Novak Djokovic Foundation – Privacy Policy

 

Last Updated – 7th of December 2020

  1. Our commitment to Privacy: This privacy policy (‘Privacy Policy’) sets out how the Novak Djokovic Foundation (being The Novak Djokovic Foundation (UK) Limited and ‘Novak Djokovic Foundation’ entities in other parts of the world, identified from time to time on our website at https://novakdjokovicfoundation.org(‘Website’), to the extent that those entities are themselves responsible for collecting and processing personal information) (‘we’, ‘us’ or ‘our’ being interpreted accordingly) use and protect the personal information about you that we collect or you provide, whether through this Website or by other means.
  2. Changes to our Privacy Policy: We may modify this Privacy Policy at any time so please check that you have seen the latest version. We will aim to post changes to the practices outlined in this Privacy Policy at least 30 days prior to them being implemented. You should also check any other user terms that apply to your use of this Website from time to time.
  3. Personal Information We Collect: We collect personal information from you in various ways, for example, if you:
    1. supply personal information when using this Website;
    2. supply your details in the course of registering support, requesting further information on our activities or an event, or applying for funding from us;
    3. make a donation through one of our appointed payment processing partners, in which case that partner will process your debit or credit card data and provide us with information about who you are – see ‘Third Party Platforms’ section below. (Note: we do not process or store individuals’ debit or credit card data ourselves);
    4. attend one of our events;
    5. apply for or inquire about a career with us;
    6. sign-up to receive newsletters or email notifications from us; and
    7. raise a query or issue with us.

The type of personal information we collect includes your name, email address, home (or work) address, phone number and other information relating to you personally which you choose to provide. We may also collect information about your use of our Website (for example, the URL you came from, your browser type and the pages of our Website that were viewed during your visit). For more information on how we do this, please see the section headed ‘Cookies’ below.

Such personal information is referred to in this Privacy Policy as ‘Personal Data.’

  1. Use of Personal DataWe may use your Personal Data for the following purposes:
    1. providing you with access to our Website and administering or developing our Website;
    2. fundraising or direct marketing purposes (including seeking donations and/or promoting the Foundation’s work or communications in relation to any event that we may be hosting). Where you have expressly consented to us doing so in accordance with applicable law, we may contact you for these purposes electronically (e.g. email, MMS, SMS or through social media) or by telephone. We may also contact you by post from time to time unless you have told us that you do not want to receive these communications. Note: If you wish to update your Personal Data or opt-out of receiving such communications please get in touch at the address shown in the Contact section below;
    3. administering any on-going donations or support you provide, or expressions of interest in providing donations or support;
    4. providing you with news or other information about us or any projects, campaigns or events that we may be involved in or planning;
    5. dealing with a job application you submit;
    6. asking you to take part in a survey or research;
    7. we may occasionally collect and use Personal Data for the purpose of profiling (see below); and
    8. we may also use your Personal Data for other purposes that you otherwise expressly consent to from time to time.
  2. Legal Obligations: We collect and process your Personal Data in accordance with applicable laws that regulate data protection and privacy. This includes the EU General Data Protection Regulation (2016/679) (‘GDPR’) as well as any national laws intended to implement, supplement, modify or replace the GDPR from time to time and other similar laws that may apply in the territories where we operate and collect or process Personal Data.
  3. Profiling: Please note that we may occasionally obtain and use Personal Data to conduct profiling of certain donors or analyse our donor database. This will help us target communications with our donors in a more focused, efficient and cost-effective way, helping us reduce the chances of donors receiving inappropriate or irrelevant communications. We may also research potential donors for due diligence purposes and to protect our reputation. To do this profiling or research we may cross-check certain Personal Data against reputable public sources (such as a company register or the electoral roll) to get a better understanding of who our donors are although we will only do this in a way that does not unduly intrude on your privacy.

You can object to the use of your Personal Data for profiling at any time by contacting us at the address shown in the Contact section below.

