Privacy policy
We are committed to respecting the privacy rights of all donors and visitors to our website. The following information details Mercy Corps’ collection, protection, and use of the data we receive from donors and visitors to this website.
Our general policy
Mercy Corps recognizes the importance of protecting information we may collect from donors and visitors to our website. We maintain appropriate security measures to keep this information private and secure.
Mercy Corps follows industry standards on information security based on CIS (Center for Internet Security) controls to safeguard sensitive information including strong passwords, multi-factor authentication, data encryption, and security awareness training for all team members. As a PCI DSS compliant organization, we perform quarterly security scans and yearly security audits by a third-party qualified security assessor.
Personally Identifiable Information (PII) is accessible only to staff and volunteers who need it for business purposes. Confidential data, including PII, is protected via role-based access controls to ensure that it is not improperly disclosed, modified, deleted, or rendered unavailable. Access to systems or applications that manage confidential data requires approval by Mercy Corps’ Information Security Department. All sensitive and confidential data, regardless of storage location, will be retained only as long as required for legal, regulatory, and business requirements. All media containing PII data is wiped and destroyed at the end of its life cycle.
If you choose to give us personal information via the Internet for the purposes of correspondence, processing a donation or subscribing to our email newsletter, then it is our intent to let you know how we will use such information.
Mercy Corps will remove your name from our mailing list, email list, texting lists, or telephone solicitation list at any time, at your request. To do so, please email donorservices@mercycorps.org. Alternatively, you may initiate a data subject request here.
Information collected by Mercy Corps
We are committed to protecting your privacy and maintaining transparency about how we handle your information. We do not collect personally identifiable information (PII) from visitors unless it is provided voluntarily and knowingly. This means you can browse our website without providing any personal details. However, certain features and interactions may require you to share information with us. For instance, we may collect PII such as your name, address, zip/postal code, email address, or phone number when you:
- Make a donation or pledge to support our cause.
- Sign up for our mailing list or other communications.
- Participate in surveys, events, or programs hosted by us.
Automatically collected information
When you visit our website, our servers automatically gather non-personally identifiable information about your device and browsing behavior. This includes your browser type and operating system, pages visited on our website and links clicked, your device’s IP address, the length of time spent on our website and the referring URL that led you to our website.
Email communications
We use ActionKit, a third-party email marketing platform, to deliver emails. This company employs techniques for tracking open rates and click-throughs that use a unique user id tied to email addresses as an identifier..
You will be given the option to remove your name from our email list at the bottom of each email update.
Mercy Corps partners with Data Axle to exchange emails. Occasionally, we may exchange or sell email addresses with other like-minded organizations for marketing and fundraising purposes. These partnerships allow us to reach more people who may be interested in supporting our cause.
If you prefer not to have your email address shared in this way, you can opt out at any time by emailing donorservices@mercycorps.org. Alternatively, you may initiate a data subject request here.
Online donations
Mercy Corps’ online donation processor, Braintree, meets the highest industry standards for Payment Card Industry Data Security Standard (PCI DSS) compliance, utilizing high-grade encryption to ensure secure transactions, data transfer and data management.
Read our seven promises to donors here.
Text Messages
We collect contact information when you subscribe to receive text messages from us. We use this information solely to provide the services or updates you’ve requested. Except for our service providers who assist in delivering SMS communications, we do not share this information with third parties. Please note that the delivery of SMS messages is subject to network availability and other factors beyond our control, such as weather, terrain, and equipment functionality. We are not responsible for delayed or undelivered messages.
Disclosure of and access to your information
Subject to applicable law, we may disclose your Personally Identifiable Information to:
- attorneys, accountants and advisors, who provide Mercy Corps with assistance or advice or are under contract to perform services for or on behalf of Mercy Corps (collectively, “Service Providers”), and who are required to protect the confidentiality of personal information, to maintain standards consistent with the requirements of this policy, and to use such information solely for the purpose for which such information was provided;
- consortium groups and third parties acting on behalf of non-profit organizations that combine your Personally Identifiable Information with information from other sources for analytical purposes;
- law enforcement personnel and agencies, as required by law and as part of a legal process, if other compelled to do so by law or in connection with any government or self-regulatory organization request or investigation, in order to protect our property, or in furtherance of an investigation regarding a data incident or breach, unauthorized access to or use of the website or any other illegal activities;
- or other third parties, if you direct us to do so.
Your rights
You have the right to access data about you processed by Mercy Corps, with certain statutory exceptions. You also have the right to object to the collection and further processing of all or part of your personal data. Finally, you always have the right to request an update or deletion of your personal data.
Mercy Corps uses an automated process flow to support data subject requests. Through the platform, data subjects can request access to their personal data, object to the processing of all or part of their personal data, update their data, request deletion of your records, and request to opt-out of the mailing list.
Email verification is mandatory before processing any data subject request. Typically, it takes a month to handle a data subject request. Expect to receive an email notification once the request is processed.
Please find here the link to initiate a data subject request.
Use of third-party software and advertising services
We use third-party services to better understand the needs of people who visit our website. These services tell us information about technical aspects of our visitors’ computers and some demographic information. We use this information to improve our content and structure, leading to a better user experience.
We use third-party advertising companies to serve ads. These companies may use information (not including your name, address, email address or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.
Cookies, web beacons, and similar technologies
Cookies
A cookie is a piece of information in the form of a very small text file that is placed in an internet user’s local storage, e.g., a user’s hard drive. It is generated by a webpage server, which is the computer that operates a website. The information the cookie contains is set by the server and it can be used by that server whenever the user visits the site.
Mercy Corps uses cookies for the essential running of its websites and web applications, as well as for marketing and advertising purposes. Use of cookies for these purposes is described on our Cookies page.
Spam filter
To help us filter out spam we use a service called Honeypot, and Akismet. For more information about those filters, please follow the links to each.
Donations by mail
To increase our base of support and keep our costs low, Mercy Corps sometimes exchanges a segment of our mailing list with other carefully selected organizations. Donors who make their first gift to Mercy Corps in response to an appeal letter may be included on this exchange list; all other donors are automatically excluded from the exchange. All donors who made their first gift to Mercy Corps before January 31, 2004, are also excluded from the exchange. At least once a year, we will inform all donors who are eligible to be included on the exchange list and give them an opportunity to opt out of future exchanges. Donors who wish to have their names removed from the exchange list can call 1-888-842-0842 or email donorservices@mercycorps.org. Alternatively, you may initiate a data subject request here.
State registrations
Click here to see our state registrations.
Updates to our privacy policy
We may update this Policy periodically to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any updates will be posted on our website at www.mercycorps.org/who-we-are/privacy-policy. If we make any changes that significantly impact on how we handle your personal information, we will do our best to notify you in advance by highlighting the changes on our website.
If you would have additional questions about our privacy policy, please feel free to contact us via email at dataprotection@mercycorps.org or 1-888-842-0842.