How We Use and Protect Your Data
Latest revision: May 2021. Revision information is located at the bottom of this page.
Privacy International ("PI") strongly believes that you have the right to control the use of your personal information, and that your privacy must be respected. We strictly limit the collection and processing of your personal data, and to the best of our abilities we will work only with other organisations who do the same. We will not use personal data that you provide to us in a manner inconsistent with the purposes for which you provided it to us, as set out below.
We do not sell, rent or lease personal data.
We will vigorously challenge any attempts by government agencies or private sector organisations to gain access to any information that you give us.
- Supporter and Donor Information
- Cookies Policy
- Social Media
- Volunteers' and Applicants' Information
- Research and Investigations
- Your Data Subject Rights
- How to Contact Us
- Changes to the Policy
The data controller for data collected and processed in accordance with the Policy is Privacy International. Privacy International is a registered charity (No. 1147471) with the Charities Commission of England and Wales, and a registered company (No. 04354366) with Companies House of England and Wales. Our address is Privacy International, 62 Britton Street, London, EC1M 5UY, United Kingdom.
Privacy International collects and processes as little personal data as possible in order to achieve our mission, which is described on our About Us page.
We collect and process various types of personal data depending on your relationship with PI. We may collect and process personal data relating to the following people:
- Contractors/ Consultants
- Applicants (for any of the above roles) (See Volunteers’ and Applicants’ Information)
- Employees of PI Partners
- Supporters and Donors
- Website users (see Website and Cookies Policies)
- Individuals who contact PI directly (see Communications and Social Media)
- Research subjects (see Research and Investigations)
The types of personal data we may process, for the purposes described below, include:
- Email address
- Home address
- Phone number
- Biographical information
- Immigration status
- Employment and employer details
- Financial information (including donation history and details about your taxpayer status when claiming GiftAid)
- Communications Preferences (primarily through our Mailing List)
- IP addresses
- Pages accessed on any of Privacy International’s websites
- History of actions taken on our campaigns and fundraising website
- Cookie session data (as described further in our Cookies Policy)
Generally, we do not collect or keep a record of sensitive personal data and only do so in very limited circumstances, primarily when an individual has chosen to provide us with this data.
We process some sensitive personal data for Human Resource purposes, for example, about PI’s employees as far as necessary to fulfil our duties as an employer. On occasion we may also process sensitive personal data of others engaging with PI, for example where an individual provides us with information relating to accessibility needs for the purpose of arranging a meeting or where an individual contacts PI and their communication includes sensitive personal data. We do not use this data for any other purpose other than that for which it is provided.
We may on occasion process sensitive personal data in relation to our research and investigations, for example when conducting research into potential or current subjects and participants of our research and investigation projects in the context of PI’s mission. This data may be provided to us by the individuals themselves, from publicly available sources or from third parties.
We also collect and process data in connection with our Action Platform (see more detail below under Supporter and Donor Information). Privacy is an internationally recognised human right. However, we appreciate that in certain circumstances, the data you submit on this website may reveal data that could be considered sensitive personal data (reflective of your political or philosophical views) e.g. indicating that you are interested in privacy in a specific country, have sent a letter to a specific company to complain about its privacy practices, have signed a petition to support one of our campaigns, or have donated to our appeal to support one of our cases.
When using our websites, you are not required, as a statutory requirement or as a necessity to enter into a contract, to provide us with personal data for processing as described in the Policy. Our Action Platform, however, requires minimal information, such as an email address, for you to take an action. You can create an account on the platform without providing any personal data other than your email address, but you can choose to provide us with additional information. More detail about how your personal data is used for the features on the Action Platform is provided when you are inputting the data.
We collect and process personal data for the following necessary purposes:
- To administer our websites;
- To respond to any communications, queries or requests for information or services from you, howsoever received;
- To receive and process financial donations;
- For recruitment, employee and human resources management purposes;
- For auditing purposes;
- For procurement of services;
- For managing our relationships with PI Partners;
- For research, investigations and campaigns in connection with our mission and charitable objectives, which are described on our About Us page and on the Charity Commission website;
- To understand our supporters’ and donors’ engagement with us and our campaigns;
- To comply with our legal or regulatory obligations; and
- To establish, exercise or defend legal claims.
