Nimis Friends is committed to protecting your privacy and security. This policy explains how and why we use your personal data, to ensure you remain informed and in control of your information.
The General Data Protection Regulation and the Swedish Data Protection Act 2018 have changed the rules which govern how we can communicate with you. As a result, we rely on you giving us your consent about how we can contact you. We want to give you the opportunity to choose whether you want to receive communications from us and select how you want to receive them (email, SMS or post).
We may use other lawful grounds for processing your personal data, depending on the relationship we have with you (please see Section 4 on How We Use Your Information).
You can decide not to receive communications or change how we contact you at any time. If you wish to do so please contact Nimis Friends by emailing firstname.lastname@example.org or by writing to Nimis Friends Membership, c /o Advokat Nils Hyllienmark, St. Grabrodersgatan 10, SE22222 Lund, Sweden.
We will never sell your personal data.
Questions? Any questions you have in relation to this policy or how we use your personal data should be sent to email@example.com or addressed to Dataansvarig, Nimis Friends, c /o Advokat Nils Hyllienmark, St. Grabrodersgatan 10, SE22222 Lund, Sweden.
2. ABOUT US
Your personal data (i.e. any information which identifies you, or which can be identified as relating to you personally) will be collected and used by the Nimis Friends, reg. no. 802538-4069 in Sweden.
Nimis Friends is a non-profit organization based at Advokat Nils Hyllienmark, St Grabrodersgatan 10, SE22222 Lund, Sweden. For the purposes of data protection regulation, Advokat Nils Hyllienmark is the registered controller.
3. WHAT INFORMATION WE COLLECT
Personal data you provide
We collect data you provide to us. This includes information you give when joining or registering or communicating with us. For example:
- personal details (name, date of birth, email, address, telephone etc.) when you join as a member or supporter or apply to volunteer with us;
- financial information (payment information such as credit/debit card or direct debit details. Please see section 9 for more information on payment security); and
- details of your interests and preferences (such as campaigns, the ways you support us).
Information created by your involvement with Nimis Friends
Your activities and involvement with Nimis Friends will result in personal data being created. This could include details of how you’ve helped us by volunteering or being involved with our activities, as well as when you engage in our social media or digital advertising.
If you decide to donate to us then we will keep records of when and how much you give to a particular cause.
Information we generate
We conduct research and analysis on the information we hold, which can in turn generate personal data. For example, by analyzing your interests and involvement with our work we may be able to build a profile which helps us decide which of our communications are likely to interest you. Section 7 (Research and profiling) contains more information about how we use information for profiling and targeted advertising.
Information from third parties
We sometimes receive personal data about individuals from third parties (more information can be found under Section 7 – Research and Profiling below). For example, if we are partnering with another organisation (e.g. you provide your information to another charity we’re collaborating with on a conservation project). Also, as explained in Section 12 (Cookies and links to other sites), we may use third parties to help us conduct research and analysis on personal data (and this can result in new personal data being created).
Occasionally, we may collect information about certain supporters (e.g. particularly well known or influential people) from public sources. This could include public databases news or other media. We don’t do this to everyone, and it is the exception not the rule.
Sensitive personal data
We do not normally collect or store sensitive personal data (such as information relating to health, beliefs or political affiliation) about supporters and members. However, there are some situations where this will occur (e.g. if you volunteer with us, if you have an accident on one of our reserves or indicate that you wish to leave us a legacy). If this does occur, we’ll take extra care to ensure your privacy rights are protected.
Accidents or incidents
If an accident or incident occurs on our property, at one of our events or involving one of our staff (including volunteers) then we’ll keep a record of this (which may include personal data and sensitive personal data).
If you are a volunteer (working practically for Nimis Friends, or if you are helping us for other reasons – for example you work for another organization which is running an event with us) then we may collect extra information about you (e.g. references, criminal records checks, details of emergency contacts, medical conditions etc.). This information will be retained for legal reasons, to protect us (including in the event of an insurance or legal claim) and for safeguarding purposes. You may also receive communications from us providing you with information about your duties as a volunteer, including your local group duties.
4. HOW WE USE INFORMATION
We only ever use your personal data with your consent, or where it is to:
- enter into, or perform, a contract with you;
- comply with a legal duty;
- protect your vital interests;
- for our own (or a third party’s) lawful interests, provided your rights don’t override these.
In any event, we’ll only use your information for the purpose or purposes it was collected for (or else for closely related purposes):
We use personal data to communicate with people, to promote Nimis Friends and to help with fundraising. This includes keeping you up to date with our news, updates, campaigns and fundraising information. For further information on this please see Section 6 (Marketing).
We use personal data for administrative purposes. This includes:
- receiving donations (e.g. direct debits or gift-aid instructions) or administering legacy gifts;
- maintaining databases of our volunteers, members and supporters (including those who have indicated they wish to leave us a legacy);
- performing our obligations under membership contracts or in accordance with the law;
- fulfilling orders for goods or services (whether placed online, over the phone or in person);
- helping us respect your choices and preferences (e.g. if you ask not to receive marketing material, we’ll keep a record of this).
