Privacy policy
Last Update: March 2026
iMMAP, is committed to treating your personal data with security, respect, transparency and confidentiality. We adopted Privacy by Design and Default as a way of thinking and acting in favor of your privacy upfront and building privacy into our services. This policy is to inform you about the processing of your personal data by iMMAP and the rights to which you are entitled under data protection law whenever you visit our corporate website at iMMAP.org (hereinafter "iMMAP Website").
Who is responsible for your personal data?
iMMAP is the Data Controller that collects and gathers information which means it is responsible for protecting your personal data (in GDPR terms we are “controllers” of your personal data).
What information do we collect?
Personal data refers to any information that can identify you directly or indirectly. This includes identifiers such as your name, address, phone number, email address, identification number, location data, online identifier, or other factors unique to you as an individual that could enable your identification.
Newsletter Subscriptions
When subscribing to our newsletters, we collect your email address, first name, last name, and your organization’s name to deliver timely updates and relevant content. This processing takes place under the legal basis of consent (GDPR Art. 6.1.a). In this case, we use Mailchimp (Mailchimp Privacy Policy) to assist in the management of the contact lists and in sending out newsletters to you.
Contact Us form
The information we process about you in the “Contact Us” is the information you have provided to us, such as: name, email address, as well as the contents of a message or attachments that you may send to us, and other information you choose to provide. The applied legal basis for the above-mentioned activities is our legitimate interests (GDPR Art. 6.1.f).
Report an incident
Allows you to report anonymous on any incidents that you may be a witness or victim of, from an iMMAP personnel. We use a third-party service, Syntrio´s Lighthouse Services (Syntrio Privacy Policy) to assist in submitting incident reports. Such incident form asks for information of those who you are reporting on. This form will not collect personal data relating to you unless you provide the email address that allows communication between iMMAP and yourself, and the exact location of where this incident took place.
Digital solutions & tools
iMMAP offers digital solutions, information management tools, online training platforms for humanitarian support and programs.. The platforms may ask you to provide, inter alia, part or all of the following information: your organizations country, sector, and name, along with your contact information such as full name, position, phone number and email.
Data summits/ events
iMMAP will host, from time to time, data summits or events to highlight our work in the humanitarian world. These events will be published on our main website https://immap.org/. Some events may require you to sign up with your first and last name, email address, and name of your organization. Events that collect personal data will have its own privacy notice regarding the event and how you can exercise your rights.
Donations
All information regarding “Donations” is information you voluntarily provide to our third-party provider, “Network for Good”. For more information regarding your personal information and retention of your data please see their Privacy Policy. This processing takes place under the legal basis of consent (GDPR Art. 6.1.a).
Why do we need to process your personal data?
iMMAP processes your data for one or more of the following purposes:
-
to ensure IT security and IT operations,
-
to assess the effectiveness of our promotional efforts, understand user engagement, and continuously refine our services and enhance user experience,
-
to promote and manage events,
-
to keep you informed, engaged, and updated about relevant news, or information related to the organization, its products, services, or industry,
-
to process donations efficiently,
-
for advertising our iMMAP services and their cooperation partners,
-
for the prevention and investigation of criminal offenses in particular by data analyses to combat misuse,
-
to comply with local, national or international laws, obligations and legal requirements,
-
to conduct surveys and research activities with the objective of improving iMMAP’s recruiting process,
-
to allow you to contact us and/or receive information from us,
-
to offer you trainings for humanitarian support and programs,
-
to communicate with you If you have reached out to us with a question or feedback, we may communicate with you to respond to that question or feedback.
-
To keep records of your relationship with iMMAP
-
To understand your needs in order to give you the best possible personalized services.
With whom do we share your personal data?
We share your personal data on a need-to-know basis with:
Our affiliates:
Our company affiliates perform certain data processing tasks centrally for the rest of the company entities. In that regard, your data may be processed centrally by a company in the group, for example, for development, for customer support, communications, among others.
Third parties:
iMMAP may involve third parties to provide you with the services only if they provide sufficient guarantees that your personal information will be protected and kept secure. These third parties process personal data based on our instructions only, and we ensure these companies apply the appropriate level of protection to your personal data.
To give you the most privacy guarantees and data protection assurance – we carefully reviewed and vetted our third parties. To ensure compliance with data protection requirements on international transfers, the Standard Contractual Clauses (SCC) as adopted by the European Commission are signed with these providers when applicable.
Our third-party service providers do not have any right to use the information we share with them beyond what is necessary to assist us.
