About this privacy notice
The International Initiative for Impact Evaluation (3ie) is committed to protecting and respecting the privacy of its workforce and security of your personal data. While our organization is based in the US, we have registered branch offices in England and Wales and in India.
This privacy notice sets out why we collect personal data, how we collect and use it and who it is shared with. It also explains the legal basis for the use of your personal data and the legal rights you have over the way it is used.
Who we are
For the purposes of data protection legislation in the US, Europe, the UK General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018, 3ie is the controller of your personal data shared with us. This means that we decide why and how we process your personal data.
For further information regarding privacy and data protection at 3ie, or if you have any questions, please contact Cem Yavuz (firstname.lastname@example.org).
How we obtain your personal data
We may collect your personal data in the following ways:
- Information you give us directly: for example, you may provide us your details when you ask for information or donate, attend our events, or contact us for any other reason.
- Information shared by known third-party organizations: we may receive information about you from third-party partners with whom you share your data with interest, for example, websites such as PayPal when you donate. This may include information such as your name, contact information.
- Information collected when you use our website: when you use our main website and associated subsites, some limited information about you is recorded and temporarily stored (please see the 'Cookies' section below for more details).
- Information available publicly: for example, we may include in our newsletters some information obtained from social media or from articles and/or newsletters.
- Personal information:
- 3ie offers a range of services where you are required to register by entering personal information. For example, you must register to be part of a mailing list to receive our newsletters, funding alerts or blogs; to attend events; to submit a proposal for funding. In all these cases, we may request certain personal information, including, but not limited to your name, email address, organizational affiliation, profession, country of residence, and the development sectors in which you have an interest.
- We receive your personal data if you create an account on our Jobs portal to apply for a vacancy. This includes your name, email address and phone number.
- We receive your data if you contact us via a third-party application like Softr, which may ask you for certain personally identifiable information, including your name, email address and organization name, that can be used to contact or identify you.
- 3ie’s Transparent, Reproducible, and Ethical Evidence (TREE) Review Framework Questionnaire , part of 3ie’s TREE initiative, requires users to provide email address, name of the organization and some data relating to the program and projects that require TREE review. This data is not shared externally. All data provided as part of the platform adheres all the privacy policies as mentioned on the 3ie website.
- We receive your personal data if you register your study on our platform named Registry for International Development Impact Evaluations (RIDIE). This includes your name, email and organizational information, information about the source(s) of funding for the study and where your partners are located.
- We receive your personal data if you create an account on our Development Evidence Portal to use the advance features. This includes your name and email address. This also applies when you share any feedback with use using third party widget.
- We may receive your personal data if someone at your organization designates you as a contact person or includes information about you in proposal documents.
- We also collect information from various electronic forms, surveys, or feedback forms as part of 3ie-sponsored events.
- Non-personally identifiable information:
- 3ie uses third-party applications to track and analyze non-personally identifiable information about the use of 3ie’s sites. We only use this information to produce summaries of visitor behaviour, such as statistics on most popular and least popular webpages or products, interaction with the sections of a page. The information collected cannot be traced back to a particular individual.
- All data collected by third-party applications are not owned by 3ie. Additionally, we may receive some data from thirty-party analytics providers. 3ie will not share, sell, distribute, or rent any information we receive from these third-party applications.
- Click-through URLs, Google Analytics and Hotjar
- If you sign up to receive newsletters, updates, or other information from 3ie, you will receive emails from us that may use a ‘click-through URL’ linked to 3ie online content. When you click one of these URLs, you go through a separate web server before arriving at the destination page on our sites. We use this click-through data to help us understand how recipients respond to, or interact with, our emails. You can unsubscribe from our newsletter mailing list by clicking on the 'unsubscribe' button at the bottom of the email that you received or by sending an email to email@example.com.
- 3ie also uses Google Analytics to gather statistics for portions of our website and other platforms. We will use this information to improve user interfaces and web services for visitors. Google Analytics accesses information available from your browser and 3ie cookies to collect data about the actions you perform on the 3ie websites. To prevent this access, you can opt out of using cookies by turning off cookies in the preferences settings in your browser or download and install Google Analytics opt-out browser add-on. You can learn more about Google’s practices by going here.
