Make-A-Wish Foundation International (“Make-A-Wish”, “we”, “our”, “us”), are committed to protecting your privacy and the privacy of the Wish Children who we are here for, their families and friends.
This Policy explains how and why we collect and process personal information relating to donors and sponsors, and with whom we may share it.
Please read this Policy carefully. If you do not agree with this Policy, then please do not send any personal information to us (whether online or within any forms).
For the purposes of data protection law (including the General Data Protection Regulation), the data controller is Make-A-Wish Foundation International of 1702 E. Highland Avenue, Suite 305, Phoenix, Arizona 85016, United States of America, with operational offices at Frits Spitsstraat 1, 1217 WC Hilversum, the Netherlands. We are registered with the Arizona Corporation Commission and the Internal Revenue Service as a 501(c)(3) organization with the Employer Identification Number 86-0726985.
Information we collect
We may collect and use the following personal information:
contact details including: name, postal address, telephone number, email address and social media contacts;
where relevant: gender, date of birth, nationality, language(s) spoken;
further information that is reasonably necessary in connection with our processing of a contribution from a Donor or Sponsor, such as any payment information and any information needed by us to help us in responding to any enquiries and requests.
In addition to collecting information from donation/sponsorship or contracts, we may also collect personal information during visits or other meetings with you or your organization, or via telephone conversations or emails with or from you or your organization, or from publicly available sources of information.
How we use personal information and our legal basis for doing so
We collect, store and use personal information relating to Donors and Sponsors in order to assist us with our fundraising activities and the granting of Wish Children’s wishes.
administering financial and in-kind contributions;
communicating with Donors and Sponsors about our activities and any particular wishes and Wish Children that may be of interest to them;
supporting and communicating Donors and Sponsors when they are carrying out activities on our behalf (including in relation to any volunteer engagements), where Make-A-Wish is hosting an event in which a Donor or Sponsor participates; and
complying with any conditions attached to any funding or other support we receive. More generally, we may also use personal information for the following reasons:
compliance with legal, regulatory and corporate governance obligations and good practice;
gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests relating to those matters;
ensuring business policies are adhered to (such as policies covering security and internet use);
internal operational reasons, such as troubleshooting, testing, training and quality control;
ensuring the confidentiality of sensitive information;
security vetting, investigating complaints and allegations of criminal offences;
statistical analysis and research;
preventing unauthorised access and modifications to our systems.
Summary table of personal data processed and the lawful basis for processing
|Type(s) of personal information we process||Why we process this personal information||Our legal basis for processing this personal information|
To enable us:
||To enable us to keep in touch with you about our fundraising campaigns (subject to your preferences and consent for receiving such communications).||
||To enable us to provide and promote our services and to produce statistics and records (anonymised as appropriate) of our activities.||
(1) The legitimate interests of Make-A-Wish as a charity offering to grant wishes to Wish Children; and
(2) (as applicable) in order to comply with our legal obligations.
More about the information we use and why
Where we have a legal basis to use your personal information without consent (as we have described above), this Policy fulfils our duty to process personal information transparently, and helps us to do so fairly and lawfully and in a manner that you would expect given the nature of our relationship with you, by giving you appropriate notice and explanation of the way in which your personal information will be used.
Where consent is required for our use of your personal information, we will ask you to positively opt-in by ticking the appropriate consent box or otherwise communicating your consent. You may withdraw this consent at any time, but please be advised that withdrawing such consent may mean that we are unable to continue to provide any services to you and may be obliged to discontinue your participation in activities where the use of personal data with your consent is reasonably necessary.
Where you provide us with personal information relating to other individuals, you must obtain the consent of those individuals before doing so.
If you have any questions or require any further information regarding our use of personal information please contact [email protected].
Sharing your information
We may share your personal information with your consent or as is necessary with selected third-party service providers, and other companies that support us in the performance of the activities set out in the tables above.
We require all our third-party service providers and all other companies that support us to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-
party service providers to use your personal information for their own purposes and we only permit them to process your personal information for specified purposes in accordance with our instructions.
We may also need to share your personal information with a regulator or otherwise to comply with the law or to respond to valid legal process, including from law enforcement or other government agencies.
Who we may share personal information with
We may share your personal information with the organisations or types of organisations listed below:
the trusted operators of secure cloud-based platforms accessed by us and/or our Make-A-Wish affiliates from time to time in order to provide centralised data storage, and data management and transaction processing services. Specifically, this includes Salesforce Inc., an entity established in the United States, which hosts a customer relationship management platform used by Make-A-Wish affiliates to enable them to administer, co-ordinate and track wish applications. Such operators or service providers shall only be permitted access to your information to the extent required by them in order to provide us with contracted system maintenance, support or related services, or to provide (or assist us in performing) any related data back-up, restoration or other error correction or bug fixing activities;
Make-A-Wish’s payment service provider for receiving financial donations are iATS and CyberSource and may process financial transactions on our behalf;
third-parties or service providers in your country or in another country, as necessary; and
any of our Make-A-Wish entities from time to time (including any future group entities).
We also reserve the right to disclose some or all of your personal information to:
- government bodies or law enforcement agencies, or response to other legal or regulatory requests, but only if and to the extent required by law to do so; and
- our auditors, lawyers or other professional advisers for any auditing, accounting or related business purposes, or in the enforcement, defence or settlement of any legal proceedings brought by or against us, but only if and to the extent such disclosure is reasonably necessary for these purposes.
