Privacy notice

At International Alert, we take your privacy seriously and manage your data in accordance with the European Union’s General Data Protection Regulation (GDPR).

On this page we use ‘data’ to refer to any personal information we collect about you, such as your name and email address.

Our commitment to you

  • We promise to respect any personal data you share with us and will always store this information securely.
  • We will only use your personal data to provide the services you have requested and communicate with you in the ways you have agreed to.
  • We will never sell or share your personal data to other organisations to use for their own purposes, unless required to do so by law.
  • You can change or withdraw your consent for us to hold your personal data at any time. To do so, please use the contact details at the bottom of this page.

What information we collect

Donors

When you donate to us, you are asked to provide your name, postal address, email address, phone number and payment details.

If donating via our website, this data is collected by a third-party company called Charity Checkout, whose system we use to take donations. If you give them permission to do so, they will share this data (excluding your payment details) with us. Any data you provide is stored on secure servers by International Alert and Charity Checkout. For the purposes of GDPR, we are the ‘Data Processor’ and Charity Checkout the ‘Data Controller’.

If provided to us, we also share your data with a third-party company called Salesforce, whose system we use to track and analyse our relationships with donors. For the purposes of GDPR, we are the ‘Data Controller’ and Salesforce the ‘Data Processor’.

If donating via telephone or post, the data is inputted directly by us into Charity Checkout and Salesforce (see above).

We may supplement what we know about active and prospective donors with information that is available to the public. For example, what city you live in, what you do for a living and whether you have any specific interest in peacebuilding or overseas development. We do this to ensure that our communication with you is relevant and tailored to your background and interests. This data is stored on Salesforce (see above).

We will store your data for six years after the end of the tax year in which your last donation was made, for tax purposes only.

Event attendees

When you sign-up to attend one of our events, you are asked to provide your name, email address, telephone number and any special requirements (e.g. dietary needs). This data is collected by a third-party company called Eventbrite, or if one of our Conflict Café events, with a company called Eatwith, whose systems we use to market and administer our events. We also use these systems to track and analyse who attends our events. For the purposes of GDPR, with Eventbrite we are the ‘Data Controller’ and Eventbrite the ‘Data Processor’, while with Eatwith we are the ‘Data Processor’ and Eatwith the ‘Data Controller’.

We will store your data for three months, for administrative purposes only.

Job applicants

When you apply for a job at International Alert, you are asked to provide your name, date of birth, email address, postal address, telephone number and employment history, as well as where you heard about the vacancy. The information you provide will only be used to process your application or to fulfil legal or statutory requirements, if necessary.

During the application process, you may also be asked to provide information about your sex, race, ethnicity and disability (if applicable). This information is strictly used to monitor equal opportunities and diversity in our organisation, and is separated from your application.

We share this data with a third-party company called PeopleHR, whose system we use to manage job adverts and applications. The data collected is stored on secure servers by International Alert and PeopleHR. Any physical copies of data are stored in secure, locked cabinets in our offices, with limited access. For the purposes of GDPR, we are the ‘Data Controller’ and PeopleHR the ‘Data Processor’.

We will store your data for two years (unless you are appointed to the role), for administrative and legal purposes only.

Social media users

When you interact with our content on social media (e.g. liking, sharing, etc.), the social media platforms automatically collect data about these interactions and share them with us. We use this data to understand what information users are interested in and where we can make improvements in what we offer.

We use a third-party service called Sprout Social to track and analyse how people use and interact with our content on social media. If you send us a private or direct message via social media, we will only store the message on that social media platform and on Sprout Social. We will not share it with any other organisation. For the purposes of GDPR, we are the ‘Data Controller’ and Sprout Social the ‘Data Processor’.

Subscribers

When you sign-up to receive email updates from us, you provide your name and email address. This data is collected by a third-party company called MailChimp, whose system we use to send emails to our subscribers. We also use this system to track and analyse how people use and interact with our emails. The data you provide is stored on secure servers by MailChimp. For the purposes of GDPR, we are the ‘Data Controller’ and MailChimp the ‘Data Processor’.

We will store your data for three years (unless you request otherwise), at which point we will ask you to reconfirm your subscription.

Website users

When you use our website, we automatically collect anonymous data about you using ‘cookies’. We do this to understand what information users are interested in and where we can make improvements in what we offer. To find out more about our use of cookies, read our cookies notice.

We use a third-party service called Google Analytics to track and analyse how people use and interact with our website. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. For the purposes of GDPR, we are the ‘Data Controller’ and Google Analytics the ‘Data Processor’.

Linking different data

The data above may be compared, to help us better understand our supporters and improve the services we provide. For example, we may check whether an attendee at one of our events is also an existing donor.

How we protect your data

We've implemented physical, technical and organisational measures to protect your data, both on- and off-line, from improper access, use, alteration, destruction and loss.

The data we collect will only be accessible by staff and volunteers who have been granted explicit permission to access the information. Online data is password-protected and stored on secure servers, and offline data is stored in secure, locked cabinets in our offices – or, where relevant, in those of our partner organisations or companies.

We keep your information only for as long as is reasonable and necessary for the purposes you have shared it with us – which may be to fulfil statutory obligations (for example, the collection of Gift Aid). Where we are the Data Controller, above we have detailed how long we store your data for.

Where we use third-party companies to collect, store or process data, we ensure these companies are subject to GDPR (if within the EU) or the EU-US Privacy Shield Framework (if within the US) – which means they are certified to process data received from the EU.

Other than the purposes detailed above, we will only disclose your information if required to do so by law – for example, to comply with applicable laws, regulations and codes of practice, or in response to a valid request from a ‘competent authority’ under GDPR.

Your communications with our teams (including by telephone, email, mail or social media) may be monitored and/or recorded for training, quality control and compliance purposes to ensure that we continuously improve our customer service standards. Any information will be stored on our secure servers.

Who we are

International Alert is a registered charity in England and Wales (charity number 327553). We are also registered as a Foundation in the Netherlands (number 857844866). This privacy notice applies to both these entities. Our registered addresses are:

  • UK: 346 Clapham Road, London, SW9 9AP
  • Netherlands: New World Campus, Spaarneplein 2, Den Haag

How to contact us

If you would like to know what information we hold about you, would like to update or remove any information we hold about you, or have any questions or concerns regarding our privacy notice or our processing of your personal information, please contact:

Email: data@international-alert.org
Mail: Chief Operating Officer, International Alert, 346 Clapham Road, London, SW9 9AP, UK
Tel: +44 (0)20 7627 6803

If you are not satisfied with our response or believe we are not processing your data in accordance with the law, you can contact the UK’s Information Commissioner’s Office. For further details, visit www.ico.org.uk. You can find out more about your data rights at www.ico.org.uk/for-the-public.


We keep our privacy notice under regular review and will place any updates on this webpage. This privacy notice was last updated on 24 May 2018.