At MSF we make sure we protect the information you give us. References to “we” or “us” are to Doctors Without Borders (MSF) Southern Africa, NPO No: 060-840 | PBO No: 930025677, Address: 70 Fox Street, 9th Floor, Marshalltown, Johannesburg, Toll-free call 0800 000 331.
This privacy notice is written in accordance with relevant data protection legislation including the Protection Of Personal Information Act, 2013. Act No. 4 of 2013 (POPI/POPIA) and the General Data Protection Regulation (GDPR).
This privacy notice sets out how MSF SA collects, uses and stores personal data via its websites, including https://www.msf.org.za and https://samumsf.org
THE PROMOTION OF ACCESS TO INFORMATION ACT (PAIA) MANUAL
Frequently Asked Questions
We collect information:
- when you give it to us directly
- when you give it to us indirectly
- when you give it to us via social media
- when you use our websites or apps
You may give us personal information when you: donate, apply to work with us, register as a user on our website, sign up for one of our events, communicate with us, sign up for email newsletters, complete a registration form, and leave a comment or message on our social media accounts.
These direct interactions with us may stem from the following channels: face-to-face (shopping mall signups), SMS-donations, website and online donations, customer care and/or office-call interactions, website interactions including user registration, social networks interactions, and newsletter signups.
We may get your personal information via a fundraising organisation or platform (for example: GivenGain) if you have told them that you are supporting Doctors Without Borders (MSF) Southern Africa, and have provided your consent. Please ensure that you check and understand their privacy policies.
MSF SA may also indirectly receive your personal information from your personal networks in the form of a referral. Similarly, indirectly supplied personal information may also be received for the purposes of recruitment.
We may get information about you from your social media accounts or services. Facebook, Twitter, Instagram, and LinkedIn are examples. We can do this if you have set your account settings to give us permission. Please check your settings and their privacy policies for more details.
In some cases, we hold publicly available information from social media channels (such as social media handles or number of followers) on our social customer relationship management system ‘Prezly’. This provides us with an overview of who drives the conversation on topics that relate to our work. Should we want to reach out to a particular social media handle we would do so using the contact information they have provided publicly.
Website and Apps
We use “cookies” to help MSF Southern African improve the performance of our Southern African websites and campaigns.
Cookies are small text files that are transferred from the website to your computer, phone or tablet. Websites store cookies on your internet browser (Chrome, Firefox or Internet Explorer, for example) when you visit. Every time you return to the site and navigate around it picks up these bits of information. Cookies enable a faster and easier website experience.
If you contact MSF SA directly, we will usually collect your:
- Phone number
For general customer care related queries, our customer care teams will request the above information from you. When confirming donation-specific details, you will be prompted by our customer care consultants to verify your personal details as a security measure. When you donate, we may also collect your bank or credit card details.
As a general rule, your personal data will not be used for any other purpose than that for which they were voluntarily provided to us. Your personal data are shared or transferred to third parties if such sharing or transfer is authorized by you or required to achieve the purposes for which you have provided them to us. For instance, by registering to our newsletter, you consent that your personal data (name and email) be processed for the purpose of sending you emails.
We do not give information about you to government agencies, organisations or anyone else unless one or more of the following apply:
- You have consented;
- You would expect us to or we have told you we will;
- we are required to by law;
- we believe on reasonable grounds that disclosure is required to prevent or lessen significant risk to your life or physical, mental or emotional health or that of another person;
- we take appropriate action in relation to a reasonable suspicion of unlawful activity, or misconduct of a serious nature, that relates to our functions or activities;
- disclosure is required to assist any entity, body or person to locate a person who has been reported as missing;
- disclosure is made for the purpose of establishing, exercising or defending a legal or equitable claim; or
- disclosure is made for the purposes of a confidential alternative dispute resolution process.
We use your data to:
- deal with your questions and requests
- process and acknowledge your donations
- keep a record of your engagement with us
- send you updates, marketing and fundraising communications
- understand how we can improve our services and information
- manage job applications and recruitment processes
- analyse our fundraising activity
How we use your data depends on why you’re providing it:
Online forms and feedback
We will use your personal information to respond to your questions, requests or register you for events.
We use surveys to understand who visits our websites and how they use it, helping us to create better content for you and make our websites easier to use. We may ask for your email address if you are happy to be involved in future surveys or testing. We will only use this to ask you to help us with these types of requests.
We use your information to process and keep a record of your donation, in accordance with the relevant legislation on data retention. We also use your data to provide you with the tax documentation you need.
We use direct marketing to let you know what MSF is doing and how your support makes a difference. We may use it for emergency fundraising or to ask for other support. We will always respect your preferences and endeavour to send you information that you’ll find interesting, in the format and communication channel that you prefer.
We may send you direct marketing by registered post unless you indicate that you don't want to hear from us this way. We send these communications on the basis of it being within our legitimate interests to do so or if you have consented to receive this. Please see the “Legal Basis for Processing Data” section below for more information on this.
