Privacy Policy

Medair is committed to respecting your privacy, and we promise to take appropriate steps to protect your personal data. Medair’s values of integrity and accountability guide our approach to care for your personal data as responsible stewards so that it is used appropriately and kept safe.

We collect selected personal data of our employees, beneficiaries, donors, trustees, board members, consultants, contractors, volunteers, interns, vendors, prospective employees and others who interact with our organization.

Our privacy policy takes into account several legal instruments, including:

– The European Union General Data Protection Regulation (GDPR)
– The Swiss Federal Act on Data Protection

These laws apply whether data is stored electronically, on paper or in another format. To comply with these laws, personal data must be collected and used fairly, securely and only for lawful reasons.

We recognize that people who engage with Medair, via our website or through other means, may have questions about the personal data they provide to us and how we treat that information. This policy addresses those questions and explains how and why we use your information.

Medair will only collect the personal data we need and are legally allowed to possess. Personal data is information that can be used to identify or contact you. This includes data such as names, email and postal addresses, telephone numbers, mobile telephone numbers, bank account details, credit and debit card details, and social media presence. It also includes Internet Protocol (“IP”) addresses (data which identifies the location of a computer on the internet), information about pages visited on our website and files downloaded from our website.

We collect information in the following ways:

Information you give us directly

Medair collects personal data in connection with specific activities, for example, when you:

– donate to us
– sign up for our email communications
– register for an event
– apply for a job
– are hired by or volunteer with Medair
– visit our website
– complete a survey or feedback form
– provide us with a business card

Information you give us indirectly

Your information may be shared with us by fundraising sites like Everyclick, GivenGain or JustGiving. These independent third parties only share your personal data when you indicate that you wish to support Medair. You may wish to review their privacy policies to understand how they will use your data.

Information we collect from your use of our websites

Like most organizations, we use cookies and similar technologies to make our website faster and easier to use. Cookies are small data files placed onto your computer or mobile device when you access the internet. By using our website, you agree that we can place cookies on your computer or mobile device. If you wish to restrict or block cookies, you should review your browser settings. For more information, please read our cookies policy.

Third party digital communication and processing services

Medair uses third party digital communication services such as Campaign Monitor, Hopsie and Google analytics to assist us in marketing and financial donations processes, as well as in recruitment communications. Personally identifiable information is collected during tracking of email recipient activity, website usage and processing of donation. These companies have access to information only at the level needed to perform their functions. We require that these companies keep such information confidential. Such information is used to refine our web site content and layout, to process financial donation and to improve communication with our donors and candidates.

Information from third parties

We may receive information about you from third parties if you choose to engage with us via Facebook, Instagram, Twitter or other such social media platforms.

Information from publicly available sources

We may combine information you provide to us with information available from publicly available sources to gain a better understanding of our supporters and those who engage with us, so that Medair can be as relevant to you as possible and better tailor our requests for support. Public sources may include government websites, biographical directories and reputable media organizations and other databases.

Sensitive personal data

Certain categories of personal information are more sensitive. This is known as sensitive or special category personal data and covers health information, race and ethnicity, and religious and political opinions amongst other categories. We will only collect sensitive data about you if there is a proper and legal reason to do so. Such reasons may include conducting appropriate checks on job applicants to match your application profile appropriately to the relevant role, or being aware of any health concerns in relation to working in a humanitarian environment. We may also take note of your religious affiliation to ensure we send you the most appropriate communications.

Personal data of children

When you register for an event, make a donation, sign up to volunteer or interact with Medair in any other way, you are stating that you are 18 years of age or older or are acting with the consent of your parent or guardian. When we collect personal data about someone under 18 years of age, we will make it clear why we are collecting this information and how it will be used.

If you are under 18 and would like to get involved with us or make a donation, please make sure that you have your parent or guardian’s permission before giving us your personal information.

For application purposes for the field, it is necessary to collect data about children in order to make good decisions around placement of staff in humanitarian environments.

We may use your personal data in the following ways:

– to process and acknowledge our gratitude for donations we receive from you

– to send you program updates and fundraising communications

– to record the contact we have with you

– to invite you to participate in surveys or provide feedback

– to ensure that potentially vulnerable people are treated appropriately, particularly in regard to donations

– to conduct fundraising research

– to analyse and improve the services we offer

– to analyse the use of our websites and ensure security and optimal performance

– to establish a volunteer or employment relationship with you

– to ensure compliance with applicable laws, for instance those relating to taxes or anti-money laundering

We may also carry out “wealth screening”. This is a process which uses a trusted third-party partner to automate some of this work by screening your name and address details against publicly available information. The third party doing this work will only use your data to help us with our fundraising. It cannot use your data for any other purposes. We never share any of your financial transactions with Medair with this third party.

