DONATE
each life matters

Privacy Policy

Medair US
Who we are?

Medair is a Swiss-based international humanitarian organization dedicated to relieving human suffering in some of the world’s most remote and devastated places. We reach people in underserved communities that have been damaged by natural disasters, conflicts and other crises. In doing so, we help people recover with dignity and develop skills to build a better future.

For further information about our commitment to your privacy, please contact us by:
Email: united.states@medair.org
Mail: PO Box 4476
Wheaton, IL 60189-4476
Phone: (866) 599-1795.

How do we respect your privacy?

Medair is committed to respecting your privacy, and we promise to take appropriate steps to protect your personal data. Medair’s values of integrity and accountability guide our approach to care for your personal data as responsible stewards so that it is used appropriately and kept safe.

We collect selected personal data of our employees, beneficiaries, donors, trustees, board members, consultants, contractors, volunteers, interns, vendors, prospective employees and others who interact with our organisation.

We recognise that people who engage with Medair, via our website or through other means, may have questions about the personal data they provide to us and how we treat that information. This policy addresses those questions and explains how and why we use your information.

What personal data do we collect? Where do we collect it from?
Medair will only collect the personal data that we need and are legally allowed to possess. Personal data is information that can be used to identify or contact you. This includes data such as names, email and postal addresses, telephone numbers, mobile telephone numbers, bank account details, credit and debit card details, and social media presence. It also includes Internet Protocol (“IP”) addresses (data which identifies the location of a computer on the internet), information about pages visited on our website and files downloaded on our website.

We collect information in the following ways:

Information that you give us directly

Medair collects personal data in connection with specific activities, for example, when you:

-donate to us

-sign up for our email communications

-register for an event

-apply for a job

-are hired by or volunteer for Medair

-visit our website

-complete a survey or feedback form

 

Information that you give us indirectly

Your information may be shared with us by fundraising sites like Everyclick, GivenGain or JustGiving. These independent third parties will only share your personal data when you have indicated that you wish to support Medair. You may wish to review their privacy policies to understand how they will use your data.

Information that we collect from your use of our websites

Like most organizations, we use cookies and similar technologies to make our website faster and easier to use. Cookies are small data files placed onto your computer or mobile device when you access the internet. By using our website, you agree that we can place cookies on your computer or mobile device. If you wish to restrict or block cookies, you should review your browser settings. For more information, please read our cookies policy.

Information from third parties

We may receive information about you from third parties if you choose to engage with us via Facebook, Instagram, Twitter or other such social media platforms. We may also receive your information if a friend or family member wishes to register you for an event or make a donation in your name.

Information from publicly available sources

We may combine information you provide to us with information available from publicly available sources to gain a better understanding of our supporters and those who engage with us. Public sources may include government websites, biographical directories and reputable media organizations and other databases. We may collect information from public sources to gain a better understanding of our supporters so that Medair can be as relevant to you as possible, and better able to tailor any requests for support that we might make.

Certain categories of personal information are more sensitive. This is known as sensitive or special category personal data and covers health information, race and ethnicity, religious and political opinions amongst other categories. We may collect sensitive data about you if there is a proper and legal reason to do so. Such reasons may include conducting appropriate checks on volunteers, being aware of any health concerns that may affect our ability to correspond with you or taking note of your religious affiliation to ensure we send you the most appropriate communications.

Personal data of children

When you register for an event, make a donation, sign up to volunteer or interact with Medair in any other way, you are stating that you are 18 years of age or older or are acting with the consent of your parent or guardian. When we collect personal data about someone under 18 years of age, we will make it clear why we are collecting this information and how it will be used.

If you are under 18 and would like to get involved with us, or make a donation, please make sure that you have your parent or guardian’s permission before giving us your personal information

How do we use your personal data?
We may use your personal data in the following ways:

– to process and acknowledge our gratitude for donations we receive from you

– to send you program updates and fundraising communications

– to record the contact we have with you

– to invite you to participate in surveys or provide feedback

– to ensure that potentially vulnerable people are treated appropriately, particularly in regard to donations

– to conduct fundraising research

– to analyse and improve the services we offer

– to analyse the use of our websites and ensure security and optimal performance

– to establish a volunteer or employment relationship with you

– to ensure compliance with applicable laws, for instance those relating to taxes or anti-money laundering

We may also carry out “wealth screening”. This is a process which uses a trusted third-party partner to automate some of this work by screening your name and address details against publicly available information. The third party doing this work will only use your data to help us with our fundraising. It cannot use your data for any other purposes. We never share any of your financial transactions with Medair with this third party.

You can opt out of your data being used for research and wealth screening at any time or ask for an explanation of what we do by emailing united.states@medair.org with the subject line ‘Please stop analysis of my data’ or by writing to Medair, 97 S. Second St., San Jose, CA 95113
or calling us on (866) 599-1795..

