Important notice
This is the Privacy Notice of the International Planned Parenthood Federation (UK registered charity number 229476) whose office is at 4 Newhams Row, London, SE1 3UZ, United Kingdom (“IPPF”) and International Planned Parenthood Federation – Worldwide, Inc., (a United States IRC §501(c)(3) charitable organization) whose office is at 2001 L Street NW, FRNT 2, Washington, DC 20036 (“IPPFWI”) and their affiliated group. IPPF and IPPFWI are part of a group which is made up of a number of legal entities, details of which can be found here (“Group”) so where this Privacy Notice refers to “we”, “us” or “our”, it is referring to the relevant company within the Group and this Privacy Notice will serve as that Group member’s Privacy Notice applicable to that Group member where that Group member conducts activities. This Privacy Notice sets out how we collect and process your personal data. This Privacy Notice also provides certain information that is legally required and lists.
Your rights in relation to your personal data
This Privacy Notice relates to personal information that identifies “you” meaning you or anyone on whose behalf you are providing personal data to us through any means.
This Privacy Notice may vary from time to time so please check it regularly.
How to contact us
This Privacy Notice applies where we are a controller in respect of your personal data – this is where we decide how and why your personal data is processed.
If you wish to:
• correct your personal data held by us or to opt out at any time from receiving marketing correspondence from us or to alter your marketing preferences;
• contact us in connection with our use or processing of your personal data, or gain access to it; or
• contact our Data Protection Officer: Director, Legal and Compliance
Please contact us via email at [email protected] or write to GDPR, c/o IPPF, 4 Newhams Row, London SE1 3UZ.
Categories of personal data we collect
The categories of personal data about you that we may collect, use, store, share and transfer are:
• Contact data. This includes your billing address, delivery address, email address and telephone numbers;
• Individual Data. This includes personal data which relates to your identity, such as your first name, middle name, last name, username or similar identifier;
• Information Technology Data. This includes personal data which relates to your use of our website, such as your internet protocol (IP) address, login data, traffic data, cookies, weblogs and other communication data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website;
• Economic and Financial Data. This includes personal data which relates to your finances, such as your bank account and payment card details and information which we collect from you for the purposes of the prevention of fraud;
• Complaints/Safeguarding data. This includes personal data which relates to any complaints or reports that are made to us;
• Audio and Visual Data. This includes personal data which is gathered using our CCTV or other recording systems in the form of images, video footage and sound recordings that is taken at any of our locations or otherwise by us for promotional purposes;
• Employee Data. This includes your CV, resume, references, portfolio, presentations, case studies, academic and professional certificates or qualifications;
We may also create Personal Data about you, for example, if you contact us by telephone to make a donation, then we may make a written record of key details of the conversation so that we can keep a record of the donation.
We also obtain and use certain aggregated data such as statistical or demographic data for any purpose (“Aggregated Data”). Aggregated Data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your Information Technology Data to calculate the percentage of users accessing a specific feature on our website. However, if we re-combine or re-connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.
In addition, we do not obtain or collect sensitive personal data.
The sources from which we obtain your personal data
We obtain your personal data from the following sources:
• Directly from you, either in person (at our locations or otherwise), via our website or by telephone or via handheld PDAs. This could include personal data which you provide when you:
(a) provide information to us relating to whistle-blowing or recording a complaint;
(b) create an account on our website;
(c) subscribe to our publications;
(d) request information on our services or for other marketing to be sent to you;
(e) enter into a competition or promotion;
(f) complete a survey from us or give us feedback;
(g) visit any of our websites and register your contact details to receive information or register your support;
(h) engage with us on social media;
(i) download anything from our sites;
(j) contact us by any means with queries, complaints, requests or provide us with information;
(k) request information or services about the IPPF via any associated organization;
(l) complete any surveys or questionnaires for us;
(m) comment on or review our services;
(n) apply for a job, contract, consultancy or volunteer for us;
(o) have given any third-party permission to share information they hold about you;
(p) book any appointment with us or book to attend an event organized by us;
(q) kindly donate to us and register your details; or
(r) apply to or enter into any professional or voluntary contract with us to provide goods or services, send us information on goods and services, contracts, proposals, bids or any other business-related documentation that may contain personal information.
• Via automated technologies, such as CCTV or other recording systems, cookies, server logs and other similar technologies. We may automatically collect Information Technology Data about your equipment, browsing actions and patterns by using cookies, server logs and other similar technologies.
• From someone else, such as:
(a) for certain IPPF role holders or those working with children, we may receive information from the Disclosure and Barring Service on the status of any DBS check;
(b) organisations with similar views, goals and objectives to the IPPF;
(c) where someone has provided information to us relating to whistle-blowing or
recording a complaint;
(d) search information providers;
(e) providers of technical, payment and delivery services;
(f) providers of social media platforms (such as Facebook, Twitter and Instagram) for example where you share our content through social media, for example by liking us on Facebook, following or tweeting about us on Twitter.
