Skip to main content

Donor Privacy Notice

We thank you for your intention to donate to the cause of Transparency International. Before you donate we want to inform you according to Art. 13 General Data Protection Regulation (GDPR) and the applicable data protection rules about how we process your personal data.

Contact Details – Data Controller

Transparency International is committed to ensuring the privacy and data protection rights of all our donors. You can contact us under the following address:

Transparency International e. V.

Alt-Moabit 96, 10559 Berlin, Germany

Tel. +49 30 343820 0

ti@transparency.org

We also invite you to contact our fundraising team directly should you have any questions or wish to discuss this policy further:

donations@transparency.org

Personal Data or categories of personal data that we process

We provide our donor community with a number of options to get involved and support the work of Transparency International: through online donations, performed through our website or facebook, through a personal relationship between you and us, contacts established on events and other occasions as well as your donations that reach us by bank transfer or bank cheques.

Depending on how you have chosen to communicate with us and to ensure we can provide you with information that is relevant and of interest to you we generally process the following categories of personal data:

  • Name (first name and family name)
  • Prefix
  • Address
  • E-mail Address
  • Job title for employees of institutional donors
  • data regarding the donation: amount of donation, purpose of donation, date of donation
  • history of previous donations
  • history of donor and interests regarding our organization and its purposes
  • members of your household, if they are giving to our organization or have shown interest in our organization
  • Language preference

In case we have direct personal contact with you throughout our donor relationship, we might process further data, as it is shared by you or gained from publicly available resources:

  • phone number
  • date of birth
  • age
  • gender
  • job title, profession
  • place of work
  • information about the content and channel of communication, date, reason and result of our interactions with you
  • your personal preferences and areas of interest with regards to our organization and its purposes
  • TI events that you and your family have attended
  • general publicly available information

Within our research we also gain publicly available information through various publicly non-intrusive accessible sources and may process personal data in line with the purpose of the source.

Purposes of processing your personal data and lawful bases

Through your gift(s) you have expressed support and interest in our work. Our work would not be possible without the voluntary contributions we receive such as the one you are making. In the following we are providing you with the purposes and lawful bases of our processing activities, which are among others

Our purpose:

What we do:

On what lawful basis

Processing of administrative purposes in relation to the donor relationship

  • Issuing tax receipts
  • Processing the donation details (such as name, address, email address)

Contract: Art. 6.1b) GDPR

To fulfill legal and administrative obligations:

  • producing proof of transactions
  • fraud prevention and money laundering prevention
  • to fulfill tax control and reporting obligations
  • to fulfill instructions of the administration as well as court orders
  • to judge and monitor risks of money from illegal sources within Transparency International

We process names and bank details of institutional and private donors.

Legal obligations: Art. 6.1 c) GDPR

Transparency on financial sources, adhering to TI-donations policy. Acting in accordance with our purposes.

We publish the names of donors that donated above EUR 1000 in our financial statements

Legitimate Interest: Art. 6.1 f) GDPR

Preventing fraud, money laundering and other criminal activities, preserving the reputation of Transparency International

We process bank details, names

We do a due diligence check on potential donors through publicly available sources

Legitimate interest: Art. 6.1 f) GDPR

Legal obligation: Art. 6.1 c) GDPR, Sec. 261 (5) of the German Criminal Code

Direct marketing: keep the relationship with existing donors alive through communication, inviting their interest and donations for our ongoing and coming activities and projects, understanding our donor’s interests

  • Newsletters
  • Calls

Consent: Art. 6.1a) GDPR (please see Section 8.)

  • Emails regarding concrete projects and activities that donor has demonstrated interest in
  • Invitations to events
  • Taking notes of personal interactions with donors regarding their interests

Legitimate interest: Art. 6.1 f) GDPR

  • Thank you note to the donor

Legitimate interest: Art. 6.1.f) GDPR

Direct marketing: engaging with our donors based on their interests and giving capacity, target our communication based on relevance of interest. Increase our connectivity with donors

  • Forming categories of donors based on their giving levels, geographic interest, topic interest.
  • Members of staff then decide what marketing measures are appropriate for each segment.