  1. Disclosing Personal Data to Third Parties: We never sell, trade or rent your Personal Data. We will not disclose Personal Data to third parties without you knowing about it. The exception is where we are legally required to do so and cannot tell you (e.g. in relation to a police investigation) or where we need assistance of third parties data processors, acting under our instructions, who we may need to assist us – for example in administering a donation or dealing with a request you make. If we legally can, we always aim to ensure that Personal Data is only used by those third parties for lawful purposes in accordance with this Privacy Policy.
  2. International Transfers: Personal Data that we collect may be processed by staff, volunteers and contractors who are based in our international offices as referred to on this Website. Given the international nature of our organisation, by providing us with Personal Data, you agree that we may share Personal Data with international offices in accordance with this Privacy Policy, some of which may be outside the EU, although we will only do so in accordance with applicable law.

We have also contracted with a third-party provider, Salesforce.com, Inc (‘Salesforce’) to manage our customer relationship management (‘CRM’) database so your Personal Data may be hosted by Salesforce in the United States.  Salesforce is signed up to the EU-US Privacy Shield Framework which means that it is committed to protecting personal data to standards that are equivalent to EU legal principles for data protection and we shall aim to ensure that your data is treated to the same security standards you would expect in your own country. For more information about this, please see – http://www.salesforce.com/company/privacy/.

You should be aware that, in general, legal protection for personal data under applicable law in the United States, Serbia, and other non-EU countries may not be equivalent to the level of protection provided in the EU.  However, in all cases, Personal Data will only be disclosed to staff, volunteers, and contractors who are bound to treat Personal Data confidentially and in accordance with privacy standards that reflect this policy and applicable law.

  1. Children’s Data: This Website is intended for use by adults and not children. Please note that if you are under 18 years of age and use this Website, you must get your parent or legal guardian to consent to the processing of your Personal Data before you provide any personal details to us.
  2. Security to Protect Personal Data: We employ appropriate technical and organizational security measures to protect your Personal Data from being accessed by unauthorized persons and against unlawful processing, accidental loss, destruction and damage. We also endeavor to take all reasonable steps to protect Personal Data from external threats. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of data disclosed or transmitted over public networks.
  3. Data Retention: The criteria we use for the retention of data is based on the purposes that we hold the data for as well as legislative obligations and guidance issued by relevant regulatory authorities (such as the UK Information Commissioners Office (ICO)).

We will retain certain Personal Data in respect of financial transactions for as long as the law requires us to for tax or accounting purposes (which may be up to 6 years after a particular financial transaction). In respect of the holding of Personal Data for fundraising or direct marketing purposes, we will retain this in line with applicable law and guidance of competent regulatory authorities in relevant territories. We will delete Personal Data that is no longer needed by the Foundation or will mark your data as ‘do not contact’ if you tell us you do not wish to be contacted in the future.

  1. Our Cookie PolicyBy using this Website, you consent to us using “cookies” and similar technologies that can track your activity. Cookies are small pieces of information sent by our web server to a web browser (e.g. Internet Explorer, Safari, Google Chrome or Firefox) on the computer or device you use to access this Website. These enable our server to collect information about your device and browsing activity.

The use of some of these cookies is not strictly necessary for this Website to work but it should enable us to provide you with a better browsing experience. Cookies can be deleted or blocked by changing your web browser settings, however, some features of the Website may not work as intended and you may not be able to access parts of the Website. The cookie-related information will not be used for the identification of individuals personally and data relating to usage patterns on our Website is kept under our control. These cookies will be used for the following purposes:

    1. to improve Website usability;
    2. so we can remember your device or computer between successive actions or sessions; and
    3. to perform anonymous statistical analysis to improve the functionality of our Website or any services we offer through the Website.

Our Website also makes use of Google Analytics to store information that you send to the server when using the Website. This data includes IP address geolocation, pages viewed, and documents uploaded, modified or deleted. For more information about Google Analytics and its privacy practices, please see https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008.

Please note that when accessing the web and clicking on third-party links that may be provided when using our Website, those third parties (including, for example, organizations we work with to deliver projects, or social networks you may use to ‘share’ a page or article) may also use cookies on their websites, over which we have no control.

