top of page
AID_F.LOGO, transparent.png

Privacy Policy

This Privacy Policy explains how the America–Israel Democracy Coalition (“AID Coalition”, “we”, “us”, or “our”) collects, uses, shares, and protects personal information in connection with our websites, forms, mobile applications, messaging channels, and any related services that link to or reference this Policy (collectively, the “Services”). It also describes your privacy choices and rights.

What’s new: This Policy consolidates and replaces our prior Privacy Policy and aligns our notices with UK/EU GDPR requirements, including publication of our EU and UK Representatives and clearer information about our service‑provider model and data retention.

 

1) WHO WE ARE AND HOW TO CONTACT US

Controller: America–Israel Democracy Coalition (AID Coalition)
Postal address: 755 West Lancaster Avenue #1121, Bryn Mawr, PA 19010
Data Protection Lead: Data Protection Manager
Telephone: +1 610-795-2578
Email: DataProtection@aid-coalition.org

If you live in the UK or EU, you may also contact our appointed Article 27 Representatives:

Our UK Representative (UK GDPR, Article 27)
GDPR Local Ltd (Attn: Adam Brogden) – contact@gdprlocal.com – Tel +44 1772 217800
1st Floor Front Suite, 27–29 North Street, Brighton, England BN1 1EB

 

Our EU Representative (EU GDPR, Article 27)
Instant EU GDPR Representative Ltd (Attn: Adam Brogden) – contact@gdprlocal.com – Tel +353 1 554 9700
Office 2, 12A Lower Main Street, Lucan, Co. Dublin K78 X5P8, Ireland

You may contact us or our Representatives for any questions about this Policy or to exercise your rights.

2) SCOPE AND AUDIENCE

This Policy applies to personal information we collect from or about individuals who interact with the Services (e.g., visitors, participants, volunteers, supporters, partners, and vendors). It does not cover third‑party websites, apps, or services that we do not control.

 

3) THE INFORMATION WE COLLECT

We may collect the following categories of information, depending on how you interact with us:

  • Identity & contact data – name, email, phone, postal address; organization and role (where relevant).

  • Account & preference data – account credentials, communication preferences.

  • Eligibility/verification data (if requested or required for specific programs) – limited identifiers such as government‑issued document details strictly for verification or logistics (e.g., number and expiration date), and any information you choose to submit in support of your participation.

  • Communications & submissions – messages you send to us; forms you complete; feedback; survey responses.

  • Transaction & support data – records of services requested/received; support interactions.

  • Technical & usage data – device/browser information, IP address, general location, pages viewed, and interactions with our Services (collected via cookies and similar technologies—see Cookies & similar technologies below).

  • Referral information – if someone refers you to us, we may receive your name and contact details from that person so we can invite you to participate; we will tell you how we obtained your information when we first contact you.

We do not routinely collect special‑category data (e.g., health, religion) and we do not collect data from children knowingly (see Children’s privacy).

 

4) SOURCE OF INFORMATION

  • Directly from you (web forms, email/SMS/WhatsApp, events, support).

  • Automatically from your device when you use our Services (cookies, logs).

  • From referrals or partners (only where permitted and with appropriate notice).

  • From service providers acting on our instructions (e.g., fraud/security tools).

 

5) HOW WE USE YOUR INFORMATION (Purpose and Legal Bases)

We use personal information to:

  • Provide and improve the Services – register you; respond to requests; coordinate program logistics; provide support; personalize content; maintain the Services.

  • Operate safely – verify identity where necessary; prevent, detect, and investigate fraud, abuse, or security incidents; maintain logs and audits.

  • Communicate with you – service announcements, reminders, updates, and (with your consent where required) newsletters or other optional communications; you can opt out at any time.

  • Analytics and performance – understand usage and improve our Services (we obtain consent where required by law for non‑essential cookies/analytics).

  • Legal and compliance – comply with law, respond to lawful requests, establish or defend legal claims, and maintain appropriate records.

  • Specific Projects – for specific projects to which you consent to provide your personal information and only to the extent and term required in order to provide the service contemplated by the project.

 

Legal bases (EU/UK) include: performance of a contract or pre‑contract steps; our legitimate interests in operating a secure, effective Service; compliance with legal obligations; and consent (e.g., for optional emails/SMS and non‑essential cookies in the EU/UK).

6) OUR APPROACH TO SHARING: SERVICE PROVIDER MODEL (No Sale/No Third‑Party Marketing)

We do not sell personal information and we do not share it with third parties for marketing purposes. We may disclose personal information only:

  • To service providers (processors) that perform services for us (e.g., secure hosting, communications delivery, analytics under consent controls, document/identity verification, professional advisors). These providers may process personal information only under our instructions, under confidentiality and security obligations, and may not use it for their own purposes or share it further.

  • For legal reasons – to comply with law, enforce our terms, protect rights, safety, or security, or in connection with a restructuring where permitted by law (in which case we will require appropriate safeguards).

 

7) INTERNATIONAL DATA TRANSFERS

We may transfer personal information to countries outside your own (including the US). Where we transfer data from the EU/UK to countries without an adequacy decision, we implement appropriate safeguards (e.g., Standard Contractual Clauses and supplementary measures). Where applicable, we rely on adequacy decisions (e.g., EU/UK decisions for certain countries) or other lawful transfer mechanisms. Details are available on request.  If, and to the extent, that personal information is transferred to countries outside your own, such personal information is maintained under strict security and privacy protection at least compliant with those required by the EU and UK data privacy protection requirements.

