Last updated: May 21, 2026

Who We Are

TISFD Secretariat is the data controller responsible for the processing of personal data described in this Privacy Policy.

Email: info@tisfd.org
Address: 1 United Nations Plaza New York, NY 10017 United States

What Data We Collect

We collect the following categories of personal data when you use tisfd.org:

Cookie consent preferences (record of your choices about cookies and similar technologies).

Device and connection information that is necessary to load and protect the website, such as IP address, browser type, device information, and similar technical data.

Feedback and stakeholder submissions you send to us through our forms, including the information you choose to provide in your message and any contact details you include.

Contact details used to keep you updated when you ask to hear from us, such as your email address and related subscription preferences.

Website usage data collected through analytics technologies, which may include pages viewed, interactions, approximate location derived from IP address, and other usage information collected via cookies or similar technologies when you consent.

Sources of personal data:

Directly from you when you submit feedback or provide your contact details through our forms.

Automatically when you access the website (for example, technical data needed to deliver content and protect the site).

From cookies and similar technologies, where required, when you provide your consent for non-essential cookies (such as analytics).

Providing feedback and contact details is optional, but if you choose not to provide them, you may not be able to submit feedback or receive updates. Technical data is required to provide and secure the website.

How We Use Your Data

We use your personal data for the following purposes and legal bases:

To measure and understand website usage using analytics technologies, so we can improve the website and how information is presented. Legal basis: your consent.

To send you updates you have asked to receive (for example, newsletters or similar communications). Legal basis: your consent.

To protect the website and our users, including detecting and blocking abusive traffic, fraud, and security threats. Legal basis: our legitimate interests in maintaining the security and integrity of our website.

Who We Share Your Data With

We share personal data with the following recipients where necessary for the purposes described above. These recipients process personal data in accordance with their own privacy policies and our instructions where they act as service providers.

Cloudflare (including Cloudflare Bot Management): We use Cloudflare to deliver website content efficiently and to help protect the website from malicious traffic and automated abuse. This involves processing technical and connection information (such as IP address and request metadata) to provide security and performance services.

Google Analytics: We use Google Analytics to collect website usage data to understand how visitors use the site and to improve it. Google Analytics uses cookies or similar technologies and is only used when you consent to analytics.

Zoho Forms: We use Zoho Forms to collect and manage feedback and stakeholder submissions you send through our forms, including the information you enter into the form fields.

Email service providers (including Mailchimp): We use email service providers to send updates you have asked to receive and to manage subscriptions and unsubscribes. This involves processing contact details such as your email address and related subscription preferences.

We use our own consent management system (Trustwards) to record and manage your cookie preferences. This data is processed internally and not shared with third parties.

International Data Transfers

Some of our service providers are located outside the EU/EEA, specifically in the United States. Where personal data is transferred internationally, we use appropriate safeguards to protect it.

  • Google Analytics (Google LLC, United States): Google LLC is certified under the EU-U.S. Data Privacy Framework (DPF).
  • Mailchimp (United States): We have entered into Standard Contractual Clauses (SCCs) approved by the European Commission.

How Long We Keep Your Data

We keep personal data you share with us as long as we need it to keep in touch with you in ways you’ve asked us to, for example through our newsletter or to involve you in Alliance activities, unless you ask us to stop this. Where we no longer need personal data to keep in touch with you, TISFD will keep personal data for up to 2 years.

Cookie consent records: 10 years (to demonstrate compliance and address potential claims within legal limitation periods).

Security logs and technical records: 12 months.

Analytics data: until consent is withdrawn or according to the analytics tool retention settings.

Marketing email data: until consent is withdrawn or user unsubscribes.

Your Rights

If you are in the EU/EEA, the UK, or Switzerland, you have the following rights in relation to your personal data:

The right to access your personal data.

The right to correct inaccurate data.

The right to delete your data (the right to be forgotten).

The right to restrict processing.

The right to data portability.

The right to object to processing.

The right to withdraw consent at any time (this will not affect the lawfulness of processing carried out before you withdraw consent).

The right not to be subject to automated decision-making.

To exercise your rights, contact us at info@tisfd.org. We will respond within one month.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Children’s Privacy

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

Data Security

We implement appropriate technical and organizational measures designed to protect personal data. However, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we take reasonable precautions to reduce risk.

Data Breach Notification

In the event of a personal data breach that poses a high risk to your rights and freedoms, we will notify you without undue delay. Our notification will describe the nature of the breach, the likely consequences, and the measures taken or proposed to address it. We maintain procedures to detect, report, and investigate security incidents. If you suspect a security issue, please contact us at info@tisfd.org.

How to Lodge a Complaint

You have the right to lodge a complaint with the competent supervisory authority in your jurisdiction. We encourage you to contact us first at info@tisfd.org so we can try to resolve your concerns promptly.

Updates to This Policy

We review and update this Privacy Policy periodically. The “Last updated” date at the top of this policy indicates when changes were last made. If we make significant changes, we will provide notice through the website or by email where appropriate. Changes take effect from the date indicated at the top of this policy. Where processing is based on consent, we will request new consent when required.

Contact Us

Email: info@tisfd.org
Address: 1 United Nations Plaza New York, NY 10017 United States
Data Controller: TISFD Secretariat