Privacy policy
The privacy and security of your personal information is extremely important to us here at Love Kosova.
This privacy policy explains how and why we use your personal data, to make sure you stay informed and can be confident about giving us your information.
Your personal data is in safe hands with the Love Kosova and Love Balkans.
- We do: use your personal data to help us provide a great experience for you. This includes tailoring the information we share to ensure you find it relevant, useful and timely.
- We do: respect your privacy and work hard to ensure we meet strict regulatory requirements.
- We don’t: sell your personal data to third parties.
We’ll always protect your personal data and, as part of this, we regularly review our privacy notice so that you can see how we use your data and what your options are. If there are any further changes to the ‘General Data Protection Regulation’ (or GDPR) or related laws, we may need to amend this statement in the future.
A few quick notes:
- This privacy policy explains what data we collect as well as how and why we use your personal data
- The policy applies to you if you use any of our services, visit our website, live chat, email, call or write to us. In certain circumstances, we may also provide an extra privacy notice, which will always refer to this page
- We’ll never sell your personal data. We will only share it with organisations we work with who meet our high privacy standards.
1. Who are ‘we’?
In this policy, whenever you see the words ‘we’, ‘us’, ‘our’ or ‘Love Kosova’ or ‘Love Balkans’, it refers to Love Kosova.
If you have any questions relating to this privacy policy or how we use your personal data, please send them to dpo@lovekosova.com
2. What personal data do we collect?
We will collect and use your personal data (this means any information which identifies you, or which can be identified as relating to you personally, such as your name, address, phone number, and email address). We’ll only collect the personal data we need and we’ll make it clear at the point of collection why we are collecting it.
This personal data you give us may include your name, title, address, date of birth, age, gender, employment status, demographic information, email address, telephone numbers, personal description, photographs, attitudes, opinions, usernames and passwords.
We may automatically collect information as you use our digital services such as our website. This may include the pages you have visited, information about the device or browser you are using, any errors you encountered and data relating to any online transactions such as the order number for donations and online shop purchases.
We’ll also collect data on your activity when you create or log in to your ‘Love Kosova’ or ‘Love Balkans’ account. In whatever way you interact with us, such interaction may create other items of personal data. If you decide to donate to us, we’ll also keep records of when and how much you give to support our cause.
2.1 Information from third parties
We buy anonymous external data and combine it with your personal data to help us assist you in finding the services and products that you are looking to receive from us.
2.2 Sensitive personal data
We sometimes have to collect and use ‘sensitive personal data’ on our employees and volunteers. This is defined as information about racial or ethnic origin, political opinions, religious or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions. At times we’ll collect sensitive personal data to help us monitor equal opportunities and to research whether we deliver great experiences for everyone, regardless of their background or beliefs, but this is only ever analysed at an aggregate rather than individual level.
2.3 Volunteer
If you’re a ‘Love Kosova’ or ‘Love Balkans’ volunteer we may collect extra information about you (such as references, criminal records checks, details of emergency contacts or medical conditions). We will keep this information for legal or contractual reasons, to protect us (including in the event of an insurance or legal claim), and for safeguarding purposes.
3. What else do we generate from your personal data?
We conduct research and analysis on the information we hold which can in turn create further personal data. For example, by analysing your interests and involvement with our work we may be able to build a profile which helps us decide which of our communications are likely to interest you.
This analysis may be carried out by us or by third party organisations working for us.
We may also host encrypted personal data on third party websites (for example, social media platforms) to ensure you only see relevant, personalised and interesting content from those organisations.
4. How we use your personal data?
We’ll only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation and Privacy of Electronic Communication Regulation.
We also use your personal data within the relevant lawful grounds as by Kosovo Data Protection Law No. 06/L-082 on Personal Data Protection also known as ‘The Data Protection Law’.
We will use your personal data for the purpose or purposes outlined at the time you gave it to us.
We use this information:
- to provide the service, product or essential information you expect from us
- where you have given us your consent to do so, to keep you informed about: visiting our places, volunteering with us, membership, events, activist work, fundraising, our shops.
- to enable trusted partner organisations to perform services on our behalf or to help us understand our supporters more effectively.
- to better understand how we can improve our services for you
- We may also need to provide your personal data if we’re asked by the police, or any other regulatory or government authority investigating suspected illegal activities.
Below are the main ways we will use your data. These all depend on the nature of our relationship with you and how you interact with and use our various services, websites and activities.
4.2 Our digital services
Location data
We use the location data provided by the devices you use to access our main website. If you let your device share this information with us, we’ll use it to personalise your experience with us. Your device or web browser will usually prompt you when this is requested.
YouTube API services
We use YouTube API services to display video across our website. By using our website, you agree to be bound by the YouTube Terms of Service.
Find out more information on Google Privacy policy
4.3 How we share your data
We will not sell your personal information to a third party.
