About this policy

This policy explains how we collect and process personal data from and about visitors to our website.

Our objective is to ensure that you are never surprised by how your personal data has been used by us. You are therefore encouraged to read this policy. There may be other notices that apply to specific services we provide, which you should also read when you visit the relevant websites for those services.

As our business and this website develops, we may need to update this policy. If we intend to make any important changes that affect your rights and interests, we will make sure we bring this to your attention and explain what this means for you beforehand.

If you have any questions in relation to this policy or wish to exercise any of your rights under data protection law, you should email info@caritas.org.

Who we are

Caritas Internationalis is a confederation of 165 Catholic relief, development and social service organisations operating in over 200 countries and territories worldwide. Collectively and individually their mission is to work to build a better world, especially for the poor and oppressed.

The data we collect about you

Personal data means any data that identifies or can be used to identify a person. It does not include data where the identity has been removed (anonymous data).

You may provide the following kinds of data to us:

  • your name(s) and contact details when you sign up to receive our newsletter or send us a message via our website
  • your job title or role and the organisation you work for, if you choose to tell us
  • any correspondence we have with you

We may collect the following kinds of data about you:

  • the IP address assigned to you or to someone who provide you with Internet access
  • the unique identifier of the device used by you to visit our website
  • technical data about the device used by you to visit our website including the type of device, operating software, browser and browser plug-ins and the screen resolution and time zone setting of your device
  • data about how you browsed and searched our website including how you arrived at our website, the time and frequency of your visits, the time spent by you on each page, how you interacted with the website, the links that you click, documents you download and content that you view
  • your location (if you grant us access to it, though the IP address assigned to you or to someone who provides you with Internet access may indicate the country from which you have visited our website)

Unless you specifically inform us, we do not collect any details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Nor do we collect any information about criminal convictions and offences.

How your data is collected 

The data that you may provide to us will generally be collected when you fill in a form on our website. The data that we may collect about you may be obtained:

  • through the use of cookies and similar technologies (such as beacons and pixels) and server logs
  • from third party analytics providers such as Google Analytics

How we use your data

We will only use your personal data when the law allows us to. We will generally rely on one of three legal grounds for using your personal data:

  • where we need to perform the contract we are about to enter into or have entered into with you (see our Terms & Conditions)
  • where necessary for our legitimate interests or those of a third party, provided those interests do not override your fundamental rights and interests
  • where we need to comply with a legal or regulatory obligation

Generally, we do not rely on consent as a legal ground for using your personal data, except in relation to sending you marketing by email or text message. You have the right to withdraw your consent to marketing at any time either by contacting us, clicking the unsubscribe link in an email or replying to a text message with the required words notified to you in each text message.

Specifically, we will use your personal data as follows:

  • contact details: to respond to your enquiry or administer our contract with you or your organisation (as appropriate)
  • correspondence: to communicate with you in relation to our contract with you or your organisation

Who we share your personal data with

We will share your personal data with appropriate members of staff within our organisation.

We also share your personal data with:

  • where you are an agent or work for one of our customers or suppliers, other organisations within the Caritas group
  • service providers including our hosting provider and email marketing platform
  • any third parties to whom we may choose to sell, transfer or merge parts of our business or assets or third parties we may seek to acquire or merge with (if any change happens to our business, the new owners may use your personal data in the same way as set out in this policy)

Where you data are stored

Many of the service providers that we use in connection with our website and the services provided through it are based outside the European Economic Area (EEA), which means that your personal data may be transferred outside the EEA. Whenever we transfer your personal data outside the EEA, we ensure that a similar degree of protection applies to your personal data in one or more of the following ways:

  • the country to which your personal data is transferred is deemed by the European Commission to provide a similar degree of protection for your personal data
  • we have entered into a specific contract with our service providers that has been approved by the European Commission as providing a similar degree of protection for your personal data
  • where any service provider is based in the US and they have self-certified under the EU-US Privacy Shield Framework which requires them to provide a similar degree of protection for your personal data 

How we keep your data secure 

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal data to those within our organisation that have a need to access it. They will only process your personal data on our instructions and they are required to keep your personal data confidential.

Please note that any correspondence with us by email or telephone is not encrypted. If you have any particular concerns regarding the security of your correspondence with us, please let us know.

How long we keep your data for 

We will only keep your personal data for as long as necessary in connection with the purposes we collected it for and to comply with any legal, accounting or reporting requirements. To determine how long we keep your personal data for, we consider the amount, nature and sensitivity of the personal data, the purposes for which it was collected and the potential risk of harm from us continuing to keep it.

Any email correspondence that we have had with you will be stored on our email servers, archived and then deleted in accordance with our back-up and retention policies.

