Privacy and personal data protection policy

Photograph by James Keogh/Wostok Press
Thumbnail

At MSF we make sure we protect the information you give us. References to “we” or “us” are to MSF Access Campaign, Médecins Sans Frontières, Rue de Lausanne 78, P.O Box 1016, CH-1211 Geneva 1, Switzerland, Phone:+41 22 849 8484, E-mail: access@msf.org

This privacy notice is written in accordance with relevant data protection legislation including the Swiss regulation on data protection and the General Data Protection Regulation. 

This privacy notice sets out how MSF Access Campaign, Médecins Sans Frontières collects, uses and stores personal data via its website MSFaccess.org.

If you’ve any questions please contact us using the details above or our Data Protection Compliance Officer by email: Dataprotection.IO@geneva.msf.org

1. WHEN DO WE COLLECT INFORMATION ABOUT YOU?

We collect information:

  • when you give it to us directly

  • when you give it to us indirectly

  • when you use our website, through cookies

DIRECTLY

Contacting MSF
If you choose to contact us through contact information provided on our contact pages on the Website for any reason, we will collect the information you voluntarily provide to us.

Applying for an International Office job
We use a third party platform, Recruitee, to manage the information submitted by you when you apply for career opportunities with the International Office of MSF. Any information you submit through the form on our International Office page is provided by you to Recruitee and is also subject to Recruitee’s privacy policy. We have the right to access such Personal Information and process the Personal Information for the purposes as set out below.

We may automatically collect the following information with regard to each of your visits to the Website:
Technical information, including the operating system and platform, browser type and version; and details of your visits to the Website, including but not limited to: every ‘HTTP Query’ your browser client sent to our server(s); the full Uniform Resource Locators (URL) clickstream to, through and from the Website (including date and time); page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, traffic data, location data, weblogs and other communication data. This information does not identify you.

Personal Data that You Voluntarily Provide
We collect, use and share diligently and in strict compliance with the applicable laws the personal data that you freely choose to share with us when you decide to use our website (such as your email address - your name, email address, location, signature to a petition - when you sign an online action such as petition - your name, email address, profession, personal story, image or video - when you participate in an awareness campaign for social media). You are solely responsible for the accuracy of your personal data and shall inform us of any change thereto. We shall bear no liability for the consequences of inaccurate or untrue data. 

INDIRECTLY
We may get your personal information via a fundraising organisation or platform if you’ve told them that you’re supporting MSF and with your consent. Please check their privacy policies when you give them your information.

COOKIES
We use “cookies” to identify you when you visit our website.

What are cookies?
Cookies are small text files that are transferred from the website to your computer, phone or tablet. Websites store cookies on your internet browser (Chrome, Firefox or Internet Explorer, for example) when you visit. Every time you return to the site and navigate around it picks up these bits of information. There are several types of cookie and they each have different functions and uses. Some cookies can be really helpful and most websites rely on them in order to work properly and to understand what their users do when they visit.

Types of cookies
The four categories, from the least to the most intrusive, are:

1. Strictly necessary. These cookies let you move around the website and use areas like e-news sign up. They don't gather information about you that could be used for marketing or remember where you've been on the internet. These cookies only last until you close your browser. 

2. Performance. These cookies help us understand how you use our website and if users have had any problems. They also let us know if you see one of our adverts online or click on our banners. The information they gather is anonymous. We only use the information to improve the way the Website works. 

3. Functionality. These cookies remember any choices you've made on a website. This could be changing the text size, preferences or colour. They can also remember if you've already completed a survey. They can’t track you on other websites.

4. Targeting. These cookies collect info for third parties and remember what you looked at on a website. They’re used for things including ‘Like’ and ‘Share’ buttons, as well as online advertising. Do you see ads for things you've looked at online appear on random websites? It's because of targeting cookies. 

What cookies do we use?

Type of Cookie

What it does

When it expires

ASP session ID

This cookie is used by our website to mark your session on the website (i.e. one visit) and helps the site run efficiently.

When you exit the browser

PREF

Stores settings like your preferred language or text size.

Two years

Google Analytics

We use Google analytics to see how our site is performing. Google analytics collects no personal data or IP addresses.

 

Visitor ID: _utma

Contains a unique ID, the date and time of first visit and total no of visits made.

Thirty minutes of inactivity

Session ID: _utmb

Contains pages visited and decides when a session has timed out.

Thirty minutes of inactivity

Session ID: _utmc

Registers that the visit has ended. Used by Google Analytics to identify unique visitors vs. returning visitors

When you exit the browser

Campaign tracker: utmz

Used by Google Analytics for tracking visitors.

Six months

_stid

Part of the ShareThis sharing button functionality. Unique identifiers given to each computer to allow traffic analysis to ShareThis.

