Privacy policy
1. GENERAL
1.1This Privacy Policy (“Policy”) applies to all information provided by you to us, by virtue of your role as a member/client or contributor, or as a user of our services, including when visiting our website. In this Policy you can read more about the data we collect, how we process your personal data and how long we store it etc. Please read this Policy and contact us if you do not agree to its contents, either in part or wholly. The current version of the Policy is available at www.ms.dk at any time.
2. DATA CONTROLLER
2.1The organisation responsible for processing your personal data is:
Mellemfolkeligt Samvirke − ActionAid DenmarkFælledvej 12DK-2200 Copenhagen N+45 7731 0000ms@ms.dkCVR number: 18243717(Hereinafter "Organisation")
The general legal framework for our processing of personal data is EU Directive 2016/679 of the European Parliament and Council of April 27 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, including regulation. Additionally, it is expected that a new act will be passed, on the basis of a bill introduced on 25 October 2017 on supplemental provisions to the directive on the protection of natural persons in connection with the processing of personal data and on the free movement of such data.
2.2The general legal framework for our processing of personal data is EU Directive 2016/679 of the European Parliament and Council of April 27 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, including regulation. In addition, the Danish Data Protection Act, No. 502 of 23 May 2018, contains additional provisions to the Regulation on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Exchange of Such Information (Databeskyttelsesloven).
2.3All queries regarding this Policy, the processing of your data and any suspicion of non-compliance should first be directed to:
Anne Kirstine Bech LundeFinance & Administration Directorcomplaints@ms.dk
3. DEFINITIONS
3.1Some of the main terms related to personal data are defined below:
Personal Data
Any information relating to an identified or identifiable natural person, i.e. any information which, directly or indirectly, alone or together with other data, can be used to identify a particular natural person.
Data Controller
The natural or legal person, public authority, institution or other body which, alone or together with others, decides to which purpose and with which tools processing of personal data may be carried out.
Data Processor
The natural or legal person, public authority, institution or other body that processes personal data on behalf of the Data Controller.
Processing
Any activity or series of activities that involve(s) the use of personal data, including collection, registration, systematisation, modification, search, comparison and handing over of or disclosure to private individuals, public authorities, companies, etc. outside the Organisation.
Special Categories of Personal Data
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, data concerning health or a natural person's sex life or sexual orientation and biometric data for the purpose of uniquely identifying a natural person (sensitive data).
The Personal Data Regulation
EU Directive 2016/679 of the European Parliament and Council of April 27 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, including regulation.
Act on the Protection of Personal
Data Danish Law No. 502 of 23/05/2018 - “Lov om supplerende bestemmelser til forordning om beskyttelse af fysiske personer i forbindelse med behandling af personoplysninger og om fri udveksling af sådanne oplysninger (databeskyttelsesloven)”.
4. PURPOSE OF PROCESSING YOUR PERSONAL DATA
4.1Depending on whether you are a member or a contributor, client or traveler, volunteer or course participant or perhaps just a user of our website, we are under an obligation to process your personal data to the extent necessary to provide you with the services you request and in order to fulfil our obligations as a member association. This applies both in terms of managing any contributions from you − unless you decide to contribute anonymously − any services or products you purchase from us and/or any subscriptions or memberships you hold with us. Our processing may also include your use of our web shop and/or our customer services, and/or promoting our services/products to you, signing up for our newsletter, courses or trips, sign one of our petitions, or in other ways share your personal data with us.
5. THE PERSONAL DATA ABOUT YOU THAT WE PROCESS
5.1Personal data we collect directly from you:
5.1.1If you are a member, client, traveller, volunteer, course participant or contributor with us, we collect the following personal data from you: Name, address, postal code, city, telephone number, e-mail address, registration and account number. Depending on your relationship with us we collect information about your civil registration number, for example for you to get deductions for any contributions, or if we are subject to a notification duty.
5.1.2If you are going to travel with Global Contact, ActionAid Denmark’s travel program, we may need to process your health information, which belongs to the Special Categories of Personal Information (sensitive information). If you give your explicit consent, this information is processed and shared with the partner organization at the travel destination. Health information is obtained solely for the benefit of travelers' health.