• From publicly available sources, such as:
(a) Companies House;
(b) the electoral roll; and
(c) HM Land Registry.
How we use your personal data
We collect personal data about you in order to:
a) perform our contractual obligations to you. This would include:
orders placed by us where you are a supplier; making or receiving payments, fees and charges; and collecting and recovering money owed.
b) manage our relationship with you including: to send you important notices such as communications about changes to our terms and conditions and policies (including this Privacy Notice);
• to send you information you have requested;
• to deal with your enquiries; and
• to ask you to leave a review or feedback on us;
c) administer our business and carry out business activities;
d) make suggestions and recommendations to you about goods or services that may be of interest to you, deliver relevant website content and advertisements to you and to measure or understand the effectiveness of our advertising;
e) communicate with you about, and administer your participation in, special events, programs, promotions, any prize draws or competitions.
f) for internal purposes to use data analytics, to identify usage trends, determine and measure the effectiveness of promotional campaigns and advertising and to improve our website, products/services, marketing, customer relationships and experiences;
g) protect our business including to deal with any misuse of our website and to comply with our security policies at our locations;
h) use your personal data to comply with our own legal and industry obligations e.g. to comply with health and safety requirements, or to assist in a police investigation;
i) enforce or apply our terms of use, terms and conditions of supply and other agreements with third parties;
j) use your personal data in an official role which we have been designated to carry out by an official authority (e.g. the government) or where we are otherwise carrying out tasks which are in the public interest (e.g. which have been designated as such by government, or which would otherwise be deemed in the public interest);
k) to detect and prevent fraud and other illegal activities (and to assist regulators, trade bodies and law enforcement agencies in relation to the same);
l) use our knowledge of any health-related personal data you disclose to us in the event of illness or injury or some other related emergency or to record any accident or injury or other incident you may suffer when visiting any of our locations;
m) investigate and defend any third-party claims or allegations.
Our lawful basis for processing your personal data
Where we may rely on consent
For certain purposes it may be appropriate for us to obtain your prior consent. The legal basis of consent is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way.
In the event that we rely on your consent, you may at any time withdraw the specific consent you give to our processing your personal data. Please contact us using the contact details set out in paragraph 2 to do so. Please note even if you withdraw consent for us to use your personal data for a particular purpose we may continue to rely on other lawful bases to process your personal data for other purposes.
Examples of when we may rely on your consent to process your personal data include:
• where, in investigating allegations of wrongdoing we need to use your sensitive / special category personal data relating to e.g. your health, ethnicity, political, religious or philosophical, trade union membership, genetic, biometric, your sex life, your sexual orientation;
• where we would like to use photos or images taken of you in promotional materials;
• when you tick a box to receive IPPF news, updates and information.
Other legal bases we may rely on
Where we are relying on a basis other than your consent, the lawful basis for processing personal data will be one of the following:
a) the processing is necessary in order for us to comply with our legal obligations (such as compliance with anti-money laundering legislation);
b) the processing is necessary for the performance of a contract you are party to or in order to take steps at your request prior to you entering into a contract;
c) processing is necessary for the establishment, exercise or defence of legal claims; or
d) the processing is necessary for the pursuit of our legitimate business interests. In particular, our legitimate interests include:
• the provision of goods and services;
• the recovery of debt;
• the provision of administration and / or IT services;
• the security of our IT network;
• the prevention of fraud;
• the study in how to develop and the update of our products and services;
• the development of our business strategy;
• protecting our operations and property.
e) the processing is necessary in order to protect the vital interests of an individual e.g. where there is a medical emergency at one of our premises;
f) the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
Extra conditions for sensitive personal data
Where we are processing your sensitive / special category personal data one of the following conditions will also apply:
a) you have given your explicit consent to the processing;
b) the processing relates to personal data which are manifestly made public by you;
c) the processing is necessary for the establishment, exercise or defence of legal claims;
d) the processing is necessary for archiving purposes in the public interest; scientific or historical research purposes or statistical purposes;
e) the processing is necessary to protect an individual’s vital interests where the individual cannot give consent;
f) the processing is necessary for reasons of substantial public interest;
g) processing is necessary in relation to your or our rights in the field of employment and social security and social protection law;
h) processing by a not-for-profit body in certain circumstances;
i) processing is necessary for the purposes of preventative or occupational medicine; and
j) processing is necessary for reasons of public interest in the area of public health.
