Give a Day is committed to processing (your) personal data in a legal, fair and transparent manner.
In this privacy statement relating to www.giveaday.be, we inform you in general terms about the way in which Give a Day processes personal data about you. We focus on the volunteers on the platform in the present statement. We provide more explanation elsewhere for visitors of the platform (primarily cookies), representatives and employees of organisations as well as representatives and employees of local governments that manage a local platform and act as joint data controllers according to article 26 GDPR. We also have separate privacy statements for employees of Give a Day and job applicants.
This general privacy statement supplements the special privacy statements that you will find when Give a Day requests information, such as when creating the account, on your profile page, in forms, etc.
"Give a Day" in this privacy statement refers to Give a Day, a cooperative with a social purpose under Belgian law. Give a Day is identified by its company number, and at the same time its VAT number, BE0659.887.535. The registered office of Give a Day is located at Veldstraat 98 in 2520 Ranst (Belgium).
The most up-to-date and additional information on Give a Day and its activities can be found on the website www.giveaday.be, in particular in the section "What is Give a Day?".
For a number of processing operations on the www.giveaday.be platform, Give a Day determines why and (broadly speaking) how the (personal) data is processed. This makes Give a Day the data controller of these (personal) data. This means that Give a Day is responsible to comply with the legal requirements regarding the processing of (personal) data.
Give a Day is not always the (only) data controller. Sometimes Give a Day is the data controller together with or alongside other platform administrators, e.g. municipalities or non-profits. In the context of volunteer management system for non-profits where the volunteer is active, Give a Day acts purely as a processor and the non-profit is the data controller.
For example, organisation determine what they do with the data of volunteers on the platform that they have received in response to a volunteer opportunity they published as part of their roles as volunteer coordinator. Within the context of volunteer management of active volunteers within the nonprofit, the nonprofit determines what they do with the data.
You can check those roles (such as matching and management) in Appendix 1 below or by requesting the data registry. This also applies if they would have exported that data from the platform before it was removed by the volunteer or Give a Day. In that case, the organization or local administration is the datacontroller.
Give a Day has not formally appointed a Data Protection Officer, as this is not (yet) necessary for Give a Day.
This does not mean that there is nobody to ask your questions to or to share your comments about privacy and data protection. You can submit these questions or comments:
The General Data Protection Regulation gives you a number of rights as a data subject. You can read all about it in the General Data Protection Regulation (GDPR), mainly in chapter 3.
You also have these rights with respect to organisations and local authorities that (together with or independently of Give a Day) are responsible for processing your data, which will usually be the case for platform administrators, for example. See the section on "www.giveaday.be as a platform".
As a rule, you must exercise your rights yourself.
If you are a volunteer’s (legal) representative, you can in principle exercise the rights of the person represented on behalf of the person represented. For example, a parent or guardian can exercise the rights of his or her child or the person under guardianship, unless the child or the person under guardianship opposes this or it (apparently) goes against the interests of the child or the person under guardianship.
To exercise these rights, you can use the Give a Day contact form. You can also exercise your rights by sending a letter to Give a Day's registered office or contact Give a Day at email@example.com.
If you exercise your rights, we ask you to be as specific as possible so that your question can be treated effectively.
We also point out that your identity must be reasonably verifiable in order to exercise your rights so as to avoid someone else exercising them. As a matter of principle, we will identify you and verify your identity in the same way as when we collected your data. So sometimes we will have to ask you to provide proof of your identity. This is, for example, the case:
If you send your request electronically (even if it may be unsafe, e.g. an ordinary email), you accept (the risks associated with the fact) that Give a Day will respond via the same channel.
For further information about your rights with regard to data protection or if you do not agree with Give a Day's position, please contact the Belgian Data Protection Authority: www.dataprotectionauthority.be (see art. 77 GDPR).
In this section, we indicate who generally receives, has, or may have access to your personal data.
Only people authorized to do so have access to (personal) data relevant to the performance of their task. These people may only use the data if and to the extent necessary for the fulfillment of their task. They are obliged to observe strict professional secrecy and to comply with all technical regulations aimed at safeguarding the confidentiality of personal data and the security of the systems which contain them.
