PRIVACY STATEMENT & DONOR BILL OF RIGHTS
The Dingwall Trust is committed to protecting your privacy and your rights as a supporter and partner.
Protecting your privacy
The Dingwall Trust is registered as a charitable entity in New Zealand (CC25017).
We are committed to protecting your personal data; this document describes how we handle your personal information and how we disclose information that identifies you. We recognise that your relationship with us is voluntary and, as such, your privacy will be held in the strictest confidence.
This privacy statement is regularly reviewed and updated as necessary to meet legal requires for privacy. Any revised version is published on our website and is in effect from the time of publication. You are welcome to contact us at any time to discuss this policy.
Please note that a separate privacy policy will apply if you provide us with confidential information as a result of using our community services, or if you or someone in your whanau is currently supported by us. Further information will be provided to you at that time but details of our Confidentiality Policy are available on request from our Chief Executive.
In accordance with the New Zealand Privacy Act 2020 we maintain high standards for the protection of data to ensure donor information remains private and is only used for the purpose it is collected.
Your personal information is stored in a secure database in New Zealand.
As required by the Privacy Act 2020, we follow strict security procedures in the storage and disclosure of your personal information. This means we may occasionally request proof of identity before we can disclose sensitive information to you.
Information regarding donations is handled with respect and confidentiality to the extent provided by law.
- We respect your anonymity.
- We respect the wishes of contributors who prefer their gift remain confidential
- We do not lend, exchange, rent or sell our donor lists to other organisations
- The personal information you provide when making an online donation or sign up for information will be protected and will not be disclosed to third parties unless required by law or to offer you further opportunities to impact the lives of children in care
Personal information
‘Personal information’ is any information or opinion that can identify or be used to identify you.
Collection of personal information
We collect and hold personal information from our donors, supporters, volunteers, contractors, suppliers, partners, alumni and other individuals and companies. For example, if you are a financial supporter we would collect and hold your name, address, phone and email address. This information will generally be collected directly from you, or from a third party if you have authorised us to do so.
We collect information about our supporters and website users in various ways:
- Personal information that you provide voluntarily when registering and completing forms, such as when you make a donation or sign up for communications from us;
- Website usage information through tracking your individual click behaviour (page view, time on site, how you came to our website) to understand how we can make your experience on our website better;
- Aggregated website traffic information collected by our web server or third party systems we subscribe to.
From time to time we may collect more detailed personal information to tailor our communications to you and to fulfil your request(s), such as demographic information, ethnicity or relationships with others. We may collect that information when you speak to us by phone or send us information via email or post. The provision of more detailed information is purely voluntary.
Use of personal information
We use your personal information primarily to:
- Process your donations accurately;
- Communicate with you on matters relevant to your donations or your relationship with us;
- Improve our website so we can give you a better online experience;
- Provide you with any other services you have requested;
- Share recent news or opportunities to support vulnerable children in care;
- Use the information for any other purpose for which you have given us permission.
Communications from us
We may use your personal information to send direct marketing messages or telemarketing if we feel it is appropriate to the nature of your relationship with us, e.g. if you make a donation to an appeal, you will receive information about future appeals.
We do not wish to send communications to you that you do not want to receive. Any digital communication we send you, except for messages confirming a transaction with us, will always have an unsubscribe facility.
If at any stage you feel that you are receiving communications of any kind from us that you do not want, please contact us, allowing seven days for us to process your request.
Use of email or mobile number for donor communications
During your interactions with us via the website or on the phone, you can supply an email address which we will use to contact you about our service. We do not sell or rent email addresses to third-party organisations.
By default, a website donor is:
- opted-in to regular monthly and/or weekly newsletter updates
- opted-in to our service announcement
- opt-ed in to event invitations
- opted-in to receive survey invitations to help us improve our service to you.
If you’d rather not receive these types of communication, please contact us On digital communications from us, there will be opportunities to unsubscribe.
Disclosure of personal information
Our staff assume that all donations are confidential and will not be publicly announced unless the donor expressly gives consent. Comments given on donor forms may sometimes be used anonymously for promotional purposes. For attributed comments we will always seek consent from you.
