This policy explains how we collect and process personal data from and about visitors to our website.
Our objective is to ensure that you are never surprised by how your personal data has been used by us. You are therefore encouraged to read this policy. There may be other notices that apply to specific services we provide, which you should also read when you visit the relevant websites for those services.
As our business and this website develops, we may need to update this policy. If we intend to make any important changes that affect your rights and interests, we will make sure we bring this to your attention and explain what this means for you beforehand.
If you have any questions in relation to this policy or wish to exercise any of your rights under data protection law, you should email firstname.lastname@example.org.
Caritas Internationalis is a confederation of 165 Catholic relief, development and social service organisations operating in over 200 countries and territories worldwide. Collectively and individually their mission is to work to build a better world, especially for the poor and oppressed.
Personal data means any data that identifies or can be used to identify a person. It does not include data where the identity has been removed (anonymous data).
You may provide the following kinds of data to us:
We may collect the following kinds of data about you:
Unless you specifically inform us, we do not collect any details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Nor do we collect any information about criminal convictions and offences.
The data that you may provide to us will generally be collected when you fill in a form on our website. The data that we may collect about you may be obtained:
We will only use your personal data when the law allows us to. We will generally rely on one of three legal grounds for using your personal data:
Generally, we do not rely on consent as a legal ground for using your personal data, except in relation to sending you marketing by email or text message. You have the right to withdraw your consent to marketing at any time either by contacting us, clicking the unsubscribe link in an email or replying to a text message with the required words notified to you in each text message.
Specifically, we will use your personal data as follows:
We will share your personal data with appropriate members of staff within our organisation.
We also share your personal data with:
Many of the service providers that we use in connection with our website and the services provided through it are based outside the European Economic Area (EEA), which means that your personal data may be transferred outside the EEA. Whenever we transfer your personal data outside the EEA, we ensure that a similar degree of protection applies to your personal data in one or more of the following ways:
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal data to those within our organisation that have a need to access it. They will only process your personal data on our instructions and they are required to keep your personal data confidential.
Please note that any correspondence with us by email or telephone is not encrypted. If you have any particular concerns regarding the security of your correspondence with us, please let us know.
We will only keep your personal data for as long as necessary in connection with the purposes we collected it for and to comply with any legal, accounting or reporting requirements. To determine how long we keep your personal data for, we consider the amount, nature and sensitivity of the personal data, the purposes for which it was collected and the potential risk of harm from us continuing to keep it.
Any email correspondence that we have had with you will be stored on our email servers, archived and then deleted in accordance with our back-up and retention policies.
We will retain personal data relating to email marketing data until you unsubscribe or your email address has become permanently unavailable. Once you have unsubscribed, we will keep a record of your choice indefinitely to ensure that you do not receive any further emails from us.
We may retain any data that does not identify you indefinitely.
Cookies are small text files that are stored on your device and contain a uniquely generated reference which is used to distinguish you from other people each time your visit our website, even if the IP address of the device used by you to visit our website changes. None of the cookies used on our website store data that can directly identify you.
You can read more information cookies and how they work at All About Cookies.org and information about how online advertising works at Your Online Choices (these are third party websites that do not control).
The cookies used by our website fall into the following categories:
We are required to obtain your consent to all cookies except those that are strictly necessary. You will be asked to confirm your consent when you first visit our website and you can change your cookie settings for our website at any time.
Alternatively, you can clear cookies after you visit our website, use a tracking blocker such as Privacy Badger or, for the analytical cookies stored by Google, install the Google Analytics opt-out extension.
The specific cookies used by our website are as follows:
If you block or restrict cookies, you may not be able to use certain features of our website.
We use dotmailer.com to manage our email marketing campaigns. This tool is integrated with Google Analytics so that we can track whether you click any of the links contained in our emails. This helps us to understand what the recipients of our emails have found interesting and to personalise the content of emails that we may send to you in the future.
dotmailer.com also uses tiny invisible images called ‘pixels’ that are contained within emails to enable us to see:
We use this data to improve the format and quality of our email marketing campaigns.
You have the right to withdraw your consent to marketing at any time either by contacting us or clicking the unsubscribe link in any email.
You have a number of rights in relation to the personal data we hold about you:
You will not have to pay any fee to exercise any of the above rights though we may charge a reasonable fee or refuse to comply with your request if any request is clearly unfounded or excessive. Where this is the case, we will let you know.
To protect the confidentiality of your personal data we will ask you to verify your identity before fulfilling any request in relation to your personal data.
 From 25 May, Google Analytics gives the option to change the default retention period for analytics data from 25 months to 14, 26, 38 or 50 months. The storage limitation principle (Article 5(1)(e) of the GDPR) requires that personal data should not be retained for longer than is necessary in connection with the purposes for which it was obtained. The retention period should therefore be set by reference to the analytics scheme of the organisation.