PRIVACY POLICY FOR CHILDREN AND WAR FOUNDATION
1. INTRODUCTION
Children and War Foundation (CAW) has taken all necessary steps to ensure the privacy of the personal data that we process.
This Privacy Policy applies where we act as controller for processing personal data, which is normally the case in connection with our activities. As controller, we are responsible for ensuring that the personal data we have about you are used in accordance with the applicable data protection legislation. In this Privacy Policy, you can read more about why and how we collect and use your data, and about the rights you have over your data. Personal data are data that relate to you as an identifiable person.
If you have any questions regarding this privacy policy, or about our collection and usage of your data, you can contact our chairperson of the Board of Directors by email at inger.hygen@cms- kluge.com.
We are not required to have a data protection officer. Any inquiries about our collection or usage of your personal data should be addressed to the contact details above.
2. WHEN AND WHY DO WE COLLECT PERSONAL DATA, AND ON WHAT LEGAL BASIS?
CAW is a charitable organization who works to aid and support children, as well as their families, who are affected by war, warlike situations and disasters. We offer support by training local people in psychological procedures to help the children cope with the situation.
CAW does not process any personal data of the children who are subject to training (the beneficiaries). We mainly collect and process personal data in the following situations:
Training
If you perform training on behalf of CAW (members of the Board of Research and Implementation), or in cooperation with CAW (partners in training), we will collect and if necessary store your name, telephone number, e-mail address and possibly postal address. We have a need for processing of the same kind of data for individuals with whom we cooperate with, including those whom CAW support in various ways and supporters of CAW. The purpose of this is to be able to communicate with our partners and supporters in order to fulfill our core activities. Our purpose also includes being able to evaluate the work and efforts of the Foundation, also as a part of the research the Foundation may support. The legal basis in this respect is your consent and our legitimate interests in having contact with our partners and supporters and improving our work, cf. the GDPR art. 6 (1) letter a and f.
You may be entitled to compensation of cost and/or compensation for loss of salary. Personal data will then be collected and registered in connection with the payment and accounting systems for that purpose, and kept for as long as necessary according to accounting regulations. The legal basis for this is our agreement with you, cf. the GDPR art. 6 (1) letter b, and to fulfill our legal obligations cf. the GDPR art. 6 (1) letter c.
Donors
If you donate to the organization, we need to register you name, e-mail and address to fulfill our legal obligations (under the Accounting act) and our legitimate interests in knowing our donors, cf. the GDPR art. 6 (1) letter c and f.
Visits to websites
We do not use cookies on our web site, and Gogle Analytics does not collect or store IP- address or any other personal data other than retrieving geographical and demographics data, if not restricted in your user profile.
If you use the contact forms on our websites, name and contact details you have submitted will only be used as per your interest.
Our website https://www.childrenandwar.org/ is hosted by FastName.no. The Data processor contract with FastName.no is here: https://www.fastname.no/tjenesteavtale/#2
We specifically draw attention to the sections in the contract about the use of sub suppliers, export of data to other one.com companies and international export of data.
Information from visitors on the website retrieved/registered through Google Analytics is deleted no later than after 26 months, by Google Analytics.
3. WHOM DO WE SHARE PERSONAL DATA WITH?
The suppliers of our IT services and their sub-suppliers may have access to personal data if such access is necessary for them to provide their services to us. We have data processing agreements with such parties ensuring that they do not use such data for their own purposes.
To be able to fulfill our core activities, we may need to provide contact information about our trainers and partners to those we cooperate with locally. This may also include transfer of personal data to third countries, outside the EU/EEA. Such transfers will be based on the data subjects’ consent, cf. the GDPR art. 49 (1) a.
We do not disclose personal data in any other way, unless requested by our clients or unless it is necessary to comply with laws or public authority requirements. We do not sell personal data.
4. DATA RETENTION
We store your personal data for as long as it is necessary to fulfil the purposes as described in this Privacy Policy. This essentially means the following:
We store the details of contacts in 2 years periods. Every 2 years – or more often – the contact lists are reviewed and persons no longer relevant to the Foundation are deleted from the lists and all data are deleted.
IT logs – if any – will bed deleted at least every 2nd year.
5. YOUR RIGHTS AS A DATA SUBJECT
You have several rights under the current privacy regulations. We have provided a list of these rights below. Please do not hesitate to contact us if you wish to exercise your rights. We will respond to your inquiry as soon as possible, generally within one month at the latest.
Under certain conditions and in accordance with applicable law, you have the right to request:
Access to your personal data registered by us.
Rectification and erasure of any incorrect personal data about you. When we have your data based on consent, according to GDPR art. 6 (1) a, you have the right to withdraw that consent any time.
Restriction; You have a right to ask us to stop (“freeze”) the processing of your personal data, e.g. where you are of the opinion that we process personal data about you illegally and you do not wish us to erase these data pursuant to our routines for such erasure until the matter has been clarified.
Data portability; You have a general right to request transfer of your personal data in a common, machine-readable format.
You also have a right to object to our processing of personal data about you if this is justified by special circumstances on your part.
Right to appeal to the Norwegian Data Protection Authority (Datatilsynet): If you do not agree with the way in which we process your personal data, you may submit an appeal to the Norwegian Data Protection Authority (Datatilsynet).
We ask that you contact us beforehand, so that we may clarify any misunderstandings.
6. SECURITY
We have implemented technical and organizational security measures to ensure that we handle personal data in a secure manner. We perform regular assessments of the security of all of our systems used for handling personal data and have entered into agreements instructing the suppliers of such systems to ensure an adequate level of data security.
7. AMENDMENTS TO THIS PRIVACY STATEMENT
We may amend this Privacy Policy from time to time. The most up-to-date version of our Privacy Policy is available on our website.