- Social media and video:
- 3ie keeps a record of information from our social media platforms, which may include contact information provided by following us on Twitter or LinkedIn, in any feedback or comments to any posts on our Facebook page, LinkedIn page, Instagram or Twitter account (@3ieNews), or by ‘liking’ 3ie's page on Facebook. If you choose to share our digital content through social networks, such as Facebook, Twitter, and LinkedIn, or to watch a video posted on a third-party media site (such as YouTube), you may be sent cookies from these third-party applications. 3ie does not control the setting of these cookies; we request you to check the third-party websites for more information about how to manage their cookies.
- Registrations for 3ie events and workshops:
- When you register to participate in a 3ie event, we will ask you to provide your name, email address, organization, job title, country of residence, professional area of work, and any dietary or special accommodation needs. We may ask for your areas of professional interest. In addition, if you participate as a presenter, panelist, or facilitator at any event, we may collect your photograph and presentation materials for publication on our website. We may also collect feedback and evaluations about you as a presenter, panelist, or facilitator. At the time of personal data collection, 3ie will indicate if your personal data will be used for any other 3ie purpose in the future, such as including you on our newsletter and announcements lists. You will have the opportunity to opt in, modify your subscription preferences, or opt out. 3ie will not share these data with any external agencies. The details of attendees for such events are updated on our internal database and classified according to where you live, your type of work and area of expertise to ensure that you only receive relevant updates from us. You will be able to opt out at any time.
- Event photography and audio and video recordings:
- As part of our mandate as a knowledge-provider, we ensure that all of our event photography, video and audio recordings and event presentation slides are published on our website and associated platforms. We take photos and record video of our public events and store them in our data archive. We display clear signs at the venue indicating that we are taking photos and videos and that all speech is public. We direct you how to opt out of being photographed or video-recorded at the time of registering for an in-person event. However, it is not possible to opt out of audio and video recording for an online event. These recordings are posted on our website under the media room section, on Flickr and on YouTube.
- Photographs, audio, and video records during field visits
- As part of our grant-monitoring field visits, we take and store photos and record videos of participants in our programs. For interview audio recordings, we secure either verbal taped consent or written consent from adults. We do not interview children as part of field visits without complying with relevant safeguarding and child protection policies. We follow an ethical photography policy, which includes standards for protecting children and vulnerable adults.
- Creating mailing lists to advertise 3ie calls for proposals and events:
- 3ie has a responsibility to ensure that we make funding opportunities known to relevant qualified applicants as widely as possible. We use all our existing mailing lists to help us reach this objective. If you have registered to receive our marketing emails or newsletter, you will have the opportunity to opt in to receive updates about 3ie, future events or funding opportunities. Any such mailings will contain information to request removal from that or it can be requested by sending an email to firstname.lastname@example.org.
Types of personal data we process
The type and amount of personal data we collect depends on the purposes for which we will need to use it and will include:
- Information used to identify and stay connected with you: Such as your name and contact details (email address, organization, job title/designation, country). We collect this data to communicate effectively with you.
- If you apply for a grant, the personal data you are asked to provide is set out in the application form and is limited to the information necessary for us to communicate with you and to consider your application (for example information relating to any eligibility criteria and your team members)
- In some circumstances, we may need to collect the national insurance number of our beneficiaries for the purposes of adhering to the HMRC common reporting standards and other reporting standards applicable in other countries.
- If you are a supporter, for example, and you donate to our Development Evidence Portal, 3ie will process the transactions through PayPal and will not store your data on financial transactions. For more information, please refer to PayPal’s policies.
- Correspondence between us, for example, if you email or write to us.
- Images, audio, and video recordings, e.g., if you attend an event we are hosting, and images captured on our CCTV system, e.g., if you attend our premises (as explained above).
Certain categories of personal information are regarded by data protection law as more sensitive than others. Known as ‘special category personal data’, this relates to information about your health, racial or ethnic origin, details of sexual life, sexual orientation, religious beliefs, political opinions or any genetic or biometric data that is used to identify you. This information, and any information about criminal offences or convictions, warrants a higher level of protection under data protection law.
We do not routinely process special category personal data or information about criminal offences and convictions unless it is necessary and lawful for us to do so.
When we collect this type of information from you, we will always make it clear what special category personal data or criminal offence data we are collecting and why.
How we use your personal data
We will use your personal data for various purposes consistent with the legal basis we rely on to process your data. These purposes include:
- providing you with the information or services you have asked for
- processing donations you make, including processing for gift aid purposes
- sending you communications with your consent that may be of interest, including marketing information about our services and activities, campaigns and appeals asking for donations and other fundraising activities and promotions for which we seek support
- seeking your views on the services or activities we carry on so that we can make improvements
- maintaining our mailing lists up-to-date and ensuring we know how you prefer to be contacted
We do not use your personal data in automated decision-making, including profiling (i.e., we do not make decisions about you by way of automated means without human involvement).
