Privacy Policy

  1. Home
  2. Privacy Policy

iMMAP Inc., is committed to treating your personal data with security, respect, transparency and confidentiality. We adopted Privacy by Design and Default as a way of thinking and acting in favor of your privacy upfront and building privacy into our services. This policy is to inform you about the processing of your personal data by iMMAP Inc. and the rights to which you are entitled under data protection law whenever you visit our corporate website at iMMAP.org (hereinafter "iMMAP Website"). 

Who is responsible for your personal data?  

iMMAP Inc. is the Data Controller that collects and gathers information which means it is responsible for protecting  your personal data (in GDPR terms we are “controllers” of your personal data).  

What information do we collect? 

Personal data refers to any information that can identify you directly or indirectly. This includes identifiers such as your name, address, phone number, email address, identification number, location data, online identifier, or other factors unique to you as an individual that could enable your identification.  

Newsletter Subscriptions 

When subscribing to our newsletters, we collect your email address, first name, last name and your organization’s name to deliver timely updates and relevant content. This processing takes place under the legal basis of consent (GDPR Art. 6.1.a). In this case, we use Mailchimp (Mailchimp Privacy Policy) to assist in the management of the contact lists and in sending out newsletters to you.  

Contact Us form  

The information we process about you in the “Contact Us” is the information you have provided to us, such as: name, email address, as well as the contents of a message or attachments that you may send to us, and other information you choose to provide. The applied legal basis for the above-mentioned activities is our legitimate interests (GDPR Art. 6.1.f).   

Report an incident 

Allows you to report anonymous on any incidents that you may be a witness or victim of, from an iMMAP Inc. personnel. We use a third-party service, Syntrio´s Lighthouse Services (Syntrio Privacy Policy) to assist in submitting incident reports. Such incident form asks for information of those who you are reporting on. This form will not collect personal data relating to you unless you provide the email address that allows communication between iMMAP Inc. and yourself, and the exact location of where this incident had taken place.  

Digital solutions & tools 

iMMAP Inc. offers digital solutions, information management tools, online training platforms for humanitarian support and programs, such as ReportHub, the Humanitarian Spatial Data Center, Ukraine Learning platform and others. The platforms may ask you to provide, inter alia, part or all of the following information: your organizations country, sector, and name, along with your contact information such as full name, position, phone number and email.  

Data summits/ events  

iMMAP Inc. will host, from time to time, data summits or events to highlight our work in the humanitarian world. These events will be published on our main website https://immap.org/. Some events may require you to sign up with your first and last name, email address, and name of your organization. Events that collect personal data will have its own privacy notice regarding the event and how you can exercise your rights. 

Donations  

All information regarding “Donations” is information you voluntarily provide to our third-party provider, “Network for Good”. For more information regarding your personal information and retention of your data please see their Privacy Policy. This processing takes place under the legal basis of consent (GDPR Art. 6.1.a).  

Why do we need to process your personal data? 

iMMAP Inc. processes your data for one or more of the following purposes: 

  • to ensure IT security and IT operations, 
  • to assess the effectiveness of our promotional efforts, understand user engagement, and continuously refine our services and enhance user experience, 
  • to promote and manage events, 
  • to keep you informed, engaged, and updated about relevant news, or information related to the organization, its products, services, or industry, 
  • to process donations efficiently, 
  • for advertising our iMMAP Inc. services and their cooperation partners, 
  • for the prevention and investigation of criminal offenses in particular by data analyses to combat misuse, 
  • to comply with local, national or international laws, obligations and legal requirements, 
  • to conduct surveys and research activities with the objective of improving iMMAP’s recruiting process, 
  • to allow you to contact us and/or receive information from us, 
  • to offer you trainings for humanitarian support and programs, 
  • to communicate with you If you have reached out to us with a question or feedback, we may communicate with you to respond to that question or feedback. 
  • To keep records of your relationship with iMMAP Inc.  
  • To understand your needs in order to give you the best possible personalized services.  

With whom do we share your personal data?  

We share your personal data on a need-to-know basis with:  

Our affiliates: 

Our company affiliates perform certain data processing tasks centrally for the rest of the company entities. In that regard, your data may be processed centrally by a company in the group, for example, for development, for customer support, communications, among others.  

Third parties:  

iMMAP Inc. may involve third parties to provide you with the services only if they provide sufficient guarantees that your personal information will be protected and kept secure. These third parties process personal data based on our instructions only, and we ensure these companies apply the appropriate level of protection to your personal data. 

To give you the most privacy guarantees and data protection assurance – we carefully reviewed and vetted our third parties. To ensure compliance with data protection requirements on international transfers, the Standard Contractual Clauses (SCC) as adopted by the European Commission are signed with these providers when applicable.  

Our third-party service providers do not have any right to use the information we share with them beyond what is necessary to assist us. 

How long do we keep your personal information? 

We will only use and store your personal information for so long as it is required for the purposes it was collected for. How long personal information will be stored for depends on the personal information in question and what it is being used for, as well as whether there is any administrative or regulatory requirement for retaining the personal information. For example, we retain your personal information as long as necessary to comply with our obligations, including our obligations to you, to address any request by you (including to administer your donation), or to enforce our rights, or to comply with the requirements imposed by tax authorities or any other authority.   

Generally, data you provide directly is typically kept until either (1) you unsubscribe from the service requested or (2) request your data to be deleted, or (3) until 12 months after your last transaction, update, contact, etc. (excluding those mentioned in the preceding paragraph). We store data about your activity on our websites for 12 months, after which time it is deleted. 

Where your data is stored 

Any information you provide us is stored on our secure servers. Your Personal Data is stored in the European Union but can also be transferred or stored in a place out of the European Union. It can be processed by people out of the European Union working for us or for one of our providers and partners. By consenting to give your data, you agree to this transfer (that can include transfers to countries where the legislation is less protective than it is in the European Union), this storage or this processing. We take all reasonable measures to ensure that your data is being processed in a secure way and in accordance with this Privacy Policy. 

Security and Technical Organizational Measures  

iMMAP Inc. takes the protection of your personal data very seriously, and therefore we apply adequate technical and organizational measures to protect against accidental loss and unauthorized access, use, destruction or disclosure of data. For instance, some of the measures are:  

  • Strong input validation to avoid injections and other threats; 
  • Implementation of access controls and roles; 
  • Daily data backup enabled; 
  • SSL encryption; 
  • Regular platform checks; 
  • Storage of sensitive information like JWT tokens in encrypted cookies; 
  • Encryption of sensitive data; 
  • Implementation of logging and monitoring. 

Social Network Pages 

 To promote our services, we maintain public pages on social networks, such as Facebook, LinkedIn, and Twitter. We track the efficiency of those social network pages based on the user traffic data provided by the social network providers, using Hootsuite (Hootsuite Privacy Policy). The legal basis for collecting this data is our legitimate interest in analyzing user engagement and improving our services. This data allows us to assess the effectiveness of our promotional efforts and tailor our content to better meet the needs and preferences of our audience. 

iMMAP Inc. does not govern the processing of personal data by such third parties, so we suggest that you refer to the privacy policies of these websites should you wish to have more information.