DATA PROTECTION POLICY & LEGAL ADVICE

 
It is important to us that you understand and are happy with how we use your information. Please take time to read this policy in full.
 

1. Identity and contact details of the Data Controller

1.1. The FundAction collective is the Data Controller. For the FundAction collective, the data will be processed by the members of the Facilitation Group (coordination team). The members of he FundAction Facilitation Group are the Data Processors.

1.2. The Data Controller and the Data Processors (FundAction Facilitation Group) can be contacted via hello@fundaction.eu.

1.3. The FundAction collective is in a transition process to establish itself as a Foundation (FundAction Stichting), registered in the Netherlands. As soon as the registration is complete, this Privacy Policy will be updated with the new legal and contact information of the Data Controller and Data Processors.

1.4. Until the registration of the FundAction collective as a Foundation (FundAction Stichting) in the Netherlands, the FundAction collective is not actively collecting or processing any personal data. Persons can send a communication to the FundAction collective via hello@fundaction.eu. These communications are stored by the FundAction collective. The FundAction collective will not share personal data with any other individual, group or organisation for any purpose other than those which are directly related to the activities and charitable purposes of the FundAction Collective.

2. Data Subjects

This Privacy Policy applies to all persons whose personal data is held by FundAction.

3. Purpose of the processing and the lawful basis for the processing

3.1. The FundAction collective will only hold and process personal data on bases which are lawful.

3.2. The same personal data may be held and processed for different purposes and, therefore, under different lawful bases.

3.3. The lawful bases and purposes under which personal data may be processed by the FundAction collective are as follows.

3.3.1. Legal Obligation {LO}
The FundAction collective holds and processes personal data to enable the FundAction collective to comply with relevant legislation. Data held under legal obligation will only be processed for the relevant purposes as is required by law and will only be shared with other organisations as is allowed by law and which are compliant with the General Data Protection Regulation (GDPR). This will include the sharing of personal data which are, by law, destined for the public domain.

3.3.2. Legitimate Interest {LI}
The FundAction collective legitimately needs to hold the personal data for the purpose of administering the FundAction collective efficiently, effectively and economically in pursuit of its charitable purposes. This will include, but is not limited to, the communication of information relevant to the governance and administration of the FundAction collective and between Facilitation Group members, applicants and grantees, and the sharing of knowledge and expertise between applicants, grantees and Facilitation Group and external consultants hired by the Facilitation Group, specifically to further the legitimate interests of the FundAction collective.

3.3.3. Subject Consent {SC}
The FundAction collective may, subject to consent, use personal data to keep data subjects informed of the wider activities of the FundAction Collective, particularly those in which they have special experience and/or expertise or in which they have expressed a particular interest. This will include providing them with information relating to any networking activities which the FundAction collective undertakes (eg via email). Their personal data will also be used to ensure that any activities for which they are required, or are invited, to participate in are appropriately tailored to any specific needs that they have. The FundAction collective will not share personal data with any other individual, group or organisation for any purpose other than those which are directly related to the activities and charitable purposes of the FundAction Collective.

3.3.4. The right to withdraw consent at any time
Data subjects have the right to withdraw consent for the FundAction Collective’s use of their personal data which has been provided with consent for use by the FundAction collective for promoting its general activities and purposes. They do not have the right to withdraw consent for the FundAction Collective’s use of their personal data when the lawful basis for the FundAction collective holding and processing the data is either “Legal Obligation” or “Legitimate Interest”.

3.3.5. The right to require the erasure of personal data (right to be forgotten)
Data subjects have the right to require the FundAction collective to erase any or all of their personal data which is held by the FundAction collective for processing on the lawful basis of Legitimate Interest or Subject Consent. They do not have the right to require the FundAction collective to erase any of their personal data held by the FundAction collective when the FundAction Collective’s lawful basis for holding and processing the data is “Legal Obligation”.