We may share your information with partners to allow them to perform services on our behalf. Where applicable we have contracts in place with our suppliers, which require them to comply with the General Data Protection Regulation and The Privacy and Electronic Communications Regulations (or PECR), and to have robust systems and processes to protect the security of your information.
We may provide your email address to digital advertising or social media companies who work on our behalf, such as Facebook and Instagram. This is so we can reach you and others like you with information about how you can support our cause. This data is always provided in an encrypted format and is deleted immediately after use. If you don’t want to see targeted advertising from us on social media, please refer to the instructions provided by the social media site, for example on Facebook, Instagram, Twitter and Google.
Below are some examples of the types of organisations with which we may share your data:
- Advertising partners – to enable us to ensure our advertising is relevant to the recipients.
- Analytics partners – to enable us to track the effectiveness of our website or mobile apps.
- Social media partners – so that we can effectively communicate with our supporters on social media platforms.
- Website and app partners – to help us develop websites and apps that give our customers the best possible online experience.
4.4 Cookies and links to third party websites
Cookies
Cookies are small text files stored on your computer when you visit certain websites. We use first-party cookies (cookies that we have set, that can only be read by our website) to personalise your online experience. We also use third-party cookies (cookies that are set by an organisation other than the owner of the website, in this case ‘Love Kosova’ or Love Balkana’) to help us measure and analyse the use of our website and to provide targeted advertising. You can control the use of cookies via your browser.
How do I change my cookie settings?
Cookies can be controlled by your web browser settings. Whether our cookies are used will depend on your browser settings, so you are in control. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, please use the following links:
- Internet Explorer cookies information
- Chrome cookies information
- Firefox cookies information
- Safari cookies information
- Further information on cookies and how to manage your cookies can be found in the ‘Love Kosova’ or Love Balkans’’s cookie policy.
Links to other websites
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, they will have their own privacy policies for which we do not accept any responsibility or liability.
4.5 Marketing communications
If you agree to receive marketing information from us you can always change your mind at a later date. For more on withdrawing your consent, please see the information in section 7 under Your data protection rights.
4.6 Research
We carry out research with our supporters, customers, staff and volunteers to get feedback on their experience with us. We use this feedback to improve the experiences we offer and ensure we know what you find relevant and interesting.
If you choose to take part in research, we’ll tell you when you start what data we will collect, why and how we’ll use it. All the research we conduct is optional and you can choose not to take part. For some of our research, we may ask you to provide sensitive personal data (for example, ethnicity). You don’t have to provide this data and we also provide a ‘prefer not to say’ option. We only use it at an aggregate rather than individual level (for example, for reporting on equal opportunities).
We may give some of your personal data (for example, contact information) to a research agency so that they can carry out research on our behalf.
4.7 Recruitment and employment
If you work for us or apply for a job with us, we will process your personal data, including sensitive personal data, to comply with our contractual, statutory and management obligations and responsibilities.
This data can include but isn’t limited to, information relating to your health, racial or ethnic origin, and criminal convictions. In certain circumstances, we may process personal data or sensitive personal data without explicit consent. You can find further information on the data we collect and why below.
Our contractual responsibilities include those arising from a contract of employment. This includes, but is not limited to, data relating to: payroll, bank account, postal address, sick pay, leave, maternity pay, pension and emergency contacts.
Our statutory responsibilities are those imposed by law on us as an employer. This includes, but is not limited to, data relating to: tax, social security, sick pay, paternity or maternity pay, family leave, work permits and equal opportunities monitoring.
Our management responsibilities are those necessary for the way the organisation functions. This includes, but is not limited to, data relating to: recruitment and employment, training and development, absence, disciplinary matters and contact details.
4.8 Use of sensitive personal data
As explained in Section 2, in certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of an employee or volunteer.
(a) We will process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge and, where necessary, consents.
(b) We will process data about, but not limited to, an employee’s or volunteers racial and ethnic origin, their sexual orientation and their religious beliefs, but only where they have volunteered such data and only for the purpose of monitoring and upholding our equal opportunities policies.
5. How we secure your data
We want to keep our customers, members, volunteers, employees and contractors safe, so the security of your data and of our information systems is incredibly important to us.
External threats to our data security are changing all the time, so we have a robust process for assessing, managing and protecting all of our new and existing systems to ensure they are up to date and secure. What’s more, we follow a ‘defense in depth’ security model, which means that your data is protected by multiple layers of security.
Our staff complete mandatory information security and data protection training when they start with us and every year afterwards, to reinforce their responsibilities and requirements.
When you trust us with your data we will keep your information secure to maintain your confidentiality. Whenever your information is stored or transferred, we use strong encryption to minimise the risk of unauthorised access or disclosure. You can check this when you enter information on our website by right clicking on the padlock icon in the address bar.
