- 1. Who we are
- 2. The personal information we collect
- 3. Cookies
- 4. How we use your personal information
- 5. Legitimate interests
- 6. Keeping your personal information safe
- 7. Storage and retention
- 8. Disclosing your personal information
- 9. Disclosures required by law
- 10. Your rights
- 11. Updating this policy
This policy governs all pages hosted on the following domains:
and pages hosted on any subdomain of any of these (our “Websites”). When you visit any of our Websites, we may collect personal information from you, either directly, or passively as you browse. Please read this policy to understand what personal information we collect and how we use it.
1. Who we are
We are the Centre for Effective Altruism, a registered charity in England and Wales (Charity Number 1149828). Like most charities, we operate through a company limited by guarantee, the registration number of which is 07962181. Our registered office is at Trajan House, Mill Street, Oxford, Oxfordshire, OX2 0DJ.
For the purposes of data protection law, we will be a controller of the personal information we hold about you. This means we make decisions about how and why your information is used, and have a legal duty to make sure that your rights are protected when we do so. We work in partnership with the Centre for Effective Altruism in the United States, and all of our staff there will have access to your personal information. See Section 6 for more details about how we keep it secure. If you are in the United States and would like to get in contact with us, you can do so at email@example.com.
2. The personal information we collect
We collect the following types of personal information:
Information you give us
If you would like to take part in our community by making a donation, you will need to create an account with us. To do so, you will need to provide us with certain information, including:
- your name;
- your contact details (postal address, e-mail address, mobile phone number); and
- your preferred payment method and billing address.
Without this information, we may not be able to collect your donation or re-grant it to the appropriate fund or charity.
If you agree to pledge a certain percentage of your income via the Giving What We Can pledge, we will request and collect from you information about your salary after tax, so that we can accurately calculate your pledge amount. We will also ask for your date of birth, so that we can show you how much difference your pledge can make over the course of your working life.
If you apply to attend any of our events, we may ask you for personal information about why you would like to attend and information about your profession. If your application to attend is accepted, we may transfer some of this information into an event app provided by an external company. You will be able to edit this information by logging into your event app account. If you attend any of the EAGx events which are put on by our partners, we will have access to the personal information you provide them in order to keep track of who is attending.
If you apply for a job at CEA, we may ask you for personal information so that we can contact you and verify your identity and right to work.
If you contact us for any reason, we may keep a record of that correspondence.
When you make a donation, take a pledge, or contribute to one of our Effective Altruism Funds, the information you have given to us is passed to our payment processing partner to process according to our instructions. We do keep a copy of this. However, we won't store your card details; these are held by our third-party payment provider. If you would like your donation to be gift-aided, we will ask for your UK taxpayer status, as this information is needed to comply with our obligations under UK tax and charity law. It will also be shared with HMRC (Her Majesty's Revenue and Customs) for tax regulation purposes.
When you visit any of our Websites, we may collect technical data about the device you are using, including, where available, your IP address, operating system, and browser type. This is used for system administration and to improve the look and feel of our Websites. See Section 3 for more about the technical data we collect through cookies and other web beacons.
Special category data (also known as sensitive personal information)
Unless you specifically provide it to us as part of your application to attend an event or receive a grant, we do not collect any special categories of personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, and trade union membership, as well as information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. If you apply to attend an event and have requested reasonable accommodations in connection with a disability, we may store the information you provide to us about your disability in order to provide those accommodations if we can.
A cookie is a small file of letters and numbers that we store on your browser or device, with your permission.
We use the following types of cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our Websites. They include, for example, cookies that enable you to log into secure areas of our Websites or make a donation. You can refuse to accept all or some cookies by modifying settings within your browser (for guidance on how to do this visit aboutcookies.org. However, if you block strictly necessary cookies, you may be unable to access certain parts of our Websites.
- Analytical/performance cookies. These cookies allow us to recognise and count the number of visitors and to see how visitors move around our Websites. This helps us to improve the way they work — for example, by ensuring that users can easily find what they are looking for.
We use third-party services such as Google Analytics to help us improve the look and feel of our Websites. Google Analytics places a cookie on your browser which keeps track of certain details about your visit to our Websites. These include what Google search criteria you used to find them in the first place, how long you stay on certain pages, and what website you visit immediately after leaving our own. This data will be aggregated and anonymised to the greatest extent possible.
4. How we use your personal information
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- with your consent or explicit consent;
- where we need to perform a contract with you, e.g. when you give a donation to one of our charities which we then re-grant on your behalf;
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (see the "Legitimate Interests" section below); or
- where we need to comply with a legal or regulatory obligation.
If you agree, we will send you periodic emails about CEA’s activities, upcoming events, annual retrospectives, and other information that we think you might be interested in. You can opt out of receiving these emails at any time by clicking the appropriate link in the email itself, or by updating your communication preferences via your account page.
We may use personal information held about you in the following ways:
- to process donations you make;
- to fulfil any orders you make (for example, if we are giving away copies of a book and you request that a copy be sent to you, we will use the mailing address you provide);
- to evaluate your application to attend an event or receive grant funding for a project;
- to contact you when one of our Effective Altruism Funds makes a new set of grants, if you've made a contribution to that fund;
- to reach out to you about potential collaborators or job/project opportunities;
- to comply with auditing and gift aid requirements;
- to make public reports about donations to Effective Altruism Funds (such reports will not directly identify you, but we will use your personal data when creating them);
- to ensure that content from our Websites is presented in the most effective manner for you and for your device; or
- to respond to queries you send us.
When contacting you for any of the above purposes, we may do so by phone or email, unless you tell us otherwise.
