Fund for Peace (FFP) takes your privacy seriously and manages your data in accordance with the European Union’s General Data Protection Regulation (GDPR).

On this page we use ‘data’ to refer to any personal information we collect about you, such as your name and email address.

Our commitment to you

    We promise to respect any personal data you share with us and will always store this information securely.
    We will only use your personal data to provide the services you have requested and communicate with you in the ways you have agreed to.
    We will never sell or share your personal data to other organisations to use for their own purposes, unless required to do so by law.
    You can change or withdraw your consent for us to hold your personal data at any time. To do so, please use the contact details at the bottom of this page.

What information we collect

Donors

When you donate to us, you are asked to provide your name, postal address, email address, phone number and payment details.

If donating via our website, this data is collected by two third-party companies called Network for Good and Paypal, whose systems we use to take donations. If you give them permission to do so, they will share this data (excluding your payment details) with us. Any data you provide is stored on secure servers by Network for Good and Paypal. FFP will only store any donation data shared with us in paper form for the purposes of routine financial record keeping and auditing – the only electronic information retained is in the aggregate from each provider and does not dis-aggregate individuals. For the purposes of GDPR, Network for Good and Paypal are the ‘Data Processors’ and the ‘Data Controllers’.

If donating via check (by post), the data is inputted directly by us into our financial and accounting records (see above). Any data you provide is stored on secure servers by FFP’s third-party accountants, Calibre CPA Group. Calibre CPA will only store any donation data shared with us for the purposes of routine financial record keeping and auditing. For the purposes of GDPR, FFP are the ‘Data Processors’ and Calibre CPA are the ‘Data Controllers’.

We will store your data for seven years after the end of the tax year in which your last donation was made, for tax purposes only.

Event attendees

When you sign-up to attend one of our events, you are asked to provide your name, email address, and sometimes your telephone number and any special requirements (e.g. dietary needs). This data is collected by a third-party company called Eventbrite, whose systems we use to market and administer our events. We also use these systems to track and analyse who attends our events. For the purposes of GDPR, with Eventbrite we are the ‘Data Controller’ and Eventbrite the ‘Data Processor’.

We will store your data for three months, for administrative purposes only.

Job applicants

When you apply for a job or internship at FFP, you are asked to provide your name, email address, postal address, telephone number and employment history, sometimes as well as references and writing samples. The information you provide will only be used to process your application or to fulfill legal or statutory requirements, if necessary.

We do not share this data with anyone else. The data collected is stored on secure servers by FFP. Any physical copies of data are stored in secure, locked cabinets in our offices, with limited access. For the purposes of GDPR, we are the ‘Data Controller’ and the ‘Data Processor’.

We will store your data for seven years (unless you are appointed to the role), for administrative and legal purposes only.

Social media users

When you interact with our content on social media (e.g. liking, sharing, etc.), the social media platforms automatically collect data about these interactions and share them with us. We use this data to understand what information users are interested in and where we can make improvements in what we offer.

If you send us a private or direct message via social media, we will only store the message on that social media platform. We will not share it with any other organisation. For the purposes of GDPR, we are the ‘Data Controller’ and the social media platforms are the ‘Data Processor’.

Subscribers

When you sign-up to receive email updates from us, you provide your name and email address. This data is collected by a third-party company called iContact, whose system we use to send emails to our subscribers. We also use this system to track and analyse how people use and interact with our emails. The data you provide is stored on secure servers by iContact. For the purposes of GDPR, we are the ‘Data Controller’ and iContact the ‘Data Processor’.

We will store your data for seven years (unless you request otherwise), at which point we will ask you to reconfirm your subscription.

Website users

When you use our website, we automatically collect anonymous data about you using ‘cookies’. We do this to understand what information users are interested in and where we can make improvements in what we offer. To find out more about our use of cookies, read our cookies notice.

We use a third-party service called Google Analytics to track and analyse how people use and interact with our website. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. For the purposes of GDPR, we are the ‘Data Controller’ and Google Analytics the ‘Data Processor’.

How we protect your data

We’ve implemented physical, technical and organisational measures to protect your data, both on- and off-line, from improper access, use, alteration, destruction and loss.

The data we collect will only be accessible by staff and contractors who have been granted explicit permission to access the information. Online data is password-protected and stored on secure servers, and offline data is stored in secure, locked cabinets in our offices – or, where relevant, in those of our partner organisations or companies.

We keep your information only for as long as is reasonable and necessary for the purposes you have shared it with us – which may be to fulfil statutory obligations. Where we are the Data Controller, above we have detailed how long we store your data for.

Where we use third-party companies to collect, store or process data, we ensure these companies are subject to GDPR (if within the EU) or the EU-US Privacy Shield Framework (if within the U.S.) – which means they are certified to process data received from the EU.

Other than the purposes detailed above, we will only disclose your information if required to do so by law – for example, to comply with applicable laws, regulations and codes of practice, or in response to a valid request from a ‘competent authority’ under GDPR.

Your communications with our teams (including by email, mail or social media) will be stored on our secure servers.

Who we are

FFP is a registered 501(c)(3) non-profit organization in the United States (DUNS 075204768). This privacy notice applies to both these entities. Our registered address is:

1101 14th Street NW
Suite 1020
Washington, D.C. 20005

How to contact us

If you would like to know what information we hold about you, would like to update or remove any information we hold about you, or have any questions or concerns regarding our privacy notice or our processing of your personal information, please contact:

Email: [email protected]
Mail: Executive Director, Fund for Peace, 1101 14th Street NW, Suite 1020, Washington, D.C. 20005
Tel: +1 (202) 223-7940

We keep our privacy notice under regular review and will place any updates on this webpage. This privacy notice was last updated on 19th July 2018.