When you register for an event or service, we ask you to indicate whether you wish to receive any other information from us. 3ie provides the opportunity to unsubscribe from any mailing that you might receive from us at the end of an email, announcement, or newsletter. Our team will ensure that your email address is taken off that mailing list. If you want to unsubscribe from all 3ie mailing lists at any time, email us at email@example.com with the subject line ‘Remove from all mailing lists'.
Our legal basis for processing your information
Data protection law requires us to have a lawful basis for processing your personal data. Depending on the purposes for which we use your data, we may rely on one or more of the following lawful bases:
- Consent: Where you have provided your consent for us to use your personal data. For example, if you sign up to receive marketing communications from us. You may withdraw consent at any time by emailing us at firstname.lastname@example.org. This will not affect the lawfulness of processing of your information prior to your withdrawal of consent being received and actioned.
- Performance of a contract: It may be necessary for us to use your information to carry out our obligations under a contract entered into with you or to take steps you ask us to take prior to entering into a contract.
- Vital interests: It may be necessary for us to use your information to protect the vital interests of you or another individual. For example, providing your details to a medical professional in the case of a medical emergency.
- Legal obligations: It may be necessary for us to use your information to comply with our legal obligations. For example, if we are legally required to hold transaction details for gift aid or accounting/tax purposes.
- Legitimate interests: It may be necessary for us to use your personal data for the purposes of “legitimate interests” pursued by the Charity or a third party (as long as those legitimate interests are not overridden by your rights and freedoms).
If you want to contact us about your marketing preferences, please contact the email@example.com
We will only process special category data where we have also identified an appropriate condition for doing so in accordance with Article 9 of the UK GDPR:
- You have provided explicit consent; such consent may be withdrawn at any time by emailing firstname.lastname@example.org
- The processing is necessary in order to protect your or another person’s vital interests where that person is physically or legally incapable of giving consent (for example, providing your details to a medical professional in a medical emergency)
- The processing relates to personal data which is manifestly made public by the data subject (for example, where you publish information about yourself in the public domain)
- The processing is necessary for the establishment, exercise, or defence of legal claims or whenever courts are acting in their judicial capacity (for example, providing information to a court where a claim has been made)
- The processing is necessary for reasons of substantial public interest, in accordance with Part 2, Schedule 1 of the DPA 2018 (for example, where this is necessary for the purposes of protecting the physical, mental, or emotional wellbeing of an individual)
3ie will only process special category personal data and criminal offence data where it has identified an appropriate lawful basis for processing and appropriate policy and safeguards are implemented in accordance with Article 9 and 10 UK GDPR and the DPA 2018.
How we keep your personal data safe
We understand the importance of security of your personal data and take appropriate steps to safeguard it.
3ie employs a range of technologies to protect the information maintained on our systems from loss, misuse, unauthorized access or disclosure, alteration, or destruction. Our website encrypts the transmission of data entered into forms on our site through the use of Secure Socket Layer. This encryption is a security protocol for establishing encrypted communication between a web server and a browser. Data collected reside in a web server database that can only be accessed by designated 3ie staff or designated personnel under contract to 3ie and subject to 3ie data protection and privacy policies and contractual confidentiality clauses.
We will store your personal data until they are no longer needed to fulfil the purpose(s) for which they were collected, or as otherwise required or permitted by law. After such time, we will either delete or anonymize your personal data or, if this is not possible, we will securely store your personal data and isolate these from any further use until deletion is possible. We may dispose of any data at our discretion without notice, subject to applicable law. We will aim to keep your contact information up to date and if we become aware that it is out of date and cannot be updated, we may delete your data. If you wish to modify your information after you register yourself for 3ie services or do not want to receive emails, you may use provided links on the websites to make updates or unsubscribe.
Alternatively, you can write to us directly at email@example.com with a clear subject line and stating what you want us to do.
We always ensure that only authorized persons have access to your personal data, which means only those members of our staff who need to access your data to fulfil their roles. Everyone who has access to personal data is appropriately trained and aware of their obligations to ensure confidentiality and security of your data.
Please note, we interact via the internet and email, and no external data transmission over the internet can be guaranteed to be 100% secure. So, while the 3ie strives to safeguard your personal data, we cannot guarantee the security of any information you provide online, and you do this at your own risk.
Who has access to your personal data?
