Draft as at 15 July 2024
Movember is committed to protecting your privacy and the confidentiality of any personal information that you provide to us. We value transparency and we want you to be 100% clear on why we ask you for personal information and what we’ll do with it.
This Policy describes how we collect, use, store and disclose your personal information in connection with our activities. It describes how you can have confidence that we treat your personal information lawfully and respectfully.
By accessing the Movember website or any of the Movember apps (together, “Websites”), or otherwise providing your personal information to Movember, you indicate your acceptance of this Policy (as amended from time to time). Please note that supplementary rules apply in relation to individuals whose personal information we collect, if you are located in the European Union or European Economic Area. For more information, refer to Appendix A: EU Privacy Notice.
Movember is the leading charity changing the face of men’s health globally. We’re addressing some of the biggest health issues faced by men: prostate cancer, testicular cancer, mental health and suicide prevention. We do this via our global fundraising event in the month formerly known as November, and by running awareness campaigns throughout the year. With the money raised by our global community, Movember funds (and sometimes undertakes) groundbreaking research and innovative health projects across the world that have significant global and local impact.
A reference in this Policy to Movember (or “we” or “us”) is a reference to the Movember Foundation (Australian Business Number 48 894 537 905), and its subsidiary and affiliated entities (the Movember Group Pty Ltd, the Movember Foundation (US), Movember Europe, Movember Europe Trading Ltd, Movember Canada, Movember New Zealand and Movember e.V.).
The information we collect about you ultimately depends on who you are and the nature of your interaction(s) with us. However, we’ll only collect personal information that is reasonably necessary to fulfil the purpose for which it’s being collected (e.g. to process a donation, set you up as a Mo Bro or Mo Sister, to allow you to work for us, to enable your participation in research and evaluation that you’ve consented to be a part of etc.).
Below are some examples of the information we may collect about you:
If you are… / We might collect:
A Mo Bro, Mo Sister or donor
A visitor to our Websites
An employee, contractor or volunteer
A job applicant
A research participant
Sensitive information (sometimes referred to as ‘special categories’ of personal information) is data that requires greater security and could be subject to special protections under the laws of your country. Examples of sensitive information include information about a person’s:
We don’t typically collect your sensitive information, however:
If you are… / We might collect your sensitive information in these ways:
A Mo Bro, Mo Sister or donor
An employee, contractor volunteer or job applicant
A research participant
If you purchase products from us or make a donation to us, you may provide us with credit card details and other information which will allow us to process the transaction. Please note that Movember does not store credit card information.
By signing and/or providing us with a valid instruction in respect to your Direct Debit Request, you have understood and agreed to the terms and conditions governing the debit arrangements between you and Movember Foundation as set out in this Request and in your Direct Debit Request Service Agreement. You agree to execute this document by electronic signature and you are aware that by electronically signing this document you are executing a legally binding document.
If you connect your Fitness App to your Mo Space, then the Activity Data that Movember collects can include the types of activities you’ve undertaken, duration, distance, steps, calories, and related source information (including GPS coordinates in the case of some Fitness Apps). Activity Data from your Fitness App is provided to Movember by Thryve Health SDK.
If you provide us with unsolicited personal information, which means personal information we receive but have not taken active steps to collect from you, we’ll usually destroy or de-identify the information as soon as practicable (where it isn’t otherwise addressed in this Policy, and of course only if it’s lawful and reasonable to do so).
Wherever possible, we’ll collect personal information from you directly. This can include, but is not limited to, online registration forms, online donation forms, email correspondence, social media, live chat discussions, job applications, hard-copy forms, and face-to-face meetings.
You might provide personal information to Movember for a variety of reasons, including to:
If you register for or log in to a Mo Space profile using your Facebook account, we’ll collect the personal information from Facebook that we need to complete the registration or login. However, we will only collect the personal information that you’ve permitted Facebook to share with us. That information may include your name and email address and, depending on your privacy settings, additional details about you. Please review the privacy controls you’ve set on your Facebook account, so that you have control over how much information you want shared with us.
We may collect, log and process data about your use of our Websites. We do this in order to allow our Websites to function properly, collect anonymous website traffic data, and to provide you with the best possible user experience (e.g. to keep you logged in if you request this). We use cookies on our Websites for the following purposes:
To make full use of our Websites, your computer or mobile device will need to accept cookies, as our Websites will not function properly without them. If you choose not to accept cookies, you’ll still be able to view our Websites, but some interactions may not work normally and will impair the Websites’ functionality. For more information about cookies, please refer to Appendix B.
When you connect your fitness tracking device or fitness app (Fitness App) to your Mo Space to participate in the Move challenge, Thryve Health SDK makes available to us all historical information relating to the Activity Data it holds from your Fitness App. By connecting your Fitness App to your Mo Space, you agree to allow Movember to access all historical Activity Data from your Fitness App, plus any new Activity Data created while your Fitness App is connected to your Mo Space. You can select which Activity Data from your Fitness App to display as a Move activity on your Mo Space page. We will continue to receive this Activity Data unless and until you choose to disconnect your Fitness App in the Manage Connections section of your Mo Space account. If you elect to disconnect your Fitness App, we will continue to have access to Activity Data created up until that time, but we will not have access to any future Activity Data after the time of disconnection.
