Log in

DATA PROTECTION POLICY & LEGAL ADVICE

 
It is important to us that you understand and are happy with how we use your information. Please take time to read this policy in full.
 

1. Identity and contact details of the Data Controller

1.1. FundAction is the Data Controller. 

1.2. The Data Controller can be contacted via hello@fundaction.eu.

1.3. FundAction is registered as a foundation (stichting) in the Netherlands. 

 

2. Data Subjects

2.1. This Privacy Policy applies to all persons whose personal data is held by FundAction.


3. Purpose of the processing and the lawful basis for the processing

3.1. FundAction will only hold and process personal data on bases which are lawful.

3.2. The same personal data may be held and processed for different purposes and, therefore, under different lawful bases.

3.3. The lawful bases and purposes under which personal data may be processed by FundAction are as follows.

3.3.1. Legal Obligation {LO}

FundAction holds and processes personal data, to enable the FundAction to comply with relevant legislation. Data held under legal obligation will only be processed for the relevant purposes as is required by law and will only be shared with other organisations as is allowed by law and which are compliant with the General Data Protection Regulation (GDPR). This will include the sharing of personal data which are, by law, destined for the public domain.

3.3.2. Legitimate Interest {LI}

FundAction legitimately needs to hold the personal data for the purpose of administering FundAction efficiently, effectively and economically in pursuit of its charitable purposes. This will include, but is not limited to, the communication of information relevant to the governance and administration of FundAction such as between the FundAction community and decision-making body (Board, known as Facilitation Group), between applicants and grantees, and the sharing of knowledge and expertise between applicants, grantees, the FundAction community and decision-making body (Board, known as Facilitation Group) specifically to further the legitimate interests of FundAction.

3.3.3. Subject Consent {SC}

FundAction may, subject to consent, use personal data to keep data subjects informed of the wider activities of FundAction, particularly those in which they have special experience and/or expertise or in which they have expressed a particular interest. This will include providing them with information relating to any networking activities which FundAction undertakes (eg via email). Their personal data will also be used to ensure that any activities for which they are required, or are invited, to participate in are appropriately tailored to any specific needs that they have. FundAction will not share personal data with any other individual, group or organisation for any purpose other than those which are directly related to the activities and charitable purposes of FundAction.

 

.

4. Data subject rights

4.1. The right to withdraw consent at any time

Data subjects have the right to withdraw consent for the by FundAction’s use of their personal data which has been provided with consent for use by FundAction for promoting its general activities and purposes. They do not have the right to withdraw consent for FundAction’s use of their personal data when the lawful basis for FundAction holding and processing the data is either “Legal Obligation” or “Legitimate Interest”.

4.2. The right to require the erasure of personal data (right to be forgotten)

Data subjects have the right to require FundAction to erase any or all of their personal data which is held by FundAction for processing on the lawful basis of Legitimate Interest or Subject Consent. They do not have the right to require FundAction to erase any of their personal data held by FundAction when FundAction’s lawful basis for holding and processing the data is “Legal Obligation”.

4.3. The right to restrict processing

Data Subjects have the right to require FundAction to stop processing their data if they reasonably believe that there are significant inaccuracies in the data that FundAction holds or that the way in which FundAction processes their data produces inaccurate results.

4.4. The right to portability

Data Subjects have the right to require FundAction to provide them with a printed or computer-readable copy (ie: in a standard format which will allow the data to be transferred to another computer) of their personal data that FundAction holds for processing on the basis of Legitimate Interest.

 

5. The legitimate interests of the controller or third party, where applicable

5.1. Legitimate interests of the Controller

The legitimate interests of the Controller are:

  1. To ensure that the human resources available to FundAction– both volunteers (including interns, donors, board members) and staff (employees, freelancers) – are used effectively, efficiently and economically to pursue the purposes of the FundAction for the public benefit;
  2. To promote and facilitate communication, cooperation and the sharing of experience and expertise between grantees, other volunteers, staff, funders and donors.

5.2. Legitimate interest of third parties

The legitimate interests of third parties (eg webhosts, service providers, etc.) are to ensure that the interests and well-being of the Data Subject are properly met when FundAction activities are carried out by the third party.

5.3. Any recipient or categories of recipients of the personal data

FundAction may share Data Subjects’ personal data:

5.3.1. with the national tax office), the Police, local authorities, the Courts and any other central or local government bodies where they request it and we may lawfully disclose it.

5.3.2. with FundAction’s professional advisors (eg: our lawyers, accountants) when they need it to provide appropriate advice on FundAction’s activities.

5.3.3. where we are legally obliged to do so, eg: to comply with a court order.

5.3.4. with service providers that help facilitate payment processes.

5.4. Retention period or criteria used to determine the retention period:

5.4.1. Data Subject’s personal data processed on the basis of Legal Obligation are retained for the prevailing statutory period (currently 10 years).

5.4.2. Data Subjects’ personal data processed on the basis of Subject Consent are retained for a period of time specified in advance to the Data Subject.

