1.1 This Data Protection policy (the "Policy") applies to all information that you disclose to us, and/or that we collect regarding you, either as an element of a member relationship, as a user of our services or including by using our website. Here, you can read about the data we collect, how we process it and for how long we retain your data. You should read this Policy and contact us if there is any information in this Policy about which you have questions or cannot accept. The current version of the Policy will always be available here on www.demac.org.
2 Data Controller
2.1 The Data Controller organization for the processing of your Personal Data is:
DRC Danish Refugee Council
Borgergade 10, 3rd floor
DK-1300 Copenhagen K
Tel. no.: +45 3373 5000
CVR no.: 20699310
(Hereinafter referred to as "DRC")
2.2 The overall legal framework for our processing of Personal Data is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC with related regulation. In addition, a new Danish Data Protection Act has been adopted - Act No. 502 of 23 May 2018 supplementary provisions to the Regulation on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Exchange of Such Information (Data Protection Act).
2.3 Any questions concerning this Policy, the processing of your data and any suspected breach must initially be addressed to Raphaël Capony, Diaspora Emergency Action & Coordination (hereinafter referred to as “DEMAC”) Project Coordinator at DRC.
3.1 Below are definitions of some of the most important legal terms concerning Personal Data:
Any form of information concerning an identified or identifiable natural person. This means all information that directly or indirectly, alone or in combination, may identify a specific natural person.
The natural or legal person, public authority, institution or other body that alone, or together with others, determines the purpose and by which means Personal Data may be processed.
The natural or legal person, public authority, institution or other body that processes Personal Data on behalf of the Data Controller
Any activity or series of activities involving the use of Personal Data, such as fundraising, registration, systematisation, changes, searches, compilation, transfer or disclosure to persons, authorities, companies, etc. outside DRC.
Special Categories of Personal Data
Information concerning racial or ethnic origin, political opinions, religion or beliefs, trade union membership, genetic data or health status, or information concerning a natural person's sex life or sexual orientation, and information in the form of biometric data, if the biometric data is processed for the purpose of unique identification of a natural person (sensitive Personal Data).
General Data Protection Regulation
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC with related regulation.
Danish Data Protection Act
The Act that may be adopted on the basis of the Bill for supplementary provisions to the Regulation on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (the Danish Data Protection Act) proposed on 25 October 2017.
4 Purpose of processing your Personal Data
4.1 Regardless of whether you are a member, or just a user of our websites, we process your Personal Data to ensure that we can provide you with the services you require and fulfil our obligations as DEMAC. In every case in which we collect Personal Data about you, we will inform you of the purpose of processing your Personal Data.
5 Your Personal Data that we process
5.1 We collect this data from you directly:
5.1.1 When you sign-up as a new member, we may collect the following ordinary Personal Data from you: Name, address, zip code, town/city, mobile number, e-mail address, website, country of residence, country of intervention, organization, type of organization, social media channels, such as Facebook, Instagram, twitter and whatsapp number, as well as your areas of interventions, such as WASH, food security, protection, etc., depending on your relationship with us. However, only name, e-mail address, organization, type of organization, country of residence, country of intervention are mandatory to fill in at registration.
5.1.2 When you are a member you are able to contribute to our website with sharing information about your work, such as success stories, needs, pictures, articles, audio, video, manuals, reports, studies, presentations. These information will be publicized on DEMAC website after the website administrator has confirmed that your content does no harm to the website. You can at any time delete your published content or change it, however every change will need confirmation by the website administrator again. The content shared by you will be online on DEMAC website for 2 years, or before, if you delete it yourself.
5.1.3 When you visit our website, and contribute to our work, we also collect your IP address.
On our website, "cookies" are used, e.g. for web-statistical purposes, to see how many people visit our website, and how they use the website. We also use this to measure ads on other sites based on visits to our site (Google Remarketing). A cookie is a small text file that is sent from our server to your browser and is stored on your computer's hard disk or your mobile device. Cookies enable you to use the website more effectively and easily. We do not process information concerning user behaviour that is collected via cookies in any way that may link user behavior with specific persons. You can set your browser to inform you when you receive a cookie, so that you can always decide whether you wish to accept it. You can also turn off the function completely in your browser. If you do this, the website will not function optimally, however. Cookies do not contain Personal Data such as details of your e-mail address or other Personal Data than as specified in this Policy. You can read our cookie declaration here
7 How we process your Personal Data
7.1 In concrete terms, we use your Personal Data for several different purposes, depending on whether you are a member or solely a user of our website.
7.1.1 If you are a member, we use your Personal Data to be able to:
administrate your membership
send you the necessary information about your membership
share your data with third parties, such as International Organisation for Migration (IOM)
share name of your organization, country of residence, country of intervention, areas of intervention and website on www.demac.org under the menu point “Members”
7.1.2 If you attend one of our events, we use your Personal Data to be able to:
administrate your relation to an event
send a receipt for your registration for an event
be able to send you material concerning the event
share your data with third parties, which are related to an event
7.1.3 If you are solely a user of our website, we use your Personal Data to be able to:
make functionalities on our website available for you to use
prepare statistics concerning your browsing of our website
optimize our website's design
8 Why are we permitted to process data concerning you (basis for processing)?
8.1 When you become a member or enter into any other type of agreement with us, we will process your ordinary Personal Data for this specific purpose. We may also process your ordinary Personal Data in situations where you e.g. have made an enquiry or similar prior to your decision to enter into an agreement with us. The legal basis for processing your Personal Data is Article 6(1) (b) of the General Data Protection Regulation, since the processing of your data is necessary for the performance of our agreement with you, or for us to handle enquiries and similar prior to any agreement which you make with us.
