Privacy Policy

Privacy Statement

Our website address is: https://www.climateimpactfoundation.nl

 

Introduction

To provide our services we use a lot of data, including your Personal Data. We value and safeguard the privacy of data subjects and the protection of Personal Data. We are aware of the risks involved and are extremely careful about protecting Personal Data and ensuring that our service is open, honest and transparent. We are in full compliance with EU General Data Protection Regulation (GDPR 2016/679). We encourage you to read our Privacy Policy carefully, so you can better understand why and how we collect, use, store, disclose and access personal and sensitive information Personal Data. Should anything be unclear, we are happy to answer your questions about how your data is used. 

From time to time, we may need to change this Privacy Policy. The most recent version of this Privacy Policy is available on our website. In case of important changes of our Privacy Policy, we will inform you of these changes.

 

What Personal Data do we process?

We may process Personal Data, which may include names, postal addresses, email addresses, telephone numbers or any other Personal Data that you provide to us. We may also, in appropriate cases and to the extent permitted by law, control, process and use certain special categories of Personal Data which are more sensitive in nature. Personal Data collected shall not be used for purposes other than those explained herein.

 

How do we collect your Personal Data and why?

We will collect Personal Data for specified, explicit and legitimate purposes only and we will not  process data that is not necessary in relation to these purposes.

We may collect information about you:

  • directly from you;

  • from other sources, such as your (former) employer or colleagues;

  • from publicly available sources such as LinkedIn or the corporate website of the organization you are working for; and

  • by means of cookies.

 

Where we act as data controller, we rely on the following legal basis for processing your Personal Data:

  • Consent: if you are a recipient of our online direct marketing, including the activity of placing tracking/marketing cookies on our website or in e-mails;

  • Legitimate interests: if you are our client or prospect client, business affiliate, employee or potential employee, or our website visitor, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of Personal Data, in particular where the data subject is a child;

  • Necessary for performance of contract: if you are our client, supplier, employee, akin to employee or business affiliate;

  • Complying with legal obligation: if we process Personal Data according to requirements of domestic legislation.

  • Where we act as data processor, we process Personal Data on behalf of the data controller and we act on their written instructions, as set forth in data processing agreements.

 

Below we have set out for what purposes we could collect your Personal Data:

  • provision of our services and administration thereof;

  • promotion of ideas and events relating to services we provide;

  • accuracy of client records;

  • maintenance of records of communications and management of your business relationship with us;

  • to respond to your enquiries;

  • to comply with any present or future law, rule, regulation, guidance, decision or directive (including those concerning anti-terrorism, fraud, AML and anticorruption);

  • to carry out, in appropriate cases, KYC checks and other procedures that we undertake prior to you becoming a donor, donation recipient, or counterparty of ours; and

  • Prevention and detection of fraud and other illegal activity or misconduct.

  • Communication, such as direct marketing, informing clients, reporting requirements, etc.

 

We will ensure the appropriate security of Personal Data. The Climate Impact Foundation (CIF) is obliged to handle this information with care and prevent business-critical, privacy-sensitive or other confidential information from being accessible to unauthorised persons. Specifically, the Climate Impact Foundation must abide by the following general guidelines in respect of handling sensitive information or any information that has not been disclosed or made generally available to the public:

  • The CIF will not make unauthorised disclosures of confidential information or use it for purposes other than those for which it was disclosed except as required by law.

  • Requirements imposed by a confidentiality agreement or undertaking, imposed by law, or specified in internal policies, procedures or rules must be followed.

  • Where confidential information is to be provided to another party, The CIF must ensure that measures are in place to maintain the confidentiality of that information, such as a legally binding confidentiality agreement.

 

With whom do we share your Personal Data?

We take appropriate measures to ensure that the Personal Data will be properly handled in accordance with applicable rules and regulations. When required, Personal Data may also be shared with competent authorities and/or specific advisors (e.g. Depositary Service Provider), within the scope of the purposes explained in the data request.

In the context of the purposes as listed above and to fulfil our contract with you, we may also provide information to:

  • IT services including client relationship management platforms;

  • Intra-group to related affiliates also working on providing you with related services;

  • Law enforcement agencies; financial regulators and other relevant regulatory authorities; government bodies; tax authorities; courts tribunals and complaints/dispute resolution bodies;

  • Other bodies as required by law or regulation;

  • Financial institutions such as trustees, custodians and sub-custodians; insurers; fraud protection agencies; and/or similar suppliers or service providers; and

  • Data processors that process data on behalf of the CIF such as email service providers, hosting providers (both Microsoft).

