Mercy Corps is powered by the belief that a better world is possible. It works with people to put bold solutions into action – helping them triumph over adversity and build stronger communities from within. We are also committed to respecting and protecting the privacy rights of our donors, supporters, and visitors to our website, and to being transparent about what we do with your data. The following information details how Mercy Corps Europe collects, protects, manages and uses the data we receive.
- How do we obtain your personal information?
- What information do we collect?
- How do we use your information?
- Direct Marketing and Consent.
- How long do we keep your information?
- Who do we share your information with?
- Accessing and updating your personal information.
How do we obtain your personal information?
Mercy Corps Europe collects information in the following ways:
When you give it to us directly
You may give us your information when you make a donation, are acting as a representative of a company who is supporting or working with Mercy Corps Europe, respond to a communication from us, sign up for an event, or join our mailing or email list. Some of the ways we receive this information includes: on a secure form on our website, when you contact us by phone, post or email, speaking to you in person, when you provide information to us via one of our social media channels such as Facebook or Twitter.
When you give permission for a third party to share it with us
Your information may be shared with us by third parties if you have given them permission to do so. This includes online fundraising websites, online campaigning websites, and other places where you have opted in to receive further contact from Mercy Corps Europe. We will only contact you further if you have given your consent for this to happen.
What information do we collect?
Personal information is any information that can be used to identify you. For example, this can include your name, address, telephone number, personal or work email address, date of birth, bank details, and credit or debit card details. We only collect personal information that is relevant to the type of interaction you have with Mercy Corps Europe. For example, we will collect your credit or debit card details in order to process a donation or purchase but will not keep or store these after the transaction has been completed.
Debit and credit card transactions are processed through a third party supplier; ActionKit (powered by EveryAction Ltd.). A description of how they meet data protection standards and protect your data can be found here.
Direct Debit donations (recurring gifts) are processed through a third party supplier; Rapidata. Their terms and conditions can be found here.
How do we use your information?
How we use your information largely depends on the reason you have provided it to us. We may use your information in the following ways:
- To keep a record of your relationship with Mercy Corps Europe and for internal purposes, such as administration and accounting.
- To look into complaints or legal issues.
- To claim Gift Aid on your donations.
- To give you information you have asked for, update you on our work and provide you with opportunities to support and get involved with Mercy Corps Europe (see section on Direct Marketing below).
- To understand your needs and wishes in order to give you the best possible personalised service.
- To carry out analysis and research which helps us understand how we are doing and improve our communications with you.
Direct marketing and consent
If you have given us consent to do so, we may use your information to send you communications about our work and ways that you can get involved and provide your support. This includes information about; our fundraising appeals, volunteering opportunities, updates on our work, taking part in events and other ways to support Mercy Corps Europe.
This is different from times when we are required to contact you, for example; to enable us to administer and/or confirm receipt of your donation, to reply to your questions, or to provide you with administrative updates. This section relates to fundraising and marketing communications and does not cover administrative communications such as these.
Any time you provide your details to us, we will always include clear questions asking you about your preferences regarding our communications with you. You can also let us know if you wish to withdraw your consent or if you want to change your preferences at any time by contacting email@example.com or by calling 0131 662 5160. You can also contact us in writing at the address below. Further information about communicating with you in different ways is outlined below.
Data for some of our direct marketing appeals will be shared with carefully vetted suppliers for the purposes of fulfilling the appeal. These "data processors" will only act under our instruction and are subject to pre-contract scrutiny and contractual obligations containing strict data protection clauses. We do not allow these suppliers to use your data for their own purposes or disclose it to other third parties without our consent and we will take all reasonable care to ensure that they keep your data secure.
Contact by email and telephone
We will only contact you by email or telephone for fundraising and marketing purposes if you have given us express permission to do so. This means you have provided your email address or telephone number to us and said that we can contact you by these means. We will hold a record of your consent which can be withdrawn or changed at any time you wish to do so.
We will never conceal our identity when contacting you by email or telephone and we will always respect your preferences regarding contact of this kind.
How long do we keep your information?
We will hold your personal information on our systems for as long as is necessary for the relevant activity. For example, we will keep a record of donations subject to Gift Aid for six years after the accounting period relating to that donation to comply with HMRC rules.
We will generally treat any consent that you give us as lasting no more than 36 months (3 years) from the date you give your consent, or from the date of your last donation or interaction you have with us.
If at any time you withdraw your consent or change your preferences, your wishes will be acted on immediately and will take effect within the timescales laid out below.
Who do we share your information with?
Mercy Corps Europe will only use your information within our organisation for the purposes for which it was provided and for our own planning and analysis. We will not, under any circumstances, sell your personal data to any third party, and will only share data with our suppliers for the purposes described below. You will not receive marketing from any other companies, charities or organisations as a result of giving your details to us.
We have shared your information with carefully selected service providers and suppliers who help us to deliver our projects, fundraising activities and appeals. For example, we will share name and address details with mailing houses to allow them to print and post our letters to you, our supporters. Such “data processors” will only act under our instruction and are subject to contractual obligations regarding their data protection standards and policies. Some of these key systems and suppliers are named above.
No data we hold about you is retained by any third party after it has been used for the purposes advised by Mercy Corps Europe and all personal data belonging to us is erased by a third party following the termination of a supplier contract.
Accessing and updating your personal information
If you let us know about any changes to your personal circumstances, we will always comply with your wishes. Our service levels for different types of communication are:
- Email – 48 hours from the receipt of your request
- Telephone – 48 hours from the receipt of your request
- Mail – 28 days from the receipt of your request. Due to the production timescales for our postal communications, it can often take longer for this type of change to take effect. In most cases we would expect the change to be effective much more quickly and will do our best to stop any further communications within this period, where we can.
Sometimes we may have to contact you about something that is not related to fundraising or marketing. For example, if you have a direct debit with us, we are required to let you know about any changes to your direct debit. Opting out of postal communications will not stop this type of communication unless you cancel your direct debit. If you have any concerns about this type of contact, please get in touch with us.
Cookies, web beacons and similar technologies
A cookie is a piece of information in the form of a very small text file that is placed in an internet user's local storage, e.g., a user’s hard drive. It is generated by a webpage server, which is the computer that operates a website. The information the cookie contains is set by the server and it can be used by that server whenever the user visits the site.
When you enter our website, you are prompted to accept or decline cookies, but are not prevented from navigating the site without doing either. If you accept, a suite of cookies is placed on your machine. If you decline, only cookies necessary to operation of our website are set.
You are in control of your personal data and you have the right to request access to the information we hold about you. Should you wish to, you can use this Template SAR Request Letter to do so. In addition, if you have any questions about this policy statement or about how we use your data, you can do this by contacting us:
By post: Mercy Corps Europe
96/3 Commercial Quay
Edinburgh EH6 6LX
By email: firstname.lastname@example.org
By telephone: (+44) 0131 662 5160
Information Commissioner’s Office
If we have been unable to deal appropriately with your question or complaint you have a right to refer the matter to the Information Commissioner’s Office (ICO). Their contact details are:
By post: Information Commissioner's Office
Telephone: 0303 123 1113 or 01625 545745
More information about the ICO and about how to make a complaint, or ask a general question about data protection, is available on their website.