Privacy notice for members
Last updated 1 March 2021.
The type of personal information we collect
GNDR currently collects and processes the following information on its members:
- Personal and organisational names, contact details, age and gender, and interests with respect to disaster risk reduction
How we collect personal information and why we have it
The personal information GNDR processes is provided directly by you during your membership application process or through direct communication with us for one of the following reasons:
- So that we can understand members interests in disaster risk reduction and facilitate connection with other CSOs
- So that we can offer tailored capacity strengthening exchange with other members
- For members involved in implementing projects with donor funds accessed through GNDR, the information allows us to manage those donor contracts
We may share this information with other GNDR members, and if involved in a donor project, then with the specific donor for that project.
Under the General Data Protection Regulation (GDPR), the lawful basis we rely on for processing this information is:
- Consent given by you. You are able to remove your consent at any time; You can do this – logging into the Community Platform profile
- For members involved in donor funded projects, GNDR has a contractual obligation
- We have a legitimate interest
How we store your personal information
Your information is securely stored. All member personal data is held on our IT equipment and servers hosted by:
- Salesforce, which stores data in the USA
- Google which stores data in the USA
- From time to time we may use third party survey providers to access feedback from members
We keep your personal information for two years after the last activity in the network (opening a communication, logging into the Community Platform). We will then seek to contact you prior to deleting your information from our systems.
Your data protection rights
Under data protection law, you have rights including:
- Right of access: you have the right to ask us for copies of your personal information
- Right to rectification: you have the right to ask us to rectify personal information you think is inaccurate or incomplete
- Right to erasure: you have the right to ask us to erase your personal information in certain circumstances
- Right to restriction of processing: you have the right to ask us to restrict the processing of your personal information in certain circumstances
- Right to object to processing: you have the right to object to the processing of your personal information in certain circumstances
- Right to data portability: you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at email@example.com if you wish to make a request.
How to complain
If you have any concerns about how we use of your personal information, you can make a complaint to us at firstname.lastname@example.org.
You can also complain to the Information Commissioner’s Office if you are unhappy with how we used your data. The ICO address is:
Information Commissioner’s Office