We generally do not disclose personal information to other organisations unless we believe it is reasonably necessary to conduct the functions and activities of The Dingwall Trust, if you give your consent or if it is required or authorised by law including in emergency situations or to assist law enforcement.
We use a range of suppliers, service providers, contractors and partners to fulfil our community and fundraising. They include information technology service providers, direct marketing agencies, banks, credit card companies and recruitment agencies. This means that organisations and individuals other than us may collect, access and use personal information held by us. We require these third party providers through our signed agreements with them to comply with our security guidelines and privacy laws, and to adhere to all NZ privacy and data protection legislation.
Security of personal information
We take all reasonable steps to ensure the security of personal information by storing it in a secure environment. We require our employees, contractors, volunteers, and third party service providers to respect and protect the confidentiality of personal information we hold.
Our customer database is secured by a firewall to ensure, as far as practicable, that it cannot be accessed by unauthorised parties. Our database provider leverages industry standard CIA Triad Model, as well as various industry control frameworks such as NIST CSF, PCI DSS, ISOL27001, SOC 1, SOC 1 type 2 and others to protect our database.
Access to our customer database is restricted to our donor and administration teams, and senior management. We use different levels of security to restrict sensitive or confidential information to relevant staff only.
Our website has layers of security to protect it against malicious activity, possible breaches of the system (‘cracking’) and unauthorised access to customer data.
Your data is not permanently stored on our website.
This website has security measures (minimum 256-bit secure sockets layer encryption) designed to protect against the loss, misuse and/or alteration to your personal information under our control. Secure pages on our website are protected by an SSL certificate. A security icon visible on your screen, for example a padlock, confirms that your browser supports SSL security. Click on the security icon to verify the security certificate on this website.
When you send us an email, the data is not encrypted and therefore not secure.
It is important for you to protect against unauthorised access to your information and to your computer. Ensure you logout when you have finished, especially if using a shared computer.
Access to, correction of and deletion of personal information
You may at any time request access to, correction of or deletion of any personal information about you held by us. Please contact us. We are happy to provide you with any personal information that we hold about you, at any time. If it is wrong, we will correct it.
Dealing with us anonymously
You may request us to deal with you anonymously or through a pseudonym. We will accommodate your request if it is lawful and practical for us to do so. For example, it may not be possible for us to process your donations or accept you as a volunteer if you do not provide the necessary personal information.
Website tracking and online advertising
We use third party website trackers, such as Google Analytics, to collect information on how you use our website. On occasion, random short surveys may also be used to collect further information about our users — participation in these surveys is entirely voluntary.
Cookies
When you use our website, we may collect personal information from you automatically through cookies including: your IP address and or domain name; your operating system (type of browser and platform); and the date, time and length of your visit to the website. We use this information primarily for the compilation of statistical information about the use of our website to improve user experience. Most web browsers are set by default to accept cookies. However, if you do not wish to receive any cookies, you may set your browser to either prompt you to refuse cookies or automatically refuse cookies.
Google Analytics
We use services such as Google Analytics which will issue cookies from their own servers and which will be able to track website visitors throughout our website and through any other sites that use those services.
The services are used to aggregate website statistics anonymously, such as number of page views, the number of unique visitors, time spent on our site, and to determine advertising effectiveness.
Google Analytics is a web analytics tool that helps website owners understand how visitors engage with their website. Google Analytics customers can view a variety of reports about how visitors interact with their website so they can improve it. Google Analytics collects information anonymously. It reports website trends without identifying individual visitors. All website owners using Google Analytics are required to have a privacy policy that fully discloses the use of Google Analytics. We use this information to track the effectiveness of our website. Types of data collected include visits, viewed pages and the technical capabilities of our visitors. These statistics will not identify you as an individual. For more information read Google’s Privacy Policy.
Online advertising
From time to time we may use third party vendors, such as Google, to display advertising on websites across the internet. These third party vendors may also use cookies to anonymously track and target advertising based on your browsing behaviour.
For further information and details of how you can opt out of these third party cookies via the Network Advertising Initiative, click here.
