1.1 We recognise that visitors to our website may be concerned about the information they provide to us, and how we treat that information. The Near East Foundation UK (“NEF UK”, “we”, “us” and “our”) is committed to protecting the privacy of our online visitors, subscribers, and donors.
1.2 At our website, we do not collect personally identifiable information unless you provide it to us voluntarily and knowingly. This means we do not require you to register or provide information to us in order to view our site.
2.1 This privacy policy (the “Policy”) provides information as to how NEF UK collects and uses your personal data in the course of NEF UK’s business through your use of this website, our mobile applications, forums, blogs, and other online or offline offerings (together with any and all future online and offline offerings operated by or on behalf of NEF UK, (the “Services”), including any data you may provide when you register with us, sign up to our newsletter or make a donation.
2.2 All individuals whose responsibilities include the processing of personal data on behalf of NEF UK are expected to protect that data by adherence to this Policy.
2.3 This website is not intended for children. We do not knowingly collect data relating to children.
2.4 NEF UK is the controller and is responsible for your personal data. NEF UK is a private limited company with registered number 08249345 and registered address More London Place, Office 134-136, London, SE1 2RE, United Kingdom. 1
2.5 If you have any questions about this Policy or NEF UK’s terms and conditions, the practices of our website, or your interaction with our website, please contact us at the above address, via telephone at [●] or via email at [info@neareast.org]. 2
2.6 If you wish to make an official complaint against NEF UK in relation to our collection or use of your personal data, you may lodge a complaint with the Information Commissioner. For more details, please refer to the website of the Information Commissioner
(https://ico.org.uk/make-a-complaint/). We will do our utmost to resolve any issues with you directly, so please contact us before lodging a complaint with the Information Commissioner.
3.1 Personal data is any information relating to an identified or identifiable natural person from which that person can be identified.
3.2 NEF UK collects, uses, stores and transfers a variety of types of personal data, such as (without limitation):
(a) name, username, marital status, title, date of birth and gender;
(b) address, email address and telephone number;
(c) credit and debit card details;
(d) details of payments made by you and products and services purchased by you;
(e) technical data, such as browser type, IP address, domain names, access times and login data;
(f) data relating to your profile, which includes password, preferences, responses to surveys, occupation, demographic, interests and background;
(g) data about your interactions with our website and Services; and
(h) communication and marketing preferences.
3.3 We only use this personal data for the intended Services. With respect to the information that we collect about background, occupation, demographics and interests, this is housed in our donor database, securely hosted by Blackbaud Solutions. You can access their privacy policy and commitment to compliance with the General Data Protection Regulation here: https://docs.blackbaud.com/privacy/.
3.4 We may also collect and use aggregated data, which is not personal data, to analyse trends and help improve our website.
3.5 It is vital that the personal data we hold for you is up to date. Please let us know if any of your personal data changes.
3.6 We do not intentionally collect or process special category personal data (such as data revealing racial or ethnic origin, religious beliefs, or health information) unless necessary for specific charitable activities and with an appropriate lawful basis.
4.1 We employ a variety of methods to collect personal data.
4.2 We collect certain personal data from you when you complete online forms of correspond with us, in whatever form. This includes personal data when you create an account, make a donation, subscribe to our Services or publications, give us feedback or contact us.
4.3 Like many website owners and operators, we use automated data collection tools such as Cookies, Web Beacons, Log Data, and Social Media Widgets (collectively “Web Technologies”) to collect certain information. Our use of Web Technologies allows us to continually improve our website and provide the best possible browsing experience for you. See paragraph 11 below for our policy on our use of Web Technologies.
4.4 We also collect certain information that your mobile device sends when you use our Services, like a device identifier, MAC address, IMEI, user settings and the operating system of your device, as well as information about your use of our Services.
4.5 We may receive information about you from other sources, including payment processors, social media platforms, or analytics providers where you interact with our content or make donations through third-party platforms to supplement information provided by you. For example, if you access our Services through a third-party application, we may collect information about you from that third-party application that you have made public via your privacy settings. This supplemental information allows us to verify information that you have provided to NEF UK and to enhance its ability to provide you with information about our business, products, and Services.
