1 - Introduction
According to General Data Protection Regulation (GDPR), ‘personal data’ means any information relating to a identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (art.4º.1/GDPR)
The choice of how much information you provide to The Human Aspect is yours and of course if you want to use The Human Aspect services, make a donation, or otherwise participate in The Human Aspect programs and events, The Human Aspect will require certain information from you in order to provide the services or conduct the programs and events. In order to ensure we adhere to data protection legislation we will only ask for the relevant personal data required to offer you our services.
The Data Controller for The Human Aspect Europe is based in Oslo, Norway
The Human Aspect co Mesh Tordenskjoldsgate 3 0127 Oslo Norway Telephone: + 47 977 80 187
Our Data Protection Officer is:
Catrin Alhaug, Head of Relations, who can be contacted at email@example.com.
2 - How we collect your personal data
We want to make sure you receive the communications that are most relevant to you, be it through visiting our website or receiving emails, post, phone calls, text, or in person.
We collect your personal data in the following ways:
When you directly interact with us – this could be if you participate in an Interview, ask about our work; sign up for our newsletter, fundraise for our campaigns; purchase The Human Aspect products; apply for a job or when you provide your data over the phone, by email, via the website, through the post, or in person e.g. at The Human Aspect events. When you interact with us through our partners, and have provided your consent for your contact details to be shared with us.
When you interact with us through other third parties – this could be if you provide a donation through a third party and provide your consent for your personal information to be shared with us.
From other information that is publicly available – in order to tailor our communications and make contact with potential corporate fundraisers and individual donors, we may collect information about you from publicly available sources, such as Facebook, LinkedIn, social media platforms and web search engines such as Google. We may use third parties who collect publicly accessible data as a service to do this ensuring that they are adhering to data protection law requirements in their collection processes before any such data is shared.
Further detail about how we collect your personal data is provided below in relation to the purposes for processing your personal data.
3 - Our purposes for processing personal data
The following sets out all of the purposes of processing of personal data The Human Aspect undertakes, setting out how we process your personal data to achieve the purpose:
To keep you informed about The Human Aspect fundraising campaigns, our events, and news about the The Human Aspect Foundation, and the incredible impact and project outcomes achieved with the funds raised.
We will ask for your email address to provide this information to you.
You will be required to ‘opt-in’ to receive these emails from us and
can unsubscribe at any time by sending us an email with the title
To make a donation
If you purchase products or make a donation you may provide The Human Aspect with credit card details and other information which will allow The Human Aspect to process the transaction. Please note that The Human Aspect does not store credit card information.
We can provide you with either a personal or business receipt when you make your donation. We will require an email address to provide this to you.
We are legally required to retain donor details for 6 years. We have a retention schedule in place to ensure your data is not held for longer than is necessary for this purpose.
To purchase The Human Aspect products or merchandise
We will require your contact details as well as payment details when you purchase The Human Aspect products or merchandise to ensure we are able to send your purchases to the correct address. If you purchase products or make a donation you may provide The Human Aspect with credit card details and other information which will allow The Human Aspect to process the transaction.
To advertise our work through digital ads
We use external actors and tools to advertise the work of The Human Aspect through digital ads which is achieved using email addresses and cookies (please see below for further information about cookies).
If we send your details to Facebook for this purpose they will be hashed before they are sent, and Facebook only briefly uses the data for matching purposes then deletes it: https://www.facebook.com/ads/manage/customaudiences/tos.php
If you wish to opt out of having your details provided to Facebook or other social media platforms for the purpose of targeted advertising, please contact us at firstname.lastname@example.org.
Personal data provided to The Human Aspect by fundraising
The Human Aspect also raises funds via online fundraising platforms. Personal data provided on these external fundraising platforms is passed to us to enable us to meet our audit requirements (see below).
To enable you to using your Facebook page
When you are using your Facebook page you will be asked to provide your Facebook Public Profile, which is always publicly visible on Facebook, and your email address in order to enable this. There is also an option to provide access to your Friend list and Work History should you choose to.
