Privacy Policy

Updated Privacy Policy for International Work Group for Indigenous Affairs (IWGIA)

1. General

1.1 This Privacy Policy (“Policy”) applies to all information provided by you to IWGIA, by virtue of your role as a member/client or contributor, or as a user of our services, including when visiting our website and receiving our newsletter. In this Policy you can read more about the data we collect, how we process your personal data and how long we store it etc. Please read this Policy and contact us if you do not agree to its contents, either in part or wholly. The updated version of the Policy is available at www.iwgia.org/en (on this page), at any time.

2. Data Controller

2.1 The organisation responsible for processing your personal data is:
International Work Group for Indigenous Affairs (IWGIA)
Prinsessegade 29B
1422 Copenhagen
+45 53732830
This email address is being protected from spambots. You need JavaScript enabled to view it.
CVR number: 81294419
(Hereinafter "Organisation")

2.2 The general legal framework for our processing of personal data is EU Directive 2016/679 of the European Parliament and Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, including regulation. Additionally, it is complying with the framework of Danish Law No. 502 of 23/05/2018 - “Lov om supplerende bestemmelser til forordning om beskyttelse af fysiske personer i forbindelse med behandling af personoplysninger og om fri udveksling af sådanne oplysninger (databeskyttelsesloven)”.

2.3 All queries regarding this Policy, the processing of your data and any suspicion of non-compliance should first be directed to: Office Secretary Annette Kjærgaard, This email address is being protected from spambots. You need JavaScript enabled to view it.

3. Definitions

3.1 Some of the main terms related to personal data are defined below:

Personal Data
Any information relating to an identified or identifiable natural person, i.e. any information which, directly or indirectly, alone or together with other data, can be used to identify a particular natural person.

Data Controller
The natural or legal person, public authority, institution or other body which, alone or together with others, decides to which purpose and with which tools processing of personal data may be carried out.

Data Processor
The natural or legal person, public authority, institution or other body that processes personal data on behalf of the Data Controller.

Processing
Any activity or series of activities that involve(s) the use of personal data, including collection, registration, systematisation, modification, search, comparison and handing over of or disclosure to private individuals, public authorities, companies, etc. outside the Organisation.

Special Categories of Personal Data
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, data concerning health or a natural person's sex life or sexual orientation and biometric data for the purpose of uniquely identifying a natural person (sensitive data).

The General Data Protection regulation
EU Directive 2016/679 of the European Parliament and Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, including regulation.

Act on the Protection of Personal Data
Danish Law No. 502 of 23/05/2018 - “Lov om supplerende bestemmelser til forordning om beskyttelse af fysiske personer i forbindelse med behandling af personoplysninger og om fri udveksling af sådanne oplysninger (databeskyttelsesloven)”.

4. Purpose of Processing your Personal Data

4.1 Depending on whether you are a member or a contributor, client or volunteer or perhaps just a user of our website, we are under an obligation to process your personal data to the extent necessary to provide you with the services you request and in order to fulfil our obligations as a member association. This applies both in terms of managing any contributions from you − unless you decide to contribute anonymously − any services or products you purchase from us and/or any subscriptions or memberships you hold with us. Our processing may also include your use of our services, and/or promoting our services/products to you, signing up for our newsletter, or in other ways you share your personal data with us ie. a job application. All places, where we gather personal data about you, we will inform you with the purpose and processing of this personal data.

5. The Personal Data about you that we Process

5.1 Personal data we collect directly from you:

5.1.1 If you are a member, client, volunteer or contributor with us, we may collect the following personal data from you: Name, address, postal code, city, telephone number, e-mail address, registration and account number. Depending on your relationship with us we collect information about your civil registration number.

5.1.2 When you visit our websites we may collect your IP-address.

5.1.3 We do not collect any Special Categories of Personal Data (sensitive information).
Personal Data we can collect about you from others: Name, address, postal code and city.

