Privacy notice

At International Alert, we take your privacy seriously and manage your data in accordance with the United Kingdom’s and European Union’s General Data Protection Regulation (GDPR).

On this page, we use ‘data’ to refer to any personal information we collect about you, such as your name and email address.

Our commitment to you

  • We promise to respect any personal data you share with us and will always store this information securely.
  • We will only use your personal data to provide the services you have requested and communicate with you in the ways you have agreed to.
  • We will never sell or share your personal data to other organisations to use for their own purposes, unless required to do so by law.
  • You can change or withdraw your consent for us to hold your personal data at any time. To do so, please use the contact details at the bottom of this page.

What information we collect

Donors

When you donate to us, you are asked to provide your name, postal address, email address, phone number and payment details.

If you donate via our website, your data is collected by a third-party company called Enthuse, whose system we use to take donations. If you give them permission to do so, they will share this data (excluding your payment details) with us. Any data you provide is stored on secure servers by International Alert and Enthuse. For the purposes of GDPR, we are the Data Processor and Enthuse the Data Controller.

If donating via GlobalGiving, this data is collected and managed by them. If you give them permission to do so, they will share this data (excluding your payment details) with us. Any data you provide is stored on secure servers by International Alert and GlobalGiving. For the purposes of GDPR, we are the Data Processor and GlobalGiving the Data Controller.

If donating via JustGiving, this data is collected and managed by them. If you give them permission to do so, they will share this data (excluding your payment details) with us. Any data you provide is stored on secure servers by International Alert and JustGiving. For the purposes of GDPR, we are the Data Processor and JustGiving the Data Controller.

If provided to us, we also share your data with a third-party company called Bitrix 24, whose system we use to track and analyse our relationships with donors. For the purposes of GDPR, we are the Data Controller and Bitrix 24 the Data Processor.

If you donate via telephone or post, we input the data directly into Enthuse (see above).

We may supplement what we know about active and prospective donors with information that is available to the public. For example, what city you live in, what you do for a living and whether you have any specific interest in peacebuilding or overseas development. We do this to ensure that our communication with you is relevant and tailored to your background and interests. This data is stored on Bitrix 24 (see above).

Under Article 6(1) of GDPR, the lawful bases for us processing your data are consent and legal obligation. We will store your data for six years after the end of the tax year in which your last donation was made for tax purposes only.

Event attendees

When you sign up to attend one of our events, you are asked to provide your name and email address. This data is collected by a third-party company called Eventbrite, whose systems we use to market and administer our events. We also use these systems to track and analyse who attends our events. For the purposes of GDPR, with Eventbrite we are the Data Controller and Eventbrite the Data Processor.

Under Article 6(1) of GDPR, the lawful basis for us processing your data is consent. We will store your data for three months, for the purposes of managing the event only.

Prospective employees/consultants

When you apply for a job at International Alert, you are asked to provide your name, date of birth, email address, postal address, telephone number and employment history, as well as where you heard about the vacancy. The information you provide will only be used to process your application or to fulfil legal or statutory requirements, if necessary.

During the application process, you may also be asked to provide information about your sex, race, ethnicity and disability (if applicable). This information is strictly used to monitor equal opportunities and diversity in our organisation and is separated from your application.

We share this data with a third-party company called PeopleHR, whose system we use to manage job adverts and applications. The data collected is stored on secure servers by International Alert and PeopleHR. Any physical copies of data are stored in secure, locked cabinets in our offices, with limited access. For the purposes of GDPR, we are the Data Controller and PeopleHR the Data Processor.

Under Article 6(1) of GDPR, the lawful bases for us processing your data are consent and legal obligation. We will store your data for two years for administrative and legal purposes only. If you are appointed to the role, we will store your data for as long as you are employed with us, followed by a further six years, for administrative and legal purposes only.

Additionally, if you contact us to be included in our consultant’s database or if you provide your details through the online form, the information you provide will be stored on Bitrix 24 (see above).

Under Article 6(1) of GDPR, the lawful bases for us processing your data are consent and legal obligation. We will store your data for six years for administrative and legal purposes only.

Press

We contact members of the press (e.g. journalists, editors, producers, etc.) for the purposes of pitching stories to you. The data we process includes your name, job title, organisation, email address, phone number, business postal address and areas of expertise/interest.

We contact the press both independently using our own database and using a third-party media database called Meltwater. For the purposes of GDPR, when using our own database, International Alert is the Data Controller. This data is stored on secure servers by International Alert and will not be shared with any third parties. When using Meltwater, International Alert is the Data Processor and Meltwater the Data Controller. This data is stored on secure servers by Meltwater.

Under Article 6(1) of GDPR, the lawful basis for us processing your data both independently and via Meltwater is legitimate interests. Any correspondence with you includes details of how you can opt out of further communication. You can also opt-out by contacting us using the details at the bottom of this page. We will store your data for as long as our work is relevant to your role and/or area of expertise/interest (unless you opt out).