We will not share your personal data with third parties without your consent unless the law allows us to. We may disclose your personal data to the following third parties, to enable us to provide our services, fulfil our charitable objectives or comply with our legal obligations:
- Mailchimp and other similar platforms: Used for managing marketing emailers
- SurveyMonkey and other similar platforms: To roll out surveys to our audience
- Zoom, MS Teams and other similar platforms: Used for Events
- Eventbrite. MS Teams and Google Forms: Used for Events registrations
- Amazon Web Services, Microsoft Azure, Google Drive, One Drive, Linode and Google Cloud
- Sage Intact and Sage People
- Salesforce CRM
- Softr application
- Usernap widget: To receive feedback on our DEP portal
- Google apps email account
- Any other online platform to run our operations
We also need to disclose your data to companies who provide services to us, for example our legal advisors, appointed accountants, our IT services provider, and parties providing mailing and marketing services. We select all third-party service providers with care and provide them with the minimum amount of information necessary to provide their service. We always have an appropriate agreement in place that requires them to protect personal data to the same standard as we do.
Transfers of your personal data to other countries
Because of the nature of our charitable objectives and work, we may transfer your information to countries or territories outside the UK, US, and India, which are subject to different data protection laws.
We may do this where, for example, we use suppliers or store data on servers outside the UK, US, and India.
We meet the UK GDPR requirements by ensuring that personal data is protected as if it were being held in the UK. This will usually be because the country to which we transfer data either benefits from an adequacy determination or we have entered into a contract with the third party which contains EU standard contractual clauses recognized as a valid data transfer mechanism in the UK.
If you would like more information about how we protect your personal data if it is transferred outside the UK, please contact Cem Yavuz (firstname.lastname@example.org).
How long we keep your personal data for
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for us to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled.
After such time, we will either delete or anonymise your personal data or, if this is not possible, we will securely store your personal data and isolate these from any further use until deletion is possible. We may dispose of any data at our discretion without notice, subject to applicable law. We will aim to keep your contact information up to date and if we become aware that it is out of date and cannot be updated, we may delete your data.
Our Retention Policy, under development, a copy of which is available after writing to email@example.com, sets out the relevant retention periods. If you would like further information about our retention periods, please contact Cem Yavuz (firstname.lastname@example.org).
Data protection law provides individuals with various legal rights, which may be exercised in certain circumstances. You have the following legal rights over your personal data:
- The right of access (commonly referred to as a “subject access request” or “SAR”): This right enables you to obtain a copy of the personal data we hold about you as well as other information about how we are processing your personal data
- The right to rectification: This right enables you to require us to correct the personal data we hold about you if it is inaccurate or incomplete
- The right to erasure (also known as the right to be forgotten): In certain circumstances, you have the right to request that personal information we hold about you is erased (such as where we no longer need your personal data for the purpose it was originally collected for)
- The right to restrict processing of your personal data: You may ask us to restrict the use of your personal data in certain circumstances (such as where you believe your personal data is incorrect and we need to verify the accurate of the personal data we hold)
- The right to object: You may object to our processing of your personal data in certain circumstances, such as where we are processing your personal data on the basis of “legitimate interests.” Please note, you always have the right to object to processing of your personal data for direct marketing purposes
- The right to data portability: This right allows you to request that we transfer your personal data to you or another third party in a commonly used, machine-readable format. Please note, this right only applies to automated information that you initially provided consent for us to use or where we used the information to perform a contract with you
- The right to withdraw consent: Where we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time and may do so by contacting us via email@example.com. If you decide to withdraw your consent, that does not mean that our use of your personal data before you withdrew your consent is against the law.
Please note, some of your legal rights are subject to safeguards, limitations or exemptions.
If you wish to exercise your rights, please contact us via firstname.lastname@example.org and we will respond within the time limits set out in data protection law.
If at any time you are not happy with how we are processing your personal information, you may raise the issue with the Data Protection Lead in the first instance.
If you are not satisfied with the handling of your issue, you may raise a complaint with the Information Commissioner’s Office, which regulates and enforces data protection law in the UK.
Details of how to do this can be found at https://ico.org.uk/make-a-complaint/
Keeping your information up to date
We really appreciate it if you could let us know if your contact details change. You can do so by contacting us at email@example.com.
Changes to this Privacy Notice
This privacy notice was updated on 28 August 2023. This privacy notice may be changed from time to time. We will advertise any changes on our website or, if the changes are significant, we will contact you directly with the information.