  1. Third-Party Platforms:  This Website will link to third party websites.  For example, if you wish to make a donation to us through the Website, we will direct you to a third-party platform, Stripe (https://stripe.com/gb) which is appointed to collect Personal Data on our behalf but which is also subject to its own terms at https://stripe.com/gb/privacy.

See also the above section headed ‘International Transfers’ regarding our data hosting arrangements with Salesforce.

We will ensure that your Personal Data is processed by those parties in accordance with your reasonable expectations and only as set out in this Privacy Policy. If you access any other third party website using the links provided on this Website, the operators of those other websites act outside our control and may collect Personal Data about you under their own policies, so you should check the terms of any applicable privacy policy when you visit such third party website.

  1. How we process your Personal Data and on what legal basis

We process your Personal Data relying on one or more of the following lawful grounds:

    1. where we agree to provide any product and/or service to you, in order to take any pre-contract steps at your request and/or to perform our contractual obligations to you (Novak Djokovic Foundation provides you with the ability to pay for Content Offerings and other Services using a credit card through a third party payment processing service provider (Stripe). Please note that our service provider – not Novak Djokovic Foundation – collects and processes your credit card information);
    2. where we need to use your Personal Data for our legitimate interests of being able to promote and operate our Foundation and generally manage its affairs. We will always seek to pursue these legitimate interests in a way that does not unduly infringe on your legal rights and freedoms and, in particular, your right of privacy;
    3. where you have freely provided your specific, informed and unambiguous consent to us using your Personal Data for particular purposes, such as sending of electronic marketing communications if you are an individual where required by applicable law; and/or
    4. where we need to collect, process or hold your Personal Data to comply with a legal or regulatory obligation.
  1. Your Personal Data Rights

Under the GDPR, you have a legal right to request information about the Personal Data that we hold about you, what we use that Personal Data for and who it may be disclosed to, as well as certain other information (called a “subject access request“).

Usually, we will have one month to respond to such a subject access request, although in the case of complex requests, we may require a further two months to respond. We reserve our right to reject or charge for administrative time in dealing with any manifestly unreasonable or excessive requests for access.

We may also ask for further information to locate the specific information you seek before we can respond in full and may apply certain legal exemptions to some of the information we disclose when responding to a subject access request.

You also have the following rights, which are exercisable by making a request to us in writing:

    1. that we correct Personal Data that we hold about you which is inaccurate or incomplete;
    2. to object to any automated processing (if applicable) that we carry out in relation to your Personal Data, for example, if we conduct any automated credit scoring;
    3. to object to our continued use of your Personal Data for direct marketing;
    4. that we erase your Personal Data without undue delay and/or to object to and/or to restrict our use of your Personal Data for any purpose unless we have a legitimate reason for continuing to hold or process that data; or
    5. that we transfer your Personal Data to another party where the Personal Data has been collected with your consent or is being used to perform a contract with you and we are processing that data by automated means (i.e. on a computer).

All of these requests may be forwarded to a third party data processor who is involved in the processing of your Personal Data on our behalf.

If you would like to exercise any of the above rights or if you have any concerns about how we use your Personal Data, please contact us at the address in the Contact section below. Please note that you may be required to provide us with appropriate evidence so that we can verify your identity before we can respond.

  1. Contact: If you have further queries or requests relating to how we use Personal Data please contact our data protection manager at contact@novakdjokovicfoundation.org. If you are not satisfied with our response or believe we are processing your Personal Data other than in accordance with applicable law you can complain to the competent data protection regulatory authority with jurisdiction over the Novak Djokovic Foundation office which has been processing your Personal Data. For example, the Information Commissioner’s Office (ICO) in the United Kingdom— see https://ico.org.uk/concerns/.
  2. Governing Law: This Privacy Policy is governed by English law. Subject to any mandatory legal rights you have under applicable law in another territory that cannot be contractually limited or excluded, you agree that any dispute relating to the subject matter, interpretation or application of this Privacy Policy is subject to the exclusive jurisdiction of the courts of England and Wales.