Last Updated – 17 June 2017
- Personal Information We Collect We collect personal information from you in various ways, for example if you:
- supply personal information when using this Website;
- supply your details in the course of registering support, requesting further information on our activities or an event, or applying for funding from us;
- make a donation through one of our appointed payment processing partners, in which case that partner will process your debit or credit card data and provide us with information about who you are – see ‘Third Party Platforms’ section below. (Note: we do not process or store individuals’ debit or credit card data ourselves);
- attend one of our events;
- apply for or enquire about a career with us;
- sign-up to receive newsletters or email notifications from us; and
- raise a query or issue with us.
The type of personal information we collect includes your name, email address, home (or work) address, phone number and other information relating to you personally which you choose to provide. We may also collect information about your use of our Website (for example, the URL you came from, your browser type and the pages of our Website that were viewed during your visit). For more information on how we do this, please see the section headed ‘Cookies’ below.
- Use of Personal Data We may use your Personal Data for the following purposes:
- providing you with access to our Website and administering or developing our Website;
- fundraising or direct marketing purposes (including seeking donations and/or promoting the Foundation’s work or communications in relation to any event that we may be hosting). Where you have expressly consented to us doing so in accordance with applicable law, we may contact you for these purposes electronically (e.g. email, MMS, SMS or through social media) or by telephone. We may also contact you by post from time to time, unless you have told us that you do not want to receive these communications. Note: If you wish to update your Personal Data or opt-out of receiving such communications please get in touch at the address shown in the Contact section below.
- administering any on-going donations or support you provide, or expressions of interest in providing donations or support;
- providing you with news or other information about us or any projects, campaigns or events that we may be involved in or planning;
- asking you to take part in a survey or research; and
- we may occasionally use Personal Data for the purpose of profiling (see below).
We may also use your Personal Data for other purposes that you expressly consent to from time to time.
- Legal Obligations We collect and process your Personal Data in accordance with applicable laws that regulate data protection and privacy. This includes national laws implementing the EU Data Protection Directive (95/46/EC) and from 25 May 2018 the EU General Data Protection Regulation (2016/679) and other comparable laws that may apply in the territories where we operate and collect or process Personal Data.
- Profiling Please note that we may occasionally use Personal Data to conduct profiling of certain donors or analyse our donor database. This will help us target communications with our donors in a more focused, efficient and cost effective way, helping us reduce the chances of donors receiving inappropriate or irrelevant communications. To do this profiling we may cross-check certain Personal Data against public sources (such as a company register or the electoral roll) to get a better understanding of who our donors are. You can object to such use of your Personal Data for profiling at any time by contacting us at the address shown in the Contact section below.
We have also contracted with a third party provider, Salesforce.com, Inc (‘Salesforce’) to manage our customer relationship management (‘CRM’) database so your Personal Data may be hosted by Salesforce in the United States. Salesforce is signed up to the EU-US Privacy Shield Framework which means that it is committed to protecting personal data to standards that are equivalent to EU legal principles for data protection and we shall aim to ensure that your data is treated to the same security standards you would expect in your own country. For more information about this, please see – http://www.salesforce.com/company/privacy/.
You should be aware that, in general, legal protection for personal data under applicable law in the United States, Serbia and other non EU countries may not be equivalent to the level of protection provided in the EU. However, in all cases, Personal Data will only be disclosed to staff, volunteers and contractors who are bound to treat Personal Data confidentially and in accordance with privacy standards that reflect this policy and applicable law.
- Children’s Data This Website is intended for use by adults and not children. Please note that if you are a under 18 years of age and use this Website, you must get your parent or legal guardian to consent to the processing of your Personal Data before you provide any personal details to us.
- Your Access Rights In accordance with your legal rights under applicable law, you can request to information about the Personal Data that we collect about you, what we use that Personal Data for and who it may be disclosed to. Please write to our data protection officer at the email address in the ‘Contact’ section below. Where applicable law allows, we may request a fee to cover our administrative expenses in responding and may also require further information to verify your identity or locate the specific information you seek before we can respond in full.
- Security to Protect Personal Data We employ appropriate technical and organisational security measures to protect your Personal Data from being accessed by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. We also endeavour to take all reasonable steps to protect Personal Data from external threats. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of data disclosed or transmitted over public networks.
- Data Retention We will retain certain Personal Data in respect of financial transactions for as long as the law requires us to for tax or accounting purposes (which may be up to 6 years after a particular financial transaction). In respect of the holding of Personal Data for fundraising or direct marketing purposes, we will retain this in line with applicable law and guidance of competent regulatory authorities in relevant territories. We will delete Personal Data that is no longer needed by the Foundation or will mark your data as ‘do not contact’ if you tell us you do not wish to be contacted in the future.
The use of some of these cookies is not strictly necessary for this Website to work but it should enable us to provide you with a better browsing experience. Cookies can be deleted or blocked through changing your web browser settings, however some features of the Website may not work as intended and you may not be able to access parts of the Website. The cookie-related information will not be used for identification of individuals personally and data relating to usage patterns on our Website is kept under our control. These cookies will be used for the following purposes:
- to improve Website usability;
- so we can remember your device or computer between successive actions or sessions; and
- to perform anonymous statistical analysis to improve functionality of our Website or any services we offer through the Website.
Our Website also makes use of Google Analytics to store information that you send to the server when using the Website. This data includes IP address geolocation, pages viewed, and documents uploaded, modified or deleted. For more information about Google Analytics and its privacy practices, please see: https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008.
- Third Party Platforms This Website will link to third party websites. For example, if you wish to make a donation to us through the Website, we will direct you to a third party platform, Stripe (https://stripe.com/gb) which is appointed to collect Personal Data on our behalf but which is also subject to its own terms at https://stripe.com/gb/privacy.
See also the above section headed ‘International Transfers’ regarding our data hosting arrangements with Salesforce.
- Contact If you have further queries or requests relating to how we use Personal Data please contact our data protection officer at firstname.lastname@example.org. If you are not satisfied with our response or believe we are processing your Personal Data other than in accordance with applicable law you can complain to the competent data protection regulatory authority with jurisdiction over the Novak Djokovic Foundation office which has been processing your Personal Data. For example, the Information Commissioner’s Office (ICO) in the United Kingdom.