Last Updated – 20th of May 2018
- Personal Information We Collect: We collect personal information from you in various ways, for example if you:
- supply personal information when using this Website;
- supply your details in the course of registering support, requesting further information on our activities or an event, or applying for funding from us;
- make a donation through one of our appointed payment processing partners, in which case that partner will process your debit or credit card data and provide us with information about who you are – see ‘Third Party Platforms’ section below. (Note: we do not process or store individuals’ debit or credit card data ourselves);
- attend one of our events;
- apply for or inquire about a career with us;
- sign-up to receive newsletters or email notifications from us; and
- raise a query or issue with us.
The type of personal information we collect includes your name, email address, home (or work) address, phone number and other information relating to you personally which you choose to provide. We may also collect information about your use of our Website (for example, the URL you came from, your browser type and the pages of our Website that were viewed during your visit). For more information on how we do this, please see the section headed ‘Cookies’ below.
- Use of Personal Data We may use your Personal Data for the following purposes:
- providing you with access to our Website and administering or developing our Website;
- fundraising or direct marketing purposes (including seeking donations and/or promoting the Foundation’s work or communications in relation to any event that we may be hosting). Where you have expressly consented to us doing so in accordance with applicable law, we may contact you for these purposes electronically (e.g. email, MMS, SMS or through social media) or by telephone. We may also contact you by post from time to time unless you have told us that you do not want to receive these communications. Note: If you wish to update your Personal Data or opt-out of receiving such communications please get in touch at the address shown in the Contact section below;
- administering any on-going donations or support you provide, or expressions of interest in providing donations or support;
- providing you with news or other information about us or any projects, campaigns or events that we may be involved in or planning;
- dealing with a job application you submit;
- asking you to take part in a survey or research;
- we may occasionally collect and use Personal Data for the purpose of profiling (see below); and
- we may also use your Personal Data for other purposes that you otherwise expressly consent to from time to time.
- Legal Obligations We collect and process your Personal Data in accordance with applicable laws that regulate data protection and privacy. This includes the EU General Data Protection Regulation (2016/679) (‘GDPR’) as well as any national laws intended to implement, supplement, modify or replace the GDPR from time to time and other similar laws that may apply in the territories where we operate and collect or process Personal Data.
- Profiling Please note that we may occasionally obtain and use Personal Data to conduct profiling of certain donors or analyse our donor database. This will help us target communications with our donors in a more focused, efficient and cost-effective way, helping us reduce the chances of donors receiving inappropriate or irrelevant communications. We may also research potential donors for due diligence purposes and to protect our reputation. To do this profiling or research we may cross-check certain Personal Data against reputable public sources (such as a company register or the electoral roll) to get a better understanding of who our donors are although we will only do this in a way that does not unduly intrude on your privacy.
You can object to use of your Personal Data for profiling at any time by contacting us at the address shown in the Contact section below.
We have also contracted with a third party provider, Salesforce.com, Inc (‘Salesforce’) to manage our customer relationship management (‘CRM’) database so your Personal Data may be hosted by Salesforce in the United States. Salesforce is signed up to the EU-US Privacy Shield Framework which means that it is committed to protecting personal data to standards that are equivalent to EU legal principles for data protection and we shall aim to ensure that your data is treated to the same security standards you would expect in your own country. For more information about this, please see – http://www.salesforce.com/company/privacy/.
You should be aware that, in general, legal protection for personal data under applicable law in the United States, Serbia, and other non-EU countries may not be equivalent to the level of protection provided in the EU. However, in all cases, Personal Data will only be disclosed to staff, volunteers, and contractors who are bound to treat Personal Data confidentially and in accordance with privacy standards that reflect this policy and applicable law.
- Children’s Data This Website is intended for use by adults and not children. Please note that if you are an under 18 years of age and use this Website, you must get your parent or legal guardian to consent to the processing of your Personal Data before you provide any personal details to us.
- Security to Protect Personal Data We employ appropriate technical and organisational security measures to protect your Personal Data from being accessed by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. We also endeavour to take all reasonable steps to protect Personal Data from external threats. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of data disclosed or transmitted over public networks.
- Data Retention The criteria we use for the retention of data is based on the purposes that we hold the data for as well as legislative obligations and guidance issued by relevant regulatory authorities (such as the UK Information Commissioners Office (ICO)).
