Ethar's Privacy Commitment
Ethar has always held its donor, stakeholder and user data privacy in the utmost regard since inception, even before the update to legislation took place in 2018. We ask for the least amount of information necessary, gathering only what we believe is essential for conducting the charity’s work, or for a specific project or service. We let donors and all those who interact with us know the information we have kept about them and allow them to opt out of specific engagements.
The goal of this policy is to make explicit the information we gather on our users, how we will use it, and how we will not. This policy will unambiguously address all the relevant cases. We will try and keep the language simple and direct.
Part I – Information Ethar collects and controls
This part deals with how Ethar collects and uses information about website visitors, potential donors, users of Ethar's services, and others who contact Ethar through forms or email addresses published on or linked to our websites.
Part II – Information that Ethar processes on your behalf
This part deals with how Ethar handles data that you entrust to us when you use our products and services, or when you share any personal or confidential information with us while requesting support.
Part III – General
Part I – Information Ethar collects and controls
What information Ethar collects
We collect information about you only if we need the information for some legitimate purpose. Ethar will have information about you only if (a) you have provided the information yourself, (b) Ethar has automatically collected the information, or (c) Ethar has obtained the information from a third party. Below we describe the various scenarios that fall under each of those three categories and the information collected in each one.
Information that you provide us
i. Account signup: When you sign up for an account to access one or more of our services, we ask for information like your name, contact number, email address, and correspondence address to complete the process. You'll also be required to choose a username and a password for accessing the created account. You may also provide us with more information such as your photo, time zone and language, but we don’t require that information to sign up for an account.
ii. Event registrations and other form submissions: We record information that you submit when you (i) register for any event, including online events, (ii) subscribe to our mailing list, (iii) submit a form in order to download any materials, (iv) participate in competitions or respond to surveys, or (v) submit a form to request donor support or to contact Ethar for any other purpose.
iii. Payment processing: When you donate to us, we ask you to provide your name, contact information, and bank card information or other payment account information. When you submit your card information, we store the name and address of the cardholder, the expiry date and the last four digits of the credit card number. We do not store the actual credit card number. For quick processing of future payments, if you have given us your approval, we may store your credit card information or other payment information in an encrypted format in the secured servers of our Payment Gateway Service Providers.
iv. Interactions with Ethar: We may record, analyse and use your interactions with us, including email, telephone, and chat conversations with our support staff, for improving our interactions with you and other donors.
Information that we collect automatically
i. Information from browsers, devices and servers: When you visit our websites, we collect information that web browsers, mobile devices and servers make available, such as the internet protocol address, browser type, language preference, time zone, referring URL, date and time of access, operating system, mobile device manufacturer and mobile network information. We include these in our log files to understand more about visitors to our websites.
iii. Information from application logs and mobile analytics: We collect information about your use of our products, services and mobile applications from application logs and in-house usage analytics tools, and use it to understand how your use and needs can improve our products. This information includes clicks, scrolls, features accessed, access time and frequency, errors generated, performance data, storage utilised, user settings and configurations, and devices used to access and their locations.
Information that we collect from third parties
i. Signups using federated authentication service providers: You can log in to Ethar services using supported federated authentication service providers. These services will authenticate your identity and give you the option to share certain personal information with us, such as your name and email address.
ii. Referrals: If someone has referred us to you through any of our referral programmes, that person may have provided us your name, email address and other personal information. You may contact us to request that we remove your information from our database. If you provide us information about another person, or if another person gives us your information, we will only use that information for the specific reason for which it was provided to us.
iii. Information from our partners and service providers: If you contact any of our partners, or otherwise express interest in any of our services to them, the partner may pass your name, email address, company name and other information to Ethar. If you register for or attend an event that is organised by Ethar, the event organiser may share your information with us. Ethar may also receive information about you from review sites if you comment on any review of our services, and from other third-party service providers that we engage for marketing our services.
iv. Information from social media sites and other publicly available sources: When you interact or engage with us on social media sites such as Facebook, Twitter, LinkedIn and Instagram through posts, comments, questions and other interactions, we may collect such publicly available information, including profile information, to allow us to connect with you, improve our products, or better understand user reactions and issues. We must tell you that once collected, this information may remain with us even if you delete it from the social media sites. Ethar may also add and update information about you, from other publicly available sources.
