Recipient Data Privacy Policy
1. We respect your privacy
At GiveDirectly, we respect your privacy as a recipient, and/or participant in our programs. We are strongly committed to keeping any personal information we obtain from you or about you secure and to being transparent about the ways in which we use it.
This Privacy Policy is intended to help you understand the types of information we gather and use when you participate in our programs or apply to participate. It also describes our practices for protecting, using, and sharing such information, and the choices you have regarding use.
If you are looking for our Privacy Policy pertaining to use of this website or donations to GiveDirectly, you can find that here.
If you have any questions or comments about this Privacy Policy, you can reach our Data Protection Officer at [email protected] or contact us using the details in section 2.
2. Who We Are and How to Contact Us
GiveDirectly is a US 501(c)(3) non-profit incorporated in the United States of America with operations and registrations across several Countries. There are aspects of this Privacy Policy that only apply when we are required to comply with specific laws:
● If you are interacting with us from Kenya, the Kenya Data Protection Act of 2019 will apply
● If you are interacting with us from Rwanda, Law n°058/2021 of 13/10/2021 relating to the protection of personal data and privacy will apply
● If you are interacting with us from Uganda, the Data Protection and Privacy Act, 2019 will apply
● If you are interacting with us from the EU or UK, the UK and European data protection laws, known as UK and EU General Data Protection Regulations (collectively and for the purposes of this policy as “GDPR”) will apply
● Specific legal requirements as contained in local (host country) data protection laws (where available) will supplement and/or supersede the laws listed above. “Host Country(ies)” means the country(ies) where Data has been collected or originates from or the country of origin of the Data Subject, whichever is legally and practically applicable.
If you have any questions about how we use your personal information and how we comply with our responsibilities, please contact us as follows:
Email: [email protected]
Call: 646-504-4837 or the local office hotline shared in your consent documents
Write: PO. Box 3221, New York, NY 10008
3. Types of Personal Information We Collect and How We Collect Them
Our primary goals in collecting personal information from recipients are to confirm program eligibility, implement our programs, measure the impacts of our programs, and/or to share information about our work. For the purposes of data subject to GDPR, GiveDirectly is a “controller” of your personal information that you provide to us.
Personal information is collected (1) directly from you when you provide it to us and (2) from third parties where you have given your permission for it to be shared with us.
(1) When you self-register or a GiveDirectly staff member conducts a survey with you, we will request personal information, including but not limited to name, phone number, age and ID number. We use the personal information you provide to determine your eligibility to participate in the program, and implement program activities, including but not limited to processing cash transfers. In addition, we may use this personal information to follow-up on your experience in the program and to measure the impacts of our programs.
(2) When your information is shared with us via a third party, they may share with us other personal information, including but not limited to your name, location, phone number, and contact details.
3.1 The Purposes for which We Use Personal Information
GiveDirectly will use personal information you or third-parties provide for the purposes set out in this Privacy Policy, including:
● to provide you with the information or services you have requested, and communicate with you in general;
● to analyze, evaluate, audit, investigate and improve our work, programs, services, activities or information;
● to provide updates on our work;
● to administer any financial transaction between us;
● to ensure we are not contacting people who have told us not to;
● to satisfy legal obligations;
● for research purposes;
● for the prevention of fraud or misuse of services;
● and for the establishment, defence or enforcement of legal claims.
3.2 How We Use and Transfer Personal Information
GiveDirectly engages third party vendors to assist us with processing transfers, evaluating our work, and supporting the implementation of our programs. Specifically, we may share personal information with third party service providers we work with to process transfers, provide identity verification, or implement programs on our behalf. In addition, GiveDirectly consults advisors in making organizational decisions and developing long term plans. These companies and advisors have access to recipients’ personal information as needed to perform their functions. GiveDirectly requires that they keep such personal information confidential and that they not use such information
for purposes other than the functions they are assisting us with. For the avoidance of any doubts, GiveDirectly shall endeavor to use third party facilities that guarantee end-to-end encryption of any data transfer and as such the data will only be decodable and decipherable by the data sender and the intended recipient only.
We do not sell, rent, or give personal information to any other party not under the employ of, under contract or in an advisory or vendorship role to GiveDirectly. We may disclose to third parties aggregate and summative statistics regarding transfers but these statistics do not include any personally identifying information. The information given
may include total number of recipients, total amount of transfers for specific periods of time or other aggregate and summative statistics.
GiveDirectly operates globally, and as such, unless specifically prohibited by applicable laws, personal information that we collect may be stored and processed in and transferred between any of the countries in which we operate to enable the use of the personal information in accordance with this Privacy Policy. For the avoidance of any doubts, the Laws of your host country as the Data Subject as well as all applicable international laws shall apply to govern the management of your data. If you have any questions about the transfer of your personal information, please contact us using the details at section 2.