To enable you to set up a Facebook Fundraiser to receive
Once you have done this you will be asked for permission to ‘Manage your Fundraisers’ which enables us to set up a Facebook Fundraiser on your behalf so that you can then view the combined fundraising totals from Facebook.
For Audit Purposes
We are required to make all information available for the purpose of audit but ensure access to personal data is limited by providing view-only access on-site and by removing identifiers where applicable when required to disclose data for this purpose. External auditors are bound by auditing standards which includes controls to ensure they treat as confidential any personal data accessed while carrying out audits. We are also subject to audits by charity regulators in Norway and Europe.
To communicate the performance of The Human Aspect to our Board
Members and Stakeholders
Where supporters have provided their consent to appear in video clips or to share their personal story, we may present these to our Board Members and Stakeholders as part of reporting our performance. Generally, though, any data presented to the Board for performance reporting purposes will be anonymised.
To enable us to communicate with our corporate fundraisers
We actively search for corporate contacts via publicly available information from websites such as LinkedIn and Facebook or by performing Google searches. We will treat corporate email addresses as personal data for this purpose.
I - Technical and organisation security measures
The following sets out the technical and organisation security measures employed by The Human Aspect to ensure your personal data is kept confidential and secure by The Human Aspect and our partner organisations / third party suppliers
Lawful basis for processing
For most processing of personal data we will be asking for your consent, however, some processing will be based on legitimate interests or for the purposes of entering into a contract e.g. where we require certain personal data in order to provide a service you choose to use. We would only rely on the lawful basis of legitimate interests where we are assured that we would not be using your data in a way you would not expect taking into account your rights and interests.
Disclosure of Personal Information:
We may disclose your personal information to our suppliers or other external third parties for outsourcing some of the functions and services relating to the purposes for which your personal information may be processed by The Human Aspect, for storage and otherwise to enhance our Services. When we contract external services providers, we may provide them with your personal information, but only to the extent required for them to fulfil that contract, or where you would reasonably expect The Human Aspect to disclose it to a third party for a particular purpose.
We will not sell your personal information to other parties.
Security & storage of your information:
The Human Aspect takes reasonable steps to ensure the security of all information it collects, including that the information is protected from misuse and loss and from unauthorised access, modification or disclosure. For example, your personal information may be stored and maintained in a secure cloud-based environment, which can be accessed only by authorised personnel, as no data transmission over the internet or information stored on servers accessible through the internet can be guaranteed to be fully secure, we cannot ensure or warrant the security of any information you send to us or receive from us online.
Retaining your personal data.
We will retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, audit or reporting requirements. We may also retain your personal data for a reasonable period afterwards to allow us to respond to any follow up enquiries or complaints.
II - Your rights in relation to personal information:
Your rights in relation to how organisations process your personal data have been significantly enhanced under the new General Data Protection Regulation 2018 (GDPR). The following sets out how The Human Aspect will ensure we meet all of these increased rights.
1. The right to be informed
2. The right of access
You may request access to your personal information collected by The Human Aspect. Please send an email to email@example.com and we will endeavour to respond as soon as possible and in any event within one calendar month of receiving your request.
3. The right to rectification
According to the article 16 of General Data Protection Regulation (GDPR), you have the right to rectification your personal information. If you believe any of your personal information held by The Human Aspect is not accurate, complete or up-to-date, The Human Aspect will take reasonable steps to correct the information. You can make a request for rectification verbally or in writing. To request that your personal information be corrected or updated, please send an email to firstname.lastname@example.org We will respond to your request within one calendar month.
4. The right to erasure
According to the article 17 of General Data Protection Regulation (GDPR), you have the right to erasure your personal information. Also known as ‘the right to be forgotten’, you can now request for your personal data processed and held by us to be erased, unless there is another legal requirement for us to continue to process that data, in which case this will be explained to you in response to your request. You can request for us to erase your data either verbally or in writing. We will respond to your request within one calendar month.
