Forests of the World takes your data security seriously

Our cookie and privacy policy contains all the information you need in order to see how we collect, store, and use your data. You are always welcome to contact us if you have any questions.

Cookies

We use cookies to optimise your use of our website. The first time you use our website you will be asked if you allow cookies before they are stored in your browser.

The cookies do not contain personal data such as information about your e-mail address, your user ID or other personal information beyond what is stated in this Cookie and Privacy Policy (hereinafter referred to as the “Policy”) .

You can control whether you want cookies on your computer.

The cookie we place on your computer will, by default, stay there forever. Unless you actively delete the cookies on your computer.

Processing of IP addresses

If you are not a customer, member or contributor of ours, but just using our website, we need – to a limited extent – to be able to manage the information that you provide for the purpose of, for example, cookie management. We register which IP addresses have visited our website. An IP address can be personal data and if we process your IP address, this will be done on the same basis as described in the privacy policy below.

Privacy Policy

Forests of the World processes personal data and must comply with relevant law and the principles of good data processing practice. This Policy outlines how we process personal data and ensures lawful and transparent processing covering all the information that you allow us to and/or that we collect about you. This may be either as part of a member/customer or contributor relationship or as an end-user of our services, including browsing on our website. You can read more about what information we collect, how we handle your information, how long we keep information about you, etc. in this Policy.

We only process personal data for clear and legitimate purposes and in the legitimate interests of the organisation and we delete data the moment it is no longer needed – or upon your request. You should read this Policy and contact us if you have any questions or comments regarding the Policy.

Definitions and key concepts

The following are definitions of some of the key concepts of the general data protection regulation:

Personal data

Any form of information about an identified or identifiable natural person. That is, any information which can directly or indirectly, alone or in combination, identify a specific natural person.

Controller

The physical or legal person, public authority, agency or other body which alone or jointly with others determines the purposes for and the means by which personal data shall be processed.

Data processor

The physical or legal person, public authority, agency or other body which processes personal data on behalf of and under the instructions of the controller.

Processing

Any activity or set of activities involving the use of personal data, e.g. collection, recording, systematization, alteration, consultation, compilation, disclosure or transmission to persons, authorities, companies, etc. outside Forests of the World.

Special categories of personal data

Data revealing racial or ethnicity, political affiliation, religious or philosophical beliefs, trade-union membership, genetic data, data concerning health or sexual orientation and data in the form of biometric data where this data is processed for the purpose of uniquely identifying a physical person (sensitive data).

GDPR

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC and related legislation.

Data Protection Act

Act on Additional Provisions for the Regulation on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of such Data (Data Protection Act).

Controller

Forests of the World is the data controller for the processing of your personal data and ensures that your personal data is processed in accordance with applicable legislation. You can always contact us with any questions about the policy:

  • Name: Forests of the World
  • Address: Klostergade 34,3 8000 Aarhus
  • CVR: 78920610
  • Phone: (+45) 86 13 52 32
  • Mail: info@verdensskove.org

Processing of personal data

When you are a member, customer or contributor, we collect personal data from you.

We process the following personal data:

  • General personal data such as name, address, date of enrolment, telephone number, date of birth and e-mail address.
  • Social security number (CPR-number) in order to obtain tax deductions for your donations or if we have a reporting obligation.
  • Bank account details

Here we collect information from

Usually we get data directly from you, for example when you become a member. In some cases there may be other sources such as government agencies, for example tax information required when paying wages. In other cases, our telemarketing partner carries out a data wash.

Forests of the World’s purposes for processing your personal data

We process your personal data for certain purposes; when we have a lawful, necessary reason or when we have obtained your consent (legal basis). Depending on whether you are a member, customer or contributor of ours, or perhaps just a user of our website, we are obliged to process your personal data to the extent that we can manage your relationship with our organisation and run our activities.

This means being able to provide you with the services you have requested and meeting our obligations as an organisation and applicable legislation.

We use your information for a number of different purposes depending on your relationship with Forests of the World.

  • If you are a member with us, we use your personal data to manage your membership, send you necessary information about your membership and marketing material.
  • If you are a customer of ours, we use your personal data to send you order confirmations, answer any questions and comply with your requests.
  • If you are a donor, your personal data is used to handle your contribution – unless you choose to contribute anonymously, report your contribution to SKAT, send you marketing material.
  • If you sign up for our newsletter, we use your email address to send you our newsletters with stories from our work, forest news from around the world as well as information about our campaigns, good offers and events etc.

We may also process your general personal data because we have a legitimate interest in processing the information, as set out in Article 6 (1)(f) of the GDPR. We have a legitimate interest in processing your personal data (your name and email address) for marketing purposes. Thus, our legitimate interest is to know your preferences so that we can better tailor our offers to you and ultimately offer products and services that better meet your needs and wishes. Of course, we comply with the rules of the Marketing Act. It is also with reference to this provision that we compile various statistics on the number of members, purchases, contributions, use of the website, etc. When you provide your email address and telephone number, for example in connection with petitions or purchases in the webshop, we will subsequently contact you to offer you a membership  as long as you have given your consent to this.

