GENERAL DATA PROTECTION REGULATION
Hand in Hand, the Organisation for Humanitarian Aid (subsequently “Hand in Hand“), is pleased that you are visiting our website. Data protection and privacy are very important to us, and we would, therefore, like to inform you on how your private data is collected and processed during your visit on our website.
A. General information on data processing
1. The extent of data processing
When you contact us verbally, by telephone, email, or in writing – your personal data in the respective context is stored by us.
2. The scope of data processing
We process your personal data only if necessary and required.
Personal data submitted by you, is used exclusively for the fulfilment of the organisation’s scope and purpose: to process your requests and enquiries, for further contact in relation to mailings and information about our projects, and for identification purposes. (Please see below point B., for information on the extent of data processing in specific situations).
3. The legal base for data processing
Processing of your data occurs regularly only with your consent or as a result of your support of Hand in Hand. Art. 6 para 1 lit. a, GDPR is the legal basis for the handling of your personal data.
4. The duration of storage and data deletion
Personal data is deleted or blocked as soon as the purpose of its storage is fulfilled. Storage of data can also occur in accordance with European or national legislatures. Blockage or deletion of data occurs also when the data retention period prescribed by the above-mentioned standards expires. Mandatory periods of data retention are, for instance, fiscal, or commercial, law-related, storage periods.
B. Particulars on the extent of data processing in specific situations
1. What type of data pertaining to donors and interested individuals is being processed?
The following data is being processed:
- Salutation (gender, title)
- First name and surname
- Email address
- Date of birth
- Telephone number
- Postal address
- Donation and related information
- Account details
Important for AUSTRIA regarding the department for the employed/salaried tax-payers at the tax office: As an organisation, we are responsible for reporting to the relevant tax office the deduction of the annual donation sum. For this purpose, the donor’s consent is required. This declaration of consent must be sent to us in writing. This can be done in writing, or in digital form by indicating the name (according to the official register) and date of birth, or by indicating the name and date of birth on the bank transfer. The consensual reporting to the tax office takes place automatically every year and ends when the donor revokes this in writing.
The following data pertaining to interested individuals is being processed:
- Salutation (gender, title)
- First name and surname
- Email address
- Telephone number
- Postal address
The lawful basis for data processing is Art 6 Par 1 lit. b GDPR. Processing of the aforementioned data is required for the fulfilment of the donation contract between you and “Hand in Hand”.
Personal data, collected from the donation forms or through a personal interview, is deleted 7 years after your last donation. All books and records and their corresponding documents, are stored for 7 years, according to § 132 of the Federal Fiscal Code (BAO). The purpose of data processing lies in the acquisition of donations (fundraising) by means of new donors and the recuperation of previous donors, for the statutory fulfilment of the organisation’s purpose and for managing donations.
The provision of name and date of birth is also required for the automated tax assessment for the tax recognition of donations. Failure to provide the data prevents donations to be recognised as special expenses. The lawful basis for this data processing is Art 6 Par 1 lit. f GDPR and our legitimate interest lies within the above-mentioned scope. The legal basis for data processing while fulfilling a contract is Art 6 Par 1 lit. b GDPR and the compliance with a legal obligation is Art 6 Par1 lit. c GDPR.
2. What type of data pertaining to individuals we have contact with via postal mail or email is being processed?
When we make contact via postal mail or email, the following personal details are collected: name, surname, address, email address. This data is used to get in touch with you personally via postal mail or e-mail.
The purpose of processing personal data pertaining to an individual we contact via postal mail or email, is to acquire donations for Hand in Hand. The aforementioned data is stored until the individual deregisters from the postal/email contact.
The legal basis for this processing of data, is Art 6 Par 1 lit. f GDPR. Our legitimate interest lies in the aforementioned scope.
3. Which data pertaining to our business associates and partners, is being processed?
The data pertains to the contact person’s name, telephone number, email address and includes bank details for making payments and controlling incoming ones. Processing of data pertaining to our business associates and partners is also to secure business relations with them, as well as to fulfil contractual obligations according to Art 6 Par 1 lit. b GDPR and to safeguard our own legitimate interest according to Art 6 Par 1 lit, f GDPR. Our legitimate interest lies in the aforementioned scope.
4. Does Hand in Hand utilize addresses pertaining to donors and interested individuals, which are collected via the website, and then utilised to send out additional information via email, postal mail or by other means?
