1.1. The Academy of Givers (the“Association”, “We”, “Us” or “Our”) is committed to protect the privacy of individuals whose Personal Data We Process (each individually a “Data Subject”, “You” or “Your”). This Privacy Notice applies where the Association is acting as a Data Controller with respect to Our Processing of Your Personal Data and provides information regarding the manner in which the Association processes Your Personal Data, in accordance with the provisions of the Data Protection Act (Chapter 586 of the Laws of Malta – the “DPA”) and Regulation (EU) 2016/679 (the General Data Protection Regulation – the “GDPR”) and the subsidiary legislation thereunder, as may be amended from time to time (hereinafter collectively referred to as the “Applicable Laws”).
2. Who We Are
2.1. The Data Controller of Your Personal Data is Academy of Givers, VO/1949, having its registered address at Gasan Centre, Triq Il-Merghat, Zone 1, Central Business District, Birkirkara CBD 1020, Malta.
2.2. Academy of Givers is a members-based association with the aim of improving philanthropic and corporate responsibility efforts for its members and Malta.
2.3. We comply with all applicable laws and statutory obligations, including the Applicable Laws, as Data Controller of Your Personal Data. For any request or query about how We use Your Personal Data, you may contact us through the following email address: email@example.com
3. Subject Matter
3.3. Capitalised terms in this Policy shall have the meaning assigned to them under the GDPR and shall be construed accordingly.
4. Personal Data Collected
4.1. The Association collects and processes Personal Data pertaining to the individuals:
4.1.1. who are themselves members of the Association;
4.1.2. who are representatives or officers of corporate members of the Association;
4.1.3. who visit and make use of Our website accessible at the following link www.academyofgivers.org (the “Website”)and/or Our online portal on the Website;
4.1.4. who themselves make use of any of Our services or are representatives or officers of corporate entities making use of Our services;
4.1.5. who participate in any of Our surveys or in any of the events that We organise;
4.1.6. who subscribe to Our email notifications and/or newsletters;
4.1.7. who themselves make donations to the Association or are representatives or officers of entities making donations to the Association; and
4.1.8. with whom We interact in the fulfilment of Our mission.
5. Categories of Personal Data Processed
5.1. The Association collects and keeps such data as it deems necessary to fulfil its role and to be in a position to provide the services it offers, which include:
5.1.1. providing access to events and activities for individuals to learn, inspire and share knowledge and expertise, including workshops and conferences;
5.1.2. providing local and international networking platforms for the voluntary, corporate and philanthropy sectors;
5.1.3. providing access to social initiatives;
5.1.4. providing consultation and proposals to improve philanthropic and corporate responsibility efforts;
5.1.5. providing discounts to service providers and consultancy services;
5.1.6. providing access to resources and tools; and
5.1.7. sharing best practices.
5.2. The Association may also be required to collect and Process certain data by the laws and regulations applicable to it, including but not limited to the Voluntary Organisations Act (Chapter 492 of the Laws of Malta) and the subsidiary legislation thereunder.
5.3. The Association collects and Processes the following categories of Personal Data:
5.3.1. Identity Data: name, surname, nationality, country of residence, ID card/ passport number, date of birth, designation, information on social mediaaccounts;
5.3.2. Contact Data: postal address, fixed line / mobile telephone number, e-mail address;
5.3.3. Profile Data: membership categories, areas of interest and inclusion in related mailing lists,‘open/read’ statistics of Newsletters, survey responses, records of participation in the Association’s events and activities;
5.3.4. Assistance Data: data relating to the services requested by the Data Subject from and / or provided to the Data Subject by the Association;