Medair will never sell your personal data to other organisations. Medair will never share your personal data with other organisations for them to use for their own purposes.

Medair does share information with organisations who provide a service to us, for example, companies who help us manage our website, process financial transactions, and support our human resources and fundraising departments. We will ensure our service providers enter into processing agreements that comply with the GDPR. We will also ensure that appropriate controls are in place.

Medair does share personal data where it is under a legal obligation to do so.

If you are interested in or apply for a job through Medair’s Swiss Headquarters we may send your information to Medair representatives in your country of residence (affiliate offices) so that they can communicate with you and support you in your professional interest in Medair. A list of Medair affiliate offices and their associated privacy policies can be found here.

When applying for field roles, we may send your information to field country programmes for them to review candidate applications.

Medair affiliate offices may also share details of contacts made at events with Medair Swiss headquarters to enable centralised recruitment communications.

Your personal information may be stored on secure servers at our offices (Swiss headquarters, affiliates, field country programmes), off-site and on cloud-based servers. We may also store information in paper files. Some of the personal information you provide to us may be stored or processed on our behalf by third party suppliers and may be located in other jurisdictions whose laws may differ from the jurisdiction in which you live. In such cases, we will make efforts to ensure appropriate protections are in place to safeguard your personal data in accordance with applicable data protection laws.

We place great importance on the security of personal data in our possession. We understand the significance of this responsibility and we take appropriate technical and organisational measures to protect your personal data from loss, misuse or alteration. For example, we encrypt our online forms, routinely monitor our network against data breaches and utilize industry standard SSL (secure sockets layer) certificates.

Nevertheless, the transmission of information over the internet or by other methods is never completely secure. While we take appropriate precautions to protect personal data, we cannot guarantee the security of information transmitted to our website or through other means. Therefore, any transmission is at your own risk. Payment card details we receive on our website are passed securely to our payment processing provider according to the Payment Card Industry Security Standards. Unless you have given us permission to retain your bank account or credit card details, such details are securely destroyed once your donation has been processed. We hold bank account details for the purposes of collecting regular payments in accordance with local regulations.

We keep your information for as long as it’s necessary or legally required. For example, subject to Swiss law, Medair retains donation records for at least ten years. We will not retain your credit card or bank account information unless you have given us permission to do so. We will keep your recruitment and employment related data for as long as necessary or legally required. If you request to receive no further contact from us, we’ll keep some basic information about you on our suppression list to avoid sending you unwanted materials in the future. Such information will be minimised to ensure we only keep what is necessary. When your information is no longer required we will ensure that it is disposed of in a secure manner.

Organisations need a lawful basis to collect and use personal data under data protection law. Current law allows for six ways to process personal data (and additional ways for sensitive personal data). Four of these are most relevant to the way in which Medair collects and uses personal data:

– a person has given consent (for example, to send you direct marketing by email or SMS)
– processing that is necessary for compliance with a contract  (to process a direct debit)
– to meet a legal obligation (including financial reporting and other regulatory compliance purposes)
– our legitimate interests.

Our legitimate interests include:

– administration and operational management (including responding to solicited enquires, providing information and services, research, events management, the administration of volunteers and employment and recruitment requirements)
– fundraising and recruitment (including managing campaigns and donations, vacancy emails, event invitations, sending direct marketing and thank you letters by post)

Personal data may be legally collected and used if it is necessary for a legitimate interest and is not overridden by your fundamental rights and freedoms. If you would like to change our use of your personal data, please get in touch with us using the details found below.

Data protection laws provide you certain rights. You have the right to request access to your personal data. You may also have the right to request that your personal data be corrected or erased, object to its processing or have access to it restricted. You also have the right to receive a copy of your personal information or to have your personal information sent to another entity. We may ask you for additional information to confirm your identity before disclosing information requested to you or processing your request.

Please contact us using contact below if you have any question about this Privacy Policy or if you would like to:

– opt out of your data being kept or processed for any of the above reasons
– exercise your rights in connection with your personal data
– know more about our commitment to you privacy
– ask for an explanation of how we process your data

Email: dataprotection@medair.org,  or
Mail: Chemin du Croset 9, 1024 Ecublens, Switzerland, or
Telephone: +41 (0) 21 694 35 35.