Internal research and analysis
We carry out research and analysis on our supporters, donors and volunteers, to determine the success of campaigns and appeals, better understand behavior and responses and identify patterns and trends. This helps inform our approach towards campaigning and make Nimis Friends a stronger and more effective organization. Understanding our supporters, their interests and what they care about also helps us provide a better experience (e.g. through more relevant communications).
Supporter research and profiling
We evaluate, categorize and profile personal data to tailor materials, services and communications (including targeted advertising) and prevent unwanted material from filling up your inbox. This also helps us understand our supporters, improve our organization and carry out research. Further information on profiling can be found in Section 7 (Research and profiling).
We may process personal data for certain legitimate business purposes, which include some or all of the following:
- where the processing enables us to enhance, modify, personalize or otherwise improve our activities / communications in furtherance of our charitable objectives, for example to improve the experience of young people of learning about saving nature through their engagement with our website and usage of social media;
- to engage with third parties, whether to advance the Nimis Friends’ charitable objectives or otherwise to support our work [for example, in dealing with individual representatives at a governmental and international level to campaign to save Nimis and Arx, or in applying for grant funding (by ourselves and/or together with others), or with those who represent our corporate partners and business contacts];
- to ensure our compliance with best practice, for example with fundraising standards, by monitoring calls made by third parties on our behalf;
- to identify and prevent fraud; and
- to enhance the security of our network and information systems.
Whenever we process data for these purposes, we will ensure that we always keep your personal data rights in high regard and take account of these rights at all times.
When we process your personal data for our legitimate interests, we will make sure that we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You have the right to object to this processing if you wish, and if you wish to do so, then please contact firstname.lastname@example.org . Please bear in mind that if you object this may affect our ability to carry out tasks above for your benefit.
5. DISCLOSING AND SHARING DATA
We will never sell your personal data. If you have opted-in to marketing, we may contact you with information about our partners, or third party products and services, but these communications will always come from Nimis Friends and are usually incorporated into our own marketing materials (e.g. advertisements in magazines or newsletters).
We may share personal data with subcontractors or suppliers who provide us with services. However, these activities will be carried out under a contract which imposes strict requirements on our supplier to keep your information confidential and secure.
Occasionally, where we partner with other organizations, we may also share information with them (for example, if you register to attend an event being jointly organized by us and another non-profit organization). We’ll only share information when necessary and we’ll make sure to notify you first. We may provide your personal information (such as name, email address or phone number) to digital advertising or social media companies who work on our behalf (such as Facebook and Instagram). This is so you and others like you are shown only relevant advertisements relating to the Nimis Friends. We will also ensure you are not presented with unnecessary marketing communications from us. If you choose not to see Nimis Friends advertisements, you can manage your preferences by using your social/digital advertising platform settings. You can also contact us with any queries at the details provided in Section 1.
Nimis Friends asks its supporters to “opt-in” for most communications. This includes all our marketing communications (the term “marketing” is broadly defined and, for instance, covers information about conservation and Nimis Friends).
This means you have the choice as to whether you want to receive these messages and are able to select how you want to receive them (email, text).
You can decide not to receive communications or change how we contact you at any time. If you wish to do so please contact Supporter Services by emailing email@example.com or by writing to Nimis Friends Membership, c /o Advokat Nils Hyllienmark, St. Grabrodersgatan 10, SE22222 Lund, Sweden.
What does ‘marketing’ mean?
Marketing does not just mean offering things for sale, but also includes news and information about:
- our organization, campaigns and work to maintain and restore Nimis and Arx;
- our role in educating the public in conservation of the natural environment;
- Nimis Friends benefits and offers;
- volunteering opportunities and how you can help maintain and restore Nimis and Arx;
- appeals and fundraising (including donations and also competitions.);
- our events and activities;
- products, services and offers (our own, and those of third parties which may interest you);
- leaving a legacy; and
- taking part in projects.
When you receive a communication, we may collect information about how you respond to or interact with that communication, and this may affect how we communicate with you in future.
Newsletters are provided as a benefit to our members on an irregular basis. We send these out to all our members (unless you specifically ask us not to) and you can choose to unsubscribe from general marketing communications without giving up your subscription to our newsletters. However, please be aware that newsletters may include advertisements and fundraising information.
If you are a volunteer, we will still be communicating with you about your duties, including your local group duties, even if you choose not to receive general marketing from us.
As a non-profit organization, we rely on donations and support from others to continue our work. From time to time, we will contact members and supporters with fundraising material and communications. This might be about an appeal, or to suggest ways you can raise funds.
As with other marketing communications, we’ll only contact you specifically about fundraising if you’ve opted into to receiving marketing from us (and you can, of course, unsubscribe at any time).
7. RESEARCH AND PROFILING
This section explains how and why we use personal data to undertake research and build profiles which enable us to understand our supporters, improve our relationship with them, and provide a better supporter experience.
