At WWF we rely on the support of individuals to carry out our vital conservation work. That is why we want to be completely transparent about why we need the personal details we request when you engage with us and how we will use them.
As you browse our website and whenever you communicate with us, we collect information. It deepens our understanding of what works and what doesn’t, which helps make our communications more effective.
We take protecting your privacy very seriously and will always take all reasonable steps within our power to make sure your information is safe.
‘Personal information’ is information, or a combination of pieces of information, that could reasonably allow you to be identified.
Please read this policy carefully to understand how we collect, use and store your personal information. We may update this policy from time to time without notice to you, so please check it regularly, particularly if you are sending personal information to us. Any significant changes will be notified to you.
3.C. HOW WE COLLECT INFORMATION ABOUT YOU
We use different methods to collect data from and about you including through:
We get information directly from you, for example when you sign up for our newsletter. For information about when we may collect data about you, see WHEN WE COLLECT INFORMATION.
Automated technologies or interactions
Similarly if you receive an email, open it, don’t open it, select a link, browse our website, we collect this information so we can see which stories are popular and which aren’t. And next time we’ll do better so that more people will be inspired by the work they are helping to achieve.
Third parties or publicly available sources
We may obtain your personal information through your use of social media such as Facebook, Twitter or LinkedIn, depending on your settings or the privacy policies of these social media services. To changes your settings on these services, please refer to their privacy policies which will tell you how to do this.
In a very limited number of cases, we may use desk research, profiling and screening techniques to analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you, to be prepared when we meet you. We do this because it allows us to make appropriate and relevant approaches and target our resources more effectively. We may on occasion use third party suppliers to undertake these activities on our behalf and provide them with your information to the extent required.
Such information is compiled using publicly available data about you. This helps us understand the background of the people who do or may support nature. Collating this publicly available information helps us better understand your motivations and preferences.
3.D. WHAT WE USE YOUR INFORMATION FOR
We use personal data for a number of different processing activities which includes:
- Providing you with the information you have requested
- Keeping you up to date with the work we are doing and the latest EU Nature news and campaigns
- Keeping a record of your relationship with us
- Asking for non-financial support
- Managing your communication preferences, including marketing preferences
- Understanding how we can improve our services, or information
- Sending you tailored communications and displaying relevant adverts which we think will be of interest to you
- Sending you marketing materials including campaigning and events
- Inviting you to events and to take part in campaigns and support our advocacy work
- Analysing our database for statistical purposes, and to better communicate with you about things we think will be of interest. Note that this is on a generic rather than an individual level to ensure that our communications are cost effective
- In limited circumstances, analysing the personal information we collect about you and using publicly available information to better understand your interests, preferences and level in special circumstances when we may meet with you
4. OUR LEGAL BASIS FOR PROCESSING DATA
All of our use of personal data is in accordance with the law. The law requires us to only process data where we have a valid legal basis for doing so. Most commonly, we will use your personal data in the following circumstances:
- Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (as set out below).
- Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending newsletters, or emails about campaigns and events (as detailed in section 5.b). We may also provide you information on similar campaigns or events, if you have previously participated in events or campaigns with us, and have not opted out of receiving such information. You have the right to withdraw your consent to marketing at any time by contacting us or clicking the unsubscribe link in the email communication we send you.
WWF-EU’s legitimate interests include administering the NGO, sending you advocacy materials by email, and understanding our audiences. A summary of each of these and some examples of how we may use your data in these ways on the basis of it being within our legitimate interests to do so are set out below:
Administration of the NGO.
As an NGO our mission is to conserve the natural world for future where people and nature thrive. In order to deliver against these charitable purposes, we need to undertake certain processing activities. Some of these will be to govern our NGO, and some will be for operational administration reasons.
Specific examples of processing activities under this legitimate interest include:
Operational administration such as:
- Recording your communication and marketing preferences and maintaining suppression files so we don’t contact you when you have asked us not to
- Keeping a record of who our stakeholders, and your relationship with us
- Reviewing our database of audiences across the organisation for historical, scientific and statistical purposes
Financial management and controls such as:
- Recruiting and processing job applications
- Keeping employee records and monitoring
- Health and Safety
- Management and planning purposes
- Thanking you for your support
- Keeping you up to date with the work you are supporting and the latest conservation news
To contact you by post and phone.
- Processing supplier invoices
- Administering grants for our programmatic work
- Taking steps to prevent fraud, knowing our donors, and taking steps to ensure there is no misuse of services or money laundering
Contact with our supporters is vital to the way we operate. We want to keep in touch with you and, along with telling you how your support is helping and what we have achieved together, we also want to keep you up to date with the numerous activities you can get involved with. We believe it is in our legitimate interest to send you such materials by email, unless you have told us you prefer us not to. In order to achieve our mission we need people like you to support us, and to gather your support we need to be able to contact you.