5.1.3In some cases, we need to collect information about you from others, for example information from the Danish Civil Registration System, Teledata and Post Nord. We collect such information in order to keep your contact details up-to-date so as to ensure that you can receive materials from us. We also collect it in order to complement the information we have about you, for example if we need your address.
5.1.4If you are on our premises (Fælledvej 12 or Ravnborgsgade 11 and Mellemrummet in Copenhagen), we monitor the entrances, the farms and the café with cameras during video recording.
6. COOKIES
6.1On our website we use cookies to manage login and to collect web statistics. A cookie is a small text file sent from our server to your browser and stored on your PC's hard drive or your mobile device. Cookies make your usage of our website easier and more efficient. We do not process information about user behavior collected via cookies in a way that can link user's behavior to their identity. You can configure your browser to inform you about the use of cookies so as to decide on a case-by-case basis whether to accept or reject it. You may also opt to completely disable it. However, by doing so, some functionality of the website may not be optimal. The cookies do not contain personal data such as information about your e-mail address, your user ID or other personal data, other than that described in this Policy. You can read our Cookie Policy here: www.ms.dk/en/cookies.
7. HOW WE PROCESS YOUR PERSONAL DATA
7.1Specifically, we use your personal data for a number of purposes, depending on whether you are a member, contributor, client, traveler, volunteer or course participant, or perhaps just a user of our website.
7.1.1If you are a member, we use your personal data to:
manage your membership
contact you regarding your membership and our work via post, e-mail, telephone and social media platforms
report any contributions other than your membership fee to the Danish tax authorities (SKAT) to ensure that your contribution will appear on your tax return
use your e-mail address and phone number to target advertisements on social media platforms.
7.1.2If you are a contributor, we use your personal data to:
manage your contributions
contact you with the necessary information about your contribution(s) and our work via post, e-mail, telephone and social media platforms
report your contribution(s) to the Danish tax authorities (SKAT) to ensure that it will appear on your tax return
send you marketing materials to the extent that it complies with the marketing legislation in force at the time
use your e-mail address and phone number to target advertisements on social media platforms
7.1.3If you are a client or traveler, we use your personal data to:
make functions on our website, including our web shop, available to you
send you order confirmations
respond to any questions you may have and comply with your requests
execute your orders
manage our customer relationship with you
send you marketing materials to the extent that it complies with the marketing legislation in force at the time
support you in any application for visa/work permit in relation to your trip
create your membership if this is a requirement for you to travel with us.
7.1.4If you are a volunteer or course participant, we use your personal data to:
offer and manage courses
create and manage your volunteer profile
communicate with you and coordinate internally
share your data with selected ActionAid partners after obtaining your consent.
7.1.5If you are just a user of our website, we use your personal data to:
make functions on our website available to you
prepare statistics on your behavior on our website
optimise the appearance of our website
target advertisements on social media platforms
If you have participated in a signature collection, quiz or other game, we may use your information to contact you, unless you have actively refused to be contacted.
7.1.6If you are on our premises, we use video recording to investigate any cases of violence, theft or crime at our address. We download the pictures and hand them over to the Police, who process the case.
8. WHY WE MAY PROCESS YOUR PERSONAL DATA (BASIS OF DATA PROCESSING)
8.1When you become a member with us, make a contribution, purchase a product in our web shop or enter into some sort of agreement with us, we process your ordinary personal data for exactly that purpose. We may also process your personal data if, for example, you have a query prior to entering into an agreement with us. The legal basis of processing your personal data is Article 6(1)(b) of the Danish Personal Data Regulation, as processing your data is necessary for us to fulfil our agreement with you or for us to handle inquires etc. prior to you entering into an agreement with us.
8.2We may also process your ordinary personal data because we have a legitimate interest in processing your data, cf. Article 6(1)(f) of the Danish Personal Data Regulation, unless your right to have your ordinary personal data protected takes precedence over our legitimate interest in processing your data.
8.2.1We have a legitimate interest in processing your personal data for marketing purposes. This means that our legitimate interest consists of knowing your preferences so as to better customise our offers to you and, ultimately, deliver the products and services that best meet your needs and preferences. Of course, we also comply with all provisions of the Danish Marketing Practices Act. In accordance with this provision, we also carry out statistics on the number of members, purchases, contributions, use of the website etc.
