This policy tells you what data the BankTrack Foundation (‘BankTrack’) is collecting and how we process and protect your personal data. We aim to be clear about when we collect your data, to let you know what we will use it for, and to keep it secure. If you would like more information or have any questions, please email us at email@example.com or call us on +31-6-422 368 70.
“Stichting BankTrack”, or The BankTrack Foundation, is registered with the Dutch Chamber of Commerce as a not-for profit foundation under Dutch law (Nr. 30198568).
What personal data is collected?
BankTrack collects personal information only in the following formats, and for the following purposes:
1. To send you news digests via our mailing list
Your data are then stored on our Mailchimp system. The data are stored there for as long as you do not unsubscribe yourself from our list.
The legal basis for processing these data is your own consent, as you have either signed yourself up by using the form here, or you have recently given us explicit permission to be kept on this mailing list. You can always remove yourself from this dataset by clicking the relevant links in our mailings to you.
2. To add you to our internal mailing lists as actively involved in our campaign activities
Your data are then stored on our own server's internal mailing list system that runs on Sympa mailing list software. The data are stored there for as long as you do not unsubscribe yourself from our list, or ask us to do this.
The legal basis for processing these data is your own consent, as you have asked us, or given us explicit permission to include you in these list, usually by email. You can always remove yourself from this dataset by clicking the relevant links in our mailings to you.
3. Because you have responded to a survey we sent you
Your data are then stored on our SurveyMonkey account. The data are stored there for as long as we need the data for the purpose described in the survey itself, and/or the period described in the survey.
The legal basis for processing these data is your own consent, as by responding to our request you have agreed for your responses to be used. You can always remove yourself from this dataset by contacting us via firstname.lastname@example.org
4. Because you have applied for a paid or unpaid position with us
Your data are then stored in our internal project management system. The data are removed within four weeks after these data are no longer relevant for the position we have on offer, unless you have asked us to keep your information on file (e.g. in case a relevant position comes up in the future).
The legal basis for processing these data is your own consent, as by applying for the position you have agreed for your data to be stored and used for this purpose, and this purpose alone. You can always remove yourself from this dataset by contacting us via email@example.com
5. Because you work or have worked for BankTrack in a paid or unpaid position
Your data are then stored in our internal document storage system, hosted on our own server. The data are stored there for as long as you are employed by BankTrack and then partly removed in accordance with legal requirements in the Netherlands, as detailed in our internal personnel policy.
The legal basis for processing these data is our legitimate interest in storing these data for administrational purposes, as well as your own consent, as we ask you to agree on this when accepting the position. You can always remove yourself from this dataset by contacting us via firstname.lastname@example.org.
6. Because you make a one-off donation, sign up to donate regularly, or are a regular institutional funder
Your data are then stored in our internal Database on the internal section of our website, hosted on our own server. The data are stored there for as long as we maintain a financial relation with you.
The legal basis for processing these data is our legitimate interest to be able to communicate with our funders and supporters, as well as your own consent, as we ask you to agree on this storage when we receive your donation. You can always remove yourself from this dataset by contacting us via email@example.com.
7. Because we have identified your organisation as a potential future funder of our work
Your data are collected from public sources and then stored on the relevant data board on our internal project management system. The data are stored there for as long as we need to understand our potential funding options. The legal basis for processing these data is our legitimate interest to be able to identify potential supporters of our work, using publicly available information.
8. Because we have been in touch with you as relevant contact person from a bank, business, news organisation, educational institution or other entity relevant for our work
Your data may then have been stored in our internal Database on the internal section of our website, hosted on our own server.
The legal basis for processing these data is our legitimate interest to be able to communicate with all entities that are relevant for BankTrack to conduct its work. This includes us responding to requests of work partners to be put in touch with specific departments of banks. You can always remove yourself from this dataset by contacting us via firstname.lastname@example.org.
On the type of data we collect
For all the categories above, the information we collect may include, among other details, your name, address, email address, telephone number, the sector you are employed in, your involvement in BankTrack campaigns or activities, your job position or your employer.
BankTrack does not collect what is considered by Dutch law to be sensitive personal information.
Our legal basis for processing personal data
The legal basis for processing your data depends on the reasons and circumstances we are collecting it, and are described above.
Our legal basis for processing most personal data is because you have given us your consent to do so. You have the right to withdraw your consent for holding and processing your data and can do so by emailing us at email@example.com or calling us on +31-6-422 368 70.
In some circumstances, the processing is necessary for the performance of a contract with you or necessary for us to comply with a legal obligation. Sometimes the legal basis for processing your data may be because it is in our legitimate interests to perform our operations.
How is my data protected?
We take good care to ensure that the information we store in our various data collections is kept secure, to prevent unauthorised access and to comply with the General Data Protection Regulation. All our data collections are password protected, with the passwords changing regularly.
We will not sell, rent or swap your information with other organisations and we will not share your information with third parties for marketing purposes.
Like most organisations, we use trusted service providers to help our operations to be more efficient. These include systems and software providers like Mailchimp, SurveyMonkey, Microsoft programmes and Google apps. We may use third party providers that are located outside of Europe. For example, the database we use to store your data and some email platforms we use have servers located in the USA.
We have taken steps to ensure that the services we use that are located outside of the EU have appropriate security measures in order to protect your information. All providers we use are well renowned for their data security and have the appropriate technical controls and policies in place to protect your personal details.
Where required we have signed data processing agreements with our service providers.
We may disclose your personal information when required to do so by law.
BankTrack regularly works with other NGOs on campaigns and activities, where we share knowledge and resources. If we have registered you as a contact person at an organisation, or at a bank or other business we profile, we may share your information with other civil society organisations we work with so that they can contact you.
How can I access, update or ask BankTrack to stop using my personal information?
If your details change, please let us know and we will update them on our system. You can contact us via firstname.lastname@example.org.
Request for removal
If you wish your data to be removed from our data sets you can send us a request via email@example.com. Most emails we send you will also include a link you can click on to unsubscribe from that particular type of communication.
We will keep limited amounts of information (usually just your name and email address) and add this to our suppression list to ensure you do not receive communications from us.
We regularly monitor your engagement with our communications and will periodically send emails to ask if you still wish to receive updates about BankTrack work. We will continue to hold your personal data while you are actively engaged with us until you ask us not to.
Requesting a data report
To request a report which details all of the information we hold about you, please make this request in writing to BankTrack, Vismarkt 15, 6511 VJ Nijmegen, The Netherlands. We will not charge you for this request and will provide this information within one month of receipt, if the request is reasonable.
Making a complaint
You can also complain to the Dutch Information Commissioner’s Office via their website at www.autoriteitpersoonsgegevens.nl.
User preference cookies track if our users have visited our websites before and what settings they have applied. E.g. what cookie settings were chosen, if a user chose to not get recurring pop-ups, if they filled out a form before, etc. These cookies are on by default and can’t be turned off.
Third party cookies
Website visitor statistics are tracked with Google Analytics. The data is collected with anonymised IP addresses, which means our analytical data does not contain information which is related to an identified or identifiable person. No data is shared with Google for advertising or marketing purposes and there is no user profiling. Website analytics cookies are on by default and can’t be turned off.