Specific examples of processing activities under this legitimate interest include:-
- Sending marketing materials as detailed below, including:
- Asking for non-financial support
- Inviting you to take part in campaigns and support our advocacy work
- Inviting you to events by email
- Providing you information, if you have previously taken part in campaigns, and have not opted out of receiving such information
- Understanding our audiences
It is important that we understand our audiences. If we don’t understand you, then we cannot communicate with you in a meaningful way, and in a way which will be engaging and interesting. If we understand you, then we are better able to direct communications to you which you will be interested in..
In order to understand our audiences
better, we undertake a number of processing activities including analysis, research, profiling and customising your experience as detailed in this policy.
Specific examples of processing activities under this legitimate interest include:
- Analysing our database and seeing what has worked and what hasn’t. This helps us develop our services, and helps inform our advocacy strategy so we only send you information that we think will be of interest to you, and so that we understand the effectiveness of the information we serve you.
- Researching your interests - we want to utilise your donations in the most cost effective way, and so we don’t send blanket messages to the entirety of our database. Rather, we deliver content we think will be relevant to you and personalised when appropriate.
- In limited circumstances, analysing the personal information we collect about you and using publicly available information to better understand your interests, preferences so that we can contact you more effectively.
- Customising your experience and displaying more relevant information to you.
If you would like more information on our uses of legitimate interests or to change our use of your personal data in this manner, please contact us.
5. WHAT WE COMMUNICATE WITH YOU ABOUT
5.A. WHAT YOU’VE REQUESTED
We communicate with you about what you have asked us to – to provide the service you have requested. For example, if you have signed up to a campaign, we will keep you in touch with our campaigns. If you have signed up for our newsletter, we will keep you up to date with the latest EU environment policy news and updates.
In addition to EU policy news and updates on our work, we may also contact you about three other things (note: these detail examples of the types of communications we may send, and are not exhaustive):
: we’d love to tell you about our campaigning activities and advocacy work so that you can get involved. This could be telling you about activities such as how to make greener lifestyle choices, writing to your elected representative (for example MP, MEP or AM), signing a petition, contacting businesses or sharing campaign communications to influence for positive change for the environment.
we run a host of events which we may like to invite you to.
The law distinguishes between the channels you choose to receive this information, and so we give you different options when we ask to use your data in this way.
We will always ask for your consent if we want to contact you by email if you are not working for an organsation realted to our work . This is because, as a non profit, each of these activities is fundamental to how we work, so we have a legitimate interest to contact you, as described in section 4 above.
When you give us your details we will tell you what we are going to do with them. You will always be given the opportunity to opt-out of receiving these materials if you prefer not to. You can unsubscribe at any time.
6. MARKETING PREFERENCES
We make it easy for you to tell us how you want us to communicate with you. Our communications have clear marketing preference questions and we include information on how to opt out when we send you materials, which in the case of emails, is by means of an unsubscribe link.
7. WHO WE SHARE YOUR DATA WITH
7.A. THIRD PARTIES FOR THEIR MARKETING
We do not sell or share personal details with third parties so that they can market to you.
7.B. SERVICE PROVIDERS / SUPPLIERS
As with other organisations, we do not undertake all of our processing activities ourselves and we appoint suppliers to help us out. For example, if we use Mailchimp to send our newsletters. In order to do this we need to share your personal data with them so they know where to send it.
In this cases and others, we ensure that we have a contract with the supplier and as part of that agreement the supplier agrees to respect the security of your personal data and to treat it in accordance with the law. We only permit suppliers to process your personal data for specified purposes and in accordance with our instructions.
If you would like further information on our third party processors please contact us.
7.C. INTERNATIONAL TRANSFERS
We may need to transfer your personal data to suppliers based in the US or other countries outside of the European Economic Area (EEA) to allow them to perform services on our behalf (such as when you sign up for a petition to help safeguard the natural environment). In doing so, your data may be stored or otherwise processed outside of the EEA.
In most cases, we do not transfer your personal data outside of the European Economic Area (EEA). However, as we are part of a global network, there are some instances in which we may share your data within our Network. These instances are limited and are mainly where one of our Network offices wants to refer a contact to another office who would be better placed to contact the individual or manage the relationship, for example, where they live or work in that country.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards are in place:
- the country has been deemed to provide an adequate level of protection for personal data by the European Commission;
- a specific contract which is approved by the European Commission and gives personal data the same protection it has in EEA, has been entered into with the supplier; or
- Where we use service providers based in the USA, it is accredited under the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the USA.