In limited circumstances we may collect information about you from third parties, for example:
If you are… / We might collect information from third parties in these ways:
A Mo Bro, Mo Sister or donor
A job applicant
A research participant
As a fundraising organisation, we undertake in-house research and may from time to time engage specialist agencies to gather information about you from publicly available sources, for example, Companies House, the Electoral Register, company websites, ‘rich lists’, social networks such as LinkedIn, political and property registers, and news archives.
We also may carry out wealth screening to fast track the research using our trusted third-party partners. You will always have the right to opt out of this processing. We may also carry out research using publicly available information to identify individuals who may have an affinity to our cause with whom we are not already in touch. This may include people connected to key supporters and lead volunteers. We also use publicly available sources to carry out due diligence activities, in line with guidance issued by the Chartered institute of Fundraising on major donor fundraising and gift acceptance.
This research helps us to understand more about you as an individual so we can focus conversations we have with you about fundraising and volunteering in the most effective way, and ensure that we provide you with an experience as a donor or potential donor which is appropriate for you. If you would prefer us not to use your data in this way please email us at [email protected].
How much information you provide to Movember is up to you; however, if you want to use our Websites, donate to us, receive information from us, participate in our campaigns, programs and events, or participate in research and evaluations etc., we require certain information from you.
Most of the time you’ll be able to interact with us anonymously if you choose; in specific circumstances where that’s not possible, we’ll let you know.
We make every effort to tell you what we’ll do with the personal information you provide us, at the time you provide it.
For general information, here’s a list of common ways we may use your personal information:
If you are… / We might use your personal information in these ways:
A Mo Bro, Mo Sister or donor
An employee, contractor, or volunteer
A job applicant
A research participant
Research participants enrolled in trials, research or evaluations will be given further information detailing how their personal information (including any sensitive and health information) will be handled by Movember.
Movember takes reasonable steps to ensure the security of all information we collect, including that the information is protected from misuse and loss, and from unauthorised access, modification or disclosure. We make use of:
Some of these services are hosted by third parties located in Australia and the United States.
For security of transactions, we use the Secure Sockets Layer (SSL) protocol, which encrypts any personal information you enter into Movember websites. The encryption process protects your information, by scrambling it before it is sent to us from your computer. We also make commercially reasonable efforts to ensure the security ofyour personal information on our system. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure or to be fully protected from being accessed, tampered with or used in an unauthorised manner by third parties. With this in mind, we strive to protect your personal information, but we cannot warrant in absolute terms the security of any information you transmit to us.
We’ll only keep your personal information for as long as we are required:
Movember will only use or disclose your personal information in accordance with this Policy, unless you have consented to the additional use or disclosure, or where disclosure is necessary to prevent injury to life or health, to investigate any suspected unlawful activity or where the use or disclosure is required or authorised by law. We will never sell your personal information to other parties.
We may share your information with third parties who process data on our behalf, but only where we place obligations on them in relation to the security of the data and require them to use the data only as we instruct.
We may disclose your personal information to social media platforms (including without limitation Facebook), so that the social media platforms may send you advertisements about future Movember events and initiatives, and for analytics purposes.
If we send your details to Facebook they will be hashed before they are sent, and Facebook briefly uses the data for matching purposes only before deleting it. For more information, please refer to Facebook’s website.
If you wish to opt out of having your details provided to Facebook or other social media platforms, please contact us via email to [email protected].
Regardless of where in the world you reside, Movember may transfer, process and store your personal information outside of your country of residence, including in Australia and the United States. Whenever we transfer your information we take steps to protect it, including making use of contractual data protection clauses.
Our Websites contain links to other external websites. We are not responsible for the privacy practices or content of any other external website or service that is linked to our Websites, or for the privacy practices of any third-party social media platforms that you can access through our Websites. This Policy only applies to Movember Websites, so we encourage you to read the privacy policies of those other websites or service providers, including, but not limited to, Thryve Health SDK, Facebook, as well as Facebook Fundraisers and Facebook Donation functionality, which may require you to provide additional personal information. We may provide you with access to an augmented reality feature in our communications which allows you to upload a photo. The feature alters the photo in a creative way and lets you share the image on your favourite social networks. Movember is not responsible for the provision of this service.
You may request access to, or correction or deletion of, your personal information collected by Movember. Please send an email to [email protected] and we’ll endeavour to respond as soon as possible, and in any event within 30 days of receiving your request. There may be some legal or regulatory reason as to why access to, or correction or deletion of, your personal information is denied; if this is the case, we’ll tell you why.
If you have a complaint about our handling of your personal information, please send an email to [email protected].
We’ll investigate your complaint and notify you in writing as soon as possible of any decision in relation to the complaint, and in any event within 30 days of receiving the complaint.
Data breaches will be handled in accordance with Movember’s data breach response plan, and notifications will be made as required by law.
If you’re not satisfied with the response to your complaint, you can refer your complaint to the relevant supervisory authority in your country. Please refer to Appendix D: How To Contact The Appropriate Supervisory Authority below for contact details.
