Your personal information may reach us when you: use our website, donate, sign up for one of our events, communicate with us, join our team, fill in a questionnaire, or register to receive our periodic email updates. We never register you on our website except at your express request.

If you donate or contact us for any reason, we’ll usually collect your name and email. When we contact you or you contact us to explore your interests and/or to become an IFIT team member, we may request additional information (eg, areas of expertise, education, phone number, postal address, and passport).

Depending on the situation, we use your data to respond to your questions and requests, keep a record of your engagement with us, or process your donations. We do not sell your details to any third parties, nor do we share them without your consent. We do not use spamming techniques. We do not carry out international data transfers.

Your information is only accessible by IFIT staff and IFIT’s web manager. We regularly review who has access to your information.

We use approved companies to help us manage and store personal data and to carry out certain activities on our behalf. Our main data processors are listed below, but we may enlist the services of others from time to time:

• eNordic – Maintenance and developments of the IFIT website, G Suite account maintenance and support, email newsletter administration and maintenance.
• MailChimp –We have an electronic newsletter to which users can subscribe for updates about our activities. We use the marketing platform MailChimp, delivered by Rocket Science Group, LLC, for our newsletters. A data processing agreement between IFIT and Rocket Science Group, LLC, regulates the data processing between the two entities. To send the newsletter to the correct recipients, IFIT must store the email addresses of the subscribers. Any other personal information is optional to submit. The submitted data will never be shared, rented or sold to any third parties, and will be deleted whenever a user unsubscribes. The data is used only for administering the newsletter. The newsletter contains a link to unsubscribe or administer registered data. Users can unsubscribe at any time.
• Myriad USA: We collect online donations with the help of our fiscal sponsor, Myriad USAever, which has an account with Every.org: https://www.every.org/myriadusa. Use of this service is subject to the privacy policy of Every.org: https://www.every.org/privacy. For legal and accounting reasons, records of the donations and donors are collected and stored by us and the Myriad USA. With your express consent, we may also list you as a donor on our website and promotional or informational material pertaining to IFIT.
• Google – We use G Suite Online office and collaboration software, including Gmail. For reporting purposes and in order to improve the IFIT website to better serve the needs and wants of the visitors, we use Google Analytics for collecting, reporting and analysing visits to our website. The IP addresses of users visiting the site are registered, but anonymised before being processed by the analytics software so that information about visits cannot be traced back to an individual. In order to collect data for statistics and analytics and enhance the user experience, we use cookies on our website. Cookies are small pieces of data sent from a website and stored on the user’s computer by the user’s web browser. Most web browsers are set to automatically accept cookies. Users that do not want to accept the use of cookies should change the settings on their browser. Deactivating the use of cookies could, however, affect some of the functionality of the websites.
• Gesdocument – This is our corporate accounting firm.

We’ll disclose your personal data to third parties on a non-consensual basis only when we are required to do so by law (e.g., to authorised statutory agencies or authorities).

We use various technical and organisational measures in order to protect your personal data and to prevent the loss, misuse or alteration of your personal data. While we make sure to keep your data safe, no data transmission over the Internet is 100% secure.

If you request to receive no further contact from us, we’ll respect that fully. We may only keep some basic information about you on our suppression list in order to avoid sending you unwanted materials in the future. We may also need to keep any financial data that you give us for at least seven (7) years in order to comply with applicable legislation.

The law allows entities like ours to process personal data. This includes information that is processed on the basis of:

• A person’s consent
• Compliance with a legal obligation
• Our legitimate interests, as long as its use is fair and doesn’t adversely impact the rights of the individual concerned.  Our legitimate interests include: 1) charity governance – including delivery of our charitable purposes, statutory and financial reporting and other regulatory compliance purposes; 2) administration and operational management – including responding to enquiries, providing information and advice, research, event management, the administration of volunteers, and employment and recruitment requirements; and 3) fundraising – including administering donations.

You have a number of rights under data protection legislation:

• You can request any information we have about you; have access to your personal information; update your personal information; change your personal information; change your contact preferences; and/or delete your personal information.
• You have the right to ask us to stop using or to restrict the processing of your personal data in certain cases, e.g. if there is some disagreement about its accuracy or legitimate use.
• You can withdraw your consent to us processing your data at any time, where such processing is, in origin, based on consent.
• You have the right to ask for our records concerning you to be updated.
• You’re also entitled to make a complaint to the Spanish Data Protection Agency (www.agpd.es), which is the supervisory body that ensures compliance with data protection legislation in Spain.

Feel free to contact IFIT by e-mail at [email protected] or in writing at Institute for Integrated Transitions, Data Protection Officer, C/Sant Antoni Maria Claret, 167, 08025 Barcelona, Spain. We’ll supply any information you ask for as soon as possible, but this may take up to 30 days. Please note you may be asked for proof of identity.

If we make any significant changes in the way we treat your personal information, we’ll make this clear on our website or, if necessary, by contacting you directly. Our Privacy Policy will be updated periodically, as we deem necessary or as law requires.