Disclosures of your personal information

We only disclose information about you to others outside the organisation to partners with whom we have a data processing agreement. For example, this may be for the purposes of marketing, telemarketing and to suppliers and partners, who assist us with the execution of your order, in connection with campaigns and donations or in connection with our IT operations, so that your data is stored securely. This means that we share your information with, for example, our service providers, our technical support and our bank. In addition to the above, we share your information to the extent that we are obliged to do so, for example as a result of reporting requirements to public authorities such as SKAT. However, we will only share personal data when strictly necessary and only in the above cases. If further disclosure of personal data is required in specific cases, it will always be on the basis of your consent.

List of data processors:

  • Ivaldi
  • Donatio
  • Charity Guard
  • TCC (the call company)
  • Danløn
  • KLS Pureprint
  • Campaign Monitor
  • zExpense
  • Intempus
  • Uniconta
  • Mercury/AP Pension
  • Google
  • OnlineFundraisin
  • Zapier
  • Gravity Forms

Retention and deletion of your personal data

We have different processing purposes and retention periods depending on whether we process your personal data as a member or as a customer.

We store your personal data according to the rules below:

  • If you are a customer, we will keep your personal data for up to five years, after which the data will be anonymised.
    If you are a member, we will keep your personal data for as long as you are a member and for up to five years from the date your membership is terminated, after which the data will be anonymised.
    If you are a contributor, we will keep your personal data for as long as you are a contributor and for up to five years from the date on which your contribution ceases, after which the data will be made anonymous.
    If you are a signatory to one of our campaigns, we will keep your personal data for the duration of the campaign and for up to two years from the date on which the data is deleted.
    If you are a newsletter recipient, we will keep your personal data for as long as you  subscribe to the newsletter and for up to two years from the date of your unsubscription, after which data will be deleted.
    If you are employed by us, we will keep your personal data for as long as you are employed and for five years after your employment ends, after which the data will be deleted. In some cases, your data will be kept longer if required by a donor or a government authority.

Access and rights

Under the GDPR, you also have a number of rights when we process your data. For example, you have the right to access the personal data that we process about you. You can request access to the personal data that we have recorded about you, including the purposes for which the data was collected, by contacting us. We will comply with your access request as soon as possible.

Correction and deletion

You have the right to request the rectification, additional processing, deletion or blocking of the personal data we process. We will comply with your request as soon as possible to the extent that the conditions are met. If – for any reason – we are unable to comply with your request, you will be contacted.

Restriction of processing

You have the right – in exceptional circumstances – to have the processing of your personal data restricted. Please contact us if you wish to restrict the processing of your personal data.

Data portability

You have the right to receive your personal data (only data related to you that you have provided to us) in a structured, commonly used and computer-readable format (data portability). Please contact us if you would like to make use of data portability.

Right of objection

You have the right to ask us not to process your personal data in cases where the processing is based on Article 6(1)(e) (task carried out in the public interest or in the exercise of official authority) or Article 6(1)(f) (legitimate interest). The extent to which we process your data for such purposes is set out in this Policy. You may exercise your right to object at any time by contacting us.

Withdrawal of consent

If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal does not affect the lawfulness of the processing carried out before you withdraw your consent. Please contact us if you wish to withdraw your consent to receive promotional information and offers in general, including by regular mail, e-mail, via SMS, by telephone or by any other electronic means, you may do so at any time by contacting us.

There may be conditions or limitations to the exercise of the above rights. It is therefore not certain that you have, for example, the right to data portability in the specific case – this depends on the specific circumstances of the processing activity in question.

Possible consequences of not providing personal data

If you are obliged to provide information about yourself to us, this will be stated where we collect the information. If you do not want to provide the personal data that we ask for, this may have the consequence that we cannot provide you with the services that you request, complete your orders, set you up as a contributor and so on.

Security

At Forests of the World, our processing of personal data is governed by our IT and Security Policy. Our IT and Security Policy also contains rules for conducting risk assessment and impact analysis of existing, as well as new or modified processing activities. We have implemented internal rules and procedures for maintaining appropriate security from the time we collect personal data until deletion, and we only entrust our processing of personal data to data processors who maintain an equivalent appropriate level of security.

Complaint to supervisory authority

If you are dissatisfied with our processing of your personal data, you may complain to the Danish Data Protection Authority:

Datatilsynet, Borgergade 28, 5th floor, 1300 Copenhagen K., telephone 3319 3200, e-mail: dt@datatilsynet.dk

Review and update of the privacy policy

We reserve the right to amend this Privacy Policy in accordance with the fundamental principles of Personal Data Protection and Data Privacy. We therefore regularly review this Policy to keep it updated and in line with applicable principles and legislation. When we change the Privacy Policy, we will also change the date in this document. In case of substantial changes, you will be notified and the Policy will be published on our website.

The then current Privacy Policy is available on our website.

Latest update November 2024