The purpose of this notice is to explain how Ranking Digital Rights – and any other organisation we work with – collects and uses the personal information you provide to us in the course of engaging with the issues on which we work.

We at Ranking Digital Rights (RDR) believe that you have a right to privacy and we take defending that right very seriously. Our privacy notice seeks to clarify and how and on what terms you can exercise the rights you are granted under current data protection legislation.

This privacy notice explains:

• 1. Who we are
  2. What information RDR may collect about you
  3. Our legal basis for using your information and what we use it for
  4. Controlling how we communicate with you
  5. Does RDR share information with others?
  6. What happens to your data when you visit our website and digital platforms?
  7. How long do we keep your information?
  8. How we keeping your personal information safe
  9. Your data protection rights
  10. How to find out more or make a complaint
  11. Changes to this privacy notice

Ranking Digital Rights is an international human rights organisation working on issues of freedom of expression and access to information. We work for a world where all people everywhere can freely express themselves and actively engage in public life without fear of discrimination.

RDR as an entity is a registered charity in the United Kingdom. Within the context of this privacy notice, ‘we’, ‘our’ or “Ranking Digital Rights (RDR)” is a collective name for the entire organisation covering both the international office based in London and our regional entities based in the Americas, Africa, Asia and Europe.

Ranking Digital Rights is the data controller of your information and while data protection laws vary according to where we operate, the constituent parts of RDR will act in conformity with this privacy notice.

We collect certain types of information about those who work with us, who campaign, who engage on the issues we work on, and who benefit from our work. The information we gather may but not always include:

• Personal information such as your name, mailing address, email address, telephone number, affiliation. We may ask for your date of birth, age, and gender where appropriate (e.g. when you may be actively campaigning with us or participating in an event and where safe-guarding policies mean we have to collect that information.)
• Your marketing preferences and issues of interest. When you tell us, we retain a record of your marketing preferences, for instance how you like to be contacted (e.g. by email only) and what information you prefer to receive (e.g. newsletters, campaign actions and updates on our work).
• Payment information: When you provide us with payment information, we collect your bank account details when setting up a regular direct debit, a credit card or debit card number when processing payments by card, and details about your taxpayer status when claiming Gift Aid.
• Records of your engagement with us: as you interact with RDR, we collect and process information such as:
  • • Details about when you have been contacted so that we can track communication with you appropriately
    • When we may have messaged you through email or text, post, by phone or in person.
    • We record details about donations you make to us and about events you register for, or attend
    • We may also record other support you provide to us, such as specialist support for campaigning and if you have special needs in relation to an event.

Information we do not collect about our supporters and those with whom we work includes:

• Sensitive information: such as details about a person’s race and ethnicity, sexual orientation, religious beliefs, memberships, political opinions, and information about their health. Where we may need to collect information relating to personal needs concerning an event we have measures in place to protect this information and maintain confidentiality.
• Under 18’s: where RDR’s work is of interest to young people we are committed to safeguarding the welfare of all children and young people involved in our work. However, as we do not have the resources available currently to run checks on parental consent for anyone under the age of 13, nor a safeguarding process for those between 13 and 18 seeking to join our campaigns, we do not accept anyone under the age of 18 on our mailing list. We hope this will change in time, and we do have resources to manage younger interest groups appropriately, but for now we do not.

From time to time Ranking Digital Rights will undertake research on our contacts for the following reasons:

• Due diligence on donations: In order to protect the reputation of RDR, our own policies (as well as legal and regulatory obligations), may require us to carry out due diligence on your donation. We may need to use publicly available information to conduct ethical screenings on potential donors of a significant gift, to ensure our reputation is protected.
• Using publicly available information to review major donations: When communicating with individuals who have given, or might consider giving, a substantial donation to RDR we may seek to find out more about that individual, their interests and their motivations for giving, and may invite them to become more involved in supporting our human rights work. We do this by collating biographical, financial, corporate and philanthropic information from sources, including information that is held on our supporter database and information that is publicly available.
• Targeting supporter communications effectively: We want to create communications based on what we know about your interests and experiences and we do this by using techniques to target communications effectively, such as analysing responses to our previous campaigns and appeals.

To comply with data protection rules, RDR must have a legal justification for collecting and using your personal information. In almost all cases, the legal basis for processing of your personal information will fall into one of the following categories:

• Where you have “opted in” and provided consent to allow us to use your data in a certain way.
• Where it is in the legitimate course of our work to contact you in order to raise awareness about our objectives or to ask you to consider donating to our work. We do this in a way that ensures we are not intrusive or infringe on your rights and freedoms

If a campaign includes an invitation to sign up to a digital campaign we may rely on your consent to send petitions or requests for donations. As such we may also rely on our legitimate interest to contact you about getting more involved in our work.

If you have “opted out” – that is you ask us to stop contacting you – we will do so unless we are legally obliged to communicate with you.

Depending on the preferences you have indicated, we may use the personal information we collect from you to:

• Provide you with information about us and the work that we do
• Administering and managing your donation, including data processing relating to Gift Aid claims, or legacies.
• Manage your direct marketing and communication preferences.
• Ask for your financial support, such as making a donation to our latest appeal.
• Encourage you to take action as part of our latest campaign.
• Comply with our legal and regulatory obligations.
• Analyse the performance of our campaign actions and fundraising appeals.
• Keep a history of your support, including donations you have given and actions you have taken.
• Create a record of your interests, preferences and level of potential engagement or donation.
• Organise and administer attendance at our events.