Purposes for using information
In addition to the purposes mentioned above, we may use your information for the following purposes:
To keep you posted on new campaigns and appeals, upcoming events, special milestones, programme feedback and other information that we think will be of interest to you;
To ask you to participate in surveys, or to solicit feedback on our services;
To set up and maintain your account, and to do all other things required for providing our services, such as enabling collaboration, providing fundraising page hosting, and backing up and restoring your data;
To understand how users use our online services, to monitor and prevent problems, and to improve our services;
To provide donor support, and to analyse and improve our interactions with donors;
To detect and prevent fraudulent transactions and other illegal activities, to report spam, and to protect the rights and interests of Ethar, Ethar's users, third parties and the public;
To update, expand and analyse our records, identify new donors, and provide services that may be of interest to you;
To analyse trends, administer our websites, and track visitor navigations on our websites to understand what visitors are looking for and to better help them;
To monitor and improve marketing campaigns and make suggestions relevant to the user.
Legal bases for collecting and using information
Legal processing bases applicable to Ethar: If you are an individual from the United Kingdom, our legal basis for information collection and use depends on the personal information concerned and the context in which we collect it. Most of our information collection and processing activities are typically based on (i) contractual necessity, (ii) one or more legitimate interests of Ethar or a third party that are not overridden by your data protection interests, or (iii) your consent. Sometimes, we may be legally required to collect your information, or may need your personal information to protect your vital interests or those of another person.
Withdrawal of consent: Where we rely on your consent as the legal basis, you have the right to withdraw your consent at any time, but this will not affect any processing that has already taken place.
Legitimate interests notice: Where we rely on legitimate interests as the legal basis and those legitimate interests are not specified above, we will clearly explain to you what those legitimate interests are at the time that we collect your information.
Your choice in information use
Opt out of non-essential electronic communications: You may opt out of receiving newsletters, general emails and other non-essential messages by using the ‘unsubscribe' function included in all such messages. However, you will continue to receive notices and essential transactional emails.
Disable cookies: You can disable browser cookies before visiting our websites. However, if you do so, you may not be able to use certain features of the websites properly.
Optional information: You can choose not to provide optional profile information such as your photo. You can also delete or change your optional profile information. You can always choose not to fill in non-mandatory fields when you submit any form linked to our websites.
Who we share your information with
Third-party service providers: We may need to share your personal information and aggregated or de-identified information with third-party service providers that we engage, such as marketing and advertising partners, event organisers, web analytics providers and payment processors. These service providers are authorised to use your personal information only as necessary to provide these services to us.
Other cases : Other scenarios in which we may share the same information covered under Parts I and II are described in Part III.
Your rights with respect to information we hold about you as a controller
If you are in the UK, you have the following rights with respect to information that Ethar holds about you. Ethar undertakes to provide you the same rights no matter where you choose to live.
Right to access: You have the right to access (and obtain a copy of, if required) the categories of personal information that we hold about you, including the information's source, purpose and period of processing, and the persons to whom the information is shared.
Right to rectification: You have the right to update the information we hold about you or to rectify any inaccuracies. Based on the purpose for which we use your information, you can instruct us to add supplemental information about you in our database.
Right to erasure: You have the right to request that we delete your personal information in certain circumstances, such as when it is no longer necessary for the purpose for which it was originally collected.
Right to restriction of processing: You may also have the right to request to restrict the use of your information in certain circumstances, such as when you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Right to data portability: You have the right to transfer your information to a third party in a structured, commonly used and machine-readable format, in circumstances where the information is processed with your consent or by automated means.
Right to object: You have the right to object to the use of your information in certain circumstances, such as the use of your personal information for direct marketing.
Right to complain: You have the right to complain to the Information Commissioner's Office (ICO) if you have any grievance against the way we collect, use or share your information.
Retention of information
Part II – Information that Ethar processes on your behalf
Information entrusted to Ethar and purpose
Information provided in connection with services: You may entrust information that you or your organisation (“you”) control, to Ethar in connection with use of our services or for requesting support. This includes information regarding donors and your employees (if you are a controller) or data that you hold and use on behalf of another person for a specific purpose, such as a donor to whom you provide services (if you are a processor). The data may either be stored on our servers when you use our services, or transferred or shared to us as part of a request for technical support or other services.
Information from mobile devices: When you elect to allow it, some of our mobile applications have access to the camera, call history, contact information, photo library, and other information stored on your mobile device. Our applications require such access to provide their services. Similarly, when you elect to provide access, location-based information is also collected for purposes including, but not limited to, locating nearby contacts or setting location-based reminders. This information will be exclusively shared with our mapping providers and will be used only for mapping user locations. You may disable the mobile applications' access to this information at any time by editing the settings on your mobile device. The data stored on your mobile device and their location information to which the mobile applications have access will be used in the context of the mobile application, and transferred to and associated with your account in the corresponding services (in which case the data will be stored on our servers) or products (in which case the data will remain with you unless you share it with us).