When do we share your personal data and with whom?
Medair will never sell your personal data to other organisations. Medair will never share your personal data with other organisations for them to use for their own purposes.

Medair does share information with organisations who provide a service to us, for example, companies who help us manage our website, process financial transactions and support our human resources and fundraising departments.  We will ensure that our service providers enter into processing agreements that comply with the GDPR. We will also ensure that appropriate controls are in place.

Medair does share personal data where it is under a legal obligation to do so.

Where do we store your personal data?

Your personal information may be stored on secure servers at our offices, off-site and on Cloud-based servers. We may also store information in paper files.

Medair US is part of a global organisation headquartered in Switzerland. Some data (for example job applications) is processed in Switzerland. Although outside the European Economic Area (EEA), Switzerland is a country where the EU is satisfied with the adequacy of its data protection.

Some of the personal information you provide to us may be stored or processed on our behalf by third party suppliers and may be located in other jurisdictions whose laws may differ from the jurisdiction in which you live. In such cases, we will make efforts to ensure that appropriate protections are in place to safeguard your personal data in accordance with applicable data protection laws.

How we protect your personal information?
We place great importance on the security of personal data in our possession. We understand the significance of this responsibility and we take appropriate technical and organisational measures to protect your personal data from loss, misuse or alteration. For example, we encrypt our online forms, routinely monitor our network against data breaches and utilize industry standard SSL (secure sockets layer) certificates.

Nevertheless, the transmission of information over the internet or by other methods is never completely secure. While we take appropriate precautions to protect personal data, we cannot guarantee the security of information transmitted to our website. Therefore, any transmission is at your own risk. However, payment card details we receive on our website are passed securely to our payment processing provider according to the Payment Card Industry Security Standards. Unless you have given us permission to retain your bank account or credit card details, such details are securely destroyed once your donation has been processed.  We hold bank account details for the purposes of collecting regular payments in accordance with the local regulations.

How long do we keep your personal data?
We keep your information for as long as it’s necessary or legally required. For example, we will retain details of donations for seven years to meet the requirements that HMRC sets for Gift Aid audits.

We will not retain your credit card or bank account information unless you have given us permission to do so.

If you request to receive no further contact from us, we’ll keep some basic information about you on our suppression list to avoid sending you unwanted materials in the future. Such information will be minimised to ensure we only keep what is necessary. Where your information is no longer required, we will ensure that it is disposed of in a secure manner.

What is our lawful basis for collecting and using personal data?

Organisations need a lawful basis to collect and use personal data under data protection law. Current law allows for six ways to process personal data (and additional ways for sensitive personal data). Three of these are most relevant to the way in which Medair collects and uses personal data:

  • a person has given consent (for example, to send you direct marketing by email or SMS) processing that is necessary for compliance with a contract  (to process a direct debit)
  • to meet a legal obligation (including financial reporting and other regulatory compliance purposes)
  • our legitimate interests (please see below for more information)

Personal data may be legally collected and used if it is necessary for a legitimate interest and is not overridden by your fundamental rights and freedoms. We have written Legitimate Interest Assessments to show how we can come to decisions about this balance of interests. These assessments are available on request by emailing united.states@medair.org, or by writing to us at PO Box 4476
Wheaton, IL 60189-4476 or calling us on (866) 599-1795.

Our legitimate interests include:

  • administration and operational management (including responding to solicited enquires, providing information and services, research, events management, the administration of volunteers and employment and recruitment requirements)
  • fundraising (including managing campaigns and donations, sending direct marketing and thank you letters by post)

If you would like to change our use of your personal data, please get in touch with us using the details found above.

What are your rights?

Data protection laws provide you certain rights in some circumstances. You have the right to request access to your personal data. You may also have the right to request that your personal data be corrected or erased, object to its processing or have access to it restricted. You also have the right to receive a copy of your personal information or to have your personal information sent to another entity. We may ask you for additional information to confirm your identity before disclosing to you information requested by you.

To exercise your rights in connection with your personal data, please contact us by emailing united.states@medair.org, or by writing to us at PO Box 4476, Wheaton, IL 60189-4476 or calling us on (866) 599-1795.

Your suppression rights

Please contact us using contact below if you have any question about this Privacy Policy or if you would like to:

– opt out of your data being kept or processed for any of the above reasons
– exercise your rights in connection with your personal data
– know more about our commitment to you privacy
– ask for an explanation of how we process your data

Email: dataprotection@medair.org,  or
Mail: Chemin du Croset 9, 1024 Ecublens, Switzerland, or
Telephone: +41 (0) 21 694 35 35.

Changes to the privacy policy
We may periodically revise or update this policy to reflect changes in our practices or in the law. If we make any significant changes in the way we treat your personal data, we will make this clear on our website or by contacting you directly. We encourage you to visit this section of the website regularly to review any changes that may have been made.