This policy governs all pages hosted at centreforeffectivealtruism.org, effectivealtruism.org, eaglobal.org, and pages hosted on any subdomain of any of these (our “Websites”). When you visit any of our Websites, we may collect personal information from you, either directly, or passively as you browse. Please read this policy to understand what personal information we collect and how we use it.
- WHO WE ARE
- THE PERSONAL INFORMATION WE COLLECT
- HOW WE USE YOUR PERSONAL INFORMATION
- LEGITIMATE INTERESTS
- KEEPING YOUR PERSONAL INFORMATION SAFE
- STORAGE AND RETENTION
- DISCLOSING YOUR PERSONAL INFORMATION
- DISCLOSURES REQUIRED BY LAW
- YOUR RIGHTS
- UPDATING THIS POLICY
1. WHO WE ARE
We are the Centre for Effective Altruism, a registered charity in England and Wales, (Charity Number 1149828). Like most charities, we operate through a company limited by guarantee, the registration number of which is 07962181. Our registered office is at Suite 2 Littlegate House, 16-17 St Ebbes Street, Oxford, Oxfordshire, OX1 1PT. For the purposes of data protection law, we will be a controller of the personal information we hold about you. This means we make decisions about how and why your information is used, and have a legal duty to make sure that your rights are protected when we do so. We work in partnership with the Centre for Effective Altruism in the United States, and all of our staff there will have access to your personal information. See section 6 for more details about how we keep it secure. If you are in the United States and would like to get in contact with us, you can do so at info (at) centreforeffectivealtruism.org.
2. THE PERSONAL INFORMATION WE COLLECT
We collect the following types of personal information:
Information you give us
If you would like to take part in our community by making a donation, you will need to create an account with us. To do so, we will need some information from you, including:
- your name;
- your contact details (postal address, e-mail address, mobile phone number); and
- your preferred payment method and billing address.
Without this information, we may not be able to collect your donation or re-grant it to the appropriate fund or charity.
If you agree to pledge a certain percentage of your income via the “Giving What We Can” pledge, we will collect information about your salary after tax, so that we can accurately calculate the pledge amount. We will also ask for your date of birth, so that we can show you how much difference your pledge can make over the course of your working life.
If you attend any of the EAGx events which are put on by our partners, we will have access to the personal information you provide them in order to keep track of who is attending.
Our EA grants application may ask for personal information about you relating to the project which is the subject of your funding application. If you refuse to provide this information, we may not have sufficient detail to be able to properly consider your funding request.
If you contact us for any reason, we may keep a record of that correspondence.
When you make a donation, take a pledge or contribute to one of our Effective Altruism Funds, the information you have given to us is passed to our payment processing partner to process according to our instructions. We do keep a copy of this. However, we will never store your card details – these are held by our third-party payment provider. If you would like your donation to be gift-aided, we will ask for your UK taxpayer status, as this information is needed to comply with our obligations under UK tax and charity law. It will also be shared with HMRC for tax regulation purposes.
When you visit any of our Websites, we may collect technical data about the device you are using, including where available your IP address, operating system and browser type. This is used for system administration and to improve the look and feel of our Websites. See section 3 for more about the technical data we collect through cookies and other web beacons.
Special Category Data (also known as sensitive personal information)
Unless you specifically provide it to us as part of your application to attend an event or receive a grant, we do not collect any special categories of personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. If you apply to attend an event and have requested reasonable accommodations in connection with a disability, we may store the information you provide to us about your disability in order to provide those accommodations if we can.
A cookie is a small file of letters and numbers that we store on your browser or device, with your permission.
We use the following types of cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our Websites. They include, for example, cookies that enable you to log into secure areas of our Websites or make a donation. You can refuse to accept all or some cookies by modifying settings within your browser (for guidance on how to do this visit http://www.aboutcookies.org/). However, if you block strictly necessary cookies, you may be unable to access certain parts of our Websites.
- Analytical/performance cookies. These cookies allow us to recognise and count the number of visitors and to see how visitors move around our Websites. This helps us to improve the way they work, for example, by ensuring that users are finding what they are looking for easily.
We use third-party services such as Google Analytics to help us improve the look and feel of our Websites. Google Analytics places a cookie on your browser which keeps track of certain details about your visit to our Websites. These include what Google search criteria you used to find them in the first place, how long you stay on certain pages, and what website you visit immediately after leaving our own. This data will be aggregated and anonymised to the greatest extent possible.
4. HOW WE USE YOUR PERSONAL INFORMATION
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- with your consent or explicit consent;
- where we need to perform a contract with you e.g. when you give a donation to one of our charities which we then re-grant on your behalf;
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (see the "Legitimate Interests" section below); or
- where we need to comply with a legal or regulatory obligation.
If you agree, we will send you periodic e-mails about CEA’s activities, upcoming events, annual retrospectives and other information that we think you might be interested in. You can opt-out of receiving these e-mails at any time by clicking the appropriate link in the e-mail itself, or updating your communication preferences via your account page.
We may use personal information held about you in the following ways:
- to process donations you make;
- to fulfil any orders you make (for example, if we are giving away copies of a book and you request that a copy be sent to you, we will use the mailing address you provide);
- to evaluate your application to attend an event or receive grant funding for a project;
- if you make a contribution to one of our Effective Altruism Funds, to contact you when the fund pays out;
- to comply with auditing and gift aid requirements;
- to make public reports about donations to Effective Altruism Funds and fund managers (such reports will not directly identify you, but we will use your personal data when creating them);
- to ensure that content from our Websites is presented in the most effective manner for you and for your device; or
- to respond to queries you send us.
When contacting you for any of the above purposes we may do so by phone or email, unless you tell us otherwise.