3.3.6. The right to restrict processing
Data Subjects have the right to require the FundAction collective to stop processing their data if they reasonably believe that there are significant inaccuracies in the data that the FundAction collective holds or that the way in which the FundAction collective processes their data produces inaccurate results.

3.3.7. The right to portability
Data Subjects have the right to require the FundAction collective to provide them with a printed or computer-readable copy (ie: in a standard format which will allow the data to be transferred to another computer) of their personal data that the FundAction collective holds for processing on the basis of Legitimate Interest.
.

4. The legitimate interests of the controller or third party, where applicable

4.1. Legitimate interests of the Controller

The legitimate interests of the Controller are:
To ensure that the human resources available to the FundAction collective– both volunteers (including interns, donors, board members) and staff (employees, freelancers) – are used effectively, efficiently and economically to pursue the purposes of the FundAction collective for the public benefit;

To promote and facilitate communication, cooperation and the sharing of experience and expertise between grantees, other volunteers, staff, funders and donors.

4.2. Legitimate interest of third parties
The legitimate interests of third parties (eg webhosts, service providers, etc.) are to ensure that the interests and well-being of the Data Subject are properly met when FundAction collective activities are carried out by the third party.

4.3. Any recipient or categories of recipients of the personal data
The FundAction collective may share Data Subjects’ personal data:

4.3.1. with the a European tax office,, the Police, local authorities, the Courts and any other central or local government bodies where they request it and we may lawfully disclose it.

4.3.2. with FundAction Collective’s professional advisors (eg: our lawyers, accountants) when they need it to provide appropriate advice on FundAction Collective’s activities.

4.3.3. where we are legally obliged to do so, eg: to comply with a court order.

4.3.4. with other people who make a reasonable subject access request to us, provided that we are allowed to do so by law.

4.3.5. with service providers that help facilitate payment processes.

4.4. Retention period or criteria used to determine the retention period:

4.4.1. Data Subject’s personal data processed on the basis of Legal Obligation are retained for the prevailing statutory period (currently 10 years).
4.4.2. Data Subjects’ personal data processed on the basis of Subject Consent are retained for a period of time specified in advance to the Data Subject.

5. Details of transfers to third countries and safeguards

5.1. The FundAction collective does not transfer any personal data to third countries and/or safeguards.


 6. The existence of each of the data subject’s rights

6.1. Data subjects have all the data subject rights, as prescribed by the General Data Protection Regulation, namely the rights:
– to be informed about the personal data held by the Data Controller on behalf of the FundAction Collective, the purpose(s) for which they are held; the manner in which they are processed; the recipients (if any) of the data;
– to be given access to their personal data;
– to request the erasure of their personal data;
– to withdraw consent (where given) for their personal data to be processed;
. to rectification – the correction of any error in the data and/or the completion of any incomplete data;
– to restrict processing – where they have legitimate justifiable concerns about the accuracy, validity or legality of data held by the FundAction collective or the way in which the data are being processed. Data processing may be resumed once either the cause(s) of the concern has(have) been rectified or their concerns are demonstrated to be unjustified.
– to object to processing – where they have reasonable grounds relating to their impact on your particular circumstances and where the legal basis of the processing is a Public Task or Legitimate Interest. However, the processing of their data can be resumed if the Data Controller can demonstrate compelling legitimate grounds for the processing which override their interests, rights and freedoms, or for the establishment, exercise or defence of legal claims;

If you request a password reset, your IP address will be included in the reset email.

 7. The source the personal data originates from and whether it came from publicly accessible sourceslong we retain your data

7.1. Personal data may be obtained directly from the data subject or from publicly accessible sources.

7.2. Where personal data is not obtained directly from the Data Subject, due diligence will be undertaken to ensure that the source of the data complies with relevant data protection legislation. and approve any follow-up comments automatically instead of holding them in a moderation queue.