Your data will be treated in accordance with applicable data protection law. It will only be shared with third parties as described in this policy. We will never sell your personal information.
5. Legitimate interests
We may rely on legitimate interests to process your personal information, provided that your interests do not override our own. European data protection law requires us to explain what these interests are.
Where we rely on legitimate interests, these interests are:
- to improve our programs;
- to keep our records updated and to study how our Websites and other services are used;
- to administer and protect the charity and web presence (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting);
- to inform our marketing strategies; and
- to best serve our charitable aims in the most efficient manner possible.
6. Keeping your personal information safe
We employ a variety of physical and technical measures to keep your personal information safe and to prevent unauthorised access to, use of, or disclosure of it. We control who has access to your data using both physical and electronic means, some of which are described below. Our staff receive data protection training and we have a set of detailed data protection procedures which they are required to follow when handling personal information.
Our security measures include:
- sending all information over encrypted channels (SSL/TLS);
- using slow password hashing algorithms (Bcrypt);
- hosting data with managed VPS providers; and
- using PCI Compliant payment processors to avoid storing your payment details (e.g. credit card numbers).
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Websites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. We cannot absolutely guarantee the security of the internet, external networks, or your own device; accordingly any online communications (e.g. information provided by email or through our Websites) are at your own risk.
7. Storage and retention
Where we store your personal information
We store your personal information on secure servers. Employees of CEA in the UK and the US are able to access this information.
How long we keep it
We collect and store personal information for purposes connected with our business. As such, we will only retain your personal information for as long as necessary for those purposes.
If you make a donation through our Websites, we will keep your account open and retain your personal information for 10 years from the date of your last login. This is because we may need this data in some way to support a claim or defence in court. That is also the period within which our tax collecting authorities may demand to see and audit our records.
We also retain other types of personal information for 10 years. This includes information:
- collected from your applications to, and attendance at, our events.
- collected from grant applications you submit.
- collected when you contact us for other reasons.
If you apply for a job at CEA, and your application is not successful, we will seek consent to keep your personal data (such as your email address, location, and resume) indefinitely for the purpose of future suitable job vacancies. If consent is not given, or withdrawn, we will keep your data for 12 months once the recruitment exercise ends.
We regularly audit the personal information we hold and delete that which is not necessary.
8. Disclosing your personal information
Donations to one of our partner charities
When you make a donation to one of our partner charities using the EA Funds platform, we will ask you if you would like to disclose your name and email address to the charity. Charities find it helpful to know where the donations they receive have come from, in order to allow them to:
- reconcile donor lists with their own records;
- track conversions, etc.; and
- send you details of their work and appeals for donations.
However, we will only send this information if you give your explicit consent for us to do so. This is because if you are a resident in the UK or a country within the European Economic Area (“EEA”) and you are donating to one of our partner charities in the United States (or another country where data protection laws are not as strict), you will not benefit from the rights explained in Section 10 below, which you are normally afforded under UK or European data protection law. Whilst we make every effort to ensure that the charities we deal with do not use your personal information in a way which you would not expect, we will not be able to control what the charity does with it, or whom it is disclosed to.
We will ask you every time you make a donation, but be aware that if your personal information is disclosed to a charity once, we will not be able to force them to delete it. They may not know that any subsequent donations you make to them have come from you, but they will still have your personal information on file from the first time you donated and agreed that we could pass it on. If you do not wish to pass your personal information on to the charity, we will still make the donation on your behalf, and you will still be eligible for Gift Aid.
If you sign up to one of our monthly newsletters, or register for an event we run, we will disclose your name and email address to Mailchimp, a service we use to manage the process of sending mass emails. You can opt out of a mailing list at any time by clicking the appropriate link in any email we send through Mailchimp.
If we choose to sell, transfer, or merge parts of the charity or our assets, we may disclose your personal information to the new owners. Alternatively, we may seek to merge with another charity. If a change like that happens, then the new owners may use your personal information in the same way as set out in this policy.
9. Disclosures required by law
We are subject to the law like everyone else. We may be required to give information to legal authorities if they so request or if they have the proper authorisation, such as a search warrant or court order.
We also may need to retain and disclose certain personal information about you to regulatory authorities and to appropriate agencies to conduct anti-money laundering and trade sanction checks and to assist with fraud prevention. We will disclose this information as is required by law.
10. Your rights
We want you to remain in control of your personal information. Part of this is making sure you understand your legal rights, which are as follows:
- where your personal information is processed on the basis of consent, the right to withdraw that consent;
- the right to confirmation as to whether or not we are holding any of your personal information and, if we are, to obtain a copy of it;
- the right to have certain data provided to you in a portable electronic format (where technically feasible);
- the right to have inaccurate personal information rectified;
- the right to object to your personal information being used for marketing or profiling, or on the basis of our or a third party’s legitimate interests;
- the right to restrict how your personal information is used; and
- the right to be forgotten, which allows you to have your personal information erased in certain circumstances (though this is not an absolute right and may not apply if we need to continue using it for a lawful reason).
If you would like further information about any of your rights or wish to exercise them, please contact us using the details given in Section 1. However, please note that these rights do not apply where you have given your explicit consent for us to transfer personal information about you to one of our third-party charities located outside of the UK. Please see Section 8 above for more detail about this.
Please also keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so (for example, because the information no longer exists or there is an exception which applies to your request). If you feel that your rights have been infringed, you should contact the UK Information Commissioner's Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
11. Updating this policy
We may update this policy at any time. When we do, we will post a notification on the main page of each of our Websites and we will also revise the updated date at the bottom of this page. We encourage users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we hold.
This policy was last updated on 9 June 2021.