5. The right to restrict processing
According to the article 18 of General Data Protection Regulation (GDPR), you have the right to obtain from the controller restriction of processing. Similar to your right to request erasure of your personal data, you can request we restrict processing where you have issues with the content of the information we hold or with how we have processed your data. In these cases we would only apply the restriction for a certain period of time while we consider your request for doing so. You can request us to restrict processing either verbally or in writing. We will respond to your request within one calendar month.
6. The right to data portability
According to the article 20 of General Data Protection Regulation (GDPR), you have the right to receive the personal data that were provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided”.
We will endeavour to provide you with a copy of your personal data in a format that can easily be transferred to another organisation. We will respond to your request within one calendar month. Please note this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
7. The right to object
According to the article 21 of General Data Protection Regulation (GDPR), you have the right to object to us using your data for marketing purposes or where the processing is based on legitimate interests or grounds relating to his or her particular situation.
8. Rights in relation to automated decision making and
According to the article 22 of General Data Protection Regulation (GDPR),The Human Aspect does not process any personal data for automated decision making or for profiling as defined by the Regulation.
Please contact us at email@example.com to exercise any of your rights as above.
III – Complaints
If you have a complaint about the handling of your personal information, please write to the address provided above or send an email to firstname.lastname@example.org.
IV - Website Advertising and Analytics:
A pixel is a small amount of code on a web page or in an email notification which is used by organisations to learn how users are interacting with certain web content to help us improve our services and personalize your experience. Pixels use you online identifiers to do this along with an anonymised version of your social media site ID. We cannot see any personal data of individual users, but the collected data are saved and processed by social media sites. You can amend your preferences or opt-out of website customised ads through Facebook and Twitter below:
Links to other websites
The Human Aspect is not responsible for the privacy practices or content of any other website or service that is linked to a Website, or for the privacy practices of any third party social media or other service providers that you can access through a Website. We encourage you to read the privacy policies of those websites or service providers, including, but not limited to, Facebook Fundraisers and Facebook donation functionality, which may require you to provide additional personal information.
The IP Address (Internet Protocol Address) is a unique address that computing devices such as personal computers, tablets, and smartphones use to identify itself and communicate with other devices in the IP network.
The Human Aspect uses IP addresses to ensure our users are directed to the correct version of our website dependant on the territory you are accessing our website from. We also use web log information provided through the IP address to understand any issues users may experiences while using our website to ensure a seamless service for our users.
What are cookies? Cookies are small text files that are stored in your computer’s memory and hard drive when you visit certain web pages. They are used to enable websites to function or to provide information to the owners of a website.
- visitors to our Websites. This helps us to improve and develop the way our Websites work, for example, by determining whether site visitors can find information easily, or by identifying the aspects of our Websites that are of the most interest to them. For these purposes, we may store the following:
- the name of the domain from which you accessed the internet
- the date and time you accessed our Websites
- the advert or internet address of the website from which you linked directly to our Websites
- the pages you accessed while visiting our Websites
- the device from which you accessed our Websites
- the location from which you accessed our Websites
In addition, we use a third party service providers, to provide certain analytics services to us in connection with the operation of the Websites, including (without limitation) the collection and tracking of the data and information listed above. We may disclose visitor data, including personally identifiable information, to enable those third party service providers to provide such services. Such data may be sent to those third party service providers and their local overseas suppliers, where the standard of data protection may be lower than the country in which you reside.
- Usage preferences: Some of the cookies on our Websites are activated when visitors to our sites make a choice about their usage of the site. Our Websites then ‘remember’ the settings preferences of the user concerned. This allows us to tailor aspects of our sites to the individual user.
- Functional purposes: Functional purpose cookies store information that is needed by our applications to process and operate. For example, where requests within an application involve multiple stages, cookies are used to store the information from each stage temporarily, in order to facilitate completion of the overall request.
Your cookie preferences: To make full use of our Websites, your computer or mobile device will need to accept cookies, as our sites will not function properly without them. In addition, cookies are required in order to provide you with personalised features on our websites.
Our website uses Google Analytics who provide reports on website traffic data to help us understand usage and to ensure we continue to improve your experience when using our website.You can amend your preferences or opt-out of Google Analytics here: