This Personal data policy applies to all the information you provide to us and/or that we collect about you, either as part of a support, member or contributor relationship or as a user of our services, including when you are active on our website. In the policy you can learn more about what information we collect, how we handle your information and the period we store information about you. You should read this policy and contact us if there is information in the policy that you cannot accept.
The data-responsible organisation for processing your personal data is:
DK- 1620 Copenhagen V
35 35 87 88
CVR 88 13 64 11
The overall legal framework for our processing of personal data is the Personal Data Protection Scheme (EU 2016/679) and the Data Protection Act (DK Act No 502).
The following are definitions of some of the main concepts of personal data law:
Personal data: Any form information about an identified or identifiable physical person. That is, any information which can identify, directly or indirectly, alone or in combination, a physical person.
Data responsible: The physical or legal person, public authority, institution or other body which alone or together with others determines for what purposes and for which means personal data may be processed.
Data processor: The physical or legal person, public authority, institution or other body processing personal data on behalf of the Data responsible.
Processing: Any activity or series of activities involving the use of personal data, such as collection, registration, systematization, modification of, search, grouping, entrustment or disclosure to persons, authorities, companies, etc. outside the organization.
Specific categories of personal data: Information on ethnic origin, political, religious or philosophical beliefs or trade union affiliation, genetic data, health data or information on the sexual or sexual orientation of a physical person, as well as information in the form of biometric data, provided that biometric data is processed for the purpose of uniquely identifying a physical person (sensitive information).
The GDPR (General Data Protection Regulation): Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free exchange of such data and repealing Directive 95/46/EC and related regulation.
Data Protection Act: Law 502 of 24 May 2018: Law on additional provisions for the Regulation on the protection of individuals regarding the processing of personal data and on the free exchange of such data.
Depending on whether you are a member of the association, support member, contributor, signer or perhaps simply use of our website, we are obliged to process your personal data to such an extent that we can provide you with the services you demand and that we can comply with the obligations we have as a charity. This applies both to handling your contributions – unless you choose to contribute anonymously – your possible purchases of services from us and/or when we manage your subscriptions or memberships with us. It may also be when using our petitions and similar campaigns, our member service and/or in connection with our marketing to you.
We collect this information directly from you:
As a starting point, when you support us as either join member, support member or contributor, we collect the following common personal data from you: first name and surname, address, zip code, city, mobile number, email address, registration and account number. In petitions, we collect first name, last name, email address and any mobile number.
In addition, we collect your CPR No. if you give it in connection with the facts that you want tax deduction of any contribution.
We also collect your IP address when you visit our websites.
We buy phone numbers of potentially interested persons with the aim of enlisting members.
If you support via text messages from a phone number, that we have not already connected to our database with a first and last name, we will associate your phone number with your first and last name if this information is publicly available.
We collect information about which school you are linked when you sign up for an event or order materials for schools, as well as when you deposit a collection from a school.
As a rule, we do not collect any sensitive personal data about you.
Specifically, we use your personal data for several different purposes depending on whether you are an association member, support member, contributor, volunteer, signer or job applicant with us or whether you are merely a user of our website.
If you are a support member or association member with us, we use your personal data to:
If you are a contributor with us, we use your personal data to:
If you are using our website only, we use your personal data to
If you sign on to our campaigns, we use your personal data to
When you become a member of the association or member of us, give a contribution or signature to us or enter into any other kind of agreement with us, we process your general personal data for that particular purpose. We may also process your regular personal data if, for example, you have a query or similar that precedes your decision to enter into an agreement with us. The legal basis for processing your personal data is Article 6(1)(b) of the Privacy Regulation(b), since the processing of your data is necessary for us to fulfil our agreement with you or for us to handle inquiries and the like prior to your possible conclusion of an agreement with us.
8.1 We also have the possibility to process your ordinary personal data because, we have a legitimate interest in processing the information about you, as provided for in Article 11(1) of Regulation (EC) No 1049/2001. Article 6(1) (f) of the Privacy Regulation (f), unless your right to obtain protection of your own general personal data takes precedence over our legitimate interest in processing your data.
8.2 We have a legitimate interest in processing your personal data (your name, phone number and your email address) for marketing purposes. Our legitimate interest thus consists in knowing your preferences so that we can better adapt our offer to you and ultimately offer campaigns, donation opportunities and services that better meet your needs and desires. Of course, we also comply with the rules of the Marketing Act. It is also with reference to this provision that we draw up various statistics on the number of members, contributions, use of the website, etc.
8.3 In certain cases, we are also legally obliged to process personal data about you. For example, it may be for the purposes of documentation of transaction tracks and the like under the rules of the Accounting Act. Among other things, we must store accounting material for five years from the end of the financial year to which the accounting material relates. It may also be in connection with reports to Tax so that you can get a deduction of your contribution to us. Taxes reports shall be made, indicating CPR No. tax control law, and that is why this is the basis for our processing of information on your CPR No.
8.4 As a charity within the meaning of Paragraph 8a of the Law on Equation, we can contact persons with the aim of entering into an agreement on membership of our organisation, as provided for in The Collection Act chapter. 1(2) and § 8 and § 11(3).
