Donate
Donate
Regreening projects
Regreening techniques
Regreening hearts & minds
Regreening projects
Campaigns
About us
Contact us
jaymondy ambassador
News & media
Partner up
Become a partner Justdiggit
Dig in as a supporter
Dig in with your time
Dig in as a farmer

Privacy Statement

We think your privacy is very important and we therefore carefully handle your personal data. In the privacy statement below we explain this further and describe which rules we adhere to.

Privacy Statement

Justdiggit processes personal data and other data in accordance with the privacy legislation: General Data Protection Regulation (GDPR).

Introduction

Stichting Justdiggit Foundation (“Justdiggit”, “we”, “us”, “our”), located at Prins Hendrikkade 25, 1012TM Amsterdam, the Netherlands, acts as the data controller for the processing of personal data described in this Privacy Policy. Personal data is any information that can identify a natural person (directly or indirectly).

We are committed to handling personal data carefully and in accordance with the General Data Protection Regulation (GDPR) and applicable local laws in the countries where we operate, including the United Kingdom, Tanzania, and Kenya.

What personal data do we collect and why?

Justdiggit collects your personal data when you use our services and/or when you provide it to us yourself. We collect personal information from:

  • Donors (individual and corporate);
  • Programme participants (e.g. farmers, community groups, local leaders);
  • Partners (media, research, institutional, business, foundations, sponsor);
  • Website users;
  • Contractors and service providers;
  • Staff of partner organisations;
  • Supervisory Board members;
  • Potential partners and leads.

Below, we explain, for each legal basis, what personal data we process and for what purpose.

Performance of a contract & legitimate interest

Where you are a party to a contract with us – as a donor, programme participant, partner, contractor, service provider, Supervisory Board member or potential partner – we process your personal data on the basis of performance of a contract. Where processing concerns individuals who are not themselves a party to the contract (such as staff of partner organisations), we rely on our legitimate interest, as we cannot perform our services, implement and monitor our programmes or communicate with donors, partners and stakeholders without this data.

Depending on your position to us, the personal data we process on these grounds includes: contact data (name, email, phone number, address, organisation), identification data (place and date of birth, gender, photographs), financial data (donations, payment history, bank details), payment data (transaction references), communication data (emails, engagement history), programme data (participation, attendance, household or village information, geolocation where relevant), professional data (job title, organisation, contractual details), and technical data.

Legal obligation

Justdiggit processes personal data such as contact information (name, address, organisation), identification data (date of birth), financial data (donations, payment history, bank details) and payment data (transaction references via payment providers) on the basis of a legal obligation, for example in connection with our tax obligations.

Consent

Justdiggit processes personal data such as contact details (name, email, phone number, address, organisation), technical data, (IP address, browser, device, cookies) program data (photos and videos from program participants) on the basis of your consent. We do this to be able to send newsletters and campaign updates as well as for publication and communication purposes. We also process your contact details based on consent to provide information about donation options, including recurring donations and bequests.

You may withdraw your consent at any time by unsubscribing via the unsubscribe link at the bottom of each newsletter, or by contacting us at info@justdiggit.org. Withdrawing your consent does not affect the lawfulness of processing prior to withdrawal.

Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy and to comply with any legal, accounting or reporting requirements.

There are also certain types of information, such as tax records, which require to be retained for a certain period by law. We will remove your personal data if we no longer need it for the purposes.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Specific retention periods are defined internally in our Record of Processing Activities (ROPA). If you have any questions regarding retention periods, please contact us via privacy@justdiggit.org.

Sharing Personal Data

We do not sell your personal data. We only share personal data when necessary for the performance of an agreement with you, compliance with legal obligations and/or legitimate (organisational) interest(s).

We may share data with:

  • Service providers (data processors), including payment providers, communication platforms, and IT service providers;
  • Technology partners, such as Microsoft and Google;
  • IT and security providers, including QNP and Eye Security;
  • Programme partners involved in project implementation;
  • Authorities, when required by law.
  • Intra-group entities, including Justdiggit organisations in Kenya, Tanzania, Senegal and United Kingdom, where necessary for operational coordination, programme implementation, and reporting. Data may be shared through internal tools, subject to appropriate data protection safeguards and agreements where required.

We ensure appropriate data processing agreements are in place with all relevant parties.

International Data Transfers

As an international organisation, some personal data may be processed outside the European Economic Area (EEA), including in countries such as the United States and Kenya. This may occur, for example, when we use service providers such as Mailchimp, Salesforce, Google, or Microsoft.

When personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Additional technical and organisational measures where required;
  • Transfers to countries with an adequacy decision where applicable.

These safeguards ensure that your personal data remains protected in line with the GDPR.

Cookies and Tracking Technologies

We use cookies and similar technologies to ensure our website functions properly and to improve user experience.

Cookies are small text files stored on your device when you visit a website.

We use:

  • Necessary cookies – required for the website to function;
  • Preference cookies – to remember your settings;
  • Analytical cookies – to understand how visitors use our website;
  • Marketing cookies – to personalise content and campaigns (only with your consent).

Where required, we ask for your consent before placing non-essential cookies.

You can manage or disable cookies through your browser settings at any time.

For more information about how we use cookies and your choices, please see our Cookie Policy.

Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Access controls and role-based permissions (e.g. via Microsoft 365 and SharePoint);
  • Device and account management through specialised IT providers;
  • Network, system, and endpoint security monitoring;
  • Encryption and secure data storage;
  • Regular software updates and patch management;
  • Incident detection and response procedures supported by cybersecurity partners;
  • Staff training and confidentiality obligations.

Your Rights

Under the GDPR, you have the right to:

  • Access your personal data;
  • Correct inaccurate data;
  • Request deletion (“right to be forgotten”);
  • Restrict processing;
  • Object to processing;
  • Data portability;
  • Withdraw consent at any time.

These rights are not absolute. You can exercise your rights by contacting: privacy@justdiggit.org. We will review your request in accordance with the GDPR. We will provide you with information about the actions we have taken in response to your request as soon as possible, but in any case within one month of receiving your request. We may extend this period by two months due to the complexity of your request or the number of requests we receive. We will inform you in that case.

Complaints

You have the right to lodge a complaint with the Dutch supervisory authority: Autoriteit Persoonsgegevens, or your local authority. A list of EU supervisory authorities and their contact details is available here.

Contact Details

For questions about this Privacy Policy or data protection: privacy@justdiggit.org.