As of May 25th 2018, the General Data Protection Regulation is active for any website that stores information about an EU citizen. In order to comply with this regulation, this policy addresses the ways Serve the City is collecting, storing and using personal information from individuals who interact with our organisation.
If you have any comments or questions about this notice, please contact us at email@example.com.
Process, Use and Sharing of Personal Data
On the lawful bases of consent, contract, legal obligation or legitimate interests under data protection regulations, personal information may be collected and used by Serve the City to:
- respond to requests for information.
- disseminate information such as newsletters or details of events.
- engage with volunteers and make the appropriate organisational arrangements for serving.
- process any donations or pledges of donations.
- keep a record of Volunteer and client contact details.
- inform clients, donors and volunteers of any current or future information about our work, events, campaigns and activities, or any other features of Serve the City.
- business purposes, such as data analysis, audits, fraud monitoring and prevention, enhancing, improving or modifying our services, identifying usage trends, determining the effectiveness of informational and operating and expanding our serving activities.
- as we believe to be necessary or appropriate: (1) under current applicable law, (2) to comply with legal process; (3) to respond to requests from public and government authorities (4) to enforce our terms and conditions; (5) to protect our operations; (6) to protect our rights, privacy, safety or property and/or that of others; and (7) to allow us to pursue available remedies or limit any damages that we may sustain.
It is the commitment of Serve the City that any use of collected personal information will be in accordance with the data protection laws and principles of good practice. This means that it will be:
- processed fairly and lawfully.
- processed for limited purposes and in an appropriate way.
- adequate, relevant and not excessive for the purpose.
- accurate and, where necessary, kept up to date.
- not retained any longer than necessary for the purpose.
- processed in line with data subjects’ rights.
- be kept secure with appropriate technical and other measures utilized to prevent unauthorised or unlawful processing of, accidental loss or destruction of, or damage to personal information. not transferred to any third parties outside the Serve the City organisation without your consent or under an adequate data protection processing agreement.
Serve the City respects the principles of data minimization and removal. We maintain internal policies ensuring that we only request the minimum amount of data for the associated purpose and properly delete that data promptly when it is no longer required.
Your Data Rights
You have rights over your data, which include the following:
- Where data processing is based on consent, you may easily revoke this consent at any time. [For example, to unsubscribe from our marketing or newsletter emails, click the “unsubscribe” link at the bottom of the emails. To stop receiving volunteer assignment information, please contact firstname.lastname@example.org]
- You have the right to ask for rectification and/or deletion of your information that we hold. This does not include any data we are obliged to keep for legal or security purposes.
- You have the right of access to your information that we hold. If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.
- You have the right to file a complaint with the data protection authority if you feel that your rights have been violated.
More information on your legal rights over your data can be found on the Belgian Data Protection Authority’s website here.
If you would like to access the rights listed above, or any other legal rights you have over your data under data protection law, you may contact us at email@example.com.
This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the General Data Protection Regulation. This policy was last updated on 4th March 2019.
Cookies and Website Statistics
A cookie is a small file of letters and numbers that is downloaded onto your computer when you visit a website. Cookies are used by many websites and can do a number of things, such as remember your preferences and count the number of people looking at a website.
Cookies are used on this site to give you a better browsing experience. The best way to prevent cookie downloads is to modify the settings of your browser.
Serve the City uses Google Analytics in order to measure the audience of its website. Anonymous information about the location and age of visitors may be stored for a limited time on Google Analytics’ servers but any personally identifiable information (in this case, your IP address) will be automatically deleted after 14 months. Google Analytics follows the GDPR guidelines and you can read more about this here. In no case will the information collected be shared with a tier.
To prevent hackers to get into the website (and to keep your data safe), we are using the third party Wordfence with who we have a data processing agreement. None of the data that you fill in the forms is transmitted to Wordfence. What Wordfence collects is your IP address (to check it against blacklisted IPs), the URL accessed (to verify that no extra malicious code is inserted in there) and some browser headers. You can read more about this on their page. This data is only collected to ensure that people with bad intention stay out and cannot have access to the backend and to your data!
We have a data processing agreement (DPA) in place with MailChimp, our marketing automation platform. By subscribing to our newsletter, the information you provide will be transferred to MailChimp for processing in accordance with the DPA. In no case will the information collected be shared with a tier.
Storage of information
Unless specified otherwise, the information you provide is stored either on Salesforce (read Salesforce’s commitment to GDPR) or our server at Infomaniak (read Infomaniak’s commitment to GDPR).
In the case of an online payment, some information will be stored on our payment processors (either Stripe for credit card payments or Paypal), depending of your choice. This information is kept secure and only for the purposes of processing the payment. We do not store any credit card information on our servers.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. Serve the City is not responsible for the privacy practices of other websites.