Privacy International will only process personal data when we have a legal basis for doing so. The legal basis that we will rely on will depend on the circumstances in which we collect and use your personal data. In almost all cases, the relevant legal basis to process personal data is that the processing will be one of the following:
- Based on your consent to use your data in a certain way (for example, to communicate with you through our mailing list). Your consent may subsequently be withdrawn at any time by editing your preferences or contacting us as specified in the How to Contact Us section of this Policy without affecting the lawfulness of processing based on consent before its withdrawal.
- Necessary in order to take steps prior to entering into a contract or for the performance of a contract (for example, for recruitment, for human resources management and to manage those carrying out work on behalf of PI);
- Necessary to comply with legal requirements (for example, to comply with applicable regulatory obligations and employment law); and
- Necessary for our legitimate interests (for example, to administer our websites, to manage our donations, to carry out research and investigations consistent with our mission and to manage volunteers). We will only rely on this legal basis where we’ve identified the purpose (the legitimate interest), assessed that the processing is necessary for that purpose and conducted a balancing test to ensure that this interest is not overridden by the interests, rights and freedoms of the individual.
Personal data shall be subject to additional safeguards to ensure this data is processed securely. For example, we work hard to ensure data is encrypted when in transit and storage, and access to this data will be strictly limited to a minimum number of individuals and subject to confidentiality commitments.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to any of our websites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. When possible, encryption is used, both in transit and storage. Access controls within the organisation limit who may access information.
Our Action Platform is hosted on Microsoft Azure and operated by Circle Interactive, so we rely in part on these third parties to protect the data you provide through it. When you donate to us, third party payment processors collect your data and process the payment, and interact with your bank or credit card issuer. At any moment, you can change or delete that data. If you ask for your preferences to change or for data to be deleted, we keep a record that we deleted your data, e.g. (in an analogue way) "email@example.com has unsubscribed from our fundraising notifications and removed his country of residence."
We never transfer your data outside of the United Kingdom ("UK") or European Economic Area ("EEA") unless we have your explicit consent for it, or on the basis of specific safeguards in individual circumstances of which we’ll let you know if they apply to your data.
At PI we administer, run, and use a series of services and infrastructure that may process your personal data.
We maintain direct control over as many processes as we can. As necessary in connection with the above purposes, your personal data may be transferred to the Board of Trustees or our authorised third-party service providers and partners. We conscientiously select and review authorised third parties when possible and review their privacy and security policies. These authorised third parties may be engaged in, among other things, the processing of donations, technology support, outreach campaigns, or research projects carried out in connection with our mission. Limited members of Privacy International staff or the staff working for these third parties may also access and otherwise process your personal data in connection with their job responsibilities or contractual obligations.
Some of these personnel and authorised third parties (for example payment processors) may transfer data outside the UK or European Union (“EU”). We take appropriate steps to ensure that data remains within jurisdictions with adequate protections for personal data and ensure that recipients of personal data from us are bound to duties of confidentiality, where relevant or appropriate. Where this is not possible, we rely on data minimisation, and as much as possible, the selection of trusted companies with privacy policies and auditable processes which we have reviewed, and seek to ensure that there are adequate safeguards in place for protecting transferred data, for example Standard Contractual Clauses. For more information on the safeguards for transfer in a particular operation please contact us. We may also be required to disclose or otherwise process your personal data in the context of a regulatory audit to which we may be subject from time to time.
These services may include:
- Internet resources we administer and control but are hosted by third parties, e.g. our website (www.privacyinternational.org and our onion service) and our media server (media.privacyinternational.org), services we use to work with our board and partners, a URL shortener (pvcy.org), our analytics service, our external cloud, and our search server. These are hosted by providers who will have log data and with whom we have data processing agreements under which they act as processors for us. Servers are currently hosted by Leaseweb and Hetzner.
- Internet resources for which we are administrative users but that are operated by third parties with whom we have data processing agreements under which they act as processors for us, e.g. our Action Platform (that is currently hosted on Microsoft Azure and operated by Circle Interactive).