We will retain certain Personal Data in respect of financial transactions for as long as the law requires us to for tax or accounting purposes (which may be up to 6 years after a particular financial transaction). In respect of the holding of Personal Data for fundraising or direct marketing purposes, we will retain this in line with applicable law and guidance of competent regulatory authorities in relevant territories. We will delete Personal Data that is no longer needed by the Foundation or will mark your data as ‘do not contact’ if you tell us you do not wish to be contacted in the future.
The use of some of these cookies is not strictly necessary for this Website to work but it should enable us to provide you with a better browsing experience. Cookies can be deleted or blocked through changing your web browser settings, however some features of the Website may not work as intended and you may not be able to access parts of the Website. The cookie-related information will not be used for identification of individuals personally and data relating to usage patterns on our Website is kept under our control. These cookies will be used for the following purposes:
- to improve Website usability;
- so we can remember your device or computer between successive actions or sessions; and
- to perform anonymous statistical analysis to improve functionality of our Website or any services we offer through the Website.
Our Website also makes use of Google Analytics to store information that you send to the server when using the Website. This data includes IP address geolocation, pages viewed, and documents uploaded, modified or deleted. For more information about Google Analytics and its privacy practices, please see: https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008.
- Third Party Platforms This Website will link to third party websites. For example, if you wish to make a donation to us through the Website, we will direct you to a third party platform, Stripe (https://stripe.com/gb) which is appointed to collect Personal Data on our behalf but which is also subject to its own terms at https://stripe.com/gb/privacy.
See also the above section headed ‘International Transfers’ regarding our data hosting arrangements with Salesforce.
- How we process your Personal Data and on what legal basis
We process your Personal Data relying on one or more of the following lawful grounds:
- where we agree to provide any product and/or service to you, in order to take any pre-contract steps at your request and/or to perform our contractual obligations to you;
- where we need to use your Personal Data for our legitimate interests of being able to promote and operate our Foundation and generally manage its affairs. We will always seek to pursue these legitimate interests in a way that does not unduly infringe on your legal rights and freedoms and, in particular, your right of privacy;
- where you have freely provided your specific, informed and unambiguous consent to us using your Personal Data for particular purposes, such as sending of electronic marketing communications if you are an individual where required by applicable law; and/or
- where we need to collect, process or hold your Personal Data to comply with a legal or regulatory obligation.
- Your Personal Data Rights
Under the GDPR, you have a legal right to request information about the Personal Data that we hold about you, what we use that Personal Data for and who it may be disclosed to, as well as certain other information (called a “subject access request“).
Usually we will have one month to respond to such a subject access request, although in the case of complex requests, we may require a further two months to respond. We reserve our right to reject or charge for administrative time in dealing with any manifestly unreasonable or excessive requests for access.
We may also ask for further information to locate the specific information you seek before we can respond in full and may apply certain legal exemptions to some of the information we disclose when responding to a subject access request.
You also have the following rights, which are exercisable by making a request to us in writing:
- that we correct Personal Data that we hold about you which is inaccurate or incomplete;
- to object to any automated processing (if applicable) that we carry out in relation to your Personal Data, for example if we conduct any automated credit scoring;
- to object to our continued use of your Personal Data for direct marketing;
- that we erase your Personal Data without undue delay and/or to object to and/or to restrict our use of your Personal Data for any purpose unless we have a legitimate reason for continuing to hold or process that data; or
- that we transfer your Personal Data to another party where the Personal Data has been collected with your consent or is being used to perform contract with you and we are processing that data by automated means (i.e. on computer).
All of these requests may be forwarded on to a third party data processor who is involved in the processing of your Personal Data on our behalf.
If you would like to exercise any of the above rights or if you have any concerns about how we use your Personal Data, please contact us at the address in the Contact section below. Please note that you may be required to provide us with appropriate evidence so that we can verify your identity before we can respond.
- Contact If you have further queries or requests relating to how we use Personal Data please contact our data protection manager at firstname.lastname@example.org. If you are not satisfied with our response or believe we are processing your Personal Data other than in accordance with applicable law you can complain to the competent data protection regulatory authority with jurisdiction over the Novak Djokovic Foundation office which has been processing your Personal Data. For example, the Information Commissioner’s Office (ICO) in the United Kingdom— see: https://ico.org.uk/concerns/.