Hand in Hand utilizes your postal and email address exclusively to inform you on what can be achieved with your donation/sponsorship, or in case of an urgent appeal, for funds as part of disaster relief. You can unsubscribe from our newsletter at any time by clicking on the “unsubscribe“ button at the bottom of each newsletter, or by contacting us via post or email if you would like to unsubscribe from the postal newsletter.
C. Provision of the website and creation of log files
1. Which data is processed during your visit on our website?
When accessing and using our website, we collect the personal data which is transmitted automatically by your browser to our server. This information is temporarily stored in a so-called log file. When you use our website, we automatically collect data which is technically necessary to let you see the website and to guarantee its stability and security.
Web servers generate log files, which contain the following information:
- the called page (URL)
- the browser or browser version
- the operating system used
- the referrer URL (the previously visited page)
- the host name and IP address of the accessing
- the time of the server’s enquiry
As per the GDPR, these log files are stored for two weeks.
Error logs, which are files that are created during data processing to hold data known to contain errors, are also deleted automatically after two weeks.
The recording of data for the provision of the website, as well as the storage of data in log files, are absolutely necessary for the purpose of operating the website.
2. What are the regulations when you change to another website?
Hand in Hand can link their website to third-party websites in order to offer a specific service, or to provide detailed information on a specific subject. Our data protection policy, however, will not be valid once you leave our website.
A “cookie” is preference information which is sent from our server to your browser and stored on your computer. Hand in Hand uses cookie-information to offer its visitors better and personalised contents and services.
Please check in your computer or software manual on how your computer handles cookies. There is the option to prevent storage of cookies on your computer’s hard disk. However, please consider that this action might influence functionalities and loading times of websites.
E. Transfer of personal data to third parties
Is Hand in Hand sharing personal data with third parties?
Personal data is not shared, sold, or lent to companies or organisations which are not part of the Hand in Hand organisation structure.
a) Email Communications
Some of our email communications are administered through MailerLite (www.mailerlite.com), and we may store some of your Personal Data – including first name, last name, Email, address, city, country, phone, language preference, Signup IP, Signup time – on a MailerLite server.
b) Third-party services:
F. Your rights
You have the following rights in relation to data processing implemented by us: the right to information/disclosure, the right to rectification, the right to cancellation, the right to restriction of processing, the right to data portability, the right to revocation, the right of objection and the right to complain.
1. Right to information (Art 15 GDPR)
We aim to give you information on the purpose and manner of processing your personal data, within one month of your request.
2. Right to rectification (Art 16 GDPR)
In case of inaccurate or incomplete data, you can request a rectification.
3. Right to erasure (Art 17 GDPR)
We have to delete data when it is not needed for the purpose of the processing, when you revoke your consent (provided no other authorisation for processing exists), or when data is processed unlawfully.
4. Right to restrict processing (Art 18 GDPR)
You can request a restriction on the processing, where your data is to be used for specific purposes only.
5. Right to data portability (Art 20 GDPR)
You can request to receive the personal data we have processed, in a structured, saleable and machine-readable format, and request for them to be forwarded to another party.
6. Right to object (Art 21 GDPR)
You can object to the processing of data which is carried out on a lawful basis of public or legitimate interest.
7. Right of revocation (Art 7 Par 3 GDPR)
You can, at any time and without explanation, revoke any previously given permissions. This can be done by sending an email to firstname.lastname@example.org or by sending a letter to Hand in Hand Organisation for Humanitarian Aid, Pohlgasse 10/4/7, 1120 Vienna (Austria).
8. Complaint to the Data Protection Authority (Art 77 GDPR)
Should you believe that the processing of your personal data violates the GDPR, you have the right of complaint to the Data Protection Authority
9. Right to withdraw
You have the right to object to the processing of personal data based on legitimate interests as per Art. 6 Par 1 S. 1 lit. f GDPR. This is permitted as per Art. 21 GDPR when there are reasons stemming from personal circumstances, or when you are against direct marketing. In the case of direct marketing/advertising, a general right to withdraw applies, which is implemented by us without the requirement of a specific situation.
We would also like to point out that you can rescind your given consent to Hand in Hand at any time with effect for the future.
The withdrawal can be sent via email to email@example.com, or by mail to Hand in Hand Organisation for Humanitarian Aid, Pohlgasse 10/4/7, 1120 Vienna (Austria).