Politique de confidentialité#
This Privacy Policy sets out how we, the International Aid Transparency Initiative (IATI), obtain, store and use your personal information when you use or interact with our websites, or where we otherwise obtain or collect your personal information.
This Privacy Policy is effective from 1st August 2025
We reserve the right to modify this policy at any time, so please check it frequently. For notification of updates, you can « watch » https://github.com/IATI/web-terms on GitHub.
1. Les informations que nous recueillons#
Les informations que vous nous fournissez
We collect data that you provide directly to us, including personal data. “Personal Data” is information that identifies you. For IATI websites this is collected in the context of one or more of the following:
Website Analytics#
Our use of Matomo and Plausible analytics involves collecting the following data, which is processed on the basis of our legitimate interest to improve our website and services:
Anonymized IP Address: We anonymize your IP address immediately upon collection, so you cannot be personally identified. Pages Visited: The URLs of the pages you view on our site. Timestamps: The date and time of your visit. User Agent Information: Your browser type, operating system, and screen resolution. This helps us ensure our site works well on different devices. Approximate Location: We determine your country and approximate region from the anonymized IP address. Referring Website: The site that linked you to ours, if applicable
Server Logs#
When you use our websites, we collect and analyse the following information about your computer or mobile device: your browser type and capabilities, IP address, browser language, operating system, and other similar information.
User Accounts#
When you create a user account for an IATI website, we collect the following categories of personal data, which is processed on the basis of your consent: name, username and email address.
3. How we Protect Your Personal Information#
We have implemented appropriate administrative, technical, organisational and physical security measures to protect against the unauthorised access, destruction or alteration of your information. This includes encrypting our Services using Secure Sockets Layer (SSL) and restricting access to Personal Data to all employees, contractors and agents working on behalf of the IATI Secretariat who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations.
4. Data Retention#
Nous supprimons ou anonymisons vos données à caractère personnel dès lors que celles-ci ne sont plus nécessaires aux fins pour lesquelles nous les avions recueillies, fins énoncées dans la présente politique de confidentialité.
5. Data Transfers#
To deliver our services, we may transfer the personal information we collect to countries outside of the United Kingdom (UK) and European Economic Area (EEA). We ensure that these data transfers are protected by appropriate safeguards.
We use the following mechanisms for these transfers:
Adequacy Decisions: We may transfer data to countries that the UK Government has deemed to provide an adequate level of data protection. This applies to our use of InnoCraft (Matomo) in New Zealand. Standard Contractual Clauses (SCCs): For transfers to other countries, such as the United States where we use Mailchimp, we rely on Standard Contractual Clauses (and the UK’s International Data Transfer Addendum) to contractually require the recipient to protect your personal information to the standard expected within the UK and EEA.
6. Data Processors#
The following organisations process personal data for the IATI Secretariat. Appropriate legislative and contractual protection is in place for all data processors. Where relevant policies are publicly available, they are linked below.
InnoCraft Limited, a New Zealand registered company (NZBN 6106769). See their privacy policy and the data processing agreement . InnoCraft operate matomo.cloud, which we use for website analytics.
Plausible Insights OÜ; Västriku tn 2, 50403, Tartu, Estonia. Registration number 14709274. See their privacy policy. and the data processing agreement . Plausible Insights operate plausible.io, which we use for website analytics/.
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. See their privacy policy. Google operate Google Workspace, which we use within the Secretariat for day-to-day operations.
Microsoft Ireland Operations Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland. See their privacy policy. Microsoft operate Azure, which we use for hosting IATI web infrastructure.
Intuit Mailchimp, 405 N Angier Ave. NE Atlanta, GA 30308 US. See their privacy policy. and data processing agreement. Intuit operate Mailchimp, which we use for mailing lists.
Open Social B.V., Ariënsplein 1, 7511 JX Enschede, Netherlands. See their privacy policy. Open Social operates IATI Connect.
Open Data Services Cooperative Limited, 1st Floor, Holyoake House, Hanover Street, Manchester M60 0AS. Registered Company No. 09506232 . Open Data Services are the technical delivery partner for the IATI Secretariat. Further information can be found at https://opendataservices.coop
Zendesk International Ltd, 55 Charlemont Place, Saint Kevin’s, Dublin, D02 F985, Ireland. See their privacy policy. Zendesk operates helpdesk software that we use for IATI Support.
SuiteCRM Ltd, 73 Stirling Business Centre, Wellgreen Place, Stirling, FK8 2DZ, Scotland. See their privacy policy. SuiteCRM provide CRM software that we use to deliver our services.
WSO2 (UK) Limited, Appledram barns, Birdham Road, Chichester, West Sussex, UK, PO20 7EQ. See their privacy policy. WSO2 provide identity management software that we use to deliver our services.
7. Your Rights#
En vertu du Règlement général sur la protection des données (RGPD), vous disposez des droits suivants :
Droit d’accès (art. 15 du RGPD) : vous avez le droit de demander la confirmation que vos données à caractère personnel sont ou ne sont pas traitées et, lorsqu’elles le sont, de demander un accès auxdites données à caractère personnel ainsi qu’à des informations telles que les finalités du traitement ou les catégories de données à caractère personnel concernées.
Droit de rectification (art. 16 du RGPD) : vous avez le droit de demander la rectification des données à caractère personnel inexactes.
Droit à l’effacement (art. 17 du RGPD) : vous avez le droit, dans certaines circonstances, de demander l’effacement de données à caractère personnel dans les meilleurs délais, notamment si vos données à caractère personnel ne sont plus nécessaires au regard des finalités pour lesquelles elles ont été collectées ou si vous retirez le consentement sur lequel est fondé le traitement, conformément à l’article 6(1)(a) du RGPD, et qu’il n’existe pas d’autre fondement juridique au traitement.
Droit à la limitation du traitement (art. 18 du RGPD) : vous avez le droit, dans certaines circonstances, de nous demander de restreindre le traitement de vos données à caractère personnel, notamment si vous pensez que les données à caractère personnel vous concernant sont inexactes ou que le traitement que nous en faisons est illicite.
Droit à la portabilité des données (art. 20 du RGPD) : Vous avez le droit, dans certaines circonstances, de recevoir les données à caractère personnel que vous nous avez fournies, dans un format structuré, couramment utilisé et lisible par machine, et vous avez le droit de transmettre ces données à un autre responsable du traitement sans que l’on y fasse obstacle, ou de nous demander de le faire.
Right to object (Art. 21 GDPR): You have the right to object to the processing of your Personal Data under certain circumstances. In particular if we process your Personal Data on the basis on legitimate interest (Art. 6 (1)(f) GDPR) or if we use your personal data for marketing purposes.
Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. In the UK, the relevant supervisory authority is the Information Commissioner’s Office (ICO). You can contact them at https://ico.org.uk/concerns/ .
You may assert those rights at any time by contacting us.
8. Nos coordonnées#
If you wish to contact us or have any questions about or complaints in relation to this Privacy Policy, please contact us at https://iatistandard.org/en/guidance/get-support/ . Open Data Services manages the storage and processing of personal information on behalf of UNDP, as part of hosting the IATI Secretariat.