8.2 We can also process your ordinary Personal Data because we have a legitimate interest in processing the data concerning you, cf. Article 6(1) (f) of the General Data Protection Regulation, unless our legitimate interest in processing your data is overridden by your right to protection of your own ordinary Personal Data.
8.3 We have a legitimate interest in processing your Personal Data (your name and e-mail address, organization) for marketing purposes. Our legitimate interest thus concerns knowing your preferences, so that we can better match our offers to you, and ultimately offer services that better fulfil your needs and requirements. We naturally also observe the rules laid down in the relevant Marketing Act. It is also with reference to this provision that we prepare various statistics for the number of members, use of our website, etc.
8.4 If you are not a member, but e.g. solely a user of our website, we have a - limited - need to be able to administrate the information you provide, in order to e.g. manage cookies. Read more in our cookie-declaration here. In some cases, we can register which IP addresses have accessed our website. An IP address may be Personal Data, and if we process your IP address, this will take place on the same basis as described above under clause 8.2.
9 Sharing your Personal Data
9.1 We may share your Personal Data with the suppliers and partners, such as IOM, that assist us with the execution of your services, or who assist us with our IT operations, hosting, etc. This means that we may share your data with e.g. our service providers, technical support, recruitment partners etc.
9.2 We may also share your data with our consolidated companies/organisations, to the extent that this is legal. This takes place within the framework of the DEMAC collaboration.
10 Storage and erasure of your Personal and Organizations Data
10.1 We store your Personal Data according to the following rules:
10.2 If you are a member, we will store your organizationsdata while you are associated with our organisation for up to ten years after your first registration. You can at any time manage your account, add or delete information from your account or delete the whole account. When deleting your account, all information published by you, will be deleted from the DEMAC website as well and no longer available for users of the website.
10.3 If you are a user of our website, and neither a member nor former member, we will retain the information about you that we have registered via Google Analytics' statistics for up to 38 months from your most recent visit.
11 Your rights
11.1.1 You have a right of access to the Personal Data concerning you which we process. You can write to us at firstname.lastname@example.org to request access to the Personal Data that we have registered concerning you, including the purposes for which the data has been collected. We will accommodate your request for access as soon as possible.
11.2 Rectification and deletion
11.2.1 You are entitled to request correction, supplementary processing, deletion or blocking of the Personal Data that we process concerning you. We will accommodate your request as soon as possible, to the necessary extent. If are unable to meet your request - for any reason - we will contact you. If you are a member, you can at any time manage your account on your own, add or delete information from your account or delete the whole account.
11.3 Limitation of processing
11.3.1 In special circumstances, you have the right to limit the processing of your Personal Data. Please contact us at email@example.com if you wish to limit the processing of your Personal Data.
11.4 Data portability
11.4.1 You have the right to receive your Personal Data (only data concerning yourself, which you have given us yourself) in a structured, generally used and machine-readable format (data portability). Please contact us at firstname.lastname@example.org if you wish to use the opportunity for data portability.
11.5 Right to object
11.5.1 You are entitled to ask us not to process your Personal Data in cases where the processing is based on Article 6(1) (e) (a task carried out in the public interest or in the exercise of official authority vested in the controller) or Article 6(1) (f) (legitimate interests). This Policy states the extent to which we process your data for such purposes. You may contact us at email@example.com at any time to exercise your right to object.
11.6 Revocation of consent
11.6.1 If the processing of your Personal Data is based on your consent, you are entitled to revoke this consent at any time. Your revocation will not affect the legality of the processing performed before your consent was revoked. Please contact us at firstname.lastname@example.org if you wish to revoke your consent.
11.6.2 If you wish to revoke your consent to receive sales promotion information and offers in general, including by ordinary mail, e-mail, via text message, by telephone or by other electronic means, you can do this at any time by writing to email@example.com. If we are in any doubt concerning your identity, we can request you to provide proof of identity. This is free of charge, apart from the ordinary communication costs.
11.7 Write to firstname.lastname@example.org in order to exercise one or more of the aforementioned rights.
11.8 There may be conditions or limitations concerning the exercising of the aforementioned rights. It is therefore not certain that you are e.g. entitled to data portability in the concrete situation, as this will depend on the particular circumstances for the processing activity in question.
12 Possible consequences of not providing Personal Data
12.1 If you are obliged to provide us with your Personal Data, this will be stated when we collect such data. In some cases, this will be a statutory or contractual requirement, cf. Article 13(2) (e) of the General Data Protection Regulation.
If you do not wish to provide the Personal Data that we request, this may have the consequence that we will be unable to deliver the required services to you, etc. Required information for the purpose of the processing will be marked * in the forms on the websites where we collect your Personal Data.
13.1 In our organisation, our processing of Personal Data is subject to our IT and Security Policy. Our IT and Security Policy also includes rules for the performance of risk assessment and impact analysis of both existing, and new or changed, processing activities. We have implemented internal rules and procedures to maintain adequate security as from the time when we collect Personal Data up to its erasure, just as we solely assign our processing of Personal Data to Data Processors that maintain an equivalent adequate security level.
14 Complaints to the supervisory authority
14.1 If you are not satisfied with our processing of Personal Data, you may complain to the Danish Data Protection Agency:
Data Protection Agency, Carl Jacobsens Vej 35, 2500 Valby, Phone 33 19 32 00, e-mail: email@example.com
15 Updating of this Policy
15.1 DEMAC is committed to complying with the fundamental principles for the protection of Personal Data and data protection. We therefore regularly review this Policy in order to keep it updated and in accordance with current principles and legislation. This Policy may be amended without notice. Significant amendments to the Policy will be published on our website, together with an updated edition of the Policy.
15.2 Any future amendments made to this Policy will be published on this page and may be notified to you by e-mail.
This Policy was most recently updated on May 12, 2021.