 

6. Details of transfers to third country and safeguards

6.1. FundAction does not transfer any personal data to third countries and/or safeguards.


7. The existence of each of data subject’s rights

7.1. Data subjects have all the data subject rights, as prescribed by the General Data Protection Regulation, namely the rights: 

  1. to be informed about the personal data held by the Data Controller on behalf of FundAction, the purpose(s) for which they are held; the manner in which they are processed; the recipients (if any) of the data;
  2. to be given access to their personal data;
  3. to request the erasure of their personal data;
  4. to withdraw consent (where given) for their personal data to be processed;
  5. to rectification – the correction of any error in the data and/or the completion of any incomplete data;
  6. to restrict processing – where they have legitimate justifiable concerns about the accuracy, validity or legality of data held by FundAction or the way in which the data are being processed. Data processing may be resumed once either the cause(s) of the concern has(have) been rectified or their concerns are demonstrated to be unjustified.
  7. to object to processing – where they have reasonable grounds relating to their impact on your particular circumstances and where the legal basis of the processing is Public Task or Legitimate Interest. However, the processing of their data can be resumed if the Data Controller can demonstrate compelling legitimate grounds for the processing which override their interests, rights and freedoms, or for the establishment, exercise or defence of legal claims;


8. The source the personal data originates from and whether it came from publicly accessible sources

8.1. Personal data may be obtained directly from the data subject or from publicly accessible sources.

8.2. Where personal data is not obtained directly from the Data Subject, due diligence will be undertaken to ensure that the source of the data complies with relevant data protection legislation.


9. The right to lodge a complaint with a supervisory authority

9.1. Data subjects have the right to lodge a complaint with their local data protection office/supervisory authority within the European Union if they are dissatisfied with the way that the FundAction collective is collecting, holding, processing and using their personal data and they feel that their reasonable attempts to raise the issues and get them addressed have failed.

10. Is personal information secure? 

10.1. FundAction takes the security of personal information very seriously.

10.2. FundAction complies with the relevant prevailing legislation which requires us to have in place appropriate security measures at all times, including where we share your information with others.


11. What additional information is collected and when? 

11.1. In addition to the information collected in relation to the application and selection processes, the FundAction collective holds and processes data for the purpose of managing our obligations and legitimate interests. We also collect and hold:
 
11.2. All information submitted to us when Data Subjects communicate with us by post, email, messaging, or other form based on audio-visual materials (eg: photographs, sound files, video) or text-based communication, whether physical (eg: ink & paper) or electronic.
 
11.3. Copies of any notes that we take, whether physical (eg: ink & paper) or electronic, during verbal communications between us (eg: telephone; Whatsapp®; Zoom®, etc.).
 
11.4. Information on what we communicate to Data Subjects by post, e-mail, messaging, or other form of image-based or text-based communication whether physical (eg: ink & paper) or electronic, including information in all ancillary materials (eg: attachments, images, brochures).

12. Updates to this policy

12.1. This policy will be updated from time to time as our services change.
 
12.2. We will endeavour to tell Data Subjects in advance by sending a service message to them if we hold their email address. Otherwise, they are advised to please check the The FundAction collective website for notifications of significant changes to this policy.
 

12.3. If Data Subjects do not notify us that you wish the information that we hold on you to be deleted (ie: to have no further contact with us) we will take it that they accept the changes.


13. Cooky Policy

13.1. FundAction.eu uses session cookies to track website traffic. There may be cookies enabled by providers to process donations (e.g. Stripe) courses (Coursera, etc) and other activities for which they are required to meet your needs.

13.2. You have the option to allow, block or delete cookies installed on your computer by configuring the settings of the browser installed on your computer. By disabling cookies, some of the services available may no longer be operational. The way to disable cookies is different for each browser, but can usually be done from the Tools or Options menu. You can allow, block or delete cookies installed on your computer by configuring the browser options installed on your computer. You can manage the storage of cookies in your browser through tools such as Ghostery: www.ghostery.com/ or www.youronlinechoices.com/es/, as well as in the following browsers.


14. Intellectual and industrial property under creative commons licenses

14.1. The contents of this website are licensed *Creative *Commons *BY-SA 3.0. This means that you are free to share (copy and redistribute the material in any medium and format) and adapt (remix, transform and create from the material) but only under the following terms:

Acknowledgement: You must acknowledge authorship appropriately and mention FundAction as the author, as well as provide the link to the license and indicate if you have made any changes. You may do this in any reasonable way, but not in a way that suggests that the licensee, i.e. FundAction, endorses or sponsors your use.

Share-Alike: If you remix, transform, or build upon the material, you must disseminate your creations under the same license as the original work. The license does not authorize the use of other aspects such as publicity, privacy, or moral rights.

14.2. In the event that a user or third party considers that there has been a violation of their legitimate intellectual property rights by the introduction of certain content on the website, they must notify FundAction of this circumstance.


15. Terms and conditions of use

15.1. FundAction.eu takes the necessary measures to ensure the security, integrity, and confidentiality of data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

15.2. The users declare that all the data provided by them are true and correct, and undertake to keep them updated, communicating any changes to FundAction.