5.1 We are required by law to set out the legal basis on which we collect and process your personal data as described in this Policy. We rely on one or more of the following legal bases, depending on the type of personal data and the purposes for which we use it.
(a) Legitimate interest: We rely on this ground where we believe it is in the legitimate interests of you or NEF UK to collect and process your personal data. When we process your personal data on the basis of a legitimate interest, we consider and balance any potential impact on you and your rights (both positive and negative). We will not use your personal data for activities where our interests are overridden by the
impact on you (unless required or permitted to by law). See below for some examples of collecting and using personal data for legitimate interests:
(i) preventing fraud;
(ii) sending direct marketing material to donors by post for fundraising purposes;
(iii) sending relevant communications to subscribers via email; and
(iv) conducting research to enable us to give you the best user experience.
(b) Consent: Often, we will obtain your consent to our use of your personal data in a certain fashion (for example, asking for your consent to send you direct marketing information to your email or mailing address).
(c) Performance of a contract: We will need to process your personal data where we perform a contract with you. For example, if you purchase something from our website, we will need to use your personal data to fullfil our obligations under our contract with you.
(d) Legal obligation: There are circumstances in which we may need to process and disclose your personal data to comply with a legal obligation to which we are subject. For example, if a regulatory authority requests donor transaction details for tax purposes, we would be obliged to share such information.
5.2 We have compiled the below table, which sets out the ways in which we intend to use and
process your personal data, the types of data we may use and process in each case, and which
of the above legal bases we are relying on.3
| Purpose | Categories of personal data | Legal basis |
| Registration as new subscriber or donor | Identity, contact information and card details | Performance of a contract |
| Process donations and manage payments / fees | Identity, contact information, payment details, card details and marketing preferences | Performance of a contract Legitimate interest (so we can receive the donated amounts) |
| Dispatch newsletters (via email and post) | Identity, contact information, profile data and marketing preferences | Consent |
| Respond to requests and complaints / notification of updates to terms and / or policy | Identity, contact information, profile data and marketing preferences | Performance of a contract Legitimate interest (to ensure our records are up to date, keep you informed and manage our relationship with you) Legal obligation |
| Administration and protection of NEF UK and this website | Identity, contact information and technical data | Legitimate interest (e.g. for fraud prevention) Legal obligation |
| Deliver relevant website content and measure effectiveness of advertising | Identity, contact information, payment details, technical data, profile data, website interactions and marketing preferences | Legitimate interest (to help grow our business and improve the Services for your benefit) |
| Use data analytics to improve website, products and Services | Technical data and website interactions | Legitimate interest (to conduct website analysis and user research to improve the functionality and effectiveness of our website) |
| Dispatch relevant marketing communications and make personalised suggestions | Identity, contact information, technical data, marketing preferences and website interactions | Consent Legitimate interest (to keep you abreast of the latest developments at NEF UK) |
| Respond to requests from regulatory authorities | Identity and contact information | Legal obligation |
| Conduct research through surveys | Identity, contact information, marketing preferences and website interactions | Legitimate interest (to improve the Services for your benefit and effectiveness of our approach) |
5.3 We offer you choices regarding the collection, use and sharing of your personal data and we will respect the choices you make. Please note that if you decide not to provide us with the personal data that we request, you may not be able to access all of the features of the Services.
(a) Opt-out of our mailings. We may periodically send you newsletters and emails that directly share news about and promote our Services. When you receive such promotional communications from us, you will have the opportunity to “opt out” by following the unsubscribe instructions provided in the email you receive or reaching out to NEF UK at [info@neareast.org]. We do need to send you certain communications regarding the Services and you will not be able to opt out of those communications. These include communications regarding updates to our terms or this Policy or information about billing.
