CIF Privacy Statement

(995 32) 2 251344

Protecting your privacy

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) requires all organisations within the EU who process Personal Data to be transparent on how, why and what data is captured, stored and processed; the lawful basis for holding and processing personal data; how individuals can access information on themselves held by the organisation; and how they can control, or object to, the use of their personal data.

CIF is committed to protecting your privacy and complying with these regulations. This statement sets out how this is implemented across all of our communications channels, applications and networks, and details your rights in relation to your personal data that CIF captures, stores and uses. In addition to the above, we collect information automatically about visits to our website.

Your Rights

You have the right to access, rectify, restrict or prevent processing of your data by CIF. CIF will always verify your identify before processing your request. To do this we might ask for another form of identification and ask for proof that you are the person asking this. If you choose to activate your right to rectify, restrict or prevent processing and/or storage of your personal data, CIF will ensure that this is communicated to any third party with access to your data.

You have the right to know what data CIF holds that relates to you. You can make a Subject Access Request (SAR) at any time. By making this request CIF is legally obliged to share all the information that we hold on you, CIF will respond to a data access request within 72 hours. CIF then has 30 days in which to fulfil the requests.

If you wish to rectify the data that is held on you, CIF has a month in which to complete the process.

In addition, all marketing e-communications sent out by CIF provides you with an option to unsubscribe.

If you object to the lawful basis upon which we hold your data, you should contact Ina Charkviani where your objections will be reviewed. During this period all processing of your personal data will be suspended with immediate effect.

Alternatively you may lodge a complaint with the Information Commissioners Office (ICO) or your supervisory authority.

We do not use any automated decision-making systems except those used to detect and remove viruses from content you may provide us or undertake automated profiling. We do not record data which falls under the Sensitive/Special Category. CIF will never attempt to buy or sell your Personal Data.

Storage, use of personal information and data protection

Any personal data captured by CIF is used and held in accordance with the requirements of the General Data Protection Regulation (GDPR) 2018.

We will only disclose data when obliged to disclose personal data by law or we have your consent.

Legal representatives

We will only share your personal information with third parties who process data on our behalf or where necessary, for example when your information needs to be provided to the financial institution that processes our credit card transactions. They receive your name, address, telephone number, credit card number and expiry date solely for the purpose of verifying the credit card number and processing the transaction in a secure environment. They employ industry standard security technology to ensure the confidentiality of your transactions.

Internet-based transfers

Given that the Internet is a global environment, using it to collect and process personal data necessarily involves the transmission of data may be processed outside the European Economic Area, although the data will always be held securely and in line with the requirements of Georgian data protection legislation. By communicating electronically with us, you acknowledge and agree to our processing of personal data in this way.

Website

When people visit the CIF website, we log non-personally-identifiable information including IP address, profile information, aggregate user data, and browser type. We use this data to monitor usage and improve our website services.

Email subscription services

You should not enter information on behalf of another person or about any other person. Your name and email address will be used only for delivering to you the services to which you have subscribed, for sending information about these services, for sending you password reminders and for validating security. They will not be provided to any third parties without your express consent.

If you are sharing your email address with other people, CIF cannot protect any information you provide against access by the other users of your email address, nor can CIF prevent other users of your email address changing your subscription details.

Password protected services

You are responsible for the safeguarding of any information, such as passwords and user IDs needed for use of your computer and/or your membership with CIF, and CIF will not be responsible for any consequences of such information failing to be adequately safeguarded.

You should not enter information on behalf of another person or about any other person.

You are required to use all reasonable endeavours to ensure against unauthorised access to the service, in particular the use of user names and passwords by unauthorised individuals.

Password reminders and other information from the service will be sent to the email address you have given.

Use of personal information

We may process personal information collected via this website or other electronic communications networks (i.e. like email address) used by CIF, for the following purposes:

Advertising and Marketing

Opting in to receive our e-newsletters to receive the latest information on CIF

However CIF processes your personal information, it will be done so lawfully, fairly and transparently. We will never process your personal information for any other purpose or reasons other than those specified at the time your personal information is collected. We will only ask you to provide information which is adequate and necessary in order to process your data according to its intended and agreed purpose. Your personal information will always be processed securely by authorised personnel employed by/or acting on behalf of CIF and will only be stored within appropriate formats for periods of time which are justifiable by law or business purpose.

External providers we use for personal data capture

CIF uses a range of 3rd party processors who process personal data on behalf of CIF. All 3rd party processors are contractually obligated to process personal data in line with GDPR requirements.

Marketing Emails

CIF uses a third party provider, MailChimp, to deliver our monthly update newsletters. We gather statistics around email opening and clicks using industry standard technologies. For more information, please see MailChimp privacy policy.

Web analytics

CIF uses a third party provider Google Analytics to monitor web usage and page visits to the CIF website. For more information see the Google Analytics privacy notice.

Subject access requests

You have the right to see what personal data we hold about you. To obtain a copy of the personal information we hold about you, please write to Ina Charkviani, CIF Communications Manager, Curatio International Foundation, Tbilisi, 0179, Kavsadze str 3 Office 5 or email [email protected]

After you have requested a subject access request, you will be notified within 72 hours that your request is being dealt with. CIF will then have 30 days to provide the information to you.