(All the information entrusted to Ethar is collectively termed “service data”)
Ownership and control of your service data
We recognise that you own your service data. We provide you complete control of your service data by providing you the ability to (i) access your service data, (ii) share your service data through supported third-party integrations, and (iii) request export or deletion of your service data.
How we use service data
We process your service data when you provide us instructions through the various modules of our services.
If you have enabled notification on our applications, we will push notifications through a push notification provider such as Apple Push Notification Service, Google Cloud Messaging or Windows Push Notification Services. You can manage your push notification preferences or deactivate these notifications by turning off notifications in the application or device settings.
Who we share service data with
Ethar and third party sub-contractors: In order to provide services and support, the contracting entity within Ethar engages other group entities and third parties.
Employees and independent contractors: We may provide access to your service data to our employees and individuals who are independent contractors of the Ethar entities involved in providing the services (collectively our “employees”) so that they can (i) identify, analyse and resolve errors, or (ii) manually verify emails reported as spam to improve spam detection. We ensure that access by our employees to your service data is restricted to specific individuals, and is logged and audited. Our employees will also have access to data that you knowingly share with us for technical support or to import data into our systems. We communicate our privacy and security guidelines to our employees and strictly enforce privacy safeguards.
Collaborators and other users: Some of our campaign services allow you to collaborate with other users or third parties such as donors, volunteers, Ethar staff and partners. Initiating collaboration may enable other collaborators to view some or all of your information. For example, when you edit a document that you have shared with other persons for collaboration, your name may be displayed next to your edits to allow your collaborators to know that you made those edits.
Third-party integrations you have enabled: Some of our online services support integrations with third-party products and services. If you choose to enable any third-party integrations, you may be allowing the third party to access your service information and personal information about you. We encourage you to review the privacy practices of the third-party services and products before you enable integrations with them.
Other cases: Other scenarios in which we may share information that are common to information covered under Parts I and II are described in Part III.
Retention of information
We hold the data in your account as long as you choose to use Ethar’s Digital/Online Services. Once you terminate your Ethar user account, your data will eventually get deleted from active database during the next clean-up that occurs once in 6 months. The data deleted from active database will be deleted from backups after 3 months.
Part III – General
Children's personal information
Our products and services are not directed towards individuals under 16. Ethar does not knowingly collect personal information from children who are under 16 years of age. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you believe that a child under 16 years has provided personal information to us, please write to us with the details, and we will take the necessary steps to delete the information we hold about that child.
How secure is your information?
At Ethar, we take data security very seriously. We have taken steps to implement appropriate administrative, technical & physical safeguards to prevent unauthorised access, use, modification, disclosure or destruction of the information you entrust to us. If you have any concerns regarding the security of your data, write to us with your questions.
Data Protection Officer
Locations and international transfers
We share your personal information and service data within Ethar’s entities. By accessing or using our products and services or otherwise providing personal information or service data to us, you consent to the processing, transfer, and storage of your personal information or Service Data within the European Economic Area (EEA) (including United Kingdom), the United States of America and countries where Ethar operates. Such transfer is subject to a group company agreement that is based on the EU Commission’s Model Contractual Clauses which the ICO has also adopted.
Do Not Track (DNT) requests
Some internet browsers have enabled 'Do Not Track' (DNT) features, which send out a signal (called the DNT signal) to the websites that you visit indicating that you don't wish to be tracked. Currently, there is no standard that governs what websites can or should do when they receive these signals. For now, we do not take action in response to these signals.
External links on our websites
Blogs and forums
We offer publicly accessible blogs and forums on our websites. Please be aware that any information you provide on these blogs and forums may be used to contact you with unsolicited messages. We urge you to be cautious in disclosing personal information in our blogs and forums. Ethar is not responsible for the personal information you elect to disclose publicly. Your posts and certain profile information may remain even after you terminate your account. To request the removal of your information from our blogs and forums, you can contact us in writing.
Social media widgets
Our websites include social media widgets such as Facebook "like" buttons and Twitter "tweet" buttons that let you share articles and other information. These widgets may collect information such as your IP address and the pages you navigate in the website, and may set a cookie to enable the widgets to function properly. Your interactions with these widgets are governed by the privacy policies of the companies providing them.
Disclosures in compliance with legal obligations
We may be required by law to preserve or disclose your personal information and service data to comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements.
Enforcement of our rights
We may disclose personal information and service data to a third party if we believe that such disclosure is necessary for preventing fraud, investigating any suspected illegal activity, enforcing our agreements or policies, or protecting the safety of our users.
Notification of changes