5.1.4 In some cases, we need to collect information about you from others, for example information from the Danish Civil Registration System and Post Nord. We collect such information in order to keep your contact details up-to-date so as to ensure that you can receive materials from us. We also collect it in order to complement the information we have about you, for example if we need your address or get a reference for a job interview.

6. Cookies

6.1 On our website we use cookies to collect web statistics (Google Analytics). A cookie is a small text file sent from our server to your browser and stored on your PC's hard drive or your mobile device. Cookies make your usage of our website easier and more efficient. We do not process information about user behaviour collected via cookies in a way that can link user's behaviour to their identity. You can configure your browser to inform you about the use of cookies so as to decide on a case-by-case basis whether to accept or reject it. You may also opt to completely disable it. However, by doing so, some functionality of the website may not be optimal. The cookies do not contain personal data such as information about your e-mail address, your user ID or other personal data, other than that described in this Policy.

6.2 Purpose with using cookies on our website:

  • Technical functionalities so we can remember your settings
  • Tracking the traffic, so we know how many users who visits our sites
  • Targeting for marketing, so we can show you commercials that are the most relevant for you

The cookies will automatically be deleted after a period. Session cookies will be deleted the moment you close the browser while other cookies might be saved for between 12 and 24 months. All cookies will be renewed after each visit. Get more information about cookies here www.allaboutcookies.org.

7. How we Process your Personal Data

7.1 Specifically, we use your personal data for a number of purposes, depending on whether you are a member, contributor, client or volunteer, or perhaps just a user of our website.

7.1.1 If you are a member, we use your personal data to:

  • manage your membership and invite you to relevant activities
  • contact you regarding your membership and our work via post, e-mail, telephone and social media platforms
  • send you marketing materials to the extent that it complies with the marketing legislation in force at the time

7.1.2 If you are a contributor, we use your personal data to:

  • manage your contributions
  • contact you with the necessary information about your contribution(s) and our work via post, e-mail, telephone and social media platforms
  • send you marketing materials to the extent that it complies with the marketing legislation in force at the time

7.1.3 If you are a volunteer we use your personal data to:

  • administrate your connection to an event and send you material for the event
  • communicate with you and coordinate internally

7.1.4 If you receive our newsletter, we may use your Personal Data to

  • to send you newsletters with news from our organization, work and indigenous peoples and relevant publications
  • send you marketing materials to the extent that it complies with the marketing legislation in force at the time

7.1.5 If you are a user of our websites, we use your personal data to:

  • make functions on our website available to you
  • prepare statistics on your behaviour on our website
  • optimise the appearance of our website

8. Why we May Process your Personal Data (Basis of Data Processing)

8.1 When you become a member with us, make a contribution, purchase a product or enter into some sort of agreement with us, we process your ordinary personal data for exactly that purpose. We may also process your personal data if, for example, you have a query prior to entering into an agreement with us. The legal basis of processing your personal data is Article 6(1)(b) of the Danish Personal Data Regulation, as processing your data is necessary for us to fulfil our agreement with you or for us to handle inquires etc. prior to you entering into an agreement with us.

8.2 We may also process your ordinary personal data because we have a legitimate interest in processing your data, cf. Article 6(1)(f) of the Danish Personal Data Regulation, unless your right to have your ordinary personal data protected takes precedence over our legitimate interest in processing your data.

8.3 We have a legitimate interest in processing your personal data for marketing purposes. This means that our legitimate interest consists of knowing your preferences so as to better customise our offers to you and, ultimately, deliver the products and services that best meet your needs and preferences. Of course, we also comply with all provisions of the Danish Marketing Practices Act. In accordance with this provision, we also carry out statistics on the number of members, purchases, contributions, use of the website etc.

8.4 In certain cases we may also be under a legal obligation to process personal data about you, for example in connection with documentation of audit trails, pursuant to the provisions of the Danish Bookkeeping Act. The Act stipulates, among other things, that we are obliged to keep accounting records for up to five years from the end of the accounting year covered by such accounting records.

