1. Who are we?
We are a private foundation focused on developing and sharing knowledge about what works in early childhood development. We provide financial support and expertise to partners in government, civil society and business to help test and scale effective services for young children and families. Our mission is to improve opportunities for young children growing up in circumstances of social and economic disadvantage.
2. Privacy matters to us
We at the Bernard van Leer Foundation are committed to ensuring the privacy of all parties involved with our organisation. As our headquarters is located in the Netherlands, European legislation applies to our organisation. This privacy statement aims to give you an explanation of the General Data Protection Regulation (“GDPR”) and your rights as an individual (“data subject”) under this regulation. It also describes how we use and process personal data. For any questions, requests or complaints, please get in touch with our Data Protection Manager at DPM@bvleerf.nl.
3. About the GDPR and the role of the Bernard van Leer Foundation
On the 25 May 2018, the EU General Data Protection Regulation (GDPR) came into force. The goal of this regulation is to protect the privacy of individuals with new standards regarding personal data processing. In short, this is about any kind of use of personal data about individuals.
There are different parties involved in processing personal data. The GDPR distinguishes between a controller and a processor. The controller has final responsibility for everything that happens with the data, while the processor processes the data on behalf of the controller. There are also subprocessors that help process the data on the processor’s behalf.
Regarding this division of responsibilities and tasks, there are several scenarios for the Bernard van Leer Foundation:
4. Whose personal data do we collect?
5. How do we collect your personal data?
We may collect information about you:
- directly from you, such as the information you provided to us when you opted in for our mailings;
- from other sources, such as your (former) employer or colleagues;
- from publicly available sources such as LinkedIn or the corporate website of the organisation you are working for; and
- by means of cookies (that are placed when you opt in for our mailings and in any of our mailings). For more information on the cookies we use in this respect, please see below.
6. What legal grounds do we have to collect personal data?
We have two legal bases for processing your personal data with respect to our mailings: your consent or our legitimate interest if you are our client. Our legitimate interest translates into our objective to communicate relevant legal and tax developments and to invite our valued clients and contacts (and their partners) to events. We aim to send only relevant mailings, to personalise our mailings, and to keep our database up to date. Furthermore, we use the information provided by you to better understand the recipients of our mailings and to improve our mailings and service offering.
7. What types of information do we collect?
When you visit or contact us through the website, you may provide us with information about yourself, such as your email address or postal address for receipt of our publications. For our grantees we collect information relevant for the execution of the grant.
We are required to process some of the personal data in order to be able to send you the mailings. Of course, you may refuse to give us certain personal data. Please keep in mind that this may result in us being unable to send you the mailings or to correctly address you in these mailings.
8. With whom do we share your personal data?
In the context of the purposes listed above, we may share your personal data with third parties, such as Salesforce and/or Campaign Monitor, Microsoft 365. Data processing agreements are in place with these third parties.
Hosting and processing arrangements
Our websites are hosted by third-party service providers and therefore any personal details you submit through them may be processed by that third-party service provider.
We will ensure that, where relevant, contractual safeguards are implemented to ensure the protection of your personal data when disclosing your personal data to a third party. For example, we will enter into data processing agreements with relevant parties (providing for restrictions on the use of your personal data and obligations with respect to the protection and security of your personal data).
9. How long do we store your personal data?
We hold your personal information on our systems for only as long as is necessary for the purposes outlined above. We remove personal data from our systems once it is no longer required, in line with our guidelines on how long important information must remain accessible for future use or reference, as well as when and how data can be destroyed when it is no longer needed.
The length of time each category of data will be retained will vary depending on how long we need to process it for, the reason it was collected and any statutory requirements. After this time the data will either be deleted or we may retain a secure anonymised record for research and analytical purposes.
We will store your personal data until the moment you have informed us that you no longer wish to receive our mailings, we cease the sending of the relevant mailings, or it appears that your email address is no longer in use (for example when we receive a failed delivery notification). Information relating to one-time events will be deleted when the particular event has taken place and we no longer need that information.
10. What are your rights and how you can exercise them?
Please note that you can always unsubscribe from our mailings or change your preferences by clicking the subscribe or unsubscribe link at the bottom of every mailing. Further, you have the right to:
- information about and access to your personal data;
- rectify your personal data;
- erasure of your personal data (‘right to be forgotten’);
- restriction of processing of your personal data;
- object to the processing of your personal data;
- receive your personal data in a structured, commonly used and machine readable format and to (have) transmit(ted) your personal data to another organization.
To exercise your rights, please contact our Data Protection Manager, via DPM@bvleerf.nl.
Finally, you have the right to lodge a complaint with the relevant Data Protection Authority, such as the Dutch Data Protection Authority.
A cookie is a text-only piece of information that a website transfers to your computer’s hard disk so that the website can remember who you are. A cookie will normally contain the name of the Internet domain from which the cookie has come, the “lifetime” of the cookie, and a value, usually a randomly generated unique number.
12. How can you change the settings of/delete cookies?