22 Sep 16 06 Sep 18

MSF Ireland Privacy Notice

About this Policy 

At Médecins Sans Frontières we make sure we protect the information you give us.  

References to “we” or “us” are to Médecins Sans Frontières (Charity Registration Number:  20069360).

We collect information that helps us make informed decisions, fundraise more efficiently and give you the best possible experience on our websites and from our communications.

This privacy policy is written in accordance with relevant data protection legislation including the Data Protection Acts 1998 and 2003, ePrivacy Regulations 2011 (S.I. 336 of 2011) and the General Data Protection Regulation (2016). 

This privacy policy sets out how Médecins Sans Frontières collects, uses and stores personal data, including via its website, www.msf.ie and its associated sites, including secure.msf.ie.

When MSF was established in Ireland we made a commitment to match the dedication and versatility of our skilled teams in the field. As part of delivering on that promise we’re continually working to ensure our supporters in Ireland can continue to engage with MSF’s work across the world.

SAM TAYLORdIRECTOR

If you’ve any questions please contact us using the details below. 


When do we collect information about you?

We collect information:

when you give it to us directly
when you give it to us indirectly
when you give it to us via social media
when you use our websites or apps
 
Directly
 
You may give us personal information when you: donate, sign up for one of our events, communicate with us, request a speaker, sign up for email newsletters and leave a comment on our social media accounts.  
 
Indirectly 
 
We may get your personal information via a fundraising organisation or platform (e.g. Just Giving) if you’ve told them that you’re supporting Médecins Sans Frontières and with your consent. Please check their privacy policies when you give them your information.
 
Social media
 
We may get information about you from your social media accounts or services. Facebook and Twitter are examples. We can do this if you’ve set your account settings to give us permission. Please check your settings and their privacy policies for more details.
 
In some cases we hold publicly available information from social media channels (such as social media handles or number of followers) on our social customer relationship management system ‘Prezly’. This provides us with an overview of who drives the conversation on topics that relate to our work. Should we want to reach out to a particular social media handle we would do so using the contact information they have provided publicly. 
 
Our websites and apps 
 
We use “cookies” to help us improve the performance of our websites and campaigns.
Cookies are small text files that websites send to your computer (or phone or tablet). They save and store information about how you use the website. 
 
We use them to give you a tailored experience on our website. They make using our sites faster and easier. For example, when you donate on Médecins Sans Frontières, a cookie helps the site ‘remember’ which kind of donation you’ve chosen as you move through the site.
 
Our website also uses web third-party cookies that allow us to track conversions and activity on our website as well as generate advertisements that appear on Facebook, for example, and other search engines like Google for you and other potential users. Such third party cookies may collect or receive information through your use of our websites to provide advertisements and allow it to create lookalike audiences. We do not collect personal information via these cookies.
 
Find out more on our cookies page
 
If you enter your details onto one of our online donation forms, and you don’t complete the donation, we may contact you via email to see if we can help with any problems you may be experiencing.
 
Similarly if you receive an email, open it, don’t open it, select a link, browse our website, we collect this information so we can see which stories are popular and which aren’t. This data is not used to identify you personally.
What information do we collect?

If you contact us for any reason we'll usually collect your:

name
email
phone number
address
 
When you donate we may also ask for:
 
your bank or credit card details where necessary in accordance with PCI Compliance regulations.
date of birth through our face-to-face fundraising to check you’re over 18.
 
We may also record:
 
Your PPS number if you have sent us a completed and signed CHY Tax Relief Certificate.  
 
When you sign up for a survey or fundraise for us we may also ask:
 
what your interests are e.g. medical interests or countries we work in
which age bracket you’re in
what social media channels you use
 
If you sign up for our Access campaign website your data will be collected by our Geneva office. Please read their policy to find out more about how they look after your data.
How do you we use your information?

We use your data to:

Respond to your enquiries and requests
process and acknowledge your donations
keep a record of your engagement with us
send you updates, marketing and fundraising communications 
understand how we can improve our services and information
analyse our fundraising activity
 
We won’t sell your details to any third parties or other charities. Read our donor promise for more information.
 
How we use your data depends on why you’re providing it:
 
Online forms and feedback
 
We’ll use your personal information to respond to your questions, requests or register you for events.
 
Surveys 
 
We use surveys to understand our supporters, helping us to communicate more effectively.
If you are happy to be involved in future surveys we may ask for your contact information. 
 
Donations
 
We use your information to process and keep a record of your donations. We also use it to claim Tax Relief if you have sent us a CHY Tax Relief Certificate.
 
Direct marketing
 
We use direct marketing to let you know what MSF is doing and how your support makes a difference. We may use it for emergency fundraising or to ask for other support. We will always respect your preferences and endeavour to send you information that you’ll find interesting, in the format you prefer.
 
We may send you direct marketing unless you indicate that you do not want to hear from us this way. We send these communications on the basis of it being within our legitimate interests to do so or if you have consented to receive this. Please see the “Legal Basis for Processing Data” section below for more information on this.
 
The types of marketing that you can expect to receive from Médecins Sans Frontières include:
 
Our ‘Dispatches’ magazine
Email updates 
Emergency appeals
Event or meeting invites
Reports on our operational activities
 
Our email direct marketing has ways to opt out in the footer of each email. You can opt out at any time.
 