How we share your personal data
We may disclose or otherwise share your personal data to:
- our affiliates or third party data processers who may process data on our behalf to enable us to carry out our usual business practices. Any such disclosure will only be so that we can process your personal data for the purposes set out in this Privacy Notice;
- HMRC, legal and other regulators or authorities, including those who request your personal data or to report any potential or actual breach of applicable law or regulation;
- external professional advisers such as accountants, bankers, insurers, auditors and lawyers;
- law enforcement agencies, courts or other relevant party, to the extent necessary for the establishment, exercise or defence of legal rights;
third parties where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties; and - third parties operating plugins or content (such as Facebook, Twitter, Instagram) on our website which you choose to interact with.
- Like many other groups, we may also share names and addresses with other carefully selected nonprofit organizations similar IPPF that we feel our donors would want to know about. If you do not want your personal information shared with other organizations, please contact us at [email protected] and we will remove you from any shared lists.
Personal data about other people which you provide to us
If you provide personal data to us about someone else you must ensure that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use and disclose that personal data as described in this privacy notice.
Where it is appropriate to do so, you must ensure the individual concerned is aware of the various matters detailed in this privacy notice, as those matters relate to that individual, including our identity, how to contact us, the way in which we collect and use personal data and our personal data disclosure practices, that individual's right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided.
Accuracy of your personal information
It is important that the personal data we hold about you is accurate and current and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you. Please keep us informed if your personal data changes during your relationship with us either by logging onto your account on the website or by contacting us. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
International transfers of personal data
It is possible that personal data we collect from you may be transferred, stored and/or processed outside the United States and/or the European Economic Area.
In connection with such transfers, storage or processing we will ensure that so far as it is required by law:
a) there are appropriate safeguards in place such as binding corporate rules or the approved EU model contractual clauses between us and the recipient (as per Article 46 GDPR (or English law equivalent)). A copy of the appropriate safeguard can be obtained by e.g. contacting us using the contact details set out in paragraph 2; or
b) the transfer is to a country that the European Commission has decided provides an adequate level of protection such as to a country approved by the European Commission or to certain organisations within the United States pursuant to the Privacy Shield (as per Article 45 GDPR (or English law equivalent)); or
c) one of the derogations for specific situations in the first sub-paragraph of Article 49(1) GDPR (or English law equivalent) applies to the transfer including explicit consent or necessary for the performance of a contract or exercise or defence of legal claims.
How we store your data/How long we will store your personal data for
We protect your personal information. Data is secured in transit by Secure Sockets Layer (SSL) technology, or similar technology. Only authorized employees or agents with a legitimate business purpose are allowed to access your personal information. We will store your personal data for the time period which is appropriate in accordance with the following criteria:
(a) the on-going operation / relationship that we have with you;
(b) the completion of the purpose for which the personal data was given;
(c) our legal obligations in relation to that personal data and other legal requirements;
(d) the type and size of the data held and whether any if it is deemed to be special category personal data; or
(e) our accounting requirements in relation to that personal data.
We keep the length of time that we hold your personal data for under review. Please also understand that We are not responsible for the privacy practices of websites linked to our sites or other third parties. When leaving our website using such a link or by clicking on an advertisement, you should review the applicable privacy policy of the other party.
Contractual or statutory requirements on you in connection with the provision of personal data
In certain circumstances, the provision of personal data by you is a requirement to comply with the law or a contract, or necessary to enter into a contract.
It is your choice as to whether you provide us with your personal data necessary to enter into a contract or as part of a contractual requirement. If you do not provide your personal data then the consequences of failing to provide your personal data are e.g. that we may not be able to perform to the level you expect under our contract with you.
In certain circumstances, the provision of personal data by you may be contrary to the law or a contract. If you have concerns in this regard, we suggest you take legal advice prior to disclosing any personal data to us.
Your rights in relation to your personal data under European Law
Subject to applicable law including relevant data protection laws, in addition to your ability to withdraw any consent you have given to our processing your personal data, you may have a number of rights in connection with the processing of your personal data, including:
• the right to request access to your personal data that we process or control;
• the right to request rectification of any inaccuracies in your personal data or, taking into account the purposes of our processing, to request that incomplete data is completed;
• the right to request, on legitimate grounds as specified in law:
(a) erasure of your personal data that we process or control; or
(b) restriction of processing of your personal data that we process or control;
• the right to object, on legitimate grounds as specified in law, to the processing of your personal data;
• the right to receive your personal data in a structured, commonly used and machine-readable format and to have your personal data transferred to another controller, to the extent applicable in law; and
• the right to lodge complaints regarding the processing of your personal data with the Information Commissioner’s Office or other relevant supervisory body. Please see https://ico.org.uk/concerns/ for how to do this.
If you would like to exercise any of the rights set out above, please contact us using the contact details set out in the paragraph above titled “How to Contact Us.”
We aim to respond to all legitimate requests within one month. It may take longer than a month if your request is particularly complex or you have made several requests.