8.3In certain cases we may also be under a legal obligation to process personal data about you, for example in connection with documentation of audit trails, pursuant to the provisions of the Danish Bookkeeping Act. The Act stipulates, among other things, that we are obliged to keep accounting records for up to five years from the end of the accounting year covered by such accounting records. Examples also include reporting to the Danish tax authorities in order for you to get deductions for any contributions you have made to us. Your civil registration number must be included when reporting to the Danish tax authorities, cf. the Danish Tax Control Act, and is therefore the basis of our processing of information about your civil registration number.
8.4We are able to process travelers' health information, which belongs to the Special Categories of personal data, in accordance with Article 9, 2 (a) of the General Data Protection Regulation where we obtain explicit consent. Health information is obtained solely for the benefit of travelers' health.
8.5If you are not a member, contributor, client, traveler, volunteer or course participant with us, but perhaps just a user of our website or doing a petition, we need to be able to manage the information you provide in order to manage cookies etc., or for the purpose of the petition. Read more in our Cookie Policy at www.ms.dk/cookies. In some cases we may register the IP addresses that have visited our website. An IP address can be considered a piece of personal data and, if we process your IP address, we will do so on the same basis as described above in section 8.2.
9. SHARING YOUR PERSONAL DATA
9.1We may share your personal data with the suppliers and partners that assist us in performing your order, or assist us with our IT operations, hosting, payment services, travel agency, telemarketing and other marketing.
9.2We may also share your data with other ActionAid Organisations to the extent that this is permitted by law.
9.3If you participate in one of our online campaigns, we may publish your name in campaign materials on social media. You will always be informed before your information is processed.
9.4In addition to the above, we share your data to the extent that we are obliged to do so, for example due to requirements to report to public authorities such as the Danish tax authorities (SKAT).
10. SHARING YOUR PERSONAL DATA WITH RECIPIENTS OUTSIDE OF THE EU/EEA
10.1Some of our service providers, as well as several of our sister organisations, are located outside of the EU/EEA. Therefore, occasionally, we share your personal data with recipients in countries outside of the EU/EEA. This, however, requires that:
the relevant country or international organisation has a sufficient level of protection as defined by the European Commission
we have agreed on standard data protection provisions passed by the European Commission with the recipient receiving your personal data
the relevant recipient is certified according to Article 42 of the Danish Personal Data Regulation
the relevant recipient has adopted a set of approved Binding Corporate Rules.
10.2We may also ask for your consent to share your personal data with recipients located outside the EU/EEA, or this may be required due to an agreement with you or measures taken according to agreement with you. These exceptions of sharing are covered by Article 49 of the Danish Personal Data Regulation.
10.3You may at any time request information about or a copy of the required guarantees that form the basis of sharing personal data with recipients outside of the EU/EEA and, if exceptions apply according to the description in Article 49 of the Danish Personal Data Regulation, the exceptions forming the basis for any such sharing of Personal Data.
11. STORING AND DELETION OF YOUR PERSONAL DATA
11.1We store and process your personal data if there is a legal and legitimate reason for doing so. Wherever possible, we use automated deletion and anonymization processes in our systems. Where our systems do not allow us to use such automated deletion and anonymization processes, we have established ongoing controls to ensure that personal data is reviewed and deleted/anonymized.
11.2If you are a client or traveler, we will retain your personal data for five years plus the current year in accordance with the Danish Bookkeeping Act. Your name, email and date of birth are kept for another 5 years to be able to give you a travel document, should you request it in connection with your education or career.
11.3If you are a member, we will retain your personal data for five years plus the current year as per your withdrawal in accordance with the Danish Bookkeeping Act.
11.4If you are a contributor, we will retain your personal data for five years plus the current year as per your withdrawal in accordance with the Danish Bookkeeping Act.
11.5If you are a volunteer or course participant, we will retain your personal data for a maximum of five years after the relationship has ended.
11.6If you are a user of our website and are neither a client, member, former member nor contributor or participating in a campaign, your personal data are anonymous. We use Plausible to measure the traffic on our websites. Plausible does not register the data of the individual visitor, but creates a randon string of letters and numbers that can be used to calculate the number of unique visits to our websites. This string is re-set every day. Data obtained before August 2023 was treated by Google Analytics and is retained for 26 months.