Social media users

When you interact with our content on social media (e.g. liking, sharing, etc.), the social media platforms automatically collect data about these interactions and share them with us. We use this data to understand what information users are interested in and where we can make improvements in what we offer.

We use a third-party service called Sprout Social to track and analyse how people use and interact with our content on social media. If you send us a private or direct message via social media, we will only store the message on that social media platform and on Sprout Social. We will not share it with any other organisation. For the purposes of GDPR, we are the Data Controller and Sprout Social the Data Processor.

Under Article 6(1) of GDPR, the lawful basis for us processing your data is consent. How long your data is stored for is governed by the data retention policies of the individual social media platforms.

Subscribers

When you sign up to receive email updates from us, you provide your email address and, if you choose to, your name, organisation and country. This data is collected by a third-party company called MailChimp, whose system we use to send emails to our subscribers. We also use this system to track and analyse how people use and interact with our emails. The data you provide is stored on secure servers by MailChimp. For the purposes of GDPR, we are the Data Controller and MailChimp the Data Processor. Learn more about Mailchimp’s privacy practices here.

Under Article 6(1) of GDPR, the lawful basis for us processing your data is consent. Any correspondence with you includes details of how you can opt out of further communication. You can also opt out by contacting us using the details at the bottom of this page. We will store your data for three years (unless you opt out), at which point we will ask you to reconfirm your consent.

Website users

When you use our website, we automatically collect anonymous data about you using ‘cookies’. We do this to understand what information users are interested in and where we can make improvements in what we offer. To find out more about our use of cookies, read our cookies notice.

We use a third-party service called Google Analytics to track and analyse how people use and interact with our website. We do not make and do not allow Google to make any attempt to find out the identities of those visiting our website. For the purposes of GDPR, we are the Data Controller and Google Analytics the Data Processor.

Under Article 6(1) of GDPR, the lawful basis for us processing your data is consent. We store cookies for 26 months or until you next visit our site—whichever is greater. At that point, we will ask you to reconfirm your consent.

Business contacts

When you work with us or enquire about a partnership, we may keep a record of your name, email address, job title, phone number, organisation and areas of expertise/interest. We use this data to understand who we are working with and to cultivate relationships for future business needs. We will share this data with Bitrix 24 to track and analyse our relationships (see above).

Under Article 6(1) of GDPR, the lawful basis for us processing your data is legitimate interest. We will store your data for six years for administrative and legal purposes only.

Persons of legitimate interest

If you work in a field relevant to International Alert’s business operations and your contact information is publicly available, we may collect your name, job title, email address, telephone number and organisation. We use this data to plan future business engagements or to advance International Alert’s peacebuilding objectives. We will share this data with Bitrix 24 to record this information and plan future engagements (see above).

Under Article 6(1) of GDPR, the lawful basis for us processing your data is legitimate interest. We will store your data for six years for administrative and business intelligence purposes.

Linking different data

The data above may be compared to help us better understand our supporters and improve our services. For example, we may check whether an attendee at one of our events is also an existing donor.

How we protect your data

We’ve implemented physical, technical, and organisational measures to protect your data, both online and offline, from improper access, use, alteration, destruction and loss.

The data we collect will only be accessible by staff and volunteers who have been granted explicit permission to access it. Online data is password-protected and stored on secure servers, and offline data is stored in secure, locked cabinets in our offices—or, where relevant, in those of our partner organisations or companies.

We keep your information only for as long as is reasonable and necessary for the purposes you have shared it with us—which may be to fulfil statutory obligations (for example, the collection of Gift Aid). Where we are the Data Controller, above, we have detailed how long we store your data.

Where we use third-party companies to collect, store or process data, we ensure these companies are subject to GDPR and/or Standard Contractual Clauses on data export mechanisms.

Other than the purposes detailed above, we will only disclose your information if required to do so by law – for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a ‘competent authority’ under GDPR.

Your communications with our teams (including by telephone, email, mail or social media) may be monitored and/or recorded for training, quality control and compliance purposes to ensure that we continuously improve our customer service standards. Any information will be stored on our secure servers.

Who we are

International Alert is a registered charity in England and Wales (charity number 327553). We are also registered as a Foundation in the Netherlands (number 857844866). This privacy notice applies to both of these entities. Our registered addresses are:

UK: Offley Works, 1 Pickle Mews, London, SW9 0FJ, UK

Netherlands: Humanity Hub, Fluwelen Burgwal 58, 2511 CJ, The Hague

How to contact us

If you would like to know what information we hold about you, would like to update or remove any information we hold about you, or have any questions or concerns regarding our privacy notice or our processing of your personal information, please contact:

Email: [email protected]

Mail: Interim Chief Operating Officer, International Alert, 10 Salamanca Place, London, SE1 7HB

If you are not satisfied with our response or believe we are not processing your data in accordance with the law, you can contact the UK’s Information Commissioner’s Office. For further details, visit www.ico.org.uk. You can find out more about your data rights at www.ico.org.uk/for-the-public.


We regularly review our privacy notice and post any updates on this webpage. This privacy notice was last updated on June 24, 2024.