personal information)
As a nonprofit we rely on a variety of methods to keep our supporters engaged and informed about our work. We may use data collected for different purposes. We process your personal data for the following purposes:
We may analyze your personal information to create a profile about you, your interests and preferences; including identification of, and subsequent research into, prospective donors. This is to gain a better understanding of our supporters and identify prospective supporters.
This analysis, which may include identifying indicators of wealth and analysis of our database in future, will inform our fundraising strategy, help us to provide you with relevant and effective communications, and strengthen the donor-charity relationship with our supporters in the most efficient way possible. As a nonprofit, this helps us make best use of its charitable funds in order to maximize the public benefit it is able to deliver.
In doing this, we may combine information that you have given us with other information about you when it is available (for example, from public records or social media). We may use third party suppliers to undertake these activities on our behalf and share your data with them only to the extent required.
You can opt out of your personal information being used in this way by contacting us.
Data privacy law identifies certain categories of personal information as sensitive and therefore requiring more protection. It is unlikely that we will collect and/or use your sensitive personal information (also known as special category data). If we do, we will only do so where we have your explicit consent unless otherwise permitted under data privacy law.
PLEASE BE AWARE THAT if you send us unsolicited sensitive personal information, you do so at your own choice, as we do not have the expertise to provide specialist support in this area. See how we will share your information below.
In order to lawfully collect, hold and use your personal information, we must rely on one or more of six grounds set out in data privacy law. We consider the following to be relevant to our use:
i. Where you have given consent (for example, to send you promotional or fundraising material by email, and we may ask for your explicit consent to collect certain types of sensitive information).
ii. Where it is necessary to comply with a legal obligation.
iii. Where it is necessary for the performance of a contract with you or take steps at your request prior to entering into a contract (for example if you order one of our publications).
iv. Where it is necessary to protect someone’s vital interests. Whilst we are not able to advise people directly on their personal circumstances, and do not provide a helpline service, as a charity serving refugees, displaced, and otherwise often vulnerable people we may from time to time receive enquires from individuals in distress. We may refer these enquiries on to those better equipped to assist if we feel yours or another’s vital interests are at risk.
v. Where there is a ‘legitimate interest’ in us doing so.
The law allows us to collect and use personal information if it is reasonably necessary to achieve our or others’ legitimate interests (as long as to do so it is fair, balanced and does not unduly impact on your rights). In general, our legitimate interests are the running of a charitable entity and pursuing our mission and vision. This may include charity governance, administration and operational management, and fundraising and campaigning (including sending marketing by mail, and analysis in order to develop effective communication and fundraising strategies). When we rely in this lawful basis, we consider and balance any potential impact on you (positive and negative) and on your privacy rights.
Whatever your relationship with us, we only keep your personal information as long as necessary to fulfill the purposes we hold it for, including satisfying any legal, accounting or reporting requirements.
That length of time may vary depending on the reasons for which we are processing the personal information and whether we have a legal (for example under financial regulations) or contractual obligation to keep it for a certain amount of time.
Once the retention period has expired, personal information will be confidentially disposed of or permanently deleted.
If you object to further contact from us, we will keep some basic information about you on a ‘suppression list’ in order to comply with your request in the future.
We undertake proportionate and appropriate measures to ensure security and confidentiality of your personal information. We make sure that your personal information is only accessible by trained staff, volunteers, and contractors. Access to sensitive personal information will be restricted to only those individuals that need this data in order to carry out their functions. We also use password protections. These are examples – we ensure appropriate measures are in place proportionate to the risk involved.
Our site is protected by HTTPS, meaning that any personal information that you transfer to us via our website is encrypted and is stored as securely as possible. The transmission of information via the internet is never completely secure, and we cannot guarantee the security of personal information transmitted via the internet.
In general, the personal information that we collect is stored at a destination within the US. However, your personal information may sometimes be transferred or stored outside the US.
Some countries have lower standards of protection for personal information. In these cases, we will take all steps reasonably necessary to ensure that the recipient implements appropriate safeguards to protect your personal information (for example, by entering into a contract approved by the US).