Give a Day takes internal technical and organizational measures to prevent (personal) data getting into the hands of and being processed by unauthorized persons or being accidentally altered or destroyed.
For the execution of a number of processing operations, Give a Day makes use of specialized third parties who carry out (partial) assignments and the associated data processing for and on behalf of Give a Day. These third parties are referred to as “processors” in the data protection legislation.
As part of such transfers, it can happen that data are transferred to other countries where the data centres are located and whose legislation, where applicable, does not provide data protection equivalent to the European data protection. The European legislator then necessarily considers such transfers to be (legally) less secure. In a global context, however, it is unavoidable that data may in certain cases leave Europe. Give a Day, however, always tries to process the data on servers in Europe.
Give a Day ensures that the third parties concerned only have access to the information necessary for the execution of their assignments and undertake vis-à-vis Give a Day to use this information only for the execution of their assignments, according to the instructions given by Give a Day and with respect for other agreements as prescribed by law.
Give a Day cannot be held liable when these third parties, in accordance with (legal) obligations imposed abroad, transfer personal data of users to local authorities.
Specifically, Give a Day makes us of processors, directly or indirectly, such as:
Contracts, which incorporate the principles of good data management and data protection, are concluded with these processors.
Local authorities, non-profits, etc who act as partner and administrator of a local platform have in principle access to all data on the local platform, including the personal data of volunteers and representatives and employees of organisations. In addition, they can process the data in accordance with their role as local platform administrator defined in annex 1 (e.g. matching between requests for help and offers to help).
Volunteer organisations post volunteer opportunities for volunteers or neighbor helpers. As soon as a visitor responds to an opportuniy, the volunteer organisation gets to see the data in order to complete further follow-up and administration. Volunteer organisations can also upload their existing active volunteers into the system, after which the volunteer will be notified. He or she will be able to log in to view the Data and adjust them where necessary. The volunteer organization can send administration, messages and informational mails through the system necessary for the execution of the volunteer task. The volunteer can take the necessary actions within the framework of his volunteer task. In addition, they may process the Data in accordance with their role as volunteer coordinator defined in Annex 1 (e.g. management and administration of the active volunteers within the organization).
The public, i.e. the visitors of the www.giveaday.be platform, cannot receive any personal data from you directly, except for neighbor requests, where you actively respond to a neighbor request. This way one neighbor can help another neighbot.
Give a Day will periodically (at least every year) review whether changes in its organization and processes and / or its environment (such as the legal framework, technology, ...) require this statement to be amended. If necessary Give a Day will then amend this statement.
As a rule, Give a Day will not actively notify you of the change. This is also the case when the modifications do not require your consent, e.g. changes to Give a Day's registered office, changes to the layout, changes resulting from a legal obligation, etc. Nevertheless, Give a Day will try to alert you about the change, if possible without any particular additional cost (e.g. via a pop-up or an email).
In this section, we describe in a little more detail which data will be processed and how, depending on the role that you have with regard to the website or platform. Several roles may apply, e.g. website visitor and request for help. In such a case, both sections apply.
Data controller: Give a Day
If you are just a visitor of the www.giveaday.be platform, then the only (personal) data that we may process about you is the data that we receive from the cookies.
You can contact Give a Day via our contact form. In order to be able to help you further, we ask for the following information: your first name, your last name, your email address, and your phone number. If you have filled in the contact form (e.g. www.giveaday.be), Give a Day will only use these details to contact you and answer your question.
This data will not be kept longer than necessary to process your request.
Data controller: Give a Day and Platform Administrator. In case where the volunteer is active at an Organisation as a volunteer, the Organisation is also a Data controller for administration purposes
Persons can create a personal profile. The following data are collected in the form and/or profile: first name, last name, address, age, email, phone number, interests in helping neighbors and volunteering, where to volunteer, date of birth, profile picture, short description, skills, commitment, availability, neighborhoods where one wants to help, education and work experience. When one starts working as a volunteer, the organization may ask for additional information, namely national identity number, bank account number and emergency contact person in order to complete the necessary administration (expense notes, contracts,...).
