The information we collect
When you visit our website
When you visit MRG’s website, we do not collect your personal data (such as name, address, phone number, email) unless you choose to provide it. The only information we collect is anonymised and can be collected by one or more of the following ways:
External services. Our website is linked to external websites or applications (such as Mailchimp), which may process some of the personal data you give us while interacting with our website. We regularly ensure that any such external third parties have privacy policies in line with our commitments to you under this policy. We will never ask for your personal access credentials for any external platform.
By using our website, you consent to these terms.
When you interact with us
When you apply for a job, opportunity or internship, we collect information necessary for us to process applications (such as those for jobs or volunteer roles) and assess your suitability for these. This could include information such as employment status, previous experience depending on the context, as well as any unspent criminal convictions or pending court cases you may have, any equalities and diversity monitoring information that you have chosen to give us and any other personal information you might provide to us. Information about unsuccessful applicants is deleted after 6 months.
When you work with us as an employee, consultant, contracting party or partner, we are required by law to keep your employee information for up to 7 years after the end of the contract.
When you sign up for an MRG newsletter or other communication, we collect some basic personal data directly from you, along with your contact preferences. We are using Mailchimp to manage our subscribers lists. You can always unsubscribe using the link at the bottom of all emails.
When you sign up for an event, sign a petition or use one of our contact forms, we collect some basic personal data directly from you. In the case of events, we may use participant management platforms such as Lu.ma or Eventbrite. Your IP address may also be collected and stored for up to 6 months.
When you make a donation, we collect some basic personal data directly from you, along with your contact preferences. Your IP address may also be collected.
When you fundraise for us, we collect some basic personal data directly from you or through the fundraising platform you have used, along with your contact preferences (if you provided any).
When you participate in an online event, you may be invited to enter basic personal information such as your name and email address, which then become available to the platform we’re using to stream the event.
If you are a partner of ours and/or participate in one of our projects, we collect the basic information we need for this, such as contact information, general personal information, and anything necessary for the specific project.
Sensitive personal data
We do not collect sensitive personal data such as personal data revealing racial or ethnic origin, disability status, political opinions, religious or philosophical beliefs, sexual orientation or sexual and gender identity via our website.
However, MRG does collect such data in the context of its work advocating for inclusion and equality, which involves monitoring the current access of different groups to opportunities and services. Such data is held under tight security and forms the basis of public reports which include data used in aggregate ways that preserves the anonymity of contributors. Where we identify individuals (e.g. in a case study), full consent is sought in advance in writing from the individual or individuals concerned.
We also collect such data in equal opportunities forms when you apply for jobs. We only do so for monitoring the fairness of the recruitment process and to make sure we are fulfilling our requirements towards people with disabilities. We keep this data for a duration of six months.
Do we share your data with anyone outside MRG?
MRG does not share personal data from our website with third parties such as marketing and research companies, fundraisers, or other charities. The only parties who would ever have access to your data are those organizations we use to help us to process data to carry out our charitable objectives, as well as our partner organizations (e.g. in the case of an event organized jointly with a partner organization).
How MRG keeps your data safe
MRG’s email system, file storage system, and related IT services are hosted by Microsoft services, which ensure the highest security standards available when it comes to data storage. Moreover, we strive to make sure that our staff members nurture healthy cyber-security habits and enforce essential security features such as two-factor authentication (2FA) wherever possible.
We regularly ensure that the security practices of the third-party services we use are in line with this policy. We are particularly attached to making sure that any sensitive information, if stored, is encrypted to the highest standards.
How can you access the data we hold on you?
You may be entitled to view, amend, or delete the personal information that we hold. Email any requests, questions or complaints to email@example.com. More information is available about your rights to view, amend or delete your personal data on the website of the Information Commissioner’s Office.
Why do we collect and use data?
For legal and administrative reasons
On some occasions, we will need to keep information you have given us for legal reasons. We may use this to contact you for reasons related to:
- Administering any donations you have made
- Administering your tax status with regard to Gift Aid if claimed
- The completion of other transactions you have entered into
- The activity or online content you have signed up for
- Handling recruitment and shortlisting job applications
For communications, marketing and fundraising reasons
We may also use your details to contact you some time in the future by post, phone, email or SMS to tell you about our work and/or big campaigns we think you might want to know more about.
Our policy is to contact you only where we have the relevant permissions. This is in accordance with the Privacy and Electronic Communication Regulations (PECR) and General Data Protection Regulations (GDPR). All our emails will offer you the chance to decline future emails and you can update your preferences at any time simply by emailing firstname.lastname@example.org.
For research, analysis and reporting to donors
The information we gather helps us to understand how our fundraising and communications are performing, as well as helping us to target relevant people with our online advertising. Any information collected for research, analysis and reporting is anonymised.
This policy was reviewed on 27 January 2022.