We will ensure that, where relevant, contractual safeguards are implemented to ensure the protection of your Personal Data when disclosing your Personal Data to a third party. For example, we have entered or will enter into data processing agreements with relevant parties (providing for restrictions on the use of your Personal Data and obligations with respect to the protection and security of your Personal Data).

When we share your Personal Data as set out above with other parties located in countries outside the European Economic Area (EEA), these countries may offer a lower level of data protection than in the Netherlands. In such case, it shall be ensured that adequate measures are taken to ensure adequate protection of your Personal Data in accordance with applicable data protection legislation on the basis of Standard Contractual Clauses, as drafted by the European Commission.

 

How long do we store your Personal data? 

In line with the GDPR principle of storage limitation, Personal Data must not be kept on record for longer than required and regular review of the data held must be conducted and data erased if no longer needed. We will retain Personal Data in accordance with legal and regulatory requirements and for no longer than reasonably necessary. This is reflected in our data retention schedule, included below for reference.

Document

Governance records

Minimum information

Including the description of the business operations and internal organization of CIF, meeting agendas and board packs minutes, information regarding services or activities that may lead to conflicts of interest.

Retention period

Retained for the full term of CIF incorporation.

Document

Control records

Minimum information

Including compliance reports and procedures; risk management reports and analyses including internal control reports.

Retention period

Retained for at least 5 years.

Document

Outsourcing agreements

Minimum information

Including agreements with the Depositary, administrator, external accountant, lawyers, members, IT providers, licenses and other third parties.

Retention period

Retained for at least 5 years after the outsourcing relationship ends.

Document

Financial records

Minimum information

Financial records including all invoices, bank records, general ledger transactions, annual accounts and further financial reporting.

Retention period

Retained for the full term of CIF incorporation.

The CIF also retains data that it expects relevant to be retained to allow adequate supervision, or because they may be relevant internally.

 

Personal Data

If you no longer wish to receive our Mailings, we cease the sending of the relevant Mailings, or when it appears that your email address is no longer in use (for example when we receive a filed delivery notification).

 

What are your rights and how you can exercise them?

Please note that you can always unsubscribe from our Mailings. Further, you have the right to:

·       information about and access to your Personal Data;

·       rectify your Personal Data;

·       erasure of your Personal Data (‘right to be forgotten’);

·       restriction of processing of your Personal Data;

·       object to the processing of your Personal Data;

·       receive your Personal Data in a structured, commonly used and machine-readable format and to (have) transmit(ted) your Personal Data to another organization.

To exercise your rights, please contact us. You will find the contact details at the bottom of this Privacy Policy. We will respond to your request without undue delay but at latest within one month. Finally, you have the right to lodge a complaint with the relevant Data Protection Authority, such as the Dutch Data Protection Authority.

 

Use of cookies in mailings or on our website

We use cookies to improve the user-friendliness of our website and to adjust the content of our communication. A cookie is a (temporary) text file that is placed on your desktop or mobile device. With cookies, we keep track of the surfing behaviour of our visitors. For example, we could track the duration of your website visit, the number of pages that are visited, geographic information and the browser type. Any information held about individuals as a result will be subject to the above standards of protection. We place the following cookies:

 

Functional cookies
These are necessary for the proper functioning of our website. We place these functional cookies by default so that the website works properly for you. It is not possible

 

Analytical cookies
With these cookies, we can keep the statistics of our site anonymously. In Google Analytics we can, for example, register the number of visitors, the page visit and the browser used. With this data, we improve user-friendliness so that visitors can find the information they are looking for faster. That is why the analytical cookies are enabled by default. It is not possible to disable these cookies.

 

Tracking / marketing cookies
We use these cookies for marketing purposes. With these cookies, we can measure recurring website visits and create a profile of a visitor. In addition, it is possible for us to track visits across different websites and to show targeted advertisements on other websites. You have the option to enable or disable these cookies.

Most web browsers automatically accept cookies, but you can usually customize the settings of your browser so that it refuses cookies. You must set your settings for each browser and on each computer you use.

 

Contact 

We are the Climate Impact Foundation, located at Korte Vijverberg 4, 2513 AB, The Hague, The Netherlands. Privacy matters can also be referred to the following email address Info@climateimpactfoundation.nl

Individuals having supplied data have the right to lodge a complaint through the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, “Dutch DPA”). Furthermore, the Climate Impact Foundation shall ensure appropriate notification to the Dutch DPA and the affected data subject of any Personal Data breaches within 72 hours after having become aware of it. Further information can be found on the website of the Dutch DPA.