Legitimate interest: Art. 6.1.f) GDPR

Prospecting: Finding new donors or inviting existing donors to increase their engagement

  • Searching our internal data base based on activity patterns and giving history
  • Researching and contacting individuals and institutions with an expressed interest in our work
  • Inviting prospects to events
  • Communicate with prospects about our work, specific areas that they have demonstrated interest in, share annual publications.

Legitimate interest: Art. 6.1.f) GDPR

Recipients or categories of recipients of your personal data

We do not share your data with any third parties for promotional purposes.

Within Transparency International access to your personal data is only given to individual members of staff or teams in order to fulfill our legal and contractual obligations as well as for the above-described purposes.

Your personal data may be shared with service providers that we engage as processors If we do so, we will always enter into data processing agreements including all the legal obligations of Art. 28 GDPR. Such processors can be the following (this list is not exhaustive, and we reserve the right to change service providers):

  • service providers that we use for our collection and processing of data in our database, our communication with you, online or in print
  • public institutions and authorities regarding our legal reporting obligations (such as tax authorities, federal bank)
  • service providers whom we use to process your donation, such as Stripe Inc. (510 Townsend Street, San Francisco, CA 94103, USA)
  • other service providers you may choose for processing your donation, such as:
  • Facebook Pay: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
  • service providers we use for the maintenance and support of our IT systems
  • service providers we use for our internal financial accounting systems, compliance systems, data screening within legal obligations and audits.

Time of storage of your personal data

We delete your personal data when the under Section 3. mentioned purposes have expired and the processing and storage of your personal data is no longer necessary, this is usually the case after we had no giving or no contact from your side for more than 2 years, unless we are bound to extend the storage for the following reasons:

  • statutory storage duties according to section 147 of the Fiscal Code of Germany or section 257 of the Commercial Code regarding data that is relevant for our financial statements (up to 10 years)
  • retention of evidence necessary to defend our rights according to statute of limitations e.g. section 195 German Civil Code (general statute of limitation 3 years to the Civil Code)

Your data protection rights

You have the following rights based on the GDPR:

Access Right (Art. 15 GDPR)

You have the right to request access to the personal data that we process about you.

Right to rectification (Art. 16 GDPR)

In case we process inaccurate personal data about you, you have the right to rectification.

Right of erasure, restriction and objection (Art. 17, 18 and 21 GDPR)

If the legal requirements of Art. 17, 18 or 21 GDPR are given, you have the right to erasure of your personal data, the right to restriction of processing and the right to object the processing of your personal data.

Right to data portability (Art. 20 GDPR)

If you have given your consent to the processing of your personal data or we are processing on the basis of a contract and the processing is carried out by automated means, you have the right to transmit those data to another controller.

Right to complain

You have the right to lodge a complaint with the data protection authority Berlin (see details below) if you believe that the processing is unlawful or that any of your data protection rights are being violated.

Berliner Beauftragte für Datenschutz und Informationsfreiheit,

Friedrichstr. 219

10969 Berlin

email: mailbox@datenschutz-berlin.de

Phone: 030 13889-0

Your right to withdraw your consent

You have the right to withdraw your consent at any time for the future by email or mail to the addresses, mentioned under Section 1. This withdrawal does not affect the lawfulness of processing of your personal data that has taken place prior to your withdrawal.

Transfer of data in third countries or international organizations

We only transfer personal data in countries outside of the EU and the EEA (European Economic Area), so called “third countries” in the following cases: necessity for the performance of your orders, legal requirement (duty to report to tax authorities), based on your consent or necessity within a processing agreement that we have with a service provider. When using service providers in third countries we apply Standard Contractual Clauses provided by the EU to ensure the European level of data protection.

Obligation to provide personal data when required for a contract

We need certain personal data from you to be able to perform the donor relationship and to fulfill our contractual and statutory legal obligations. Without this personal data we cannot conclude the donor contract with you or cannot continue an existing contractual donor relationship.

Contact - Data Protection Officer

If you wish to exercise any of your rights mentioned under Section 6 or have any questions about this policy, please contact:

The Data Protection Officer

Transparency International e. V.

Alt Moabit 96

10559 Berlin, Germany

or please email us: dataprotection@transparency.org