Links to other websites
The Foundation’s website may contain links to third party websites, and third party websites may also have links to The Foundation’s website. Our Privacy Policy does not apply to external links or other websites. These third-party websites may collect your personal information. We encourage you to read the privacy policies of any website you link to from our website.
Security of online donations and transactions
The PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards designed to ensure that companies that accept, process, store or transmit credit card information maintain a secure environment.
The Dingwall Trust processes credit cards via a secure, PCI DDS-compliant credit card gateway. This gateway has passed a Level 1 PCI DSS audit. Customer’s payment details are encrypted into a single token that is stored on our payment gateway’s secure server. The Dingwall Trust does not store credit card information collected online.
If you send us personal cardholder data by email or by postal mail or provide us with this information over the phone, we have strict processes in place to ensure that we meet the Payment Card Industry Security Standard Council’s payment card industry data security standards and only store cardholder data in a secure encrypted environment (and securely destroy any email or postal correspondence that may contain sensitive financial information).
Job Applicants
When we receive an application for employment, personal information that is included in the application may be collected, such as your contact details, career history, education details, eligibility to work in New Zealand, written references and other career-related information. This may also include sensitive information, such as medical information, criminal history or involvement with the social development ministry.
If personal information is obtained from third parties, reasonable and practicable steps will be taken at or before the time of collection (or as soon as practicable after collection) to notify an individual, or otherwise to ensure awareness of the collection of personal information.
The following personal information may also be obtained from third parties:
- Personal information through a recruitment service provider;
- Prior employment history from previous employers or nominated referees;
- Criminal record history by way of a police check;
- Ministry of Social Development (or its equivalent) vetting;
- Eligibility to work in New Zealand, by way of a visa status check;
- Confirmation of driving licensing status;
- Educational qualifications, by way of requesting confirmation of qualifications or results form an academic institution;
- Confirmation of professional registration by way of requesting information from a professional membership organisation.
Personal information may be collected during the recruitment process for the purpose of assessing and progressing an application, inviting applicants to apply for future positions and conducting statistical reporting and analysis in relation to the recruitment and selection processes. Your personal information for future job opportunities may be held, unless specifically requested to be deleted.
By applying for a job and providing your personal information, an individual is providing consent to collect and store personal information, using and disclosing it for the purposes set out in this Privacy Statement. This may include disclosing your personal information to referees and also to other third parties that we use to help with the recruitment and selection process. Personal information may also be disclosed to law enforcement and/or other government agencies to verify whether an individual has a criminal record or information of concern with regard to contact with a child or young person.
Complaints
If we become aware of an ongoing concern or problem concerning our privacy practices, we will take that issue seriously and work to address it.
If you wish to make a complaint about how we handle your personal information, please contact us. Please provide as much detail about the facts surrounding your complaint so we can resolve it quickly for you. If we fail to resolve your complaint, you may refer the matter to the New Zealand Privacy Commissioner.
If you have feedback or complaints on any other matter, please contact us.
The Donor Bill of Rights
The Dingwall Trust is committed to upholding the International Donor Bill of Rights.
Philanthropy is based on voluntary action for the common good. It is a tradition of giving and sharing that is primary to the quality of life. To assure that philanthropy merits the respect and trust of the general public, and that donors and prospective donors can have full confidence in the not-for-profit organisations and causes they are asked to support, The Dingwall Trust declares that all donors and supporters have the right to:
To be informed of The Dingwall Trust’s mission, the way Dingwall intends to use donated resources, and its capacity to use donations effectively for their intended purposes
To be informed of the identity of those serving on Dingwall’s governing board, and to expect the board to exercise prudent judgment in its stewardship responsibilities
To have access Dingwall’s most recent financial statements
To be assured their gifts will be used for the purposes for which they were given
To receive appropriate acknowledgment and recognition
To be assured that information about their donations is handled with respect and with confidentiality to the extent provided by law
To expect that all relationships with individuals representing organisations of interest to the donor will be professional in nature
To be informed whether those seeking donations are volunteers, employees of the organisation or hired solicitors
To have the opportunity for their names to be deleted from mailing lists that an organisation may intend to share
To feel free to ask questions when making a donation and to receive prompt, truthful and forthright answers.