One year

_unam

The “_unam” cookie is set as part of the ShareThis service and monitors “click-stream” activity, e.g. web pages viewed, etc. The ShareThis service only personally identifies you if you have separately signed up with ShareThis for a ShareThis account and given them your consent. You can read the ShareThis privacy policy here. This page also explains how you can opt out of the tracking aspects of the ShareThis Service if you wish to.

One year

_ga

Used by Google Analytics to store the Client ID (used to distinguish users)

Two years

_gat

Used by Google Analytics to limit the number of requests that have to be made.

Ten minutes

_gid

Used by Google Analytics to distinguish users

Twenty-four hours

_utm

Used by Google Analytics for generally visitor tracking

Thirty minutes

Hotjar

We use hotjar to help us understand how visitors engage with our website, including site surveys and asking for feedback. Hotjar collects no personal data and masks IP addresses.

One year

Google Optimize

We use Google Optimize to help us understand how visitors engage with our website. No personal data or IP addresses are collected.

Ninety days

Facebook

We use Facebook to see if our paid Facebook campaigns are effective.  You can read more about Facebook’s policies here

 

Quantcast Corp

You can read more about Quantcast’s policies here

 

ShareThis

You can read more about ShareThis’s policies here

 

Controlling cookies
You can control and/or delete cookies at any time. You can also get rid of all the cookies already on your computer. Most web browsers automatically accept cookies, but you should be able to change your browser to prevent that. If you want to know how to do this please look at the help menu on your web browser.

Further information is available on the following websites:

Microsoft Internet Explorer™: https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies
Microsoft Edge: https://privacy.microsoft.com/fr-fr/windows-10-microsoft-edge-and-privacy
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Safari: https://support.apple.com/fr-fr/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform=Desktop&hl=en

Most cookies and tracking technologies can also be deactivated or blocked through third party tools, such as the ones proposed by Youronlinechoice, by the Network Advertising Initiative, by the Digital Advertising Alliance or by Ghostery.

Further, most third party providers offer modules or proceedings allowing you to opt out from data collection.  

2. WHAT INFORMATION DO WE COLLECT?

We collect, use and share diligently and in strict compliance with the applicable laws the personal data that you freely choose to share with us when you decide to use our website (such as your email address - when you subscribe to our newsletter -  your name, email address, location, signature to a petition - when you sign an online action such as petition). You are solely responsible for the accuracy of your personal data and shall inform us of any change thereto. We shall bear no liability for the consequences of inaccurate or untrue data.

3. HOW DO WE USE YOUR INFORMATION?

As a general rule, your personal data will not be used for any other purpose than those for which they were voluntarily provided to us. Your personal data are shared or transferred to third parties if such sharing or transfer is authorized by you or required to achieve the purposes for which you have provided them to us. It means that we may share your personal data with service providers, who help assist us in fulfilling our purposes. For instance, by registering to our newsletter, you consent that your personal data (name and email) be processed for the purpose of sending you emails. Personal data may also be shared with third parties when required by law or by a court order.

We use your data to:

  • keep a record of your engagement with us

  • send you updates, marketing and fundraising communications

  • understand how we can improve our services and information

  • campaign specific information - will be collected by a third party vendor, not MSF

How we use your data depends on why you’re providing it:

ONLINE FORMS
We’ll use your personal information to register you for our email newsletter. 

SURVEYS 
We use surveys to understand who visits our websites and how they use it, helping us to create better content for you and make our websites easier to use.

We may ask for your email address if you’re happy to be involved in future surveys or testing. We’ll only use this to ask you to help us with these types of requests.

SOCIAL MEDIA
We may use publicly available information from your profile to target you with specific posts that may interest you. We’ll never ask for personal or sensitive information on social media. We may repost or share your posts on social media if it relates to MSF and our work. We may respond to questions, queries or comments left on our social media channels. We may use information found on your profile to help us answer these.

Check your social media accounts if you want to change the information you make public. Our websites use sharing buttons which share our web pages to social media platforms. Use these buttons at your own discretion. Social media platforms may track these shares through your accounts. 

PETITIONS
These are managed by third party vendors. Details are not stored by MSF. 

Further to the processing of your personal data according to the purposes for which you intentionally provided them to us, we further reserve our right to use all or part of your personal data for other purposes, such as to communicate with you, conduct surveys or recommend those of our initiatives that could be of interest to you. You further consent that some of your personal data be shared with affiliated members of the MSF movement worldwide, whether in Europe or in other countries such as Argentina, Australia, Brazil, Canada, Hong Kong, India, Japan, Mexico, Russia, South Africa, South Korea, Turkey, United Arab Emirates or the United States of America (for a current list, please visit this website).

We may share your personal data with service providers, who help assist us in fulfilling our purposes. By using those services, you accept that your personal data is shared with such service providers under their privacy policies, which we invite you to read carefully.