We may share your personal data with the suppliers and partners who assist us, for example, in the performance of your donation or fixed support, or who assist us in our IT operations, hosting, etc. This means that we can share your information with, for example, our service providers, our technical support and our bank. In paragraph 14 it is stated how we can share your data in order to be able to make remarketing that makes use of automatic decisions/profiling
In the case of petitions, we also can share your information with our main organization Oxfam International to the extent that this is legal. This is necessary as they administer our signature websites.
In addition to the above, we share your information to the extent we are obliged to do so, for example as a result of reporting requirements to public authorities such as tax.
Some of our service providers are outside the EU/EEA. It therefore happens that we share your personal information with recipients in countries outside the EU/EEA. However, this presupposes that:
We may also request your consent to transfer to recipients located outside the EU/EEA or that this is necessary as a result of an agreement with you or measures taken on agreement with you. These exemptions for transfer are covered by Article 49 of the GDPR.
You may at any time be informed or, where appropriate, a copy of the necessary safeguards on the basis of the transfer of personal data to recipients outside the EU/EEA or, where derogations referred to in Article 49 of the GDPR are used, the exceptions used for any transfer.
We store your personal data in accordance with the following rules:
If you are a member or support member with us, we will keep your personal data during the time you are permanently supported by us and up to five years after your last donation under the Bookkeeping Act. The five years also apply if you have made a single contribution. Personal data on registration and account number will be deleted 13 months. after your Payment Service Agreement has been terminated with NETS, according to the Payment Service Act of 2009, which requires us to be able to demonstrate that an agreement has been reached up to 13 months after the end of the contractual relationship.
If you are a user of our website and at the same time neither customer, member, former member or contributor, we will keep the information we have registered about you for up to 2 years.
If we have purchased personal data and contacted you in order to become a member, we will store your information indefinitely in the event that you have declined to receive marketing materials or be contacted by Oxfam IBIS at all, so that we can take your requirement into account. If we don't get in touch with you, we'll delete your data after 24 months.
Insight: You have the right to gain insight into the personal data we process about you. By writing to us (at the above address – see section 2.1), you can request access to the personal data for which we have registered about you, including the purposes for which the information was collected. We will comply with your insight request as soon as possible.
Rectification and deletion: You have the right to request correction, additional processing, deletion or blocking of the personal data we process about you. We will comply with your request as soon as possible to the extent necessary. If we cannot meet your request for any reason - we will contact, you.
Restriction of processing: You have the right under exceptional circumstances, to have the processing of your personal data restricted. Please contact us if you wish to restrict the processing of your personal data.
Data portability: You have the right to receive your personal data (information relating to yourself that you have provided to us only) in a structured, commonly used and machine-readable format (data portability). Please contact us if you want to take advantage of the possibility of data portability.
Right of objection: You have the right to ask us not to process your personal data in cases where the processing is based on Article 6(1)(e) (task in the public interest or public authority exercise) or Article 6(1)(f) (legitimate interest). This policy shows the extent to which we process your information for such purposes. You can exercise the right to object at any time by contacting us.
Withdrawal of consent
If the processing of your personal data is based on your consent, you shall at any time have the right to withdraw your consent. Your withdrawal does not affect the legality of the processing that was completed before you withdrew your consent. Please contact us if you wish to withdraw your consent.
If you wish to withdraw your consent to receive contribution-enhancing information and offers in general, including by regular mail, email, via SMS, by telephone or through other electronic means, you can do so at any time by writing to firstname.lastname@example.org. If we are unsure about your identity, we may ask you to identify yourself. Apart from the general communication costs, this is free of charge.
You can write to our Data Protection Advisor Ole Møs on email@example.com to make use of one or more of the above rights.
There may be conditions or restrictions attached to the exercise of the above rights. It is therefore not certain that, for example, you are entitled to data portability in the specific case - it depends on the specific circumstances of the processing activity in question.
If you are obliged to provide information about yourself to us, it will appear where we collect the information. If you do not want to provide the personal data we ask for, then it may have the consequence that we cannot provide the services to you that you demand, start a membership, make a donation, give a signature, etc. Necessary information according to the purpose of the processing will be marked with * on the websites where we collect your personal information.
We use automatic decisions as part of our marketing through Facebook and Google. This means that we can use the common personal data we collect by uploading a list of contact information to Facebook or Google to remarketing. This allows us to show relevant ads to you and others who have an interest in supporting our cause. This also tracks your commitment (like, comment, sharing, etc.) from users within Facebook and gives us as an advertiser better opportunity to target our content to them.
In the organization, our processing of personal data is subject to our IT and security policy. Our IT and security policy also include rules for carrying out risk assessment and impact assessment of existing, as well as new or modified processing activities. We have implemented internal rules and procedures for maintaining appropriate security from the time we collect personal data until deletion, and we only leave our processing of personal data to data processors who maintain a corresponding appropriate level of safety.
If you are unhappy with our processing of your personal data, you can complain the Danish Data Protection Agency:
The Danish Data Protection Agency
Borgergade 28, 5. Sal
DK- 1300 Copenhagen K.
Phone 3319 3200
Oxfam IBIS is committed to respecting the basic principles of the protection of personal data and data protection. We therefore regularly review this policy in order to keep it updated and in accordance with applicable principles and legislation. This policy is subject to change without notice.
Significant policy changes will be published on this website along with an updated version of the policy.
Any changes we may make to this policy in the future will be made public on this page and may be notified to you by email.
This Personal Data Policy has been last updated on 25 February 2020.