Version 15 June 2020
What’s in these terms?
We are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. This Privacy Policy doesn’t cover clinical data collected during studies sponsored by DNDi or processed by DNDi for other sponsors. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Who we are and how to contact us
Drugs for Neglected Diseases initiative is the data controller and responsible for your personal data. We are a Swiss not-for-profit foundation and have our principal office at Chemin Camille-Vidart 15, 1202 Geneva, Switzerland and we operate the following websites, amongst others: www.dndi.org, www.africoleish.org, www.afrikadia.org, anticov.org, cerclecoalition.org, www.dndial.org, www.dndijapan.org, www.dndina.org, eliminateworms.org, www.treatchagas.org (collectively referred to as “DNDi”, “we”, “us” or “our” in this Privacy Policy).
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the DPO at dataprivacy@dndi.org. If you would like to make an anonymous complaint, you can also use our whistleblowing digital platform.
There are other terms that may apply to you
Our Acceptable Use Policy, Cookie Policy, and Terms of Use also apply to your use of our websites.
The data we collect about you
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity and Contact data including first name, maiden name, last name, marital status, title, employer’s name, function, date of birth, gender, photograph, billing address, delivery address, email address and telephone numbers
- Financial data including bank account and payment card details
- Profile data including your username and password that you may create while using some of our websites mentioned above, your interests, communication preferences
- Technical data including the Internet protocol (IP) address used to connect your computer or mobile device to the Internet, online identifiers, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through, and from our websites (including date and time). We may also collect information relating to page response times, download errors, length of visits to certain pages, page interaction information, methods used to browse away from the page, and any phone number used to call us.
- Job application data includes the content you upload onto our websites (CV, cover letter, diplomas and other HR documents) which will be considered confidential and proprietary.he content you upload onto our websites (CV, cover letter, diplomas and other HR documents) which will be considered confidential and proprietary
Ways we collect data about you
We use different methods to collect data from and about you including through:
- Direct interactions: You may give us your Identity, Contact, Financial, Profile Job application data by filling in forms on our websites or mobile applications or by corresponding with us by post, phone, email, social media, in person or otherwise.
- Automated technologies or interactions. As you interact with our websites, We will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies web beacons, and other tracking mechanisms to distinguish you from other users of our websites. For further information on the cookies We use and the purposes for which We use them please see our Cookie Policy.
- Third parties or publicly available sources. We may receive personal data about you from various third parties (including for example, suppliers of technical, payment and delivery services, advertising networks, analytics providers, and search engine providers) and public sources. We will only solicit and use information that We receive about you from third parties for the purposes listed below.
Why we use your personal data
We use information held about you to:
- communicate with you;
- carry out any obligations from any contracts entered into between you and us and provide you with information and services that you request from us;
- process any donation you make;
- process any job application you make;
- process any reports you will record in our whistleblowing platform EQS;
- administer our websites and for internal analytical and technical purposes, including troubleshooting, data analysis, testing, research, statistical, and survey purposes;
- provide access to such services and interactive features on our websites that you have subscribed to and to notify you of any changes;
- improve our websites and to ensure that content is presented in the most effective manner for you and for your computer and use efforts to keep our websites safe and secure;
- for activities necessary for our legitimate interests (or those of a third party);
- comply with a legal obligation.
How we share your personal data
You agree that we have the right to share your personal information with:
- any DNDi regional offices, or associated DNDi entities, and any entity set up for the business of the GARDP Foundation, on a world-wide basis to the extent that they need to have access to your personal data for the purposes set out in the above section. The sharing of data between GARPD Foundation and DNDi and hosting of GARDP IS systems by DNDi is regulated by the collaboration agreement between these two parties;
- suppliers and service providers to the extent necessary to maintain and support our websites or for the performance of any contract We enter into with you or them;
- analytics and search engine providers that assist us in the improvement and optimization of our site;
- providers of customer relationship management, e-mail distribution, and fundraising services.
They are all subject to a duty of confidentiality under contract or accordingly to their privacy policies.
We will only otherwise disclose your personal information to third parties if we are under a duty to disclose or share your personal data to comply with any legal obligation, or to enforce or apply our Terms of Use or Acceptable Use Policy; or to protect the property, rights or safety of DNDi, our licensors, or others.
International transfers
The data that We collect from you may be transferred to, and stored at, a destination outside of Switzerland and the European Economic Area (”EEA”). It may also be processed by staff operating outside of Switzerland and the EEA who work for us or for one of our suppliers. This includes third parties engaged in, among other things, the processing of any payment details and the provision of support services. Whenever we transfer your personal data out of the EEA, we ensure that appropriate safeguards are implemented notably through contracts. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Safeguarding measures
All information you provide to us is stored on our and, where applicable, third parties’ secure servers. Any payment transactions are processed by third parties who process payments using accepted security standards. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
We are committed to ensuring a high level of data protection. We have put in place appropriate technical and organizational measures in order to prevent unauthorized access and to ensure a sufficiently high level of security in relation to the inherent risk involved in data processing, to meet regulatory demands and to protect your rights and your data from the moment your data is collected.
Data retention period
Our online job application form currently asks applicants whether they would like us to keep their information on file. If so, we keep it. If not, data is deleted after 6 months. However, some anonymized data may be kept for KPIs after deletion (for example: gender, region, how you learned about us, education level). With regards to the information submitted on the job application form, it may be shared for HR purposes.
We will only store all the other data that we hold about you only for as long as necessary for the purpose you provided it for unless we need to retain it for longer to comply with our legal and contractual obligations.
Links to other websites
Our websites may, from time to time, contain links to and from the websites of our partners and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Your rights
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. You have the right to ask for the access to, amendment, or deletion of your personal information at any time. You also have the right to ask us not to process your personal data for communications or fundraising purposes. You can enforce your rights at any time by contacting us at dataprivacy@dndi.org.
If you feel that we have not appropriately handled the matter, you also have the right to refer the matter to the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland. We would, however, appreciate the chance to deal with your concerns before you approach the FDPIC so please contact us in the first instance.
General Data Protection Regulation (GDPR) – European Representative
Pursuant to Article 27 of the General Data Protection Regulation (GDPR), we have appointed European Data Protection Office (EDPO) as our GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:
- by using EDPO’s online request form
- by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium
UK General Data Protection Regulation (GDPR) – UK Representative
Pursuant to Article 27 of the UK GDPR, we have appointed EDPO UK Ltd as our UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:
- by using EDPO’s online request form
- by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom
Changes to this policy
Any changes we make to our privacy policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy. These terms were most recently updated on 15 June 2020.
By sharing your data with us, including through the use of any our websites, you accept these terms.