Personal data may also be shared with third parties when required by law or by a court order. Also, in case of fraudulent use of our website and, in particular, upon suspicion of punishable acts, the data may be analysed for purposes of clarification and, upon duly justified request, transmitted to the competent official authorities or to the third person affected by the fraud.

Depending on the circumstances, the collected data may be sent to, processed and stored on servers in foreign jurisdictions in Europe or in the United States or other jurisdictions outside of Europe (see list above) and thus be subject to foreign legislation.

You may, at any time, object totally or partially to the use of your personal data for such purposes (opting-out) by writing to us by email (see contact details above).

4. WHO HAS ACCESS TO YOUR DATA?

TRAINED STAFF
Your information is only accessible by trained staff. We regularly review who has access to your information. As a general rule, your personal data will only be accessible insofar as it is necessary to fulfill the purpose for which it was collected. We do comprehensive checks on any contractors before we work with them. We always put a contract in place that sets out how they manage the personal data they collect or have access to.

DATA PROCESSORS 
We use other companies to help us manage and store personal data and to carry out certain activities on our behalf.  Our main data processors are listed below, but we may enlist the services of others from time to time:
Hosting: Acquia - https://www.acquia.com/
Development:FFW -  https://ffwagency.com/

We operate globally and may have a need to transfer certain data to countries outside the EEA. In the event the country where the data is transferred does not provide an adequate level of protection, we make sure to implement technical and organizational measures to protect your data. Should you have any questions in this respect we please contact us at Dataprotection.IO@geneva.msf.org

5. HOW DO WE KEEP YOUR INFORMATION SAFE?

We use appropriate technical and organizational measures and precautions in order to protect your personal data and to prevent the loss, misuse or alteration of your personal data. Specifically we use an SSL certificate. We do not share information provided via newsletter sign up.

Your personal data is transferred to, processed and stored by us in Switzerland and Europe (in particular, in the United Kingdom). When shared with third parties, they may be transferred in other countries as specified in each case and thus be subject to foreign legislation. All personal data are protected against unauthorised processing with the help of appropriate technical and organisational measures. You understand that – despite the previous – no data transmission or storage is 100% secure. Consequently, we cannot guarantee the security of any information you share with us and shall assume no liability should your personal information be accessed, disclosed, modified or destroyed by a breach of our safeguards.

6. HOW LONG DO WE KEEP YOUR INFORMATION?

We keep your information for as long as it’s necessary in connection with the purposes defined above in “How do we use your information?”. For instance and as a general rule, we keep your email for the purpose of sending you a newsletter until you unsubscribe.

If you request to receive no further contact from us, we'll keep only the basic information about you on our suppression list in order to avoid sending you unwanted materials in the future, for the duration allowed by the application legislation.

7. OUR LEGAL BASIS FOR PROCESSING PERSONAL DATA

Organisations need a lawful basis to collect and use personal data under data protection law. The law allows for six ways to process personal data (and additional ways for sensitive personal data). Three of these are relevant to the types of processing that MSF carries out:

  • A person’s consent (eg to send you direct marketing by e-mail)

  • Our legitimate interests:

Our legitimate interests may include:

  • Administration and operational management; including responding to solicited enquires, providing information and services, research, events management, the administration of volunteers and employment and recruitment requirements. 

  • Campaigning; including administering campaigns  

If you'd like to change our use of your personal data in this manner, please get in touch with us using the details above.

8. HOW CAN YOU CHANGE YOUR INFORMATION AND WHAT ARE YOUR RIGHTS?

Contact us at Dataprotection.IO@geneva.msf.org if you'd like to change or update your personal information.

You have a number of rights under data protection legislation:

  • You can request any information we hold on you. Email us at Dataprotection.IO@geneva.msf.org and ask for it in writing. You may be asked for proof of identity.

  • You have the right to ask us to stop using or to restrict the processing of your personal data.

  • You can withdraw your consent to us processing your data at any time (where such processing is based on consent eg to send you electronic direct marketing).

  • If you believe our records are inaccurate you have the right to ask for those records concerning you to be updated. To update your records please get in touch with us using the details above.

  • In accordance with the provisions of the General Data Protection Regulation, you have a right to erasure (“to be forgotten” i.e. to have your personal data deleted from our database), or transferred to another organisation (“data portability”).

  • If you have any concerns about the way your data is being used or if you’d like to make a complaint, please contact us using the details above.

  • You are entitled to file a complaint about how MSF treats your data. To do so, you may directly contact: Préposé Fédéral à la Protection des Données et à la Transparence (PFPDT), Feldeggweg 1, CH-3003 Berne (tel.: +41 (0)58 462 43 95).

9. WHEN DO WE UPDATE THIS NOTICE?

We change this Privacy Notice when we need to. If we make any significant changes in the way we treat your personal information we’ll make this clear on our websites or by contacting you directly.

Last updated on December 21, 2018. Any all rights on this document belong to MSF. Any reproduction, without written consent, is strictly forbidden.