Profiling to help us understand our supporters
Profiling is gathering information about individuals or groups of individuals and understanding their characteristics or behaviors to learn more about their interests or likely behavior.
We profile supporters in terms of financial, political and practical support. For example, we keep track of the amount, frequency and value of each person’s support. This information helps us to ensure communications are relevant and timely and improve the experience our supporters receive. It also helps us identify individuals or groups of individuals who might be willing to provide more support in our fight to save nature and we may contact them to see if they wish to do so.
We combine information about supporters with external information. The information is from a variety of sources including publicly available data. We do this to enhance and fill in any gaps so that we can understand our supporters better and send the most relevant communications and target our resources effectively. Examples of the external information we’ll use includes socio demographic data based on postcode to improve understanding of different types of people and communities. We also use lifestyle and affluence information which includes information about your financial status, what other charities you may support, your shopping habits and your interests. A lot of the external data we use is aggregated or anonymized which means that it cannot be used to identify an individual. Although publicly available registers are used to collect data, this is done in accordance with the GDPR requirements.
On occasion, we may also combine information about particular supporters with external information (such as directorships listed by the Companies Registration Office, professional profiles, search engine and public social media results;, third-party publications or news about an individual which has featured in the media) in order to create a more detailed profile about a particular individual. We don’t do this for everyone, and it is the exception not the rule. You can opt out of having your personal information profiled in this way by contacting us (see Section 1).
We sometimes collect information on preferences and interests so that we know what communications you are mostly likely to be interested in.
Analysis, grouping and segmentation
We analyze our supporters to identify shared characteristics and preferences. We do this by assessing various types of information including behavior (e.g. previous responses) or demographic information (e.g. age or location) or lifestyle information (e.g. your interests and your affluence)
By grouping people together on the basis of common characteristics, we can ensure that groups are provided with communications, products, and information which is most important to them. This helps prevent your inbox from filling up, and means we aren’t wasting resources on contacting people with information which isn’t relevant to them.
We may aggregate and anonymize personal data so that it can no longer be linked to any particular person. This information can be used for a variety of purposes, such as recruiting new supporters, or to identify trends or patterns within our existing supporter base. This information helps inform our actions and improve our campaigns, products/services and materials.
8. HOW WE PROTECT DATA
We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorized access to, or use or disclosure of your personal information.
Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection procedures which personnel are required to follow when handling personal data.
All electronic Nimis Friends forms that request financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers.
If you use a credit card to donate, purchase a membership or purchase something on-line we will pass your credit card details securely to our payment provide. Other payment methods are handled in a similar manner. Nimis Friends complies with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council, and will never store card details.
Of course, we cannot guarantee the security of your home computer or the internet, and any online communications (e.g. information provided by email or our website) are at the user’s own risk.
Where we store information
The Nimis Friends’ operations are based in Sweden and we store our data within the European Union. Some organizations which provide services to us may transfer personal data outside of the EU, but we’ll only allow them to do if your data is adequately protected.
For example, some of our systems use Microsoft products. As a US company, it may be that using their products result in personal data being transferred to or accessible from the US. However, we’ll allow this as we are certain personal data will still be adequately protected (as Microsoft is certified under the USA’s Privacy Shield scheme).
How long we store information
We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored for depends on the information in question and what it is being used for. For example, if you ask us not to send you marketing emails, we will stop storing your emails for marketing purposes (though we’ll keep a record of your preference not to be emailed).
We continually review what information we hold and delete what is no longer required. We never store payment card information.
10. KEEPING YOU IN CONTROL
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:
- the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as subject access request);
- the right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason);
- the right to have inaccurate data rectified.
- the right to object to your data being used for marketing or profiling; and
- where technically feasible, you have the right to personal data you have provided to us which we process automatically based on your consent or the performance of a contract. This information will be provided in a common electronic format.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.
If you would like further information on your rights or wish to exercise them, please write to firstname.lastname@example.org or addressed to Dataansvarig, Nimis Friends, c /o Advokat Nils Hyllienmark, St. Grabrodersgatan 10, SE22222 Lund, Sweden.
You can complain to the Nimis Friends directly by contacting our data protection officer using the details set out above. If you wish to make a complaint (including a complaint about fundraising activity) which does not directly relate to your data protection and privacy rights, you can do so in accordance with our charity’s complaint policy.
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the to the Swedish Authority for Privacy Protection which regulates and enforces data protection law in Sweden. Details of how to do this can be found at https://www.imy.se/en/individuals/forms-and-e-services/file-a-gdpr-complaint/
12. COOKIES AND LINKS TO OTHER SITES
Our website uses local storage (such as cookies) to provide you with the best possible experience and to allow you to make use of certain functionality
Links to other sites
Our website contains hyperlinks to other websites. We are not responsible for the content or functionality of any of those external websites (but please let us know if a link is not working by using the ‘Contact us’ link at the top of the page).
When purchasing goods or services from any of the businesses that our site links to, you will be entering into a contract with them (agreeing to their terms and conditions) and not with RSPB.