We will retain personal data relating to email marketing data until you unsubscribe or your email address has become permanently unavailable. Once you have unsubscribed, we will keep a record of your choice indefinitely to ensure that you do not receive any further emails from us.

We will retain the analytical data collected about your use of our website for a period of 25 months before 25 May 2018 and 14 months on and after 25 May 2018[1].

We may retain any data that does not identify you indefinitely.

Cookies 

This website uses cookies and similar technologies (such as beacons and pixels).

Cookies are small text files that are stored on your device and contain a uniquely generated reference which is used to distinguish you from other people each time your visit our website, even if the IP address of the device used by you to visit our website changes. None of the cookies used on our website store data that can directly identify you.

You can read more information cookies and how they work at All About Cookies.org and information about how online advertising works at Your Online Choices (these are third party websites that do not control).

The cookies used by our website fall into the following categories:

  • Strictly necessary cookies: these are required for the effective and secure use of our website to include enabling you to send messages to us securely, log into secure areas of our website and to make payments securely:
  • Analytical cookies: these are used to recognise when you visit our website and how you interact with it so that we can improve the way our website works
  • Functionality cookies: these are used to recognise when you visit our website so that we can personalise our content for you and remember your preferences
  • Targeting cookies: these are used to ensure that the advertising displayed on our website is more relevant to you and your interests. We may share this data with third parties for this purpose

We are required to obtain your consent to all cookies except those that are strictly necessary. You will be asked to confirm your consent when you first visit our website and you can change your cookie settings for our website at any time.

Alternatively, you can clear cookies after you visit our website, use a tracking blocker such as Privacy Badger or, for the analytical cookies stored by Google, install the Google Analytics opt-out extension.

The specific cookies used by our website are as follows:

Cookie Type Domain
__utmt Analytics .caritas.org
__utmz Analytics .caritas.org
__utma Analytics .caritas.org
__utmb Analytics .caritas.org
__utmc Analytics .caritas.org
devicePixelRatio Functionality food.caritas.org
PHPSESSID Session food.caritas.org
_icl_current_language Functionality food.caritas.org

If you block or restrict cookies, you may not be able to use certain features of our website.

Email marketing

We use dotmailer.com to manage our email marketing campaigns. This tool is integrated with Google Analytics so that we can track whether you click any of the links contained in our emails. This helps us to understand what the recipients of our emails have found interesting and to personalise the content of emails that we may send to you in the future.

dotmailer.com also uses tiny invisible images called ‘pixels’ that are contained within emails to enable us to see:

  • whether you opened an email
  • where in the world the device used to open the email was located (based on your device’s IP address)
  • the type of email client used to open the email
  • whether you shared the email on any social media platforms
  • whether you marked the email as spam
  • your overall level of engagement with our email marketing campaigns.

We use this data to improve the format and quality of our email marketing campaigns.

You have the right to withdraw your consent to marketing at any time either by contacting us or clicking the unsubscribe link in any email.

Your rights

You have a number of rights in relation to the personal data we hold about you:

  • Access: You have the right to request access to and be provided with a copy of the personal data held about you together with certain information about the processing of such personal data to check that are holding it lawfully
  • Correction: You have the right to ask us to correct any inaccurate or incomplete personal data held about you
  • Deletion: You have the right to ask us to delete or remove any personal data held about you where there is no good reason for us to continue holding it or where you have exercised your right to object
  • Restriction: You have the right to ask us to restrict how we hold your personal data, for example, to confirm its accuracy or our reasons for holding it
  • Objection: You have the right to object to our holding of any personal data about you which is based on our legitimate interests or those of a third party based on your particular circumstances. You also have the right to object to our holding your personal data for direct marketing purposes
  • Portability: You have the right to receive or request that we transfer a copy of the personal data we hold about you in an electronic format where the basis of our holding such information is your consent or the performance of a contract and the information is processed by automated means
  • Complaints: You have the right to complain to the Information Commissioner’s Office (ICO) or any other EU supervisory authority in relation to how we collect and use your personal data

You will not have to pay any fee to exercise any of the above rights though we may charge a reasonable fee or refuse to comply with your request if any request is clearly unfounded or excessive. Where this is the case, we will let you know.

To protect the confidentiality of your personal data we will ask you to verify your identity before fulfilling any request in relation to your personal data.

[1] From 25 May, Google Analytics gives the option to change the default retention period for analytics data from 25 months to 14, 26, 38 or 50 months. The storage limitation principle (Article 5(1)(e) of the GDPR) requires that personal data should not be retained for longer than is necessary in connection with the purposes for which it was obtained. The retention period should therefore be set by reference to the analytics scheme of the organisation.

MENU