As a membership based association dedicated to serving fundraising associations and the wider fundraising community across Europe, we understand the importance of maintaining your privacy, keeping your personal information secure and complying with data protection laws.
This policy describes what personal information we may collect from you, why and how we use this information, and the practices we maintain to ensure the integrity of your data.
- Legal framework – privacy legislation
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”); and
- all other applicable legislation regarding the protection of privacy and the processing of personal data;
- Purpose for collecting personal data and legal basis
- achieve its purpose and exercise its activities and services to its members as foreseen in our statutes; and/or
- send out alerts on new documents and studies, updates, newsletters, info brochures, emails, marketing materials, invitations to events such as conferences (e.g. the annual EFA Skillshare), exhibitions, launches, seminars and workshops and other information that may be useful to its members/affiliates and to others where they have given consent or it is in the legitimate interest to do this; and/or
- better understand its members’ needs and preferences in order to adjust its services hereto; and/or
- execute contract(s); and/or
- it is legally obliged to process the data or if it is necessary in the public interest.
For EFA members/affiliates, this means that in the context of your membership (contractual basis), we hold and process personal data mainly for the purposes of:
- managing your membership; and/or
- sending information we reasonably believe may be of interest to you; and/or
- seeking information from you, your organisation and your views on the priorities and services you would like us to provide to you.
For subscribers of Fundraising Europe, we hold and process personal data mainly for the purposes of:
- distributing the newsletter and relevant EFA updates; and/or
- monitoring readership of the newsletter and/or the use of EFA’s website for general statistical purposes.
For project implementation purposes (contractual basis), we will also hold and process data of persons engaged in concrete projects. We may also collect personal data of non-members if we manage your participation in an event or other activity of ours.
- Personal data
The personal data EFA can process are, amongst others, but not limited to: first name, last name, contact information (including email address, phone number, photograph, function within your organisation), payment information you have provided in the context of membership or event registrations.We also process relevant information about the use of our websites or apps. For example, an IP address, the version of the operating system and settings of the device used to visit the website, as well as data on the use of the website, such as the time of the web visit, searches used within the sites and the topics that are being viewed.
- Transfer of personal data to third parties
- EFA never sells personal data to third parties. We can disclose personal information with data processors, these are suppliers who process personal data on our behalf. We also use data applications from suppliers, who might have access to personal data. In all cases we ensure that suppliers offer sufficient guarantees for data protection and security.
- EFA may use the following service providers to process and store your data:
- Data retention
EFA will process and store the relevant personal data for the duration of your membership, or the use of our services and/or for the duration of the business (contractual) relationship. EFA may also store the data for as long as it is necessary or required in order to fulfil legal or contractual obligations and/ or for defence against legal claims, and in general where we have a legitimate interest for doing so.
- Your rights
Privacy legislation provides you with the following rights in relation to your personal data:
7.1 to have access to and receive a copy of your personal data;
7.2 to have your personal data corrected in case errors occur;
7.3 to have your personal data erased in case:
- your personal data are no longer necessary to achieve the purpose;
- you withdraw your consent and there is no other legal ground for the processing of the personal data;
- you object to the processing of the personal data and there is no other legal ground for the processing of the personal data;
- the personal data have been unlawfully processed;
- there is a legal obligation to erase the personal data;
7.4 to have the processing of your personal data restricted;
7.5 to have your personal data transferred to a third party (transferability);
7.6 to object against the processing of your personal data;
7.7 to withdraw your consent to process your personal data;
7.8 to lodge a complaint with the Commission for the Protection of Privacy (“Privacy Commission”) if you are of the opinion that the processing of your personal data breaches the Privacy Legislation.
In case you wish to exercise the above rights, and provided you prove your identity, you can send a written, dated and signed request by email to firstname.lastname@example.org or by post to:
European Fundraising Association (EFA), James Wattstraat 100, NL-1097 DM Amsterdam, Netherlands.
EFA cannot always honour these requests. For example, if you are or have been an EFA member, the tax authorities require that we keep financial contract data for 7 years. And when you ask us not to approach you with (targeted) advertising we have to remember your name to be able to exclude you from our future campaigns. If we cannot delete you from our database, we will always provide you with our justification.
In addition you have the right to make a complaint with the local supervisory authority with respect to the way EFA is processing your personal data or the way EFA is handling your rights.
EFA takes appropriate technical and organisational measures to protect personal data against unauthorised access, loss or any other form of unlawful processing. Employees only have access to personal data when this is necessary for the performance of their job/ tasks. In the processing of personal data and the provision of its services, EFA can contract suppliers. Suppliers are contractually obliged to take equivalent technical and organisational security measures.
The cookies on our website monitor web usage for general statistical purposes, for the purposes of enabling us to understand how people use our site and to improve the user experience. None of the information we gather in this way is used to identify any individual who visits the site.
- Third Party Links
Our website may contain links to other websites provided by third parties not under our control. When following a link and providing information to a third-party website, please be aware that we are not responsible for the data provided to that third party. Therefore, when you click on a link posted on EFA’s website, you are encouraged to read their own privacy policies.
- Changes to this privacy notice