Privacy statement website(s) Netherlands Leprosy Relief
Who is responsible for your personal data?
NLR is responsible for the processing of your personal data as detailed by the GDPR and has its registered office at Wibautstraat 137k, 1097 DN, Amsterdam, The Netherlands.
To NLR, data privacy is of vital importance, and we want to be open and transparent about the processing and protection of the personal data of persons we interact with. Therefore, we elaborate on our privacy policies in this privacy statement. Above all, we comply with the GDPR in all cases.
To which purposes does NLR process your personal data?
NLR processes data of persons with whom it has a relationship. Personal data is also acquired by the filling out of contact forms on the website(s) of NLR.
All processes that deal with personal data are recorded in a register of processing activities. The register provides NLR with a complete and up-to-date overview of all data-handling processes.
The most important purposes for which NLR processes personal data, are:
- The conclusion and execution of contracts with donors, volunteers, suppliers, and business partners;
- The engagement of our network;
- Our donor administration;
- The administration of all of our projects;
- The offering of goods and services, such as the free donation box and purchases from our online shop;
- The sending of a (news)letter;
- Relationship management, and promotion and marketing activities;
- The participation in or conduct of scientific research;
- The registration of your settings and preferences regarding the use of the website(s) (via cookies);
- Our HR administration, including the execution of employment contracts and recruitment and selection of new employees;
- Our archives;
- Our business management and financial administration, including the execution and management of procedures that deal with finances, information technology (IT), legal affairs, and internal and external communication;
- General processes, such as the execution of the complaints procedure.
Whose personal data does NLR collect?
By the above-mentioned processes, NLR collects data of concerned persons in different categories. These categories are:
- Visitors of the website(s) and online shop;
- Donors (including potential donors and former donors);
- Volunteers and ambassadors;
- (Potential) business partners;
- Participants at events, such as the Leprosy run;
- Employees and applicants;
- Committee members and members of the Supervisory Board;
- Affiliates, including temporary workers, pupils, and students;
- Target groups of the projects that NLR runs, such as (former) leprosy patients;
- Partners of NLR.
What personal data does NLR collect?
NLR collects different types of personal data, which may change per process and category of persons concerned. Among others, NLR collects the following data:
- Name, address, and city;
- Bank account number (IBAN);
- Phone number;
- Date of birth;
- Email address;
- Interactional data (e.g., cookies or data that is received when you contact us);
- Donation history;
- Contact history;
- Images (e.g., of organised events).
NLR collects (personal) data directly from you, or via third parties in as far as this is within the confines of the law.
Giving and withdrawing permission
For some activities, NLR needs your permission. Think of the use of your email address or postal address to send newsletters or promotional emails regarding NLR’s activities. We also ask your permission for the use of images. When using your data, we will always inform you about the purpose of this use and the data that is concerned so as to provide clarity about the consent you give. You may still withdraw your permission at a later point.
Our website(s) contain(s) buttons to promote or share pages on the following social networks: Facebook, YouTube, LinkedIn, and Twitter. These buttons are produced by a code that these social media supply. This code places a cookie, among others. Read the privacy statement of these social media to learn how they process your personal data.
How does NLR ensure confidential processing of your personal data?
NLR ensures confidential processing of your personal data. NLR takes appropriate technical and organisational measures to protect personal data. NLR will only share personal data conform to this privacy statement and will only share personal data with third parties when this is lawful and done with extreme care.
Sharing data with third parties
NLR may contract service providers to perform parts of its services, for example, to acquire new donors or send snail mail. NLR enters into contractual agreements (so-called “processor agreements”) with these service providers to ensure confidential and careful processing of personal data.
Your personal data is not let to, sold to, or otherwise shared with or provided to third parties. NLR may share your (personal) data with third parties in case you have permitted us to do so.
NLR provides personal data to enforcing authorities or anti-fraud organisations if the law requires this (e.g., in case of a claim).
Transmission of your data outside the European Union (hereinafter: EU)
In a limited number of cases, NLR provides personal data to countries outside the EU. For example, for scientific research.
NLR retains your personal data in compliance with the GDPR. Data is not retained any longer than is strictly necessary for the execution of duties and activities resulting from the relationship NLR has with you.
How can you access or delete your data?
You can send a request to NLR to access or correct your data. Please indicate clearly that your access or correction request is based on the GDPR. You can also request to have your data deleted. However, this will only be possible in so far NLR can meet its legal obligations. For example, should the legal retention period have expired, NLR may no longer be able to delete donor data as it may have been deleted already. Please note that you may be asked to provide a copy of your ID for identity verification.
Furthermore, you have the right to submit a complaint about the use of your data to the Dutch Data Protection Authority (DPA).
If you wish to no longer receive mail from us, you can make this known to us via the above-mentioned (email) address. Do you not yet appear in our donor administration? Then we will ask for your address to ensure you will not receive mail from us in the future. If you do not want this, you can unsubscribe via www.postfilter.nl.
To ensure the best possible protection of your personal data against unauthorised access or use, NLR has implemented appropriate protective measures. NLR also takes organisational measures to prevent unauthorised access of personal data.
Cookies and clicking behaviour
Third-party privacy policies
The website(s) of NLR may contain links to other websites that NLR is not affiliated with. NLR is not responsible for the processing of personal data performed by these parties. Therefore, we advise you always to consult the privacy policies of these parties, or to contact them to enquire for additional explanation about their policies regarding personal data.
This privacy statement was last updated on: 25 May 2018
NLR retains the right to change this privacy statement if necessary. You are responsible for remaining up to date of the latest version of our privacy statement. NLR recommends you check on a regular basis if changes have been made.