11.7If you participate in one of our campaigns (quizzes, signature collections, etc.) without financial commitment, we will store your personal information for up to 1 year after the campaign expires. Our campaign activities are most often active over a long period of time and in this connection we need to be able to document the commitment in our campaigns.
11.8If you have requested not to be contacted any longer, we will keep your information on the list of people we should not contact, unless you have actively requested that we delete your information.
11.9If you go on our premises which is under video surveillance, we will keep video recording for 30 days.
12. YOUR RIGHTS
12.1 Insight
12.1.1You are entitled to gain insight into the personal data we process about you. You may request insight into the personal data we have registered about you, including the purposes for which such data has been collected, by writing to us at the above address; see section 2.1. We will comply with your request for insight as soon as possible.
12.2 Correction and deletion
12.2.1You are entitled to request that the personal data we process about you be corrected, further processed, deleted or blocked. We will comply with your request as soon as possible to the extent necessary. If for some reason we are not able to comply with your request, we will contact you.
12.2.2 However, section 12.2.1 regarding deletion of your data (in connection with your right to be forgotten) does not apply in relation to the list of people we should not contact, if you have refused to be contacted and your information is on that list. In other words, if you have declined to be contacted and at the same time asked us to delete your personal information, your contact information will still appear on that list so that we can ensure that we do not contact you again.
12.3 Limitation of processing
12.3.1In certain circumstances you are entitled to have the processing of your personal data limited. Please contact us if you wish to opt for a limitation of the processing of your personal data.
12.4 Data portability
12.4.1You are entitled to receive your personal data (only information about yourself that you have provided to us) in a structured, commonly used and machine-readable format (data portability). Please contact us if you wish to make use of the opportunity for data portability.
12.5 Right to complain
12.5.1You are entitled to ask us not to process your personal data in cases where the processing is based on Article 6(1)(e) (in the public interest or exercise of authority) or Article 6(1)(f) (legitimate interest). The extent to which we process your data for such purposes appears from this Policy. You may at any time exercise your right to complain by contacting us.
12.6 Revocation of consent
12.6.1If the processing of your personal data is based on your consent, you may revoke your consent at any time. Your revocation does not affect the legitimacy of the processing that was carried out prior to revoking your consent. Please contact us if you wish to revoke your consent.
12.6.2If you wish to revoke your consent to receive promotional information and offers in general, including by ordinary post, e-mail, text, telephone or other electronic means, you may do so at any time by writing to us at ms@ms.dk. If we are unsure of your identity, we may ask you to identify yourself. This is free of charge, except for the ordinary costs of communication.
12.7You may write to us at ms@ms.dk to exercise one or more of the above rights.
12.8There may be conditions or limitations attached to the exercise of the above rights. This means that you may not have the right to data portability in that particular case − it depends on the specific circumstances of the processing activity in question.
13. POTENTIAL CONSEQUENCES OF NOT PROVIDING PERSONAL DATA
13.1If you are obliged to provide us with personal data about yourself, it will appear in places where we collect such data. If you do not wish to provide us with the personal data we request, the consequence may be that we are not able to provide you with the services you request, complete your order, create you as a contributor etc.
14. SECURITY
14.1Internally in our Organisation, our processing of personal data is subject to our IT and Security Policy. Our IT and Security Policy also contains rules for the conduction of a risk assessment and an impact assessment of existing, new or changed processing activities. We have implemented internal rules and procedures to ensure an appropriate level of security from the time of collecting personal data until deletion, and the processing of personal data is always carried out by Data Processors maintaining an appropriate level of security and protection.
15. COMPLAINTS TO SUPERVISORY AUTHORITY
15.1If you are not satisfied with our processing of your personal data, you are entitled to file a complaint with the Danish Data Protection Agency:
Datatilsynet, Borgergade 28, 5th floor, DK-1300 Copenhagen K, telephone +45 3319 3200, e-mail: dt@datatilsynet.dk
16. UPDATING THIS POLICY
16.1Mellemfolkeligt Samvirke complies with the basic principles of personal data and data protection. Therefore, we regularly review this Policy to ensure that it is up-to-date and complies with applicable principles and legislation. This Policy may be changed without notice. Significant changes in this Policy will be published on our website together with an updated version of the Policy.
16.2Any future changes in the Policy will be published on this site and can be sent to you by e-mail if you so wish.
See the Danish version.