How long do we keep your personal information?
We will only use and store your personal information for so long as it is required for the purposes it was collected for. How long personal information will be stored for depends on the personal information in question and what it is being used for, as well as whether there is any administrative or regulatory requirement for retaining the personal information. For example, we retain your personal information as long as necessary to comply with our obligations, including our obligations to you, to address any request by you (including to administer your donation), or to enforce our rights, or to comply with the requirements imposed by tax authorities or any other authority.
Generally, data you provide directly is typically kept until either (1) you unsubscribe from the service requested or (2) request your data to be deleted, or (3) until 12 months after your last transaction, update, contact, etc. (excluding those mentioned in the preceding paragraph). We store data about your activity on our websites for 12 months, after which time it is deleted.
Where your data is stored
Any information you provide us is stored on our secure servers. Your Personal Data is stored in the European Union but can also be transferred or stored in a place out of the European Union. It can be processed by people out of the European Union working for us or for one of our providers and partners. By consenting to give your data, you agree to this transfer (that can include transfers to countries where the legislation is less protective than it is in the European Union), this storage or this processing. We take all reasonable measures to ensure that your data is being processed in a secure way and in accordance with this Privacy Policy.
Security and Technical Organizational Measures
iMMAP takes the protection of your personal data very seriously, and therefore we apply adequate technical and organizational measures to protect against accidental loss and unauthorized access, use, destruction or disclosure of data. For instance, some of the measures are:
-
Strong input validation to avoid injections and other threats;
-
Implementation of access controls and roles;
-
Daily data backup enabled;
-
SSL encryption;
-
Regular platform checks;
-
Storage of sensitive information like JWT tokens in encrypted cookies;
-
Encryption of sensitive data;
-
Implementation of logging and monitoring.
Links to other websites
Social Network Pages
To promote our services, we maintain public pages on social networks, such as Facebook, LinkedIn, and X. We track the efficiency of those social network pages based on the user traffic data provided by the social network providers, using Hootsuite (Hootsuite Privacy Policy). The legal basis for collecting this data is our legitimate interest in analyzing user engagement and improving our services. This data allows us to assess the effectiveness of our promotional efforts and tailor our content to better meet the needs and preferences of our audience.
iMMAP does not govern the processing of personal data by such third parties, so we suggest that you refer to the privacy policies of these websites should you wish to have more information.
Cookies Policy iMMAP’s website
Cookies are small pieces of text sent by your web browser by a website you visit. A cookie file is stored in your web browser and allows us or a third party to recognize you and make your next visit personalized and easier, recognizing your device and storing some information about your preferences or past actions. Cookies can be "persistent" or "session" cookies. Session cookies are deleted at the end of the session, whereas persistent cookies remain stored in the device until they expire.
How do we use cookies?
We use cookies in a range of ways to improve your experience on our website, including:
-
Keeping you signed in
-
Understanding how you use our website
-
To analyze the use of the website
-
To personalize the website for you.
What types of cookies may we use?
Google Analytics
Non-personally identifiable information is collected and processed, among other services, by Google Analytics (Google Privacy Policy) in an anonymized and aggregated way to improve iMMAP corporate website. This also serves marketing purposes. Google Analytics is a web analytics service that tracks and reports user traffic on apps and websites. It uses the data collected to track and monitor the use of iMMAP website. This data may also be shared with other Google services. Google Analytics data is retained for a maximum of 26 months.
Strictly necessary cookies/Essential cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you that amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but that will cause some parts of the site to not work. These cookies do not store any personally identifiable information.
Performance cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. If you do not allow these cookies, we will not know when you have visited our site and will not be able to monitor its performance.
Marketing cookies
We also use marketing cookies that deploy a cookie when a user interacts with marketing communications, such as a marketing email or a marketing-based landing page on our website. This cookie collects personal information such as your name, which pages you visit on our website, how you arrived at our website. Collected information is used to evaluate the effectiveness of our marketing campaigns or to provide better targeting for marketing.
The placement of analytical, and marketing cookies takes place under the legal basis of visitors’ consent (GDPR Art. 6.1.a); necessary cookies for our website to operate and do not require consent but are placed under our legitimate interests (GDPR Art. 6.1.f) or are legitimized by the necessity to perform the contract (GDPR Art. 6.1.b).
Third Party Cookies
In some special cases we also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through this site.
-
This site uses Google Analytics to help us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Analytics page.