(b) Modifying your information. If you would like to update your information to opt out of receiving correspondence from NEF UK at any point in time, please let us know by sending your request via email to [info@neareast.org], via phone at [●], or via post to Near East Foundation UK, Office 134-136, More London Place, Office 134- 136, London, SE1 2RE, United Kingdom.
(c) Cookies and interest-based advertising. You may stop or restrict the placement of cookies on your computer or remove them from your browser by adjusting your web browser preferences. Please note that cookie-based opt-outs are not effective on mobile applications. However, on many mobile devices, application users may opt out of certain mobile ads via their device settings.
(d) The online advertising industry also provides websites from which you may opt out of receiving targeted ads from our data partners and our other advertising partners that participate in self-regulatory programs. You can access these, and also learn more about targeted advertising and consumer choice and privacy, at www.networkadvertising.org/managing/opt_out.asp, www.youronlinechoices.eu/,
www.aboutads.info/choices/.
(e) To be clear, whether you are using our opt-out or an online industry opt-out, these cookie-based opt-outs must be performed on each device and browser that you wish to have opted out. For example, if you have opted out on your computer browser, that opt-out will not be effective on your mobile device. You must separately opt out on each device. Advertisements on third-party websites that contain the ‘AdChoices’ link and that link to this Policy may have been directed to you based on anonymous, non-personal data collected by advertising partners over time and across websites. These advertisements provide a mechanism to opt out of the advertising partners’ use of this information for interest-based advertising purposes.
6.1 We will not share any personal data that we have collected from or regarding you, except as described below:
(a) Data shared with our services providers: We may engage third-party services providers as data processors to work with us to administer and provide our Services. These third-party services providers have access to your personal data only for the purpose of performing services on our behalf and, in the case of payment processors, human resources software providers, email subscription services, messaging services, feedback and survey services, data analysis services, and publishing software providers, are expressly obligated not to disclose or use your personal data for any other purpose. We may share your personal data and any necessary payment information, such as credit card number, expiration date and billing address, with our payment processing services providers in order to complete transactions that are initiated through the Services.
(b) Data shared with other third parties: We may share anonymised or aggregated data we collect from the use of the Services, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access the Services, market trends and other analysis that we create based on the information we receive from you and other users.
(c) Data shared with web analytics service providers: We use web and email analytics service providers to gather information about how our users interact with our Services. This information is available to NEF UK and third-party application service providers involved in the operation of this website. We require all third-party application service-providers to hold personal information in strict confidence. While we believe these companies are upstanding and will treat your personal information responsibly, we do not own or control them.
6.2 Third parties include:
(a) Google: We use Google Analytics, a service provided by Google, Inc. (“Google”), to gather information about how users engage with our website and Services. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can opt out of Google’s collection
and processing of data generated by your use of the Services by going to http://tools.google.com/dlpage/gaoptout. You can also choose not to be included in Google Analytics [here] 5 .
(b) Facebook: We may use certain tools offered by Facebook, Inc. (“Facebook”) that enable it to collect or receive information about actions users take on: (a) our website and elsewhere on the internet through use of cookies, web beacons and other storage technologies; or (b) our app and other mobile applications, in order to provide measurement services, targeted ads and other services. For more information regarding the collection and use of such information by Facebook, please see the Facebook Data Policy, available at: https://www.facebook.com/policy.php.
(c) Basecamp: We use Basecamp to manage the NEF UK’s website to ensure a positive user experience. Basecamp’s privacy policy can be accessed at: https://basecamp.com/about/policies/privacy/privacy-shield.
(d) Blackbaud Solutions: We use Blackbaud Solutions as our processor for data received through the website in the form of voluntary information provided when making a donation or signing up to NEF UK’s mailing list. For more information about Blackbaud Solutions and their privacy policy, visit:
https://www.blackbaud.com/privacy-policy.aspx.
6.3 We collect personal data to deliver the Services you request and to understand our audience so that we can better meet their needs. We do not share, sell, trade, or rent any personal data. We may compile aggregate statistics and provide them to third parties, but we do not include information that identifies individual website users.