8. The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences.

 8.1. The FundAction collective uses automated decision making software in the processing of personal data (Activist Digitizer and Application Manager – A.D.A.M). The software was created by the FundAction collective and will only be used by the FundAction collective staff and decision making body (i.e. FundAction facilitation group and Board). This Privacy Policy applies to the use of A.D.A.M, next to the Terms of Use.

8.2. The FundAction collection does not make personal data available to any other organisation for purposes of automated decision making, including profiling and information about how decisions are made.

9. The right to lodge a complaint with a supervisory authority 

9.1. Data subjects have the right to lodge a complaint with their local data protection office/supervisory authority within the European Union if they are dissatisfied with the way that the FundAction collective is collecting, holding, processing and using their personal data and they feel that their reasonable attempts to raise the issues and get them addressed have failed.

10  Is personal information secure? 

10.1. The FundAction collective takes the security of personal information very seriously.

10.2. The FundAction collective complies with the relevant prevailing legislation which requires us to have in place appropriate security measures at all times, including where we share your information with others.

11. What additional information is collected and when? 

11.1. In addition to the information collected in relation to the application and selection processes, the FundAction collective holds and processes data for the purpose of managing our obligations and legitimate interests. We also collect and hold:
 
11.2. All information submitted to us when Data Subjects communicate with us by post, email, messaging, or other form based on audio-visual materials (eg: photographs, sound files, video) or text-based communication, whether physical (eg: ink & paper) or electronic.
 
11.3. Copies of any notes that we take, whether physical (eg: ink & paper) or electronic, during verbal communications between us (eg: telephone; Whatsapp®; Zoom®, etc.).
 
11.4. Information on what we communicate to Data Subjects by post, e-mail, messaging, or other form of image-based or text-based communication whether physical (eg: ink & paper) or electronic, including information in all ancillary materials (eg: attachments, images, brochures).

12. Updates to this policy 

12.1. This policy will be updated from time to time as our services change.
 
12.2. We will endeavour to tell Data Subjects in advance by sending a service message to them if we hold their email address. Otherwise, they are advised to please check the The FundAction collective website for notifications of significant changes to this policy.
 

12.3. If Data Subjects do not notify us that you wish the information that we hold on you to be deleted (ie: to have no further contact with us) we will take it that they accept the changes.

Legal Advice

 

FundAction.eu uses session cookies to track website traffic. There may be cookies enabled by providers to process donations (e.g. Stripe) courses (Coursera, etc) and other activities for which they are required to meet your needs.
 

You have the option to allow, block or delete cookies installed on your computer by configuring the settings of the browser installed on your computer. By disabling cookies, some of the services available may no longer be operational. The way to disable cookies is different for each browser, but can usually be done from the Tools or Options menu. You can allow, block or delete cookies installed on your computer by configuring the browser options installed on your computer. You can manage the storage of cookies in your browser through tools such as Ghostery: www.ghostery.com/ or www.youronlinechoices.com/es/, as well as in the following browsers

13. Intellectual and industrial property under Creative Commons Licences x

The contents of this website are licensed *Creative *Commons *BY-SA 3.0. This means that you are free to share (copy and redistribute the material in any medium and format) and adapt (remix, transform and create from the material) but only under the following terms:

Acknowledgement: You must acknowledge authorship appropriately and mention FundAction as the author, as well as provide the link to the license and indicate if you have made any changes. You may do this in any reasonable way, but not in a way that suggests that the licensee, i.e. FundAction, endorses or sponsors your use.
Share-Alike: If you remix, transform, or build upon the material, you must disseminate your creations under the same license as the original work. The license does not authorize the use of other aspects such as publicity, privacy, or moral rights.

In the event that a user or third party considers that there has been a violation of their legitimate intellectual property rights by the introduction of certain content on the website, they must notify FundACtion of this circumstance.

14. Terms & Conditions

FundAction.eu takes the necessary measures to ensure the security, integrity, and confidentiality of data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

The users declare that all the data provided by them are true and correct, and undertake to keep them updated, communicating any changes to FundAction