- Internet resources we do not control where we have accounts operated by third parties, e.g. SIP phone, email, social media, third party content providers (search engines, podcasts, video), surveys, payment processors, calendaring, conferencing services. These third parties have privacy policies in place that govern how users' data are used: phone (Andrews & Arnold), email (GreenNet and Protonmail), survey (SmartSurvey), calendaring (Microsoft), conferencing services (Jitsi, Microsoft, Zoom).
- Infrastructure providers we use where data may be processed, e.g. cloud backup services (though data is encrypted at rest), DNS and CDN, certificate authorities, and service uptime monitors. These providers have privacy policies in place that govern how data are used: backup (Microsoft), DNS and CDN (Cloudflare).
- Services where our staff, partners, and trustees’ data may be processed, including our internal services that we host; our external services that we administer and control with a third party host; services we administer but are hosted in the cloud; services where we are administrative users but do not control (e.g. email, calendaring), and services where we are users (e.g. email). These are governed as described above based on agreements and/or policies. Our servers are currently hosted by Leaseweb, Hetzner, Microsoft or Amazon Web Services, email by GreenNet and Protonmail, and calendaring by Microsoft.
We ensure that personal data is retained only for as long as necessary in accordance with the above purposes and applicable laws. We retain personal data for the following indicative periods:
- Donations data: 4-5 years following the end of the fiscal year in which the donation was made
- Supporters’ data (provided through our Action Platform): until you ask us to delete your data or otherwise withdraw consent
- Communications of members of the public with PI: 3 months from last correspondence
We collect and process data when you communicate with us through various means.
- Communications from the public via our website’s ‘contact us’ form are received by email and are reviewed by PI staff, sent onwards when necessary to other staff members, and deleted as quickly as possible.
- Communications from media and journalists via our website or by direct email to firstname.lastname@example.org are all received by email and are reviewed by a staff member and then sometimes shared with other staff members.
- Communications from the public with regards to our public accountability are received by email and are exclusively reviewed by PI’s Executive Director.
- Emails received from our supporters are reviewed by PI staff, sent onwards when necessary to other staff members, and deleted as quickly as possible.
- Communications with our stakeholders and adversaries, through our staff email addresses or our public facing email addresses, are treated confidentially. We may publish these communications if we consider it to be in the public interest and in line with data protection law, removing personal information when irrelevant to the purpose of publishing.
We do not disclose the names of senders or contents of their communications to others outside of Privacy International, i.e. third parties, without your permission or unless strictly necessary.
We administer a mailing service, on our Action Platform, for notifications by email based on interest in topics that you have explicitly indicated to us. Outgoing messages are processed by our mail service and internet providers.
Information we receive by post is collected and reviewed by PI staff member and sent onwards when necessary to other staff members. These items are retained or destroyed according to our retention policy. We use our best efforts to prevent disclosure of the names of senders to third parties, consistent with our legal obligations and we endeavour to keep files secure. If the content of messages is shared with third parties, we de-identify the messages as much as possible.
Telephone calls received on our number are serviced by our phone and internet provider. The traffic data for these calls may be retained in accordance with various laws on the retention of communications data.
We collect and process data you disclose to us on our Action Platform because you signed up to our mailing list. This includes the email address that you provide to us, and any biographic data (name, country of residence) or data about your areas of interests that you have volunteered when signing up to receive news from us. This can be sensitive as it could indicate your beliefs or opinions. Having your name helps us address you, but it is entirely optional. This is the difference between Dear Sarah and Dear [blank]. Knowing your country helps us know if we have a substantial number of supporters in a particular country. This would, for example, help us to better understand if we should be creating content in other languages.
We collect and process data about your engagement with our campaigns through our Action Platform. For example, if you sign a joint letter asking internet companies not to help governments to hack you, we will keep a record of this action against your email address, and your name if you have provided it to us. This can be sensitive as it could indicate your political beliefs or opinions. The nature of the campaigning action you take may require us to retain data on your participation and share it with others, with your consent. So if you signed a petition, we may need to keep a record of the fact that you signed so that we can share this with the petition target. We may also use this data to contact you about the progress of a campaign, and will seek your consent to contact you about other related campaigns. How your data will be treated in a specific campaign will be explained to you when you sign up.