(a) NEF UK may use personal data and other information about you to create anonymised and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access our Services, or other analyses we create. Anonymised and aggregated information is used for a variety of functions, including the measurement of visitors’ interest in and use of various portions or features of the Services. Anonymised or aggregated information is not personal data, and we may use such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes. We may share this information within the Near East Foundation group and with third parties for our or their purposes in an anonymised or aggregated form that is designed to prevent anyone from identifying you.
(b) We may collect information about computer hardware and software such as IP addresses, browser types, domain names, access times, and the referring websites that visitors use to access web pages. We use this information to maintain the quality of the Services and to collect general statistics.
(c) We may save personal information to comply with our legal obligations, but we do not disclose this information to third parties or regulatory bodies unless legally required to do so or exigent circumstances require us to protect the safety of our users or the public.
6.4 Our Services may contain links to websites and services that are owned or operated by third parties. Any information that you provide on or to a third-party service or that is collected by a third-party service is provided directly to the owner or operator of the third-party service and is subject to the owner’s or operator’s privacy policy. We are not responsible for the content, privacy or security practices and policies of any third-party service. To protect your information, we recommend that you carefully review the privacy policies of all third-party services that you access.
7.1 We may share your personal data within the Near East Foundation group. This would entail transferring your personal data to Belgium or the United States of America from the United Kingdom.
7.2 The United Kingdom has confirmed that Belgium provides high standards of protection for personal data and as such meets the United Kingdom’s data adequacy standards. Transfers to the United States of America are made in accordance with appropriate safeguards under United Kingdom data protection law, such as the UK-US Data Bridge, the United Kingdom Data Transfer Agreement or approved standard contractual clauses. We will not otherwise share your personal data within the Near East Foundation group to a country that has not been granted data ‘adequacy’ by the United Kingdom.
7.3 We may transfer your personal data to service providers that assist NEF UK’s provision of the
Services. We will ensure that any such service provider is located in a country that has been granted data ‘adequacy’ by the United Kingdom to ensure your personal data is afforded the same level of data protection as in the United Kingdom.
8.1 We have taken suitable steps to protect your personal data from being accidentally lost, misused, accessed without permission, changed, or shared improperly. Access to your personal data is limited to employees, agents, contractors, and other third parties who need it for legitimate business reasons. They may only use your personal data according to our instructions and must keep it confidential.
8.2 We use appropriate technical and organisational measures such as encryption, access controls,
and secure hosting environments to protect your personal data. Further, under the terms of their employment contracts, all employees of NEF UK are subject to confidentiality obligations7.
9.1 We will keep your personal data only for as long as is reasonably necessary to meet the purposes for which we collected it. This includes meeting any legal, regulatory, tax, accounting, or reporting requirements. We may keep your personal data for a longer time if there is a complaint or if we reasonably believe that legal action may arise from our relationship with you.
9.2 When deciding how long to keep personal data, we consider the amount, type, and sensitivity of the data, the risk of harm if it is used or disclosed without permission, the reasons for processing it, whether those reasons can be met in another way, and any legal, regulatory, tax, accounting, or other requirements that apply. Note that we retain records of donations for six years from the end of the accounting period to which they relate and we will generally retain contact details for marketing purposes for [24] months unless consent is withdrawn before the end of such period.
9.3 We are constantly reviewing the personal data that we hold and endeavour to securely delete personal data when it is no longer operationally necessary for us to retain the same.
9.4 Note that, in certain circumstances, you may ask us to delete your personal data. See paragraph 10 below for further information regarding your right to request that we delete your personal data.
10.1 You, as a data subject, have a number of rights relating to your personal data and NEF UK’s
use thereof:
(a) Access your personal data. You may ask for a copy of the personal data we hold about you and confirm that we are using it for lawful purposes and in accordance with this Policy.
(b) Modify your personal data. You may ask us to update or correct any information that is incomplete or inaccurate. We may need to confirm the accuracy of the new information you provide (see paragraph 5.3 above regarding modifying your personal data).
