Skip to main content

Processing of (personal) data by the entity in charge of the online application process

 

Your privacy, our policy

Introduction

The War Child Foundation (or ‘War Child’) supports children affected by violence and armed conflict around the world. We support children and youth with vital protection, psychosocial support and education. We aim to have a lasting impact on children and support them to build a better future. But we can't do it alone. That's why your help is so vital. War Child is grateful to you, whether you support financially or by providing us with goods or services or your knowledge. Together we aim to take the war out of the child.

In receiving your support, we are required to have some information about you. We take great care of your personal data and take our responsibility to protect your privacy very seriously. Here we set out how we use your personal data. If you have any questions, please feel free to contact us.

Our privacy statement was last amended on 14 October, 2023.

Who is the privacy statement for?

It is for all individuals, companies and organisations involved in our work. This includes individual donors, large and small institutional donors, partner organisations implementing our work and people who participate in our projects or research.

Our privacy statement does not address the processing of employee, intern, consultant or volunteer data, which is covered by other internal privacy documents and agreements.

Who is responsible for your personal data?

We are responsible for securing your personal data: War Child.

Our home office is located at:
Helmholtzstraat 61-G
1098 LE Amsterdam
+31 (0)20 422 7777
yourrights@warchild.nl

When are we allowed to use your personal data?

Legislation allows us to use your personal data:

  • If you give us your permission. If you no longer want us to use your information, you are entitled to revoke your permission.
  • Based on an agreement. For example, if you become a War Child Friend (a donor), it means we have entered into an agreement together. Equally, if a company provides us with goods or services, we will enter into an agreement with them.
  • Legitimate interest. This means that we would use your personal data to do our work (in a better way).
  • A legal obligation. We are not above the law, and don’t wish to be. We do what legal authorities and/or the government require us to do.
  • Public interest. For example, we might need to use your personal data for specific research if you participate in our projects.

What personal data do we keep?

This varies according to the situation. The type of data we might keep includes:

  • First and last name
  • Residential address
  • Zip code
  • Phone number
  • Correspondence address
  • Billing address
  • Email address
  • Gender
  • Date of birth
  • Nationality
  • Payment and credit card information
  • Identity card
  • Chamber of Commerce data
  • VAT data
  • Tax information
  • Payment and order history
  • Donation amount
  • Medical data, dietary requirements, and clothing sizes (for example, if you are going to climb Kilimanjaro for us)
  • Your completed contact form (from our website)
  • Footage from security cameras at our Amsterdam office
  • Correspondence between you and War Child
  • Your answers to our surveys
  • Your photo, story and/or voice (if you agree to its use for public communication purposes)
  • Training data (for example, if you participate in our projects and/or research)
  • Composition of your family (for example, if you participate in our projects and/or research)
  • Technical information and details about your visit to our website, such as your IP address, click and browsing behaviour
  • Login details (including your password)
  • Username
  • Any personally interests, preferences and financial status data from public resources.

How do we gather information about you?

This can happen in various ways such as:

  • When we have direct contact with you, such as when you become a Friend (donor), subscribe to our newsletter, our e-learning platform, visit one of our events, or contact us by email or phone.
  • When you visit our website or social media platforms.
  • Through information that is in the public sphere, such as magazines and newspapers, which we use to ensure that the content we send you is relevant and appropriate.

How do we use your personal data?

We only use your personal data for specific purposes, such as:

  1. To answer your online or offline questions or complaints.
  2. To process and manage your donations.
  3. To improve our newsletters, campaigns and services.
  4. To inform you about our work by, for example, sending newsletters.
  5. To raise funds, in compliance with our own rules and those of the CBF, the organisation that oversees registered charities.
  6. To get to know your interests, preferences and donation options as a (potential) War Child Friend, so that we can best inform you about our work and make appropriate donation requests.
  7. To ensure your safety as well as ours.
  8. To comply with the law.
  9. To protect your interests.
  10. To ensure that the technical elements of our website are optimised for you.
  11. To be able to manage your account on our website, so that your confidentiality is assured.
  12. To ensure that you can get in touch with us, for example via social media.
  13. To develop market surveys and marketing strategies.
  14. To see if we can accept you as a partner or supplier.
  15. To enable the completion of an agreement with you as a company or supplier.
  16. To enable the creation of internal reports and analyses (anonymously and at group level only).
  17. To ensure our IT systems comply with our own rules and policies.
  18. To enable you to participate in our campaigns and events.
  19. To use your interview, photo or video footage (as agreed) for our public communications.
  20. To monitor participants in our projects and research and to keep track of their results.
  21. To develop and improve our projects and assistive technology.
  22. To allow you to participate in our digital learning environment.

