Privacy policy

We are committed to respecting the privacy rights of all donors and visitors to our website. The following information details Mercy Corps' collection, protection, and use of the data we receive from donors and visitors to this website.

Our general policy

Mercy Corps recognizes the importance of protecting information we may collect from donors and visitors to our website. We maintain appropriate security measures to keep this information private and secure. 

Mercy Corps follows industry standards on information security based on CIS (Center for Internet Security) controls to safeguard sensitive information including strong passwords, multi-factor authentication, data encryption, and security awareness training for all team members. As a PCI DSS compliant organization we perform quarterly security scans and yearly security audits by a third party qualified security assessor.

Personally Identifiable Information (PII) is accessible only to staff and volunteers who need it for a business purpose.  Confidential data, including PII, is protected via role-based access controls to ensure that it is not improperly disclosed, modified, deleted, or rendered unavailable.   Access to systems or applications that manage confidential data requires approval by Mercy Corps’ Information Security Department. All sensitive and confidential data, regardless of storage location, will be retained only as long as required for legal, regulatory, and business requirements. All media containing PII data is wiped and destroyed at the end of its life cycle. Mercy Corps team members are required to read and sign Mercy Corps’ Information Security Awareness and Communications Acceptable Use Policy which outlines best practices in this area, and acknowledge and adhere to Mercy Corps’ Responsible Data Policy.

If you choose to give us personal information via the Internet for the purposes of correspondence, processing a donation or subscribing to our email newsletter, then it is our intent to let you know how we will use such information.

Mercy Corps will remove your name from our mailing list, email list or telephone solicitation list at any time, at your request. We will not sell, rent or trade your email address to a third party.

Email updates

We use a third-party email marketing platform to deliver emails. This company employs techniques for tracking open rates and click-throughs that use email addresses as an identifier.

You will be given the option to remove your name from our email list at the bottom of each email update. And, again, we will not sell, rent or trade your email address to a third party.

Online donations

Mercy Corps’ online donation processor, Braintree, meets the highest industry standards for Payment Card Industry Data Security Standard (PCI DSS) compliance, utilizing high-grade encryption to ensure secure transactions, data transfer and data management.

Read our seven promises to donors here.

Disclosure of and Access to Your Information

Subject to applicable law, we may disclose your Personally Identifiable Information to:

  1. attorneys, accountants and advisors, who provide Mercy Corps with assistance or advice or are under contract to perform services for or on behalf of Mercy Corps (collectively, “Service Providers”), and who are required to protect the confidentiality of personal information, to maintain standards consistent with the requirements of this policy, and to use such information solely for the purpose for which such information was provided;
  2. consortium groups and third parties acting on behalf of non-profit organizations that combine your Personally Identifiable Information with information from other sources for analytical purposes;
  3. law enforcement personnel and agencies, as required by law and as part of a legal process, if other compelled to do so by law or in connection with any government or self-regulatory organization request or investigation, in order to protect our property, or in furtherance of an investigation regarding a data incident or breach, unauthorized access to or use of the website or any other illegal activities, or
  4. or other third parties, if you direct us to do so.

Your rights

You have the right to access data about you processed by Mercy Corps, with certain statutory exceptions. You also have the right to object to the collection and further processing of all or part of your personal data. Finally, you always have the right to request an update or deletion of your personal data.

Mercy Corps uses an automated process flow to support data subject requests. Through the platform, data subjects can request access to their personal data, object to the processing of all or part of their personal data, update their data, request deletion of your records, and request to opt-out of the mailing list.

Email verification is mandatory before processing any data subject request. Typically, it takes a month to handle a data subject request. Expect to receive an email notification once the request is processed.

Please find here the link to initiate a data subject request.

Use of third-party software and advertising services

We use third-party services to better understand the needs of people who visit our website. These services tell us information about technical aspects of our visitors' computers and some demographic information. We use this information to improve our content and structure, leading to a better user experience.

We use third-party advertising companies to serve ads. These companies may use information (not including your name, address, email address or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.

Cookies, web beacons, and similar technologies

Cookies

A cookie is a piece of information in the form of a very small text file that is placed in an internet user's local storage, e.g., a user’s hard drive. It is generated by a webpage server, which is the computer that operates a website. The information the cookie contains is set by the server and it can be used by that server whenever the user visits the site.

Mercy Corps uses cookies for the essential running of its websites and web applications, as well as for marketing and advertising purposes. Use of cookies for these purposes is described on our Cookies page

Spam filter

To help us filter out spam we use a service called Honeypot, and Akismet. For more information about those filters, please follow the links to each.

Donations by mail

In order to increase our base of support and keep our costs low, Mercy Corps sometimes exchanges a segment of our mailing list with other carefully selected organizations. Donors who make their first gift to Mercy Corps in response to an appeal letter may be included on this exchange list; all other donors are automatically excluded from the exchange. All donors who made their first gift to Mercy Corps before January 31, 2004 are also excluded from the exchange. At least once a year, we will inform all donors who are eligible to be included on the exchange list, and give them an opportunity to opt out of future exchanges. Donors who wish to have their names removed from the exchange list can call 1-888-842-0842 or email donorservices@mercycorps.org.

State registrations

Click here to see our state registrations.

If you would have additional questions about our privacy policy, please feel free to contact us via email at dataprotection@​mercycorps.​org or 1-888-842-0842.