We are committed to respecting the privacy rights of all donors and visitors to our website. The following information details Mercy Corps' collection, protection, and use of the data we receive from donors and visitors to this website.
Our general policy
Mercy Corps recognizes the importance of protecting information we may collect from donors and visitors to our website. We maintain appropriate security measures to keep this information private and secure.
Mercy Corps follows industry standards on information security based on CIS (Center for Internet Security) controls to safeguard sensitive information including strong passwords, multi-factor authentication, data encryption, and security awareness training for all team members. As a PCI DSS compliant organization we perform quarterly security scans and yearly security audits by a third party qualified security assessor.
Personally Identifiable Information (PII) is accessible only to staff and volunteers who need it for a business purpose. Confidential data, including PII, is protected via role-based access controls to ensure that it is not improperly disclosed, modified, deleted, or rendered unavailable. Access to systems or applications that manage confidential data requires approval by Mercy Corps’ Information Security Department. All sensitive and confidential data, regardless of storage location, will be retained only as long as required for legal, regulatory, and business requirements. All media containing PII data is wiped and destroyed at the end of its life cycle. Mercy Corps team members are required to read and sign Mercy Corps’ Information Security Awareness and Communications Acceptable Use Policy which outlines best practices in this area, and acknowledge and adhere to Mercy Corps’ Responsible Data Policy.
If you choose to give us personal information via the Internet for the purposes of correspondence, processing a donation or subscribing to our email newsletter, then it is our intent to let you know how we will use such information.
Mercy Corps will remove your name from our mailing list, email list or telephone solicitation list at any time, at your request. We will not sell, rent or trade your email address to a third party.
We use a third-party email marketing platform to deliver emails. This company employs techniques for tracking open rates and click-throughs that use email addresses as an identifier.
You will be given the option to remove your name from our email list at the bottom of each email update. And, again, we will not sell, rent or trade your email address to a third party.
Mercy Corps’ online donation processor, Braintree, meets the highest industry standards for Payment Card Industry Data Security Standard (PCI DSS) compliance, utilizing high-grade encryption to ensure secure transactions, data transfer and data management.
Disclosure of and Access to Your Information
Subject to applicable law, we may disclose your Personally Identifiable Information to:
- attorneys, accountants and advisors, who provide Mercy Corps with assistance or advice or are under contract to perform services for or on behalf of Mercy Corps (collectively, “Service Providers”), and who are required to protect the confidentiality of personal information, to maintain standards consistent with the requirements of this policy, and to use such information solely for the purpose for which such information was provided;
- consortium groups and third parties acting on behalf of non-profit organizations that combine your Personally Identifiable Information with information from other sources for analytical purposes;
- law enforcement personnel and agencies, as required by law and as part of a legal process, if other compelled to do so by law or in connection with any government or self-regulatory organization request or investigation, in order to protect our property, or in furtherance of an investigation regarding a data incident or breach, unauthorized access to or use of the website or any other illegal activities, or
- or other third parties, if you direct us to do so.
Use of third-party software and advertising services
We use third-party services to better understand the needs of people who visit our website. These services tell us information about technical aspects of our visitors' computers and some demographic information. We use this information to improve our content and structure, leading to a better user experience.
We use third-party advertising companies to serve ads. These companies may use information (not including your name, address, email address or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.
Cookies, web beacons, and similar technologies
A cookie is a piece of information in the form of a very small text file that is placed in an internet user's local storage, e.g., a user’s hard drive. It is generated by a webpage server, which is the computer that operates a website. The information the cookie contains is set by the server and it can be used by that server whenever the user visits the site.
Donations by mail
In order to increase our base of support and keep our costs low, Mercy Corps sometimes exchanges a segment of our mailing list with other carefully selected organizations. Donors who make their first gift to Mercy Corps in response to an appeal letter may be included on this exchange list; all other donors are automatically excluded from the exchange. All donors who made their first gift to Mercy Corps before January 31, 2004 are also excluded from the exchange. At least once a year, we will inform all donors who are eligible to be included on the exchange list, and give them an opportunity to opt out of future exchanges. Donors who wish to have their names removed from the exchange list can call 1-888-842-0842 or email firstname.lastname@example.org.
Click here to see our state registrations.