We will notify you and keep you updated if your request is likely to exceed the specified time period.
You will not normally have to pay a fee for any requests related to your personal data. However, we may charge a reasonable fee if your request is unfounded, repetitive or excessive. Under certain circumstances under GDPR guidelines we may also refuse to comply with your request (for example if we are unable to confirm your identity, it is excessive/unfounded or repetitive)
Links to other websites
This policy only applies to us. If you link to another website from our website, you should remember to read and understand that website’s privacy policy as well. We do not control unconnected third-party websites and are not responsible for any use of your personal data that is made by unconnected third party websites.
Cookies
Cookies are tiny text files stored on your computer when you visit certain web sites and pages, which we use to keep track of what you are accessing, remember you when you return to our site and for anonymous statistical usage analysis and reporting.
Please note that cookies from the IPPF websites (and most legitimate websites) do not damage or infect your computer. The IPPF cookies do not store any personally identifiable information, and any information gathered from them is only used to help improve users experience of the site. For example, they help us to identify and resolve errors while browsing.
How to manage cookies
If you don't wish to enable cookies, you'll still be able to use the site. You can set your browser not to accept cookies. Visit allaboutcookies.org to learn how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
Google Analytics
The IPPF only use Google Analytics to monitor web site traffic (For purposes of performance and usage reporting). All information IPPF obtain from Google Analytics is aggregated and anonymized and does not identify an individual’s IP address or any other personal information.
Social Networks
If you use social media logins (like Google and Facebook) to log into our website, we may access your public social media profile information. You can always limit this sharing using your social media service settings.
Legal Rights and Disclosures for Colorado Residents:
The Colorado Privacy Act (“CPA”) provides Colorado residents with the additional rights listed below.
- Right to Know. You have the right to confirm whether we are processing your personal data and access such data, including the categories of personal information we collect about you, the purpose for processing your personal data, how you can exercise your rights, the categories of personal data we have shared with third parties, and the categories of third parties with whom we have shared your personal information.
- Right to Correct. You have the right to correct inaccuracies in the personal data we have collected about you.
- Right to Delete. You have the right to request that we delete the personal data we have collected from you unless we need to retain that information for a specified purposes as exempted under state law.
- Right to obtain a copy. You have the right to obtain a copy of the personal data we have collected on you.
- Right to Appeal. If we decline to act regarding your request, you have the right to appeal this decision.
- Other Rights. You also have the right not to be discriminated against for exercising any of the rights listed above.
To request access to or deletion of your personal information, or to exercise any other data rights under Colorado law, please contact us as set forth in the paragraph above titled “How to Contact Us.”
Legal Disclosures and Privacy Rights for California Residents:
Following are legally required disclosures under state privacy laws. In addition, we have disclosed, above, the categories and sources of information we collect, how we use that information, and how we may share that information. These provisions are again referenced for specific compliance with the California Consumer Privacy Act (CCPA) to the extent that such law has application to Us. The inclusion of this information addresses our collection and use of California-resident personal information, but is not included as an admission of the ongoing application of the CCPA to Us.
Under the CCPA, California residents have certain rights regarding their personal information, including:
• The right to know the categories of personal information we’ve collected and the categories of sources from which we got the information (see above).
• The right to know the business purposes for sharing personal information (see above).
• The right to know the categories of third parties with whom we’ve shared personal information (explained throughout this Policy with respect to specific information)
• The right to access the specific pieces of personal information we’ve collected and the right to delete your information (see Exercising California Privacy Rights, which follows).
California residents also have the right to not be discriminated against if they choose to exercise their privacy rights.
Exercising California Privacy Rights
You may contact us and obtain information on the kind of data we’ve collected about you and the types of third parties we share it with. At your request, we will provide a copy of the data, if you want. If you’d like to delete your data or close your account, or otherwise opt-out of the sale or sharing of your information, you can do that by contacting IPPF at [email protected] or +1 202 718 5830.
We provide these options for your benefit and we will never discriminate against you for using them. But if you choose to delete your data, we won’t be able to offer you any information, services, or other support that require us to use your data.
The CCPA is not intended to apply to nonprofits, but it could have application in some circumstances. Our inclusion of CCPA provisions is done voluntarily and exclusively as an accommodation to our supporters and constituents in California and are not intended to apply to individuals who are not California residents.
A Special Note About Children:IPPF does not knowingly gather any personally identifiable information from children under the age of 13. You must be 13 years of age or older to access the site. IPPF has no interest in collecting information from children under the age of 13.
If you have any questions at all about your personal data and how IPPF is using it, please don’t hesitate to get in touch with us. Contact us [email protected] or write to GDPR, c/o IPPF, 4 Newhams Row, London SE1 3UZ.
when