We collect and process data provided by prospective and current donors. This data may include contact details, biographic data (name, physical address), financial information, donation history, data about your tax residency, and employer details. When you donate, we also hold a record on our Action Platform of the fact that you have donated, the date on which you donated and the amount which you donated. We do not purchase such data, so we only collect data given to us by the individuals themselves. In order to assist us with the technical process of managing and recording our donations for audit purposes, this information may be processed through CiviCRM software that we control but is maintained and hosted by our contractors. This software allows us to see the email address of the donor, how much has been donated, when it was donated and whether it is a recurring payment. From May 2021, through our Action Platform, we also collect and process data provided by supporters who support our actions by, for example, signing a petition. When you do so, our records will show your email address and the fact that you have signed a petition on a certain date. If you do so while logged into your supporter account, our account records for you will show all actions you have taken and donations you have made.
In accordance with each of their privacy policies, we may have access to or be provided with data by these platforms for the purpose of managing donations.
We will ask UK-based donors wishing to make a donation under the Gift Aid scheme to complete an online or hardcopy Gift Aid declaration form. (If you donate via PayPal Giving Fund, you can also complete a Gift Aid declaration form, which we do not receive.) We are required to store an auditable record of those donors -- full name, home address and details of the donation -- in order to process the Gift Aid donation. To make a Gift Aid repayment claim, we are required to share that data with the UK Government -- HMRC's Gift Aid service, Charities Online. Please contact email@example.com for further information on making a Gift Aid donation.
We design and administer our web services to limit the amount of data collected. We endeavour to protect users and their data when we process data collected.
It is helpful to Privacy International to know how our websites are used. To undertake analysis of how our site is used, we use Matomo, YOURLS and server logs to see statistics in relation to our website use, for the following purposes:
- To know how many visitors per day visit our site
- To know how much traffic we are sending outbound
- To know which items on our site are being downloaded (e.g. PDFs, long-form, reports, short items) and how many times
- To identify items not found, i.e. 404s so that we can fix them
- To identify the types of operating systems being used and browsers so we can design our site accordingly
- To identify the time of day when our site is most used in case we want to do syncs and repairs (that result in our site being down temporarily)
- To identify the percentage of the traffic that is going out over our Tor service.
These statistics are only available to PI. We keep the aggregate data indefinitely, and use this aggregate data to report internally, to our Board, and to our funders. For instance, we will report to our Board that an investigation report was downloaded X number of times. We do not seek to identify individuals nor specific devices -- instead we obfuscate the last two octects of the IP address for this processing.
Our hosting provider, Hetzner Online GmbH, may collect and use the logs and other information for their own business purposes, such as for troubleshooting and defining usage patterns, in accordance with their policies and relevant law. Hetzner are based within the European Economic Area, and are bound by German federal data protection law.
Our Action Platform is hosted by Microsoft Azure in the UK. All data held there is protected under UK data protection law.
On our Action Platform -- action.privacyinternational.org -- if someone decides to log-in and asks for their details to be remembered by their browser, we set a cookie for this purpose.
|Sess*||Used to restart your sign-up session in case the user gets interrupted and must restart.||23 Days|
We use social media and social networking services to advance our work. These applications require the use of third party service providers. Notably, we have a Facebook page, Instagram account, Twitter feed, a Mastodon account, articles published on Medium, and YouTube and PeerTube channels:
- The Facebook page is administered by Facebook, in accordance with Facebook's Data Policy available here, and is accessible by Facebook users who have already consented to Facebook's Data Policy. The Group page is managed by Privacy International staff members. We do not export information on our followers from the Facebook platform.
- PeerTube is a self-hosted video streaming platform using P2P directly in your web browser, developed by Framasoft. You can find more information about P2P and Privacy here.
We use direct messaging over social media on occasion, when individuals and organisations contact us directly on these social media platforms. We aim to delete these messages as soon as we have responded to the queries.
We will continue to push social media companies for stronger privacy protections for all their users.
Occasionally we receive employment information from prospective employees. This information may include the individual's CV, biographical information, contact details, immigration status, photograph, and references. This information is shared with relevant staff internally until that individual becomes a candidate for employment. At that point we may share the CV with our trustees. We delete your application once it is no longer necessary for the recruitment exercise.