 

8) DATA RETENTION

We maintain a documented Data Retention Program and keep personal information only as long as needed for the purposes described above, for legal, accounting, or reporting requirements, or to resolve disputes.

  • General retention: up to 5 years after our last interaction with you.

  • Project‑specific data: up to 90 days after the relevant project is completed.

  • If you withdraw consent or request deletion: we will act on your request unless we must retain data to comply with law or to establish/exercise/defend legal claims.

When retention periods expire, we delete or de‑identify data securely.

 

9) SECURITY

We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, access controls, authentication, and logging. No system is perfectly secure; we continuously improve our controls and encourage you to use strong passwords and protect your accounts.

EU/UK incident notice: Where required by law, we will notify the appropriate supervisory authority within 72 hours of becoming aware of a personal‑data breach and, where applicable, will notify affected individuals without undue delay.

10) DATA SECURITY & BREACH RESPONSE

AID Coalition takes the security of personal information seriously. We maintain administrative, technical, and organizational measures designed to protect data against unauthorized access, loss, misuse, or alteration.

We also maintain an Internal Data Breach and Incident Response Policy that governs how we detect, assess, and respond to potential data incidents.  A summary of the Breach Transparency Policy can be found at http://www.aid-coalition.org/breachtransparency

If we become aware of a personal data breach that creates a risk to individuals’ rights and freedoms, we will notify the relevant Supervisory Authority within 72 hours, and we will notify affected individuals without undue delay when legally required.

If you have questions or concerns, you may contact:

  • Data Protection Lead: Jonathan Barsade

  • EU Representative: Instant EU GDPR Representative Ltd

  • UK Representative: GDPR Local Ltd

 

11) YOUR CHOISES

  • Email/SMS/WhatsApp: You can unsubscribe or opt out at any time (e.g., by using unsubscribe links in emails, replying STOP to SMS/WhatsApp, or contacting us).

  • Cookies/analytics: See Cookies & similar technologies for how to manage your preferences.

  • Preferences & corrections: You can update contact details and preferences by contacting us.

 

12) YOUR PRIVACY RIGHTS

EU/UK residents (GDPR/UK GDPR)

You may have the right to access, rectify, erase, restrict, object (including to direct marketing), and port your personal data. Where processing is based on consent, you may withdraw consent at any time. To exercise your rights, contact us or our EU/UK Representatives (see Section 1). We will verify your identity before fulfilling a request and respond within the time required by law. You also have the right to lodge a complaint with your local supervisory authority.

 

United States residents (where applicable by law)

Depending on your state, you may have rights to access, delete, correct, or obtain a copy of your information, and to opt out of certain disclosures. We do not sell personal information and do not share it for cross‑context behavioral advertising. You may also authorize an agent to submit a request on your behalf, subject to verification.

 

13) COOKIES & SIMILAR TECHNOLOGIES

We use cookies and similar technologies to operate our Services (e.g., security, load balancing), to understand usage, and—where permitted by law and your preferences—to improve and tailor content. In the EU/UK, we request consent for non‑essential cookies. You can manage your preferences via our cookie banner/controls or your browser settings. For essential cookies, opt‑out may impair certain features.

 

14) CHILDREN PRIVACY

Our Services are not directed to children, and we do not knowingly collect personal information from anyone under the age of 13 (or the age required by local law). If you believe a child has provided personal information to us, please contact us so we can delete it.

 

15) THIRD PARTY SITES AND SERVICES

Our Services may link to third‑party websites or include third‑party widgets or plug‑ins. We do not control third‑party sites and are not responsible for their privacy practices. Please review their policies before engaging with them.

 

16) CHANGES TO THIS POLICY

We may update this Policy from time to time. When we do, we will revise the “Effective date” and, where appropriate, provide additional notice. Your continued use of the Services after an update signifies your acceptance of the revised Policy.

17) HOW TO CONTACT US

Questions, requests, or complaints can be directed to:

AID Coalition – Privacy
Attn: Data Protection Lead
755 West Lancaster Avenue #1121, Bryn Mawr, PA 19010

Data Protection Lead: Data Protection Manager

Telephone: +1 610-795-2578

Email: DataProtection@aid-coalition.org

You may also contact our EU or UK Representative listed in Section 1.

 

ANNEX A -- SUMMARY OT PURPOSES & LAWFUL BASES (EU/UK)

Purpose

Register; provide Services; coordinate logistics; support

Typical data

Identity, contact, eligibility/verification (if applicable), communications, transaction

Lawful basis

Contract; Legitimate interests (operate Services)

 

Purpose

Account administration; service communications; safety/fraud

Typical data

Identity, contact, technical, logs

Lawful basis

Legitimate interests; Legal obligation

Purpose

Optional updates/newsletters; SMS/WhatsApp alerts

Typical data

Identity, contact, preferences

Lawful basis

Consent (where required); you can withdraw anytime

Purpose

Analytics and Service improvement (non‑essential cookies)

Typical data

Technical & usage

Lawful basis

Consent (EU/UK)

Purpose

Legal compliance, recordkeeping, and claims

Typical data

Relevant data as needed

Lawful basis

Legal obligation; Legitimate interests

ANNEX B -- RETENTION SCHEDULE

  • General personal information (e.g., account/contact records, routine communications): retained up to 5 years after last interaction, then deleted or de‑identified.

  • Project‑specific information (e.g., documents and data collected solely for a discrete project or campaign): retained up to 90 days after project completion, then deleted or de‑identified.

  • Records needed for legal, accounting, security, or dispute purposes: retained as required by law or for the establishment, exercise, or defense of legal claims, then deleted or de‑identified.

bottom of page