(c) Ask us to delete your personal data in certain situations. You may request that we remove your personal data when there is no valid reason for us to continue using it. This includes situations where you have objected to our use of your data, where it has been used improperly, or where we are required to delete it to comply with the law. In some cases, we may not be able to comply with your request due to specific legal obligations. If this applies, we will inform you at the time of your request.
(d) Object to how we use your personal data. You may object when we rely on a legitimate interest (or those of a third party) as the basis for using your personal data, including for profiling. In some cases, we may continue to use your personal data if we have strong and valid reasons to do so.
(e) Stop receiving marketing communications. You may object at any time to the use of your personal data for direct marketing purposes (see paragraph 5.3 above regarding opting-out).
(f) Request transfer of your personal data. You may ask us to provide your personal data to you, or to another organisation you choose, in a structured and commonly used electronic format. This right applies only to automated information where you have given consent or where the data is used to fulfil a contract with you.
(g) Withdraw your consent. If we rely on your consent to use your personal data, you may withdraw it at any time. This will not affect any use of your data before your consent was withdrawn. If you withdraw consent, we may no longer be able to provide certain products or Services. We will inform you if this is the case.
(h) Restrict how we use your personal data. You may ask us to pause our use of your personal data in certain situations, such as while we confirm its accuracy, where our use of your personal data is improper but you do not want the data deleted, if you need us to keep your personal data for a legal claim even when we no longer require it, or if you have objected to our use and we are considering whether we have grounds to override your objection.
(i) Rights related to automated decision-making. Where NEF UK takes automated decisions in relation to your personal information, you have the right to ask us for human intervention or to challenge any such decision9.
10.2 Please contact NEF UK by email at [info@neareast.org] or by phone on [●] should you wish to invoke your rights under any of the above.
10.3 Any request from you to access your personal data will not usually incur a charge. However, if the request is excessive or unfounded, we may charge a reasonable fee to reflect the costs involved of complying with your request.
10.4 We may ask you to provide certain information to confirm your identity before we process your request or give you access to your personal data. This is a security step to make sure that personal data is not shared with anyone who is not entitled to receive it. We may also contact you for additional details about your request to help us respond more quickly.
10.5 We aim to respond to all valid requests within [one month]10. If your request is complex or if you have made several requests, it may take longer. If this happens, we will inform you and keep you updated on our progress.
11.1 Glossary of key terms:
(a) “Cookies” are small text files that are placed on your device by a web server when you access our Services. We may use both session Cookies and persistent Cookies to identify that you have logged in to the Services and to tell us how and when you interact with our Services. We may also use Cookies to monitor aggregate usage and web traffic routing on our Services and to customise and improve our Services. Unlike persistent Cookies, session Cookies are deleted when you log off from the Services and close your browser. Although most browsers automatically accept Cookies, you can change your browser options to stop automatically accepting Cookies or to prompt you before accepting Cookies. Please note, however, that if you don’t accept Cookies, you may not be able to access all portions or features of the Services. Some third-party services providers that we engage (including third-party advertisers) may also place their own Cookies on your device. Note that this Policy covers only our use of Cookies and does not include use of Cookies by such third parties.
(b) “Web Beacons” (also known as web bugs, pixel tags or clear GIFs) are tiny graphics with a unique identifier that may be included on our Services for several purposes, including to deliver or communicate with Cookies, to track and measure the performance of our Services, to monitor how many visitors view our Services, and to monitor the effectiveness of our advertising. Unlike Cookies, which are stored on the device, Web Beacons are typically embedded invisibly on web pages (or in an e-mail).
(c) “Log Data” means certain information about how a person uses our Services, including both account holders and non-account holders (either, a “User”). Log Data may include information such as a User’s Internet Protocol (IP) address, browser type, operating system, MAC address, IMEI, other device identifiers the web page that a User was visiting before accessing our Services, the pages or features of our Services to which a User browsed and the time spent on those pages or features, search terms, the links on our Services that a User clicked on and other statistics. We use Log Data to administer the Services and we analyse (and may engage third parties to analyse) Log Data to improve, customize and enhance our Services by expanding their features and functionality and tailoring them to our Users’ needs and preferences. We may use a person’s IP address to generate aggregate, non-identifying
information about how our Services are used.