A unique ID is also created to correctly identify the person.
The personal data of the help request will be used by Give a Day or the Local Platform Manager to search for a suitable help in the neighbourhood, to inform the person in need and to put the helper in contact with the help request.
If necessary, Give a Day or the Local Platform Administrator or organization where the volunteer is active may use the person's contact information to send service messages to the person (e.g., to put necessary paperwork in order or help with matching).
Give a Day, the Local Platform Administrator or the volunteer organization may contact you after your request for matching, in connection with matching for this or other volunteer opportunities, and inquire about the issues you have registered for. Contact information will be shared with the neighbor or volunteer organization to put you in touch.
This data is deleted on request of the person and in any case never processed longer than 5 years after the last activity on the platform. Only contracts and cost statements can be processed longer on legal grounds when required by law (e.g. for accounting purposes).
Data Controller: Give a Day
In order to create an organization or sharing platform, Give a Day requests from the Local Platform Administrator or organization the first and last name, telephone number and email address of at least one employee as contact person and (lead) administrator of the platform or organization profile. Give a Day and (the lead administrator of) the organization or Local Platform Administrator can add and remove new administrators.
Administrators of an organization or local platform can change their own password. The password is never visible to the Users or to Give a Day.
Give a Day uses the email address and phone number to contact the administrators to help them set up the relevant organization profile or local platform and to send information about the latest functional and technical changes to the platform.
The email address of administrators may also be used to receive emails from current or potential Users, in particular when it is clear that the User is trying or was trying to reach the Local Platform Administrator.
This data can be deleted by the administrator themselves, upon request or when the Local Platform Administrator or organization discontinues the local platform or organization profile and in any case never for longer than 5 years.
Through the platform, we want to facilitate the matching between requests for help and offers to help for neighbourly help or volunteer work, either automatically or manually. However, on a platform you are not alone and Give a Day is not responsible for all data processing to which the platform is connected.
For example, Give a Day is not responsible for data processing outside the platform, by volunteers (e.g. from the volunteering vacancies that they receive and/or help with), by people seeking help (e.g. from the volunteers who offered their help via the platform) and by the Local Platform Administrators (e.g. to provide additional or complementary services outside the platform or to report to their management).
On the other hand, a Local Platform Administrator is appointed for each dedicated platform. This Administrator has technically similar rights to Give a Day but they are limited to the dedicated platform. This means that the Local Platform Administrator is responsible for a number of activities and is a joint data controller together with Give a Day. The necessary arrangements have been made in that regard in an agreement with the Local Platform Administrator. As regards the exercise of your data subject rights, you may exercise these by contacting Give a Day as described in 1.3. Give a Day will coordinate, where necessary, with the Local Platform Administrator.
For the benefit of the Local Platform Administrators, it is clarified here that for the local platform that the Local Platform Administrator (co)manages, the Local Platform Administrator can export data from the platform. After that, Local Platform Administrators can in fact do anything with that data. As a rule, processing outside of the platform will be limited to, with respect for data protection rules
For anything beyond this, the Local Platform Administrator will, in principle, need to further inform those involved itself.
For the benefit of the Organisations, it is clarified here that for its active volunteers (helpers) and matches, the Organisations can export the data from the platform. After that, Organisations can in fact do anything with that data. As a rule, processing outside the platform will be limited to, respecting data protection rules
For anything beyond that, the organisation will in principle have to further inform the persons concerned itself.
For the benefit of the individuals or organsations that need or want to provide assistance, it is clarified here that the assistance provider can export the assistance requestor's data from the platform after matching and vice versa at status active. After that, they can basically do anything with that data. As a rule, processing outside the platform will be limited to, respecting data protection rules:
For anything beyond that, the person will in principle have to further inform the data subjects themselves.
Copyright © 2021 Give a Day. All rights reserved.
General terms and conditions