If you are at least 16 years old and feel that you understand this Policy well enough in order to give us permission to use your personal information where such permission is required, then we would ask you to give us that permission. We would also ask your parent, guardian or another individual with legal parental responsibility for you to confirm that permission.
If you are a parent, guardian or another individual with legal parental responsibility for a child whose personal information will be used under this policy, then we ask that you read and agree to this Policy and in order to give your permission for us to use that personal information. If your child is at least 16 years old and is able to understand the meaning and impact of this Policy, then we would ask your child also to give permission for us to use their personal information.
If you have any questions or queries please contact us using the details given below.
Where we store and process your data
The information that we collect relating to you will be stored on our secure servers within the United States of America.
In addition, your personal information may also be transferred by us to, and stored by, entities located outside the European Economic Area, including entities located in the United States of America or to other countries around the world which do not have data protection laws equivalent to those in the EU. This information may include special category data.
These entities may include Salesforce Inc. (and its relevant subsidiaries), Make-A-Wish Foundation International, and other overseas Make-A-Wish affiliates (as mentioned above).
Salesforce Inc. is certified under the EU-US Privacy Shield and as such has committed to internal practices and policies which ensure a level of protection equivalent to the data protection laws in the European Union (please refer to www.privacyshield.gov and http://www.salesforce.com/assets/pdf/misc/privacy-shield-notice.pdf for further details). We shall ensure that all information transferred to any entity outside the European Economic Area is transferred in compliance with all applicable data protection laws and regulations.
We believe that we have taken all technical and organisational steps reasonably necessary to ensure that your personal information under our control is held securely and in accordance with applicable law and this Policy. However please note that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of any information which is transmitted to us via the internet.
Recording and Photography
We may collect and process photographs and/or moving film images in connection with volunteer engagements, our fundraising activities and other events.
If you have concerns about the use of photographs or moving film images, please contact [email protected].
We also gather statistical and technical information about our web users, traffic patterns and website performance in order to provide a better experience to website visitors. This may include the IP address of the device you are using to access our website, your operating system and your browser type. This data does not identify you.
Use of your information for direct marketing purposes
Where you have consented to receive marketing communications from us, and/or to be placed on mailing lists, in connection with future support of our charitable aims or as a potential donor or fundraiser, we may also (in accordance with applicable law) use your contact details, including email address and telephone number(s), for requesting and/or processing donations, recording transactions and related direct marketing purposes. We may also obtain and store your bank or credit card details where you are an active donor or fundraiser, and use that information in connection with receiving donations and recording transactions from or with you.
We do not sell or share any of your personal information to any other person or business for the purposes of marketing.
Even if you have initially consented to receive marketing communications from us, you have the right at any time to ask us not to use your personal information for marketing purposes. You may exercise this right by opting out of any marketing communications we may send you. You may also exercise this right by contacting us at [email protected].
Retaining your personal information
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of your information, the purposes for which we process your information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Even if you request that we erase your information, we may still need to keep it (see Your rights below) or may keep it in a form that does not identify you.
If you would like details on how long we retain your information then please contact [email protected].
Transferring your personal information overseas
If you are based in the EEA, we may transfer, process and store the information we collect from you to the organisations mentioned under Where we store and process your data above, or to relevant third parties and service providers outside the EEA as necessary.
In each case, we will take all steps reasonably necessary to ensure that your personal information receives an adequate level of protection and is treated in a way consistent with European laws on data protection.
Updating and accessing your personal information
You have the right to access personal information held about you, subject to certain conditions, and to request its rectification or deletion.
If you would like to access or amend the personal information which we hold about you or you would like us to stop using your personal information, please contact [email protected].
By law you have the right:
to request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. We will need to prove your identity before we release any personal information to you.
to request correction or erasure of your personal information (unless we have the legal right to retain it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
to object to processing of your personal information where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
to request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
(in certain circumstances) to request the transfer of your personal information to another party.
to change your information processing preferences (including to withdraw your consent to data processing and/or to receive marketing communications) at any time.
You should be aware that if you ask us to stop processing your personal information in a certain way or to erase your personal information, and this type of processing is necessary in order for us to process your donation or continue to provide services to you, then we may not be able to do so. This does not include your right to object to direct marketing, which can be exercised at any time without restriction.
If you want to exercise any of the rights listed above, please contact [email protected].
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and verify your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Where you have provided your consent to the collection, use or transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact [email protected]. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
You confirm your consent to receive communications from us by email, SMS and/or via social media about our activities and campaigns or other information that we consider may be of interest to you (including, for example promotional materials and newsletters).
You have the right at any time to withdraw your consent to us contacting you for marketing purposes or giving your information to Make-A-Wish affiliates. If you no longer wish to be contacted for marketing purposes, you can unsubscribe by using the “unsubscribe” link at the bottom of our marketing messages or by contacting [email protected].
We will not provide your personal information to any other third-party businesses for marketing purposes.
Our website may contain links to other websites, including Facebook, Twitter and Instagram. This Policy only applies to our website so when you link to other websites, you should read their own privacy policies.
Changes to this Policy
We keep this Policy under regular review and will post any updates on this webpage. This Policy was last updated in October 2020.
How to contact us
Make-A-Wish Foundation International
Head office: 1702 E. Highland Avenue, Suite 305
Phoenix, AZ 85016
United States of America
Operational office: Frits Spitsstraat 1
1217 WC Hilversum
If for any reason you are not happy with the way that we have handled your personal information please contact our data protection officer at [email protected] . If you are still not happy, you have the right to make a complaint to the Dutch Data Protection Agency, at https://autoriteitpersoonsgegevens.nl/