CAW ensures the privacy of the personal data we process in line with the GDPR.
On 20 July, EU’s General Data Protection Regulation (the GDPR) and the new Personal Data Act came into force in Norway. Children and War Foundation (CAW) has taken the necessary steps to ensure the privacy of the personal data that we process. In our Privacy Notice, you will find information about how we process and protect personal data about you as well as your privacy rights.
This Privacy Notice applies where we act as controller for processing personal data, which is normally the case in connection with our activities. As controller, we are responsible for ensuring that the personal data we have about you are used in accordance with the applicable data protection legislation.
In this Privacy Notice, you will find information about how we use and protect personal data about you as well as your rights in this regard. Personal data are data that relate to you as an identifiable person.
1. Individuals subject to processing of personal data, and the data we collect and maintain
CAW works to aid and support children who are affected by war, warlike situations and disasters as well as their families. Most of the data we process relate to individuals.
We typically have and need personal data for the individuals working for and with the Foundation, either elected or non-elected. The legal basis in this respect is GDPR art. 6 (1) a, consent.
Furthermore we have and need the same kind of data for individuals with whom we cooperate, including those whom CAW support in various ways and supporters of CAW. The legal basis in this respect is GDPR art. 6 (1) b, contract.
Thirdly we may have and need the same kind of data for individuals the Foundation in any way may have trained in the use of the manuals and other materials the Foundation has developed. The purpose of this is to be able to go back and i.a. evaluate the work and efforts of the Foundation, also as a part of the research the Foundation may support. The legal basis in this respect is GDPR art. 6 (1) a and b, consent and contract.
The typical data we collect and maintain are name, telephone number, address and e-mail address.
2. Parties with whom we share personal data
The suppliers of our IT services and their sub-suppliers may have access to personal data if such access is necessary for them to provide their services to us. We have data processing agreements with such parties ensuring that they do not use such data for their own purposes.
We do not disclose personal data in any other way, unless requested by our clients or unless it is necessary to comply with laws or public authority requirements. We do not sell personal data.
3. Data retention
We store your personal data for as long as it is necessary to fulfil the purposes described in this Privacy Notice. This essentially means the following:
•We store the details of contact persons in 5 years periods. Every 5 year the lists of persons are reviewed and persons not any longer relevant to the Foundation are deleted from the list and all data are deleted.
•We store the names and e-mail addresses of individuals who have consented to receive newsletters and other publications until such consent is withdrawn.
•We make backup copies of our data, which are continuously deleted after 2 years.
4. Your privacy rights
You have several rights under the current privacy regulations. We have provided a list of these rights below. Please do not hesitate to contact us if you wish to exercise your rights. We will respond to your inquiry as soon as possible, generally within one month at the latest.
Access: You have a general right of access to the personal data we have registered about you.
Rectification and erasure: You have a general right to request that we rectify any incorrect personal data about you and erase personal data about you. When we have your data based on consent, cfr. GDPR art. 6 (1) a, you have the right to withdraw that consent any time.
Restriction: You have a general right to ask us to stop (“freeze”) the processing of your personal data, e.g. where you are of the opinion that we process personal data about you illegally and you do not wish us to erase these data pursuant to our routines for such erasure until the matter has been clarified.
Data portability: You have a general right to request transfer of your personal data in a common, machine-readable format. Because this only applies to the personal data you have given us and where we process such data based on your consent or an agreement we have with you, this right will probably not be relevant in relation to us.
Objection: You have a general right to object to our processing of personal data about you if this is justified by special circumstances on your part. You also have the right to object to us using data about you for marketing purposes, and you can do this, for example, by using the link included in our e-mails.
Right to appeal to the Norwegian Data Protection Authority (Datatilsynet): If you do not agree with the way in which we process your personal data, you may submit an appeal to the Norwegian Data Protection Authority (Datatilsynet). We ask that you contact us beforehand, so that we may clarify any misunderstandings.
We have implemented technical and organizational security measures to ensure that we handle personal data in a secure manner. We perform regular assessments of the security of all of our systems used for the handling of personal data and have entered into agreements instructing the suppliers of such systems to ensure an adequate level of data security.
6. Amendments to this Privacy Statement
We may amend this Privacy Notice from time to time. You will be notified if any significant amendments are made. The most up-to-date version of our Privacy Notice is available on our website.
Get the latest news and information straight to your inbox.
(We value your privacy and will never share your email address with anoyne)