7.D. SOCIAL MEDIA
Depending on your settings and the privacy policies for social media and messaging services like Facebook and Twitter, you might give us permission to access information from those accounts or services.
7.E. WHERE REQUIRED
In other cases we will not disclose any of your personal data except in accordance with this policy, or when we have your permission, or under special circumstances, such as when we believe in good faith that the law requires it or to protect the rights, property and safety of WWF, or others. This includes disclosing your details if required to the police, regulatory bodies or legal advisors.
8. HOW WE KEEP YOUR DATA SAFE
We have appropriate physical, technical and managerial controls in place to protect your personal details; for example our online forms are always encrypted and our network is protected and routinely monitored. Within our offices only those who have a business need to access your information and who are trained in handling data securely will have access to your information. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Whilst we hope it will never happen, we have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are required to do so.
When we use external companies to collect or process personal data on our behalf we undertake due diligence on these companies before we work with them, and put a contract in place that sets out our expectations and requirements, including keeping and using your data securely.
Our website may, from time to time, contain links to third party websites. If you follow a link to any of these websites, please note that these websites will have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Despite all of our precautions however, no data transmission over the internet can be guaranteed to be 100% secure. So, whilst we strive to protect your personal information, we cannot guarantee the security of any information which you disclose to us and so wish to draw your attention that you do so at your own risk.
9. HOW LONG WE KEEP YOUR DATA FOR
We will only keep your personal information for as long as is necessary for the purpose for which it is collected, which may include the purpose of satisfying any legal, accounting or reporting requirements. If you request that we stop sending you materials we will keep a record of your contact details and the appropriate information to enable us to comply with your request not to be contacted by us.
9.A. RETENTION OF YOUR DATA
In order to determine how long we keep your data we look at the category of data and the reason we collected and have processed it. We look at whether that reason is ongoing and whether you are active or not. We consider you to be active if you have opened our mailings and have interacted with us in some way such as if you have corresponded with us, signed up for a petition, newsletter, or attended an event any time within the preceding two years.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve these purposes through other means, and the applicable legal requirements.
As detailed above, we may hold personal data about individuals who interact with us in other ways (see WHAT INFORMATION WE COLLECT). We have a data retention policy which addresses each type of information we hold. Please get in contact if you would like to find out more about how long data is kept in these circumstances.
9.B. WHAT HAPPENS WHEN WE ANONYMISE OR DELETE YOUR DATA
When we anonymise or delete your data, we will ensure that it is no longer identifiable to you. We may keep anonymised data for future analysis on aggregated data so that we can understand our supporters better. This may be for research or statistical purposes, or for any other purpose, and we may use this information indefinitely without further notice to you.
10. HOW TO FIND OUT WHAT INFORMATION WE HAVE ABOUT YOU
You can request the details of the personal information we hold about you.
If you want to access your information, please contact us and send a description of the information you want to see and proof of your identity.
We may then need to ask you for further information in order to service your request, such as confirmation of your identity, or whether there is any specific data you would like or from a specific time period. We may send you a form in order to assist you in this.
We will respond to you within two months of your legitimate request. You will not have to pay a fee to access your personal data however we reserve the right to charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively we may refuse to comply with your request in these circumstances.
11. WHAT TO DO IF YOU DON’T WANT US TO PROCESS INFORMATION ABOUT YOU
If you don’t want us to collect information about you as you browse our website you’ll need to set your browser to notify you when you receive a cookie, then choose to decline it.
If you don’t want us to hold any personal details about you, it’s best just not to give them to us. If you want us to stop collecting information about you or processing that information then please let us know by contacting us.
11.A. WHAT TO DO IF YOU OBJECT TO OUR PROCESSING
We will need to keep a copy of your name, postcode and email address so that we can identify you on our suppression list to ensure we do not contact you any further or process your data in the way that you have objected to.
12. YOUR RIGHTS
Under data protection laws you have various rights over your personal data. If you would like to exercise any of these rights then please contact us.
You have the right to:
ACCESS YOUR PERSONAL DATA
You have the right to request access to your personal data, commonly known as a ‘subject access request’. This enables you to receive a copy of the personal data we hold about you.
See: HOW TO FIND OUT WHAT INFORMATION WE HAVE ABOUT YOU.
REQUEST CORRECTION OF YOUR PERSONAL DATA
You can request that we correct the personal data we hold about you. This enables you to have an incomplete or inaccurate data we hold about you corrected, although note that we may need to verify the accuracy of the new data you provide to us.