We will also send you direct marketing by e-mail, SMS and phone if you have consented to hear from us this way.
Our email direct marketing has ways to opt out or update your preferences in the footer of each email. To view the types of content you can subscribe to, and/or update your preference please visit our preferences page.
We may use publicly available information from your profile to target you with specific posts that may interest you. We’ll never ask for personal or sensitive information on social media. We may repost or share your posts on social media if it relates to MSF and our work.
We may respond to questions, queries or comments left on our social media channels. We may also use information found on your profile to help us answer these.
Check your social media accounts if you want to change the information you make public. Our websites use sharing buttons which share our web pages to social media platforms. Use these buttons at your own discretion. Social media platforms may track these shares through your accounts.
Your information is only accessible by trained staff. We regularly review who has access to your information. As a general rule, your personal data will only be accessible insofar as it is necessary to fulfil the purpose for which it was collected. For instance, the data you provide for donations will be accessible to our donations department, our fundraising and marketing team and to service providers, if any, for the purpose of processing your donation. We do comprehensive checks on any external contractor before we work with them. We always put a contract in place that sets out how they manage the personal data they collect or have access to, and employ encryption techniques to safeguard data transfers.
We use other companies to help us manage and store personal data and to carry out certain activities on our behalf. Our main data processors are listed below, but we may enlist the services of others from time to time:
- Rogerwilco – our website developer
- Donor Care – our in-house fundraising and customer contact consultants
- PE&R Business Solutions – our external fundraising and customer contact consultants
- ARA (Anthony Richards and Associates) – our external fundraising and customer contact consultants
- Bamboo - our recruitment management platform
- GivenGain – peer-to-peer fundraising platform
- Dotmailer – email marketing, surveys, and forms
- Ixiam – our database administrators
- DVT - our data migration consultants
We use appropriate technical and organisational measures and precautions in order to protect your personal data and to prevent the loss, misuse or alteration of your personal data.
While we make every attempt to ensure that your data is kept safe, no data transmission over the Internet is 100% secure. We can't guarantee the security of any information you send us and you do so at your own risk.
We keep your information for as long as it’s necessary in connection with the purposes defined above in “How do we use your information?” and for the purpose of providing you with your tax certificate. For instance, and as a general rule, we keep your email address for the purpose of sending you a newsletter until you unsubscribe from the mailing list.
If you request to receive no further contact from us, we'll keep only the basic information about you on our suppression list in order to avoid sending you unwanted materials in the future, for the duration allowed by the applicable legislation.
Organisations need a lawful basis to collect and use personal data under data protection law. The law allows for six ways to process personal data (and additional ways for sensitive personal data). Three of these are relevant to the types of processing that MSF carries out.
This includes information that is processed on the basis of:
- A person’s consent (e.g. to send you direct marketing by e-mail, post, or SMS);
- Processing that is necessary for compliance with a legal obligation (e.g. to process a tax certificate); and
- Our legitimate interests (please see below for more information).
Personal data may be legally collected and used if it's necessary for a legitimate interest of the organisation using the data, as long as its use is fair and doesn't adversely impact the rights of the individual concerned.
Our legitimate interests include:
- Charity Governance; including delivery of our charitable purposes, statutory and financial reporting and other regulatory compliance purposes;
- Administration and operational management; including responding to solicited enquires, providing information and services, research, events management, the administration of volunteers and employment and recruitment requirements.
- Fundraising and Campaigning; including administering campaigns and donations, and sending direct and online marketing by post, or online channels.
If you would like to change our use of your personal data in this manner, please get in touch with us using the details below ("How can you change your information and what are your rights?").
Contact us at firstname.lastname@example.org or 0800 000 331 if you'd like to view, change or update your personal information.
You have a number of rights under data protection legislation:
- You can request any information we hold on you. Email us at email@example.com and ask for it in writing. We will supply any information you ask for as soon as possible, but this may take up to 30 days. You may be asked for proof of identity.
- You have the right to ask us to stop using or to restrict the processing of your personal data in certain cases, e.g. where it’s not needed to do what you provided it to us for, or if there is some disagreement about its accuracy or legitimate use.
- You can withdraw your consent to us processing your data at any time (where such processing is based on consent e.g. to send you electronic direct marketing).
- If you believe our records are inaccurate you have the right to ask for those records concerning you to be updated. To update your records please get in touch with us using the details above.
- In some cases, you have the right to be forgotten (i.e. to have your personal data deleted from our database), or transferred to another organisation (“data portability”). Where you have requested that we don't send you marketing materials we will need to keep some limited information in order to ensure that you are not contacted in the future.
If you have any concerns about the way your data is being used or if you would like to make a complaint please contact us using the details above. You are also entitled to make a complaint to the Information Regulator (South Africa).