5.1 Storing information
‘Love Kosova’ and ‘Love Balkans’ operations are based in Kosovo and we store most of your data. Some organisations which provide services to us may transfer your data outside of Kosovo but we’ll only allow this if your data is adequately protected. Some of our systems are provided by US (United States) and EU (European Union) companies and while it is our policy that we prefer data hosting and processing to remain in Kosovo and the EU, it may be that using their products results in your data being transferred to the USA. However, we only allow this when we are certain your data will be adequately protected in accordance with US Privacy Shield or Standard EU contractual clauses.
5.2 Payment card security
‘Love Kosova’ and ‘Love Balkans’ are certified Level 1 PCI DSS compliant (Payment Card Industry Data Security Standard). This is the stringent international standard for safe card payment processes. As part of our compliance, we ensure that our IT systems do not directly collect or store your payment card information, such as the full 16-digit number on the front of the card or the security code on the back.
Our online payment solutions are carried out using a ‘payment gateway’ (such as Sagepay) which is a direct connection to a payment service provided by a bank. This means that when you input card data into the payment page, you are communicating directly with the bank and the bank passes your payment to us. This means that your payment card information is handled by the bank and not processed or held by us.
6. Disclosing and sharing information
We do not sell or share your personal information for other organisations to use.
When we allow third parties acting on behalf of ‘Love Kosova’ and ‘Love Balkans’ to access your information, we will always have complete control of what they see, how long they see it for and what they are allowed to do with it.
Where necessary, we may share the personal data we collect and process with:
- Third party research organisations
- Third party IT providers, for example who host the website or provide IT support
Also, under strictly controlled conditions, we will share personal data with:
- Contractors
- Service providers
- Advisors
- Agents.
We may also disclose your personal information to third parties in order to comply with a legal obligation, or to enforce other agreement. It may also be used to protect the rights, property or safety of ‘Love Kosova’ and ‘Love Balkans’. This includes exchanging information with other companies and organisations to protect against fraud.
6.1 Sharing employee personal data
In order to carry out our contractual and management responsibilities, we may, from time to time, need to share an employee’s personal data with one or more third party supplier.
To meet an employment contract, we are required to transfer an employee’s personal data to third parties, for example, to pension providers and the Employment Agency of The Republic of Kosovo.
In order to fulfil our statutory responsibilities, we’re required to provide certain aspects of an employee’s personal data to government departments or agencies; for example, to provide salary and tax data to the Employment Agency of The Republic of Kosovo.
7. Keeping your information
We will only use and store your information for as long as it is required for the purposes it was collected for. How long it will be stored for depends on the information in question, what it is being used for and, sometimes, statutory legal requirements.
8. Your data protection rights
Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights. Where we decide how and why personal data is processed, we are a data controller and have provided further information about the rights that individuals have and how to exercise them below.
9.1 Access to personal data
You have a right of access to personal data held by us as a data controller. This right may be exercised by emailing us at dpo@lovekosova,com
You may be asked to provide the following details:
- The personal information you want to access
- Where it is likely to be held
- The date range of the information you wish to access.
We will need you to confirm your identity. If we hold personal information about you, we will give you a copy of the information in an understandable format together with an explanation of why we hold and use it. We will aim to respond to any requests for information promptly, and in any event within the legally required time limits (30 days). This timeframe may be extended by up to two months if your request is particularly complex.
9.2 Withdrawal of consent
Where you have given consent for the ‘Love Kosova’ and ‘Love Balkans’ to use your personal data, you have the right to withdraw that consent at any time. You also have the right to ask ‘Love Kosova’ and ‘Love Balkans’ to stop using your personal data for direct marketing purposes. To stop receiving an email from ‘Love Kosova’ and ‘Love Balkans’ marketing list, please click on the unsubscribe link in the relevant email received from us or you can manage your marketing contact preferences via our websites.
9.3 Amendment of personal data
We want you to remain in control of your personal data. You can update or amend your personal data via our websites.
When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make corrections based on your updated information.
9.4 Other data subject rights
This privacy policy is intended to provide information about what personal data we collect about you and how it is used. As well as rights of access and amendment referred to above, individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion (‘right to be forgotten’), to restrict or object to our processing of personal data and the right to data portability. There may be other legal reasons why we need to process your personal data, but please tell us if you don’t think we should be using it. If you wish to exercise any of these rights, please send an email to dpo@lovekosova.com
10. What to do if you're not happy?
In the first instance, please talk directly to us, so we can learn from and resolve any problem or query. You can send an email with the details of any data protection complaint to dpo@lovekosova.com. We will respond to any complaints we receive.
You have the right to contact the Information and Privacy Agency (“AIP”) (Kosovo’s data protection regulator). For further information on your rights and how to complain to the AIP, please refer to the AIP website.
10.1 About this privacy policy
Please check the above policies before you submit any personal data on this website. This privacy policy applies solely to the personal data collected by the ‘Love Kosova’ and ‘Love Balkans’.
We’ll amend this privacy policy from time to time to ensure it remains up to date, shows how and why we use your personal data, and reflects any new legal requirements. Please visit our website to keep up to date with any changes. The current version will always be posted on our website.
This privacy policy was last updated on 22 November 2020.