REQUEST DELETION OF YOUR PERSONAL DATA
You have the right to ask us to erase your personal data in certain circumstances. Please note however that there may be circumstances where you ask us to erase your personal data but we are legally required or entitled to retain it.
OBJECT TO PROCESSING OF YOUR PERSONAL DATA OR REQUEST RESTRICTION
Where we are processing your data under the legitimate interest condition, then you may object to this processing, or request that the processing is restricted, if there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. Note that there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but we are legally required or entitled to continue to processing your personal data and/or to refuse your request.
In some cases, we may demonstrate that we have a compelling legitimate ground to process your information which override your rights and freedoms.
Where we have asked you for consent to process your data, you may withdraw this consent at any time by contacting us - see: HOW TO CHANGE THE WAY WE CONTACT YOUand MARKETING PREFERENCES. Please note however that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) for doing so.
13. CHANGES TO THIS POLICY
This policy was last updated in May 2018. It was re-worded to give you further information about how we collect, use and store your personal data, and to reflect the changes in law as set out in the General Data Protection Regulation (GDPR) and to give you more clarity on how we use your data, and your rights in relation to it.
We may amend or update this policy at any time to take account of any changes to data protection law or other legislation. When further updates to the policy are made they will be posted on this page, so please check back here regularly. Any significant changes will be notified to you.
14. CONTACT US
If you have any questions please contact us using the details below:
Data Protection Officer
This policy sets out the basis on which we will process any personal data we collect from you through this website. We keep your personal information safe and it is protected by appropriate technical and organisational measures. We only use your data for the purpose of this campaign and will not sell your data to any third party. We will pass your name and email address on to the Members of the European Parliament.
WHAT DATA IS COLLECTED AND WHY?
On this website, we are asking you to join our campaign by participating in the email action and sending a meme to Members of the European Parliament. In order to participate in this action, you need to provide certain personal data (name, first name, email address, country, language), and we’re also tracking the time of participation and whether you want to receive our emails. Only this data will be collected and further processed based on your consent.
HOW IS YOUR DATA USED?
Your data will be collected in the PostgreSQL database (physical server leased from Hetzner, Germany) managed by Fix The Status Quo (Estonia) and then transferred to the Members of the European Parliament. It will not be shared further or made public, the participating organisations will only process your data in view of the email action and may update you on the result of the campaign.
We use Fix the Status Quo’s platform Proca for some of our digital campaigns, providing us with campaign widgets which we embed on various webpages. These collect personal data provided by a supporter through the widget for the purposes of:
undertaking the digital action (such as sending an email on a supporter’s behalf or adding the supporter’s name to a petition),
monitoring the success and spread of our campaign,
collecting supporter data for our supporter database.
If you agree to receive emails about our work we will also process your data for this purpose. You will receive an email with a link to confirm your registration. After confirmation, your data will be accessible by WWF to be added to our mailing list and you will receive regular updates about our work.
GDPR outlines eight distinct rights that all Europeans are entitled to, which are:
- The Right to Information
- The Right of Access
- The Right to Rectification
- The Right to Erasure
- The Right to Restriction of Processing
- The Right to Data Portability
- The Right to Object
- The Right to Avoid Automated Decision-Making
You are entitled to access your personal data and rectify, block or delete it if data are inaccurate or incomplete and to receive information on why and how your data is being processed. You may exercise your rights by contacting the Data Protection Officer using the contact information given below. If complaints cannot be resolved this way, we recommend to email email@example.com.
to help us understand website traffic and web page usage and performance. We may collect anonymised IP addresses to better understand where our traffic is coming from. This helps us to get an insight in traffic patterns and know if there are problems with our website.
About web cookies
Web cookies are small snippets of text saved on your computer or mobile device that distinguish you from other users of a website. Like most websites, www.wwf.eu
Website cookie acceptance
- To improve your experience of our website - for example, so you only get asked to take a survey once, or to hide a form if you’ve already seen it.
- Collect anonymous statistics - it’s really useful for us to be able to see which pages are the most popular and how people are using them.
Turning cookies off
How to change your cookie settings in:
iPhone and iPad
You can find out more about cookies at www.allaboutcookies.org
These are the only cookies we use:
: Google Analytics
Purpose of the cookie
: Cookie warning
: WWF European Policy Programme
Purpose of the cookie
: When a user clicks the 'agree' button on our cookie banner we use a cookie to record this fact so that the banner doesn't show next time.
If you have any questions please contact us using the details below:
Data Protection Officer