Your data will be treated in accordance with applicable data protection law. It will only be shared with third-parties as described in this policy. We will never sell your personal information.
5. LEGITIMATE INTERESTS
We may rely on legitimate interests to process your personal information, provided that your interests do not override our own. European data protection law requires us to explain what these interests are.
Where we rely on legitimate interests, these interests are:
- to keep our records updated and to study how our Websites and other services are used;
- to administer and protect the charity and web presence (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting);
- to inform our marketing strategies; and
- to best serve our charitable aims in the most efficient manner possible.
6. KEEPING YOUR PERSONAL INFORMATION SAFE
We employ a variety of physical and technical measures to keep your personal information safe and to prevent unauthorised access to, use of or disclosure of it. We control who has access to your data (using both physical and electronic means), some of which are described below. Our staff receive data protection training and we have a set of detailed data protection procedures which they are required to follow when handling personal information.
Our security measures include:
- sending all information over encrypted channels (SSL/TLS);
- using slow password hashing algorithms (Bcrypt);
- hosting data with managed VPS providers; and
- using PCI Compliant payment processors to avoid storing your payment details (e.g. credit card numbers).
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Websites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. We cannot absolutely guarantee the security of the internet, external networks, or your own device; accordingly any online communications (e.g. information provided by email or through our Websites) are at your own risk.
7. STORAGE AND RETENTION
Where we store your personal information
We store your personal information on secure servers. Employees of CEA in the UK, as well as our parent company in the United States will be able to access this information. However, when we transfer your personal information to our American parent company, we will take steps to make sure that the transfer is lawful and secure.
How long we keep it
We collect and store personal information for purposes connected with our business. As such, we will only retain your personal information for as long as necessary for those purposes.
If you make a donation through our Websites, we will keep your account open and retain your personal information for 6 years from the date of your last log-in. This is because we may need this data in some way to support a claim or defence in court. That is also the period within which our tax collecting authorities may demand to see and audit our records.
We regularly audit the personal information we hold and delete that which is not necessary. The table below explains how long we keep it.
|Personal information||Retention Period|
|Collected from your applications to, and attendance at, our events||2 years|
|Collected from Grant applications you submit||6 years|
|Collected when you contact us for other reasons||2 years|
8. DISCLOSING YOUR PERSONAL INFORMATION
Donations to One of Our Partner Charities
When you make a donation to one of our partner charities using the EA Funds platform, we will ask you if you would like to disclose your name and e-mail address to the charity. Charities find it helpful to know where the donations they receive have come from, in order to allow them to:
- reconcile donor lists with their own records;
- track conversions ETC; and
- send you details of their work and appeals for donations.
However, we will only send this information if you give your explicit consent for us to do so. This is because if you are resident in a country within the European Economic Area (“EEA”) and you are donating to one of our partner charities in the United States (or another country where data protection laws are not as strict), you will not benefit from the rights explained in section 10 below, which you are normally afforded under European data protection law. Whilst we make every effort to ensure that the charities we deal with do not use your personal information in a way which you would not expect, we will not be able to control what the charity does with it, or whom it is disclosed to.
We will ask you every time you make a donation, but be aware that if your personal information is disclosed to a charity once, we will not be able to force them to delete it. They may not know that any subsequent donations you make to them have come from you, but they will still have your personal information on file from the first time you donated and agreed that we could pass it on. If you do not wish to pass your personal information on to the charity, we will still make the donation on your behalf, and you will still be eligible for gift aid.
If you sign-up to our monthly newsletter, we will disclose your name and e-mail address to our partner, Rethink Charity. We also use MailChimp to manage the process of sending the completed newsletters out. You can opt out at any time by clicking the appropriate link in every newsletter we send you.
If we choose to sell, transfer, or merge parts of the charity or our assets, we may disclose your personal information to the new owners. Alternatively, we may seek to merge with another charity. If a change like that happens, then the new owners may use your personal information in the same way as set out in this policy.
9. DISCLOSURES REQUIRED BY LAW
We are subject to the law like everyone else. We may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order.
We also may need to retain and disclose certain personal information about you to regulatory authorities and to appropriate agencies to conduct anti-money laundering and trade sanction checks and to assist with fraud prevention. We will disclose this information as is required by law.
10. YOUR RIGHTS
We want you to remain in control of your personal information. Part of this is making sure you understand your legal rights, which are as follows:
- where your personal information is processed on the basis of consent, the right to withdraw that consent;
- the right to confirmation as to whether or not we are holding any of your personal information and, if we are, to obtain a copy of it;
- from 25 May 2018, the right to have certain data provided to you in a portable electronic format (where technically feasible);
- the right to have inaccurate personal information rectified;
- the right to object to your personal information being used for marketing or profiling, or on the basis of our or a third party’s legitimate interests;
- the right to restrict how your personal information is used; and
- the right to be forgotten, which allows you to have your personal information erased in certain circumstances (though this is not an absolute right and may not apply if we need to continue using it for a lawful reason).
If you would like further information about any of your rights or wish to exercise them, please contact us using the details given in section 1. However, please note that these rights do not apply where you have given your explicit consent for us to transfer personal information about you to one of our third-party charities located outside of the EEA. Please see section 8 above for more detail about this.
Please also keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so (for example, because the information no longer exists or there is an exception which applies to your request).
If you feel that your rights have been infringed, you should contact the UK Information Commissioner's Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
11. UPDATING THIS POLICY
We may update this Policy at any time. When we do, we will post a notification on the main page of each of our Websites and we will also revise the updated date at the bottom of this page. We encourage users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we hold.
This policy was last updated on 25th May 2018