-
Our website contains links to other websites. Our Privacy Notice applies only to our website. For example, we link to our accounts on a number of social media platforms such as Facebook, Twitter, LinkedIn, Instagram, Pinterest and YouTube. We are not responsible for the privacy policies or content on third-party websites and encourage you to read the privacy notices of other websites you visit.
Functionality cookies:
These cookies allow a site to remember choices you make (such as your username, language or the region you are in) and provide more enhanced, personal features.
These cookies cannot track your browsing activity on other websites. They don’t gather any information about you that could be used for advertising or remembering where you’ve been on the Internet outside our site.
The following cookies are used on iMMAP’s website:
|
immap.org | ||||
|
Cookie |
Domain |
Description |
Duration |
Type |
|
cookieyes-consent |
.immap.org |
CookieYes sets this cookie to remember users' consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about the site visitors. |
1 year |
Necessary |
|
rc::c |
.immap.org |
This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks. |
Session |
Necessary |
|
ARRAffinitySameSite |
.immap.org |
This cookie is set by Windows Azure cloud, and is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session. |
Session |
Necessary |
|
ARRAffinity |
.immap.org |
ARRAffinity cookie is set by Azure app service, and allows the service to choose the right instance established by a user to deliver subsequent requests made by that user. |
Session |
Necessary |
|
_ga_* |
.immap.org |
Google Analytics sets this cookie to store and count page views. |
1 year 1 month 4 days |
Analytics |
|
_gat_gtag_UA_* |
.immap.org |
Google Analytics sets this cookie to store a unique user ID. |
1 minute |
Analytics |
|
ai_session |
.immap.org |
This is a unique anonymous session identifier cookie set by Microsoft Application Insights software to gather statistical usage and telemetry data for apps built on the Azure cloud platform. |
1 hour |
Analytics |
|
_ga |
.immap.org |
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors |
1 year 1 month 4 days |
Analytics |
|
_gid |
.immap.org |
Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |
1 day |
Analytics |
|
_gat_UA-* |
.immap.org |
Google Analytics sets this cookie for user behaviour tracking. |
2 minutes |
Analytics |
|
_gat |
.immap.org |
Google Universal Analytics sets this cookie to restrain request rate and thus limit data collection on high-traffic sites. |
1 minute |
Performance |
Your rights as Data Subject
You may exercise GDPR rights regarding your personal data. In particular, you have:
The right to object against the processing of your information.
If we process your information for our legitimate interests, you can object against it. We will consider your request and if there are no compelling interests for us to continue processing the data, we will stop the processing for such purposes. If we believe our compelling interests outweigh your right to privacy, we will clarify this to you. You always have the right to object to our making use of your data for communication purposes.
The right to access your information.
You have the right to know what personal data we process about you. As such, you can obtain the disclosure of the data involved in the processing and you can obtain a copy of the information undergoing processing.
The right to verify your information and seek its rectification.
If you find that we process inaccurate or out-of-date information, you can verify the accuracy of your information and/or ask for it to be updated or corrected where this is possible (e.g: past invoices cannot be modified).
Restrict the processing of your information.
When you either contest the accuracy of your information, you believe we process it unlawfully or you want to object against the processing, you have the right to temporarily stop the processing of your information to check if the processing was consistent. This is known as restriction of processing. We will stop using your data until we are able to provide you with evidence of its lawful processing.
The right to have your personal data deleted.
If we are not under the obligation to keep the data for legal compliance and your data is not needed in the scope of an active contract or claim, we will remove your information upon your request.
The right to have your personal data transferred to another organization.
Where we process your personal data on the legal basis of consent you provided us or on the necessity to perform a contract, we can make, at your request, your data available to you or to an organization of your choosing.
Right to lodge a complaint
If you believe that our use of personal information violates your rights, if you are dissatisfied with a response you have received, or if we have failed to respond within a month, you have the right to lodge a complaint with the competent data protection authority of your choice.
Right to withdraw your consent
To the extent that the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time by contacting iMMAP’s Data Protection Officer. Please note that this will not affect our right to process personal data obtained prior to the withdrawal of your consent, or its right to continue parts of the processing based on other legal bases than your consent.
Changes linked to this privacy policy
We are committed to keeping you informed of how data is being handled. If we make material changes to this document, we will notify you by sending an email to you. We will also update the “last updated” date at the top of the page. If we let you know of changes through an email communication or by reasonable means, then the date on which we send the email will be deemed to be the date of your receipt of that email.
Contact us
Data Protection Officer
For any questions regarding exercising your rights or any data privacy concerns, please contact our Data Protection Officer (“DPO”) at dpo@immap.org.