5.3.5. Financial Data: bank account details; account history; VAT number;
5.3.6. Financial Transaction Data:invoices issued and received, payments made and received, amounts outstanding;
5.3.7. Website Technical Data: IP address, login data, browser details.
6. Purposes and Legal Bases for Data Processing
We Process Your Personal Data for the following purposes and on the following legal bases in terms of the GDPR:
6.1. If You are Our member or the representative or officer of a corporate entity being Our member, We may Process Your:
6.1.1. Identity Data on the basis of Our legitimate interests:
(a) to be able to identify You in such a capacity;
(b) to understand the demographics of Our organization;
6.1.2. Identity Data in order to comply with Our legal obligations to carry out necessary due diligence checks, if applicable;
6.1.3. Identity Data found on Your social media accounts on the basis of our legitimate interests to be able to understand Your activities as Our member;
6.1.4. Contact Data on the basis of it being necessary for the performance of Our contract with You or with Our corporate member of which You are a representative or officer, or on the basis of Your explicit prior consent to subscribe to Our email notifications and/or newsletters, as may be applicable;
6.1.5. Profile Data on the basis of Your explicit prior consent;
6.1.6. Assistance Data on the basis of it being necessary for the performance of Our contract with You or with Our corporate member of which You are a representative or officer, or on the basis of our legitimate interest to be able to improve our services;
6.1.7. Financial Data and Financial Transaction Data on the basis of:
(a) our legal obligations to retain such data, where applicable; and
(b) it being necessary for the performance of Our contract with You or with Our corporate member of which You are a representative or officer, including the payment of membership fees;
6.2. If You visit and make use of Our Website and/or Our online portal on the Website, We may Process Your Website Technical Data and on the basis of our legitimate interest to successfully operate Our Website and online portal.
6.3. If You make use of Our services or are a representative or officer of a corporate entity making use of Our services, We may Process Your:
6.3.1. Identity Data, Contact Data, Assistance Data and Financial Transaction Data on the basis of:
(a) our legal obligation to retain such data, where applicable; and
(b) it being necessary for the performance of Our contract with You;
6.3.2. Identity Data and Financial Transaction Data on the basis of our legal obligations to retain such data or to carry out necessary due diligence, if applicable; and
6.3.3. Assistance Data on the basis of our legitimate interest to be able to improve our services;
6.4. If You participate in any of Our surveys or in any of the events that We organize, We may Process Your:
6.4.1. Identity Data on the basis of our legitimate interest to understand the demographics of Our organization and improve Our understanding of the sector We operate in; and
6.4.2. Contact Data on the basis our Your explicit prior consent to receive survey results from Us;
6.5. If You subscribe to Our email notifications and/or newsletters, We may Process Your Contact Data on the basis of your explicit prior consent to receive such notifications and/or newsletters;
6.6. If You make donations to the Association or are a representative or officer of an entity making donations to the Association, We may Process Your Identity Data, as well as information on the source of the funds donated to the Association, on the basis of our legal obligations, as a voluntary organization, to identify Our donors and to carry out due diligence with respect to donations made to the Association;
6.7. If We interact with You in the fulfilment of Our mission, We may Process Your:
6.7.1. Identity Data and Contact Data on the basis of Our legitimate interest to fulfil Our mission and to respond to any of Your queries, complaints or suggestions in relation to the same or on the basis of Our legal obligations to carry out necessary due diligence checks, if applicable.
7. Automated Decision-Making and Profiling
7.1. We shall not Use Your Personal Data for any automated decision-making.
7.2. We may use Your Personal Data for the purpose of internal profiling, which however shall not produce any legal effects concerning or affecting You.
8. Data Recipients
8.1.1. If You are Our member or a representative or officer of a corporate entity being Our member, We may provide access to Your email address to MailChimp, which is Our email marketing service provider, on the basis of Your explicit prior consent to subscribe to Our email notifications and/or newsletters;
8.1.2. If You are Our member, We may share Your identity with other members on the online portal on Our Website or with the general public, on the basis of Your explicit prior consent;
8.1.3. If You are Our member, We may share Your Identity Data, Contact Data and Profile Data with voluntary organizations which We are assisting or promoting on the basis of Your explicit prior consent; and
8.1.4. If You are a representative or officer of a voluntary organization which We are assisting or promoting, We may share Your Contact Data with Our members on the online portal on Our Website, on the basis of Your explicit prior consent.
8.2. We require all third parties with whom we share Your Personal Data to respect the security of such Personal Data and to treat it in accordance with the law, particularly the Applicable Laws.
8.3. We do not allow our Data Processors to use Your Personal Data for their own purposes and only permit them to process Your Personal Data for specified purposes and in accordance with Our instructions.
9. Retention of Personal Data
9.1. We retain Your Personal Data for as long as is necessary to fulfill the relevant purposes of Processing explained in this Privacy Notice, in accordance with the data minimisation and storage limitation principles stipulated under the GDPR.