How long do we keep your personal data?

We do not store your personal data for longer than is necessary. We keep it for as long as there is a commitment, agreement or cooperation between us. When this ends, we may keep your data for a varying length of time, from seven days to a maximum of ten years, after which time we will delete or anonymize it.

Here are some examples of how this works in practice:

  • If you contact us via the contact form on our website, we remove the contact form data after one month. If we need your data for longer (for example, to handle a question or complaint), we will keep your data for as long as needed, plus one month.
  • If you are a War Child Friend (donor), we will keep your data as long as you remain a War Child Friend. If you decide to no longer be a Friend (sadly!), we will keep your data for a maximum of ten years. In this way we can keep you informed of our work.
  • If you are a potential War Child Friend but you haven’t become a Friend within 18 months, we'll delete all your data except your name. We will not approach you after that.
  • To comply with legal obligations, we may keep your data in our system for another seven years.
  • Unless there is a suspicious incident which requires investigation, or because of a legal obligation, we will not keep office camera footage for more than seven days.
  • If you contact us via social media, we will keep your data for a maximum of ten years.
  • If you are a War Child business partner and the agreement expires, we will keep your data for seven years from the agreement end.
  • If you are involved in interviews, photos or film footage for our public communications, we may keep and use your data for five years. After this time, the information will be moved to our archive and will only be used for historical purposes.
  • If you participate in our projects and/or research, we will keep your data for up to seven years after the end of the research project. Your personal information will be anonymized after two years.
  • If you are a participant in War Child Learning World, we will keep your data for as long as you are a participant. You can unsubscribe at any time.

Cookies

War Child also collects information through the use of cookies. For more information, please refer to our Cookie Policy.

Who has access to your personal data?

War Child being an international organisation might need to share your data with War Child offices in other countries and with organisations operating under our name or in partnership with War Child. In exceptional cases, we might also share the data with donors. We do this mainly for administrative reasons. Our employees, trainees and volunteers might be allowed to access your data, but only if they really need it to do their job.

We will never sell your data to third parties.

We might, however, share your data with third parties if it is absolutely necessary to do our work. If we share your data for research and development purposes, we will do so at a 'merged level', meaning the data is anonymous and can never be traced back to an individual.

If we use a third party, such as a marketing agency, it might be granted access to your personal data on our behalf as part of a 'processor agreement'. This data would, however, only be used for the agreed purpose, and the third party would be required to treat your data as securely as we do, and then to remove it as soon as possible afterward.

The following parties could have access to your personal data to do their work for us, but only when absolutely necessary:

  • Banks
  • Insurance companies
  • IT vendors
  • Accountants
  • Auditors
  • Forensic specialists
  • Implementing partners or research partners
  • Marketing agencies, media agencies and data-enriching companies
  • Consultants


The government or other parties may also legally require us to show your data. We would only share necessary data.

How do we protect your personal data?

At War Child, safety is paramount. This also applies to your personal data. That’s why we only store your data on secure databases and constantly work on measures to ensure it remains safe. These measures may be technical or physical, or in making our colleagues aware of the importance of data security.

We do everything we can to avoid a data breach. In the exceptional event that this occurs, we commit to reporting it as soon as possible to the Dutch Data Protection Authority.

Questions and requests

We are delighted to answer any questions. You may also wish to contact us if you:

  • object to us processing your data
  • want to revoke previous consent
  • want access to your data
  • want to correct or supplement your data
  • want us to delete your data
  • want to have your data transferred to another party


Please contact us at:

War Child Foundation
Customer service, Koen Nomden
Helmholtzstraat 61-G
1098 LE Amsterdam
+31 (0)20 4227777
yourrights@warchild.nl

Important: We may require proof of identity if your question relates to accessing, deleting, transferring, correcting, revoking or checking your data, or finding out how we process it.

If you are not satisfied with how we are handling your data or have another complaint relating to your personal data, you can file a complaint with the Dutch Data Protection Authority



Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.