8.5 If you are not a member, contributor, client or volunteer with us, but perhaps just a user of our website or doing a petition, we need to be able to manage the information you provide in order to manage cookies etc., or for the purpose of the petition. Read more in our above cookie section. In some cases, we may register the IP addresses that have visited our website. An IP address can be considered a piece of personal data and, if we process your IP address, we will do so on the same basis as described above in section 8.2.

9. Sharing your Personal Data

9.1 We may share your personal data with the suppliers and partners that assist us in performing your order, or assist us with our IT operations, hosting, payment services and marketing.

9.3 In addition to the above, we share your data to the extent that we are obliged to do so, for example due to requirements to report to public authorities such as the Danish tax authorities (SKAT).

10. Sharing your Personal Data with Recipients outside of the EU/EEA

10.1 Some of our service providers, are located outside of the EU/EEA. Therefore, occasionally, we share your personal data with recipients in countries outside of the EU/EEA. This, however, requires that:

  • the relevant country or international organisation has a sufficient level of protection as defined by the European Commission
  • we have agreed on standard data protection provisions passed by the European Commission with the recipient receiving your personal data
  • the relevant recipient is certified according to Article 42 of the Danish Personal Data Regulation
  • the relevant recipient has adopted a set of approved Binding Corporate Rules

10.2 We may also ask for your consent to share your personal data with recipients located outside the EU/EEA, or this may be required due to an agreement with you or measures taken according to agreement with you. These exceptions of sharing are covered by Article 49 of the Danish Personal Data Regulation.

10.3 You may at any time request information about or a copy of the required guarantees that form the basis of sharing personal data with recipients outside of the EU/EEA and, if exceptions apply according to the description in Article 49 of the Danish Personal Data Regulation, the exceptions forming the basis for any such sharing of Personal Data.

11. Storing and Deletion of your Personal Data

11.1 We store and process your personal data if there is a legal and legitimate reason for doing so.
Wherever possible, we use automated deletion and anonymisation processes in our systems. Where our systems do not allow us to use such automated deletion and anonymisation processes, we use the following rules:

11.2 If you are a client, contributor or member, we will retain your personal data for five years plus the current year as per your withdrawal in accordance with the Danish Bookkeeping Act. Personal data about your bank, registration and account number will be deleted 13 months after your paying service has been terminated in accordance with the Danish paymentservice (betalingstjenesteloven) law of 2009 as it is a requirement that IWGIA shall be able to document an agreement up to 13 months after its termination.

11.3 If you have applied for a job at IWGIA, we may save your Personal Data for up to sixth months after your latest application.

11.4 If you are a user of our website and are neither a client, member, former member nor contributor, we will retain your personal data for up to 38 months after your latest visit.

12. Your Rights

12.1 Insight

12.1.1 You are entitled to gain insight into the personal data we process about you. You may request insight into the personal data we have registered about you, including the purposes for which such data has been collected, by writing to us at the above address; see section 2.1. We will comply with your request for insight as soon as possible.

12.2 Correction and deletion

12.2.1 You are entitled to request that the personal data we process about you be corrected, further processed, deleted or blocked. We will comply with your request as soon as possible to the extent necessary. If for some reason we are not able to comply with your request, we will contact you.

12.3 Limitation of processing

12.3.1 In certain circumstances you are entitled to have the processing of your personal data limited. Please contact us if you wish to opt for a limitation of the processing of your personal data.

12.4 Data portability

12.4.1 You are entitled to receive your personal data (only information about yourself that you have provided to us) in a structured, commonly used and machine-readable format (data portability). Please contact us if you wish to make use of the opportunity for data portability.

12.5 Right to complain

12.5.1 You are entitled to ask us not to process your personal data in cases where the processing is based on Article 6(1)(e) (in the public interest or exercise of authority) or Article 6(1)(f) (legitimate interest). The extent to which we process your data for such purposes appears from this Policy. You may at any time exercise your right to complain by contacting us.