Our website includes links to other websites which you may find useful. This policy does not cover their privacy practices and we are not responsible for the content of other sites or their privacy policies and practices. We encourage you to read the privacy policies of any external sites you visit via links on our websites.
Marketing and fundraising communications:
We may use your contact details to provide you with information about our work (including our campaigns), events, services and/or activities which we consider may be of interest to you.
Where we do this via email, SMS or telephone, we will not do so without your prior consent (unless allowed to do so via applicable law).
Where you do not wish to be contacted by us about our work, events, services and/or activities in the future, please let us know by email at email@example.com. You can opt out of receiving emails from us at any time by clicking the “unsubscribe” link at the bottom of our emails.
Depending on your settings or the privacy policies for social media sites like Facebook and Twitter you may receive targeted advertisements about us through our use of social media audience tools.
We may participate in Facebook’s 'Custom Audience' program, which enables us to display adverts to our existing supporters or people with similar interests when they provide your email address, mobile number,and address to Facebook so they can determine whether you are a registered account holder with them (or so they can create a ‘lookalike’ audience). Our adverts may then appear when you access Facebook. Your details are sent in an encrypted format that is deleted by Facebook if it does not match with a Facebook account. For more information about this, please see Facebook’s relevant guidance and policies.
We will also communicate with you for other purposes using the contact details you have provided. For example, to process a donation or, if you have signed up to participate in an event, to check that fundraising pages have been set up and to provide any other necessary information.
Please be aware we may still need to contact you for administrative purposes even where you have opted-out of receiving marketing from us.
We may share your personal information to third parties in order to achieve the purpose set out in this notice, including suppliers and sub-contractors (for example website hosts or cloud storage providers).
Where we share with these third parties we will have appropriate agreements or protocols in place to ensure that your personal information is safeguarded.
As explained above, we are not equipped to deal with requests for personal support. We may share your personal information with appropriate third parties when we consider it necessary to protect vital interests.
We may also need to disclose your personal information where legally required or when asked by regulatory bodies or law enforcement agencies. We may also merge or partner with other organizations and in doing so acquire or transfer personal information, but if this were the case your personal information would continue to be used for the purposes set out in this policy.
Where we rely on your consent to use your personal information, you can withdraw that consent at any time. This includes the right to ask us to stop using your personal information for marketing purposes (change your communication preferences at any time by contacting us). You also have the following rights:
Right of access - You can request access to personal information we hold about you. Provided we are satisfied that you are entitled to a copy and we have confirmed your identity, we will provide the information subject to any applicable exemptions. If you wish to make the request, please contact us
Right of rectification - You have the right to request that we correct inaccurate personal information concerning you. You can ask us to check if you are unsure.
Right of erasure - In some circumstances you may request we delete your personal information. Note that in many cases we will need to keep limited personal information about you in order to ensure we don’t send you further communications (This is sometimes called the ‘right to be forgotten’).
Right to restrict processing – You may ask for our use of your personal information to be restricted if there is disagreement about its accuracy or legitimate usage.
Right to object - You can ask us not to use your personal information for direct marketing purposes (cash appeals, raffles and fundraising campaigns), or where we are using it on the basis of our legitimate interests or for research or statistical purposes. You may opt-out from email marketing by clicking the ‘unsubscribe’ link in our emails or contact us if you wish to no longer receive marketing communication in the post.
Right to data portability – Where we are processing your personal information by ‘automated means’ and either (i) because we have your consent or (ii) because it is necessary for a contract with you, you may ask us to provide your personal information to you or another service provider in a machine-readable format.
Rights related to automated decision-making – You have certain rights in relation to decisions made solely on the basis of automated processing of your personal information that has legal or similar effects on you (e.g. automated credit checks).
We may ask you for additional information to confirm your identity before disclosing personal information to you.
Please note that these rights may only apply in limited circumstances.
We may need to update this policy from time to time, including to reflect changes in the relevant law or in the way we collect, process and store your data. We will notify you when significant changes will be made to this policy.
If you have any queries relating to this policy, please contact us by email at firstname.lastname@example.org.