GOAL is committed to protecting the privacy of your information and takes its obligations under the general data protection regulation EU 2016/679 seriously.
Please note: you have the right to object to the processing of your personal data where that processing is carried out for our legitimate interests or for direct marketing purposes.
1.1 goalus.wpengine.com (the "Website") is operated by GOAL, a company limited by guarantee with company number 201698, and registered as a charity in Ireland under Charity Registration Number 20010980, having its registered office at Carnegie House, Library Road, Dun Laoghaire, Co. Dublin, Ireland ("GOAL", " we", "ourselves" or "us ").
1.2 "Personal Data" under data protection law (including the EU General Data Protection Regulation 2016/679 ("GDPR "), the EU Privacy and Electronic Communications Directive 2002/58/EC, and all national implementing legislation) (" Data Protection Law") means any information about an individual from which that person can be identified.
1.3 This Privacy Statement explains how your Personal Data is provided to GOAL or collected, stored and used by GOAL, as a data controller. By using this Website, corresponding with us by phone, email or otherwise, you may provide your Personal Data to us, and you signify your acceptance of this Privacy Statement and agree that we may collect, use and disclose your Personal Data as described in this Privacy Statement. If you do not agree with or you are not comfortable with any aspect of the Privacy Statement, your only remedy is to discontinue use of the Website. We reserve the right to modify this Privacy Statement at any time. Your continued use of any portion of the Website, following notification or posting of such changes, will constitute your acceptance of those changes.
1.4 GOAL is committed to protecting the privacy of your information and takes its obligations under Data Protection Law seriously. We will use your information only for the purposes set forth below and in compliance with Data Protection Law.
2 The Information We May Collect about You
2.1 Your support means a lot to us and, more importantly, the people who benefit from our programmes overseas. We value all individuals and organisations who give their time and/or money to enable us to do the vital work we do. When you contact GOAL regarding a fundraising activity, campaign, to make a donation or for any other reason, you may provide us with Personal Data.
2.2 We may collect and process the following Personal Data about you:
2.2.1 Information that you voluntarily provide to us when using this Website or by contacting us directly, including but not limited to your name, date of birth, postal address, e-mail address and telephone number.
2.2.2 If you contact us for any reason, we may keep a record of that correspondence.
2.2.3 Financial information that you voluntarily provide to us when making a donation and/or providing funding.
2.2.4 Employment application information which you voluntarily provide to us when making an application for employment with us, including but not limited to such information contained in application forms and/or CVs – we may store this information in accordance with Section 5 below in order to consider you for future vacancies which may become available either with us or within the GOAL Group.
2.2.5 We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
2.2.6 Details of your visits to the Website including, but not limited to, traffic data, location data and other communication data and the resources, advertisements and linked sites that you access.
2.2.7 Aggregated information - this is information about all of our visitors collectively such as what areas of our Website visitors most frequently visit and which of the services that we offer they prefer to use. To protect our visitors' rights of privacy this information is anonymous and aggregated. Therefore, no individual visitor can be identified from this information.
2.3 Financial information that you provide to GOAL, such as your credit card and bank details, is protected by third party payment processing software. This software is Payment Card Industry ("PCI") compliant, encrypts financial information entered online and means that no one can read this information while your donation is being processed.
2.4 GOAL does not carry out automatic decision-making but where we systematically analyse the information that we hold about you, in order to improve our communication with you (profiling), you will be informed about this as soon as possible, but at the latest when we contact you as a result of such profiling. If you do not wish to be subject to such profiling, please advise us by emailing firstname.lastname@example.org or call us on +353 1 280 9779.
2.5 GOAL uses advertisers and advertising networks, including social networks that select and serve relevant adverts to you and others. We do not disclose your Personal Data to our advertisers, but we may provide them with anonymised, aggregated information about our users in order to market our activities.
3 Special Categories of Personal Data
Certain categories of your personal data are regarded as 'special'. Special data includes information relating to an individual's physical or mental health, religious, philosophical or political beliefs, trade union membership, ethnic or racial origin, biometric or genetic data and sexual orientation.
We will only process any special categories of your Personal Data where necessary for the purpose of carrying out the obligations and exercising specific rights of GOAL. We will only process data relating to your criminal convictions or involvement in criminal proceedings when permitted by law, or where provided voluntarily by you.