12.6 Revocation of consent

12.6.1 If the processing of your personal data is based on your consent, you may revoke your consent at any time. Your revocation does not affect the legitimacy of the processing that was carried out prior to revoking your consent. Please contact us if you wish to revoke your consent.

12.6.2 If you wish to revoke your consent to receive promotional information and offers in general, including by ordinary post, e-mail, text, telephone or other electronic means, you may do so at any time by writing to us at This email address is being protected from spambots. You need JavaScript enabled to view it.. If we are unsure of your identity, we may ask you to identify yourself. This is free of charge, except for the ordinary costs of communication.

12.6.3 You may write to us at This email address is being protected from spambots. You need JavaScript enabled to view it. to exercise one or more of the above rights.

12.6.4 There may be conditions or limitations attached to the exercise of the above rights. This means that you may not have the right to data portability in that particular case − it depends on the specific circumstances of the processing activity in question.

13. Potential Consequences of not Providing Personal Data

13.1 If you are obliged to provide us with personal data about yourself, it will appear in places where we collect such data. If you do not wish to provide us with the personal data we request, the consequence may be that we are not able to provide you with the services you request, complete your order, create you as a contributor etc.
If you do not want to give us your Personal Data that we ask for it might have the consequence that we will not be able to provide you with the services you request. Necessary requirements will be marked with an * in the applications and formulas where we collect your Personal Data.

14. Use of automatic decisions/profiling

14.1 We use automatic analysis as part of our direct marketing. This means that we use the normal Personal Data that we collect about you to create a profile of you. The logic behind this is as follows: We use existing data about our users to create a profile on e.g. Facebook – also called an indirect profile, since we cannot track the user’s activities other than make marketing targeted for the user. We have the possibility to import and export data to and from Facebook in the form of name, e-mail, phonenumber and a profile-ID. The profile-ID will only be available through fundraisers, where the users after their own initiative collects money for IWGIA on Facebook. Furthermore, the users engagement (likes, commentaries, videoviews and sign-up) is tracked internally on Facebook, which provides the client (us) to better target our content to the users.

15. Security

15.1 Internally in our Organisation, our processing of personal data is subject to our “Intern Persondatapolitik for Behandling af Personlige Oplysninger i IWGIA”. This Policy also contains rules for the conduction of a risk assessment and an impact assessment of existing, new or changed processing activities. We have implemented internal rules and procedures to ensure an appropriate level of security from the time of collecting personal data until deletion, and the processing of personal data is always carried out by Data Processors maintaining an appropriate level of security and protection.

16. Complaints to Supervisory Authority

16.1 If you are not satisfied with our processing of your personal data, you are entitled to file a complaint with the Danish Data Protection Agency:
Datatilsynet, Borgergade 28, 5th floor, DK-1300 Copenhagen K, telephone +45 3319 3200, e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

17. Updating this Policy

17.1 IWGIA complies with the basic principles of personal data and data protection. Therefore, we regularly review this Policy to ensure that it is up-to-date and complies with applicable principles and legislation. This Policy may be changed without notice. Significant changes in this Policy will be published on this website together with an updated version of the Policy.

17.2 Any future changes in the Policy will be published on this site and can be sent to you by e-mail if you so wish.

This Policy was last updated in May 2018

Tags: IWGIA

About IWGIA

IWGIA - International Work Group for Indigenous Affairs - is a global human rights organisation dedicated to promoting, protecting and defending indigenous peoples’ rights. Read more.

Indigenous World

IWGIA's global report, the Indigenous World, provides an update of the current situation for indigenous peoples worldwide. Download here.

Contact IWGIA

Prinsessegade 29 B, 3rd floor
DK 1422 Copenhagen
Denmark
Phone: (+45) 53 73 28 30
E-mail: iwgia@iwgia.org
CVR: 81294410

NOTE! This site uses cookies and similar technologies.

If you do not change browser settings, you agree to it. Learn more

I understand