9.2. Furthermore, the Association may retain Your Personal Data after the expiration of the relevant processing purposes in the following limited cases:
9.2.1. In case that there is a legal obligation under a relevant statutory provision.
9.2.2. In case of any claims against the Association, for as long as necessary to defend Our rights and legitimate interests before any competent court and any other public authority.
10. Links to other Websites
11. Provision by You of Personal Data Related to Third-Party Data Subjects
11.1. In the event that You supply Us with Personal Data pertaining to third-party Data Subjects, such as your employees, affiliates, service providers, underlying clients/customers, directors or any other individuals, You shall be solely responsible to ensure that:
11.1.1. You immediately bring this Privacy Notice to the attention of such Data Subjects;
11.1.2. the collection, transfer, provision and any Processing of such Personal Data by You fully complies with any applicable laws, particularly the Applicable Laws;
11.1.3. as Data Controller of any such Personal Data supplied to Us, You remain fully liable towards such Data Subjects;
11.1.4. You provide and/or collect, as may be applicable, any information notices, approval, consent or other requirements as may be necessary from such Data Subjects prior to supplying Us with their Personal Data; and
11.1.5. You remain responsible for ensuring that such Personal Data supplied to Us is accurate and up-to-date and You shall inform us of any changes thereto.
11.2. You hereby fully indemnify Us and shall render Us completely harmless on first written demand against all costs, damages or liability of whatsoever nature resulting from any claims or litigation (institute or threatened) against Us as a result of Your provision of the Personal Data referred to in this Section 12to Us.
12. Your Rights
12.1. In terms of the Applicable Laws, for as long as We retain Your Personal Data, You have the following rights in relation to such Personal Data:
12.1.1. Access – You have the right to request access to Your Personal Data and information related to the Processing thereof, as well as to obtain a copy thereof;
12.1.2. Rectification – You have the right to request the rectification of any inaccuracies or any missing Personal Data of Yours;
12.1.3. Erasure – You have the right to request the erasure of Your Personal Data;
12.1.4. Restriction – You have the right to request the restriction of the Processing of Your Personal Data in cases explicitly provided for by law, including if You believe that We are unlawfully Processing Your Personal Data or that the Personal Data that We hold about You is inaccurate;
12.1.5. Portability – You have the right to request that We provide You with certain Personal Data which We hold about You in a structured, commonly used and machine-readable format (except where such Personal Data was provided to Us in hand-written format, in which case, upon Your request, such Personal Data will be provided to You in such hand-written format). Where technically feasible, You may also request that we transmit such Personal Data to third-party Data Controller indicated by You;
12.1.6. Objection – You have the right to object to the Processing of Your Personal Data where We are relying on Our legitimate interests (or those of a third party) for such Processing;
12.1.7. Automated decision-making and profiling – You have the right to object to a decision taken solely on the basis of automated processing, including profiling, which has impact on You orsignificantly affects You;
12.1.8. Withdrawal of consent – if You have provided consent for the Processing of Your Personal Data, You have the right to withdraw that consent at any time, which will not affect the lawfulness of the Processing before such withdrawal; and
12.1.9. Information about the source – where the Personal Data We hold about You was not provided to Us directly by You, You also have the right to receive any available information as to the source of such Personal Data.
12.2. Any of the above requests must be addressed in writing to firstname.lastname@example.org
12.3. If You have any complaints regarding Our Processing of Your Personal Data, We would appreciate it if You would contact Us in the first instance.Nonetheless, You have the right to lodge a complaint with the Office of the Information and Data Protection Commissioner of Malta, of which the contact details are available at the following website: https://idpc.org.mt/contact/.
13. Your Obligations
13.1. You acknowledge that, when providing Your Personal Data to the Association, You are required to provide Your actual, accurate and complete data. Furthermore, You must inform Us of any changes to the Personal Data We hold about You, so as to ensure it is kept up-to-date and accurate.
14. Processing of Personal Data pertaining to Minors
14.1. We may Process Personal Data pertaining to minors. In certain situations, this Personal Data may not be provided to Us by the minors themselves, but by a third party. Where this kind of Processing takes place, We require that any such third party provides and explains this Privacy Notice to the minor and ensures that the minor understands the Processing activities being under taken by Us with respect to the minor’s Personal Data.
Last revised on 11 November 2022