3.3 Lawful Basis for Processing Personal Information
We are often required to rely on one or more lawful bases to collect and use your personal information. Where this is the case, our primary basis for the information collection and use is your express consent. In addition, we may collect and use information on the basis that processing the information is necessary for us to provide program services and/or the method of financial distribution service you request of us and/or because the collection and use is necessary for one of our legitimate interests, such as research regarding how to improve our programs and conducting fraud detection and prevention work, and not in conflict with any of your fundamental freedoms.
3.4 Disclosure of Personal Information to third parties
As a matter of policy we will not sell or share personal information about you to third parties in ways different from what is disclosed in this Privacy Policy. However, we may disclose your personal information:
(1) to comply with law or regulation,
(2) to our professional advisors (e.g. lawyers), where necessary to protect our interests, (3) to protect your safety or security (including fraud protection),
(4) to protect the security of our website and any property that belongs to us, our personnel or other users,
(5) to detect, report and investigate instances of fraud or abuse in our services, including reporting to law enforcement and donor enforcement and audit agencies and cooperating with their investigations, and/or
(6) in the event that we transfer or receive any business or assets (in which case we may disclose personal information to the prospective transferor or transferee) or if substantially all of our assets are acquired by a third party (in which case personal information held by us may be one of the transferred assets), as part of a restructure or otherwise.
Otherwise we will generally inform you and may ask for your consent before we share your personal information with a third party.
3.5 Personal Information Protection and Security
All personal information is stored securely. We endeavor to protect your personal information and employ both appropriate technical and procedural methods, such as commercially reasonable administrative, technical, and physical safeguards against accidental or unlawful destruction or loss, or unauthorized disclosure, access or use.
Please be aware that, despite our best efforts, no security measures are perfect or impenetrable and any transmission of personal information is at your own risk.
3.6 Automated Decision Making
We may use an automated process to determine your eligibility for our programs based on the information you provide to us. This helps us ensure that the same logic is being applied to all potential participants to ensure fairness. As noted in section 4, you have the right to not be subject to automated decision-making.
3.7 Data Retention Period
Personal information that we process shall not be kept for longer than ten years following the completion of all payments associated with the program, unless earlier or later is otherwise required by funder terms or local Data Protection Law.
4. Your Individual Rights
In general, please note that we will honor your requests to exercise your rights to personal privacy to the extent reasonably possible and required under applicable law. Certain of these rights (including those set out in this section 4, including 4.1 and 4.2 below) may only be available to you if you are located within the EU or UK when you access our website or otherwise engage with us.
You can contact us using the information provided in section 2 to request access to, correct or delete your personal information, or fulfill any of the rights below. We may not accommodate a request if we cannot confirm your
identity, or we can rely on exemptions – for instance we may not change personal information if we believe the change would violate any law, regulation, legal requirement or applicable policy or cause the information to be incorrect. Specifically, under data protection law listed in section 2, you have the right:
● Of access to the personal information we hold (see 4.1 below)
● To rectification of any personal information we hold
● To erasure of your personal information
● To restrict processing of your personal information
● To data portability of your personal information
● To object to processing; and
● To not be subject to automated decision-making including profiling
Please note that you also have the right to lodge a complaint with your local data protection authority about how we use your personal information if you are located in the UK or the EU. Please always consider raising your concern with us first by contacting us using the contact details in section 2.
While refusing to share personal information is your right, failing to provide personal information required to determine program eligibility may impact your qualifying for the program.
4.1 Accessing your Personal Information
Individuals can find out if we hold any of their personal information by making a “subject access request” under Data Privacy Law. If we do hold personal information about you, we will (subject to entitlement and exemptions):
● Give you a description of it;
● Tell you why we are holding it;
● Tell you who it could be disclosed to;
● and Let you have a copy of the information in an intelligible form
You may request a copy of the personal information by contacting us using the information listed in section 2.
4.2 Withdrawing your consent
You have the right to withdraw your consent at any time. You may exercise your right to withdraw your consent in relation to your personal data being used at any time by written notice using the contact information listed in section 2. Withdrawing your consent does not affect the lawfulness of processing based on consent before its withdrawal or our ability to retain and use your personal information to meet our legal obligations.
5. Amendments to this Privacy Policy
We may revise this Privacy Policy from time to time. If we make any substantial change to our Privacy Policy, we will notify you by posting a prominent announcement on our website and will post the updated Privacy Policy here. We will bring these changes to your attention where reasonably possible.