4 How we use Personal Data we collect
4.1 We will only use your Personal Data for the purposes and legal bases set out in the table below:
|Purpose(S) For Processing||Legal Basis For Processing|
|Marketing To You About Our Activities||(A) You Have Provided Your Consent – Which You May Withdraw At Any Time; Or (B) To Support Our Legitimate Interests In Promoting Our Activities And Sending You Marketing Materials. You Have The Right To Object To Such Marketing Communications At Any Time|
|To Process Your Donation||The Processing Is Necessary To Perform Our Contract With You|
|To Carry Out Our Obligations Arising From Any Contracts Entered Into Between You And Us||As Above|
|To Keep You Updated And Informed About Our Work And How Your Donation Is Being Used||To Support Our Legitimate Interests In Updating You On Our Global Programmes And Charitable Work And How Your Donation Has Been Used, Provided Such Interests Are Not Overridden By Your Rights And Interests|
|To Request Your Consent For GOAL To Claim Tax Relief On Your Donations||To Support Our Legitimate Interests In Claiming Tax Relief On Donations, Provided Such Interests Are Not Overridden By Your Rights And Interests|
|Communicating With You And Other Persons In The Course Of Our Activities||To Support Our Legitimate Interests In Communicating With People During The Course Of Our Activities, Provided Such Interests Are Not Overridden By Your Rights And Interests|
|To Ensure That Content On Our Website Is Presented In The Most Effective Manner For You And For Your Computer||To Support Our Legitimate Interests In Maintaining Our Website, Provided Such Interests Are Not Overridden By Your Rights And Interests.|
|For The Prevention And Detection Of Fraud, Money Laundering Or Other Crimes Or For The Purpose Of Responding To A Binding Request From A Public Authority Or Court||To Comply With Our Legal And Regulatory Obligations|
|Processing Of Job Applications||(A) To Perform Or Enter Into A Contract With You; And/Or (B) To Support Our Legitimate Business Interests In Assessing Job Applications Provided Such Interests Are Not Overridden By Your Rights And Interests|
5 Submission of Job Applications/CVs
5.1 To submit a job application to GOAL, you will be redirected to a third party website. Please see section 6 below for more information. Personal Data related to your application to GOAL will be used by GOAL only in accordance with this Privacy Statement.
5.2 Personal Data provided by you in application forms and/or CVs or other such documentation submitted to GOAL will be treated with the highest standards of security and confidentiality, in accordance with Data Protection Law and this Privacy Statement.
5.3 If your current application is unsuccessful, we shall retain your employment application information, including CVs, for the purposes of considering you for future roles which may become available within the GOAL Group for a period of 12 months.
5.4 By submitting your information and/or your CV directly to us, you warrant that all information provided by you is complete, accurate and correct.
5.5 Information that you submit to GOAL may be transferred to GOAL offices outside of the European Economic Area ("EEA"), where GOAL recruitment staff are located and also where such transfer of information is relevant to the position for which you have applied. Please see section 7 for further information on where we transfer and store your data.
6 Links to Other Websites
6.1 We may, from time to time, provide links to third party websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and we do not accept any responsibility of liability for those policies. It is your responsibility to check the third party website's privacy statements and policies before you submit any Personal Data to their websites.
7 Where We Transfer and Store Your Personal Data
7.1 The Personal Data that we collect from you may be transferred to, and stored at, a destination outside the EEA including the countries where our management offices are located (US, Turkey and Jordan) and our programme countries (Ethiopia, South Sudan, Sudan, Zimbabwe, Sierra Leone, Niger, Iraq, Syria, Malawi, Honduras, Haiti, and Uganda). Please note that this list may change from time to time. These countries may not have data privacy laws as strong as those in force in the EEA.
7.2 The information is kept in a database on our server provided by WP-Engine. Our hosting partner has adopted the EU-US and Swiss-US Privacy Shield program and are themselves GDPR compliant - you can view their terms HERE.
7.3 To the limited extent that it is necessary to transfer your data outside the EEA, we will ensure that appropriate safeguards are in place to protect the privacy and integrity of such Personal Data, including Standard Contractual Clauses under Article 46.2 of the GDPR; an adequacy decision under Article 45 of the GDPR or the EU-US Privacy Shield. We may also transfer your data outside the EEA if it is necessary for the performance of a contract with you. Please contact us if you wish to obtain information on such safeguards (see Contact us below).
7.4 By submitting your Personal Data, you agree to this transfer, storing and/or processing.
8 Disclosure of Your Information
8.1 We may disclose your Personal Data to any member of the GOAL group (including affiliates, subsidiaries, branches and liaison offices), within or outside of the EEA, subject to strict obligations to protect your Personal Data and process it on our behalf and under our control only.
8.2 We may disclose your Personal Data to third parties:
8.2.1 In the event that they are working directly on our behalf for a specified purpose;
8.2.2 If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation or court order, or in order to enforce, establish, exercise or defend legal rights, the rights, property, or safety of you, us, our group, or employees, for example to statutory and regulatory authorities and government bodies;
8.2.3 Third parties who provide a service to us who process Personal Data our behalf and are bound by confidentiality provisions, for example banks, payment providers, insurance and health providers;
8.2.4 To our donors; and
8.2.5 In the event that we restructure or reorganise our organisation or enter into a merger or acquisition in which case we may disclose your Personal Data to the relevant parties.