(d) “Social Media Widgets” are social media features such as Facebook Share and Twitter Follow. These features may collect your IP address, which page you are visiting on our website, and may set a Cookie to enable the feature to function properly. These social media features are either hosted by a third party or hosted directly on our Services. Your interactions with these features are governed by the privacy policy of the company providing it.
11.2 We use Web Technologies generally for the following purposes:
(a) Operationally necessary. We may use Cookies, Web Beacons, Log Data or other similar technologies that are necessary to the operation of our website, Services, applications, and tools. This includes technologies that allow you access to our website, Services, applications, and tools that are required to identify irregular site behaviour, prevent fraudulent activity and improve security; or that allow you to make use of our functions such as shopping-carts, saved search, or similar functions.
(b) Performance related. We may use Web Technologies to assess the performance of our website, applications, Services, and tools, including as part of our analytic practices to help us understand how our visitors use our website, determine if you have interacted with our messaging, determine whether you have viewed an item or link, or to improve our website content, applications, Services, or tools.
(c) Functionality related. We may use Web Technologies that allow us to offer you enhanced functionality when accessing or using our website, Services, applications, or tools. This may include identifying you when you sign into our website or keeping track of your specified preferences, interests, or past items viewed so that we may enhance the presentation of content on our website.
(d) Advertising or targeting related. We may use first-party or third-party Cookies and Web Beacons to deliver content, including advertisements relevant to your interests, on our website or on third-party sites and to track incoming traffic from paid external campaigns. This includes using technologies to understand the usefulness to you of the advertisements and content that has been delivered to you, such as whether you have clicked on an advertisement.
11.3 See below for more information about the individual Cookies that we use, including what we use them for11:
(a) [●]
(b) [●]
(c) [●]
11.4 Note that some of the third-party services providers that we engage, such as Google, Facebook, Basecamp and Blackbaud Solutions, may use Cookies. We have no control over such third-party services providers’ use of Cookies. If you would like to opt out of such use of Cookies, you may navigate to the relevant consumer page to manage that third-party services provider’s use of Cookies.
11.5 You can choose which Cookies we can use by clicking [●]. Note that any non-essential Cookies will only be placed on your device following your consent. You can also choose to “Reject all” Cookies. However, if you prevent the use of essential Cookies, your usage of this website may be limited12.
11.6 Other than essential Cookies, all Cookies and other Web Technologies will expire after [●]13.
12.1 Protecting your credit card information is of the utmost importance to NEF UK. When you donate to NEF UK online, the transaction is processed by a reputable service provider (Blackbaud Merchant Services) as the payment processor. Your credit card information is secured by Blackbaud Merchant Services and is not stored by Blackbaud Merchant Services or NEF UK. Your credit card information is used only for a one-time transaction unless you elect to make a recurring donation. To make a credit card donation by phone, please call [●]. If you prefer to donate by post, please send your cheque to Near East Foundation UK, More London Place, Office 134-136, London, SE1 2RE, United Kingdom.
12.2 Blackbaud Merchant Services is used to process your donation on behalf of NEF UK. To protect your credit card information, when used according to manufacturer’s instructions, Blackbaud Merchant Service encrypts personal and credit card information during all transactions and sends an automated confirmation email for all transactions. For their full policy on being PCI-compliant, visit: https://www.blackbaud.com/security/pci-compliance.
13.1 We may revise this Policy at any time in response to changes in the law or other factors. If this Policy is updated, we will inform you via email.
14.1 By choosing to visit the website, utilise the Services or otherwise provide information to us, you agree that any dispute over privacy or the terms contained in this Policy will be governed by the laws of England and Wales and the adjudication of any disputes arising in connection with NEF UK or the website will be in accordance with the NEF UK Website Terms and Conditions.