We will only contact you by email if you have given us your consent along with your email address. You can opt out at any time by clicking on the ‘unsubscribe’ link at the bottom of our emails.

We will only contact you by text if you have given us your consent along with your mobile phone number. You can opt out at any time by following the unsubscribe instructions in our text messages.

Where needed, we may also contact you for administrative purposes using the contact details that you have given us – for example, in relation to Gift Aid claims.

You can change your contact preferences at any time. This includes telling us that you don’t want us to contact you for marketing purposes.

You can do this quickly and easily by:

• Clicking the ‘unsubscribe’ link at the footer of our emails to indicate that you do not wish to receive our fundraising or campaigning updates.
• Asking us to stop sending you marketing texts by sending us an “opt-out” text message – following the instructions we provide you in the text messages you receive from us.
• Contacting us at info@claritihria.net
• Entering your details on a fundraising preference service website https://www.fundraisingpreference.org.uk/

We will never sell or swap your details with other organisations or third parties.

We may use trusted companies like fundraising agencies, fulfilment houses and software platform providers to administer some activities, in which case they will use your details only for that purpose – for example, applying your name and address to a mailing.

Some service providers may be based in other jurisdictions, and if so we ensure any data transfers are compliant with relevant data protection legislation and that the processing of your personal information is protected by appropriate security measures. For example, organisations we work with who process data in the US must have verified that their data processing standards meet the EU-US Privacy Shield framework. This framework sets out clear safeguards and transparency responsibilities for US-based organisations processing the data of EU citizens.

When you visit our websites you will be asked to accept Cookies. Cookies are small files that are downloaded onto your computer or mobile device which contain information that allows websites to recognise that you have used the site before. All Internet browsers allow you to control which cookies you accept and which you delete. For more information about cookies, please see www.allaboutcookies.org.

RDR uses cookies to ensure the website works properly and improves the security and performance of the site. We also use cookies to look at how users are interacting with the site and to therefore improve the user experience.

Below are details of our cookies.

These cookies are absolutely essential for the website to function properly. They ensure basic functionalities and security features anonymously so do not store any personally identifiable information.

The data we collect will be retained only for an appropriate length of time, based on our data retention policy which sets out how long we will keep information according to the type of record.

In some cases, the retention periods are governed by law, while in others we are guided by best practice and our operational needs. When we no longer need to retain your personal information we will ensure it is securely disposed of.

You have the right to ask us to delete personal information we hold about you in some circumstances, for example, if we are processing the data on the basis of consent and you wish to withdraw that consent.

We seek to keep your information as up-to-date as possible but rely on supporters using the contact form to tell us if some of their details need updating.

Please contact us at info@claritihria.net if you would like to:

• • change your personal information
  • change how we communicate with you
  • request more detail about the personal information we hold about you and how we use it

RDR uses industry standard tools to ensure your personal information is secure on our systems. including using encryption and monitoring access to our secure networks and systems.

We also ensure we have secure systems for processing your payment information, such as your credit card or debit card details. Our current payment service providers use a range of methods to protect your personal information including secure payment gateways, fraud screening and IP address blocking.

We also have resources in place to support good practice and compliance. We periodically report to our International Board on data protection issues, and have trained staff who oversee compliance with data protection rules.

Despite every reasonable effort to protect your personal information, the security of information sent over the internet cannot be guaranteed and may be illegally intercepted or changed after it has been sent. RDR cannot accept liability for this if this happens.

We encourage you to take extra precautions when using your browser and enable various privacy settings when available. Always use an encrypted password manager and take care with your personal details online.

You are in control of how we use your data and you have the right to ask us to stop processing your personal information. You also have the right to request a copy of the information we hold about you (called a subject access request). You also have a number of additional rights under data protection legislation, namely:

• You have the right to be informed about how RDR uses your data.
• Where we are processing data based on your consent, you have the right to withdraw this at any time.
• You have the right to change your personal information if it is incomplete or inaccurate.
• You have the right to request the deletion or removal of your personal information in certain circumstances, including where it is no longer necessary for us to hold it for the purposes for which we are processing it.
• You have the right to restrict our processing of your data if there is disagreement about its accuracy or legitimate usage.

For more information about these rights, please read the guidance issued by the UK Information Commissioner’s Office.

If you would like to request a copy of the personal information that RDR holds on you, please contact us and we will respond to your request at the latest within one month of receipt. We will require proof of identity and may request a fee if the request is unusually complex or time consuming.

RDR operates in accordance with all relevant UK data protection laws. If you would like to find out more about these laws and how you could be affected beyond what is mentioned in this privacy notice, please visit the Information Commissioner’s Office website.

If you have any specific questions about how we process your data which are not answered here or you would like to make a complaint about how we have managed your data then please either write, call or email us via the details below.

(address)

(phone) (Monday to Friday – from 9am to 6pm) or email us via the contact form.

If you are not satisfied with our response to your enquiry then you can contact the Information Commissioner’s Office directly via the details on their website.

This privacy notice may change from time to time. For example, we may update this notice to reflect any relevant changes to legislation and regulation, and any changes to RDR UK policy.

Please visit this website section periodically to keep up-to-date with the changes in our notice.