If you don’t want to hear from us just let us know on 01 6603337 or at fundraising@dublin.msf.org 
 
Social media
 
We may use publicly available information from your profile to target you with specific posts that may interest you.
 
We’ll never ask for personal or sensitive information on social media. We may repost or share your posts on social media if it relates to MSF and our work.
 
We may respond to questions, queries or comments left on our social media channels. We may use information found on your profile to help us answer these.
 
Check your social media accounts if you want to change the information you make public. 
 
Our websites use sharing buttons which share our web pages to social media platforms. Use these buttons at your own discretion.
 
Social media platforms may track these shares through your accounts.
Who has access to my data?

Trained staff

Your information is only accessible by trained staff, volunteers and contractors. We regularly review who has access to your information.

We carry out comprehensive checks on any contractors before we work with them. 

We always put a contract in place that sets out how staff, volunteers and contractors manage the personal data they collect or have access to. 

Data Processors 

We use other companies to help us manage and store personal data and to carry out certain activities on our behalf.  Our main data processors are listed below, but we may enlist the services of others from time to time: 

  • Valldata – our donation processing partner
  • CARE – our in-house fundraising database
  • Mango – our outbound call centre
  • Voxpro – our inbound call centre
  • Communicator Corporation – our direct e-marketing platform
  • Brightsource – a direct mail partner
  • Fretwell – a direct mail partner
  • Sooner Than Later – a direct mail partner
  • EverGiving  our face-to-face fundraising tool
  • Survey Monkey – surveys and competitions
  • Taleo – Office staff recruitment portal
  • Hero – Field staff recruitment and HR database
  • CPM – our door to door recruitment agency
  • Like Charity – our donor recruitment partner

We may disclose your personal data to third parties, without your consent, when we have to by law, for example to authorised statutory agencies or authorities. 

How do we keep your information safe?

We use appropriate technical and organisational measures and precautions in order to protect your personal data and to prevent the loss, misuse or alteration of your personal data.

We have lots of technical measures e.g. we encrypt our online forms and routinely monitor our network and we use industry standard SSL certificates and PCI compliance.

While we make sure to keep your data safe, no data transmission over the Internet is 100% secure. We cannot guarantee the security of any information you send us and you do so at your own risk.

How long do we keep your information?

We keep your information for as long as it is necessary. E.G. we keep your financial data for at least seven years. 

If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to avoid sending you unwanted materials in the future.

Our legal basis for processing personal data

Organisations need a lawful basis to collect and use personal data under data protection law. The law allows for six ways to process personal data (and additional ways for sensitive personal data). Four of these are relevant to the types of processing that MSF carries out.

This includes information that is processed on the basis of:

(a) A person’s consent (for example to send you direct marketing by e-mail or SMS);
 
(b) Processing that is necessary for compliance with a legal obligation. (For example, the retention of financial records for tax declaration and audit); and 
 
(c) Our legitimate interests (please see below for more information). 
 
Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, as long as its use is fair and does not adversely impact the rights of the individual concerned. Our legitimate interests include:
 
Charity Governance, including delivery of our charitable purposes, statutory and financial reporting and other regulatory compliance purposes;
 
Administration and operational management, including responding to solicited enquires, providing information and services, research, events management, the administration of volunteers and employment and recruitment requirements. 
 
Fundraising and Campaigning, including administering campaigns and donations, and sending direct marketing and thank you letters by post or email. 
 
If you would like to change our use of your personal data in this manner, please get in touch with us using the details below. 
How do I change my information and can I access it?

Contact us at fundraising@dublin.msf.org or 01 6603337 if you would like to update your personal information and/or change your contact preferences.

You have a number of rights under data protection legislation: 
 
You can request the personal data we hold on you. Email us at fundraising@dublin.msf.org.  and ask for it in writing. We will supply any information you ask for as soon as possible, but this may take up to 30 days.  You may be asked for proof of identity.
 
You have the right to ask us to stop using or to restrict the processing of your personal data in certain cases, for example where it is not needed to do what you provided it to us for, or if there is some disagreement about its accuracy or legitimate use.
 
You can withdraw your consent to us processing your data at any time (where such processing is based on consent e.g. to send you electronic direct marketing).
 
If you believe our records are inaccurate you have the right to ask for those records concerning you to be updated. To update your records please get in touch with us using the details above.
 
In some cases, you have the right to be forgotten (i.e. to have your personal data deleted from our database), or transferred to another organisation (“data portability”). Where you have requested that we do not send you marketing materials we will need to keep some limited information in order to ensure that you are not contacted in the future.
 
Sam Taylor is our data protection lead. You can contact him if you’ve any queries about data protection.
 
If you have any concerns about the way your data is being used or if you’d like to make a complaint please contact us using the details above. You are also entitled to make a complaint to the Data Protection Commissioner. 
When do you update this notice?

We change this Privacy Notice when we need to.  If we make any significant changes in the way we treat your personal information we’ll make this clear on our websites or by contacting you directly.

This privacy notice was prepared to be as comprehensive as possible, but it does not include an exhaustive list of every aspect of our collection and use of personal information. However, we would be happy to provide any further information or explanation about our practices. 

If you’ve any questions, comments or suggestions, please let us know by contacting us.