We also collect and process prospective and current volunteer data for recruitment and administration purposes. This data may include biographical information, contact details, immigration-related information, references, and payment details for reimbursement purposes. Again, we delete your application once it is no longer necessary for the recruitment exercise. We keep all accounting and administration information for auditing purposes, in accordance with standard practice and UK law.
We collect and process data in relation to our research and investigations, for example when conducting research into potential or current subjects and participants of our research and investigation projects. This data may be provided to us by the individuals themselves, from publicly available sources, or from third parties. This data may include biographical information; contact details; employment details; financial information; photographs; and information on racial or ethnic origin, political opinions and interests, trade union membership, religious or philosophical beliefs, sex life or sexual orientation and concerning the commission (or alleged commission) of any criminal offence, and any related proceedings and sentences. This data is used to carry out research and investigations in connection with our mission, which is described on our About Us page.
You have rights under data protection law over your personal data.
You are entitled to request access to, rectification of, or erasure of your personal data. You are also entitled to request restriction of collection and/or processing of, or object to certain types of collection and/or processing of your personal data. You have the right to ask us not to collect and/or process your personal data for marketing purposes; we currently require your consent by opting-in, and you can change your preferences at any time. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You may also, in some circumstances, have a right to data portability.
We will provide you with a response to your requests in accordance with UK data protection law. Requests can be submitted at any time by email to firstname.lastname@example.org, or by post to the physical address set out below. You also have the right to lodge a complaint with the corresponding data protection supervisory authority in your country of residence. You can find the relevant supervisory authority name and contact details here. In the UK the data protection supervisory authority is the Information Commissioner.
Please read the Policy carefully. To update your preferences, review or update your information, submit a request, raise any issues regarding the processing of your personal data or raise any questions, comments, or concerns about the Policy, you may contact us by writing to Privacy International, 62 Britton Street, London, EC1M 5UY, United Kingdom, or email@example.com.
In the event that the Policy is changed at any time, the date and nature of the change will be clearly indicated in this document. In the event that the change has a material impact on the handling of your personal information, we will contact you to you to inform you of the changes and where appropriate seek your consent.
Updated in May 2021 to explain how our new Action Platform works, and reflect various changes to our service providers. If you want to see the tracked changes in a PDF, then click here.
Updated in May 2018 to take into account the EU General Data Protection Regulation taking effect on 25 May 2018. We have also stopped using Piwik analytics until we can ensure it is implemented in a compliant manner.
Updated in November 2017 as part of a review of our personal data handling practices and our new website as well as changes to providers. Also updated to take account of the new General Data Protection Regulation which will come into effect throughout the EU on 25 May 2018.
Updated in December 2014 as part of a review of our personal data handling practices, and our new website, and changes to providers.
Updated in June & July 2012 to take account of the "Cookies law", and explain that we now honor DoNotTrack through our Piwik analytics suite. We also added a cookies section to the Policy. We also updated the email provider to remove references to our previous provider, and note that our mail is hosted by GreenNet. We also made updates due to our status as a charity.
Updated in May 2012 to notify of analytics (Piwik) now run by Privacy International not a trusted partner.
Updated in June 2011 to notify of our transition to using analytics. In May 2011 we began using analytics on our website to monitor when, where and how people access information so that we can redesign the site to better suit our users' needs. We selected to use our own Piwik implementation because it included some privacy elements in the design process. While we disagree with the use of the term 'anonymity', we have implemented AnonymizeIP, which removes the last octet of the IP addresses. We are looking into the use of iframes for the purpose of enabling an opt-out but we are concerned with the abuse of iframes.
Updated in February 2011 to notify users of our transition to new internet services. In particular, we have moved to a Drupal-based website that uses session cookies. The current configuration involves session cookies that last one month, but we are trying to find ways to reduce that period of time.
Updated in November 2009 to include information on our use of Social Media.
Updated in July 2009 to change our mailing address.
Updated in April 2007 to fix syntax errors and add information regarding Neomailbox's privacy practices for our communications data.
Updated in March 2007 to include language regarding the processing of data by PayPal.