8.3 We may also provide non-Personal Data to third parties, where such information is combined with similar information of other users of our Website. For example, we might inform third parties regarding the number of unique users who visit our Website, the demographic breakdown of our community users of our Website, or the activities that visitors to our Website engage in while on our Website. The third parties to whom we may provide this information may include our Website design, development and hosting contractors.
9 Your Rights
9.1 To the extent that we are a controller of your Personal Data you may request access to, rectification, or erasure of your Personal Data, or restriction of processing or object to processing of your Personal Data, as well as the right to data portability. In each case, these rights are subject to restrictions as laid down by law. The following is a summary of your rights:
9.1.1 The right of access enables you to receive a copy of your Personal Data
9.1.2 The right to rectification enables you to correct any inaccurate or incomplete Personal Data we hold about you
9.1.3 The right to erasure enables you to ask us to delete your Personal Data in certain circumstances
9.1.4 The right to restrict processing enables you to ask us to halt the processing of your Personal Data in certain circumstances,
9.1.5 The right to object enables you to object to us processing your Personal Data on the basis of our legitimate interests (or those of a third party)
9.1.6 The right to data portability enables you to request us to transmit Personal Data that you have provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible.
9.2 You have the right to lodge a complaint with the Data Protection Authority , in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your Personal Data infringes the GDPR.
9.3 If you wish to exercise any of these rights, please contact us (see Contact Us below). We will respond to your request within one month. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request. We may request proof of identification to verify your request. We have the right to refuse your request where there is a basis to do so in law, or if it is manifestly unfounded or excessive, or to the extent necessary for important objectives of public interest.
9.4 All visitors to the Website have the option to unsubscribe from communications from us. If you do not wish to continue to receive correspondence from us you can opt-out by clicking on the "unsubscribe" link in any emails which we might send you or by contacting us via our email address, address or phone number provided below.
10 Retention of Your Information
10.1 We will retain your Personal Data and maintain a record of your donations for as long as we are required for financial reporting purposes. We will also retain your Personal Data for the purposes of providing access to our Site and related services to you; as required by law and for the exercise or defence of legal claims (generally for 7 years).
11.1 Your Personal Data is protected by a secure system both online and offline. Your information will be stored on a secure, computerised database which seeks to prevent loss, misuse, unauthorised access or disclosure, alteration or destruction of this information.
11.2 The data you provide will be transmitted via SSL encryption (Secure Sockets Layer) which is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry-standard and is used by millions of websites in the protection of their online transactions with their customers.
11.3 We will always endeavour to protect your Personal Data from loss, misuse, unauthorised access or disclosure, alteration or destruction. We are committed to providing security for your information, including working with leading suppliers of secure payment services. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Statement and Data Protection Law.
11.4 GOAL use industry-standard efforts to safeguard the confidentiality of your personally identifiable information. Unfortunately, no collection or data transmission over the Internet can be 100% secure. While we strive to protect your Personal Data, we cannot ensure or warrant the security of any transmission and you transfer the Personal Data at your own risk.
11.5 We make every effort to protect the loss, misuse, and alteration of the information under our control. However, no data transmission over the Internet can be guaranteed to be 100 percent secure.
11.6 We will not be liable for any loss or damage caused by a distributed denial-of-service ("DDoS") attack, viruses, malware or other technologically harmful material that may infect your computer equipment, computer programs, data or other proprietary material due to your use of this Website or to your downloading of any material posted on it, or on any Website linked to it.
12.1 If you are under 18, please ensure that you have a parent or guardian’s permission before providing GOAL with any Personal Data. If you provide us with any Personal Data we will assume that you are over 18 and that you accept the terms of this Privacy Statement, unless you inform us otherwise.
13 Changes to this Privacy Statement
13.1 This Privacy Statement may change without prior notification. We therefore encourage users to familiarise themselves with the contents of this Privacy Statement on a regular basis.
14 Contact Us
14.1 If you have any questions about this Privacy Statement or the privacy and/or security of Personal Data submitted to GOAL, please email the Data Protection Officer at DPO@goal.ie; write to Data Protection Officer, GOAL, PO Box 19, Dun Laoghaire, Co Dublin; or call +353 1 280 9779.
14.2 To update your communication preferences or opt-out of communications in the future, please contact us at email@example.com or call +353 1 280 9779.
14.3 Further information in respect of your rights is available at the website of the Office of the Data Protection Commission, www.dataprotection.ie.