If you’ve agreed to receive communications from Movember, we may use your personal information to contact you (including sending marketing emails) about the Movember campaign, charitable and programmatic activities and the outcomes achieved with the funds raised.
You may opt out of receiving marketing communications from us at any time.
You’ll be provided with an opportunity in each communication to decline to receive further communications from Movember.
In addition, you can change your marketing preferences in the Notifications section of your Mo Space account.
We understand the importance of protecting the privacy of children, especially in an online environment, which is why it’s our policy to avoid handling information about any child under the age of 16. This is also why our Websites are not intentionally designed for or directed at children under the age of 16. However, sometimes Movember funds or delivers health initiatives that are intended to support children who are under the age of 16. In those circumstances we’ll ask for a parent or legal guardian’s verification of consent before collecting any personal data from or about a child. If you’re under the age of 16, please do not do any of the following without the consent of a parent or legal guardian:
If we learn we’ve collected or received personal data from a child under the age of 16 without verification of parental consent, we’ll delete that personal data. If you believe we might have improperly collected or hold any personal data from or about a child under the age of 16, please contact us at [email protected].
This Privacy Policy may change from time to time particularly as new rules, regulations and industry codes are introduced. We regularly review this Policy, and will post any changes to it on our Websites. If we consider that the changes are material, we’ll notify you by email.
If you have questions or comments about this Privacy Policy, the personal information that we hold about you, how we handle personal information, or would like to exercise one of your data protection rights, please send us an email at [email protected].
We aim to respond within 30 days from the date we receive privacy-related communications.
Please refer to Appendix D: How To Contact The Appropriate Supervisory Authority for contact details of the relevant supervisory authority in your country.
If you’re a resident of the European Union (EU), European Economic Area (EEA), Switzerland or the United Kingdom (UK) and we collect your personal information, the following additional information applies to you.
If you are resident in the EU, EEA, Switzerland or the UK and Movember knowingly collects your personal information, we’ll do so in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation:
(together known as “EU/UK Data Protection Laws”).
This EU/UK Privacy Notice ("EU/UK Privacy Notice") should be read in conjunction with Movember’s Privacy Policy, which provides further information as required under the EU/UK Data Protection Laws on how we collect, use, store or disclose your personal information and with whom we may share it. This EU/UK Privacy Notice also provides information on your legal rights under EU/UK Data Protection Laws and how you can exercise them.
As Movember is a global charity, we may transfer, process and store your personal information outside of your country of residence, including in Australia and the United States. US data privacy laws are currently not considered to meet the same legal standards of protection for personal information as those set out under EU/UK Data Protection Laws. To safeguard personal information transferred across borders we take steps to protect it, including making use of contractual data protection clauses.
If Movember provides direct marketing communications to individuals in the EU/EEA, the UK and Switzerland this will be done in accordance with EU/UK Data Protection Laws. In particular, if we contact you for direct marketing purposes by SMS, email, social media, and/or any other electronic communication channels, this will only be after you’ve freely provided us with your consent by positively opting in to receive direct marketing. You’re also free to object or withdraw your consent to receive direct marketing from us at any time by contacting us at [email protected].
Under the EU/UK Data Protection Laws, we collect and process your personal information for the purposes described in this policy, based upon the following legal grounds:
With your consent
We process your personal information when you have freely provided your specific, informed and unambiguous consent for us to process your personal information for particular purposes. You have the right to withdraw your consent at any time by contacting us at [email protected].
When we have a contract with you
We process your personal information in order to set up and perform our contractual obligations to you, and/or enforce our rights.
When we’re pursuing legitimate interests
We process your personal information when we need to use your personal information in connection with our legitimate interests, and need to be able to effectively manage and operate our global organisation in a consistent manner across all countries and territories. We’ll always seek to pursue these legitimate interests in a way that does not unduly infringe on your legal rights and freedoms, and, in particular, on your right to privacy.
When we’re complying with legal obligations
We process your personal information when we have a legal obligation to do so, or for the purpose of us being able to establish, exercise or defend legal claims.
To protect your vital interests
In the absence of your consent, in rare circumstances we may process your personal information to protect your vital interests.
Please note that some of the personal information we receive and process may include what is known as "sensitive" or "special category" personal information about you. For example, this can include personal information regarding your ethnic origin, sexual orientation or preferences, or political, philosophical, and religious beliefs. Even though we don’t actively collect this type of personal information, you’re able to write it on your Mo Space if you choose to. If you do provide sensitive/special category personal information, we’ll only process it when:
We may occasionally share your personal information with trusted third-party organisations; however, these organisations are contractually bound to safeguard the data we entrust to them in accordance with our instructions (“Data Processors”). For example, the types of Data Processors that we may engage with include, but are not limited to:
There are certain circumstances where we may also disclose your personal information to third parties known as “Data Controllers”. For example, if you work for Movember and travel as part of your role, we may share your personal information to travel agents, airlines, hotels, car rental agencies etc. Due to the nature of their business, these Data Controllers will make their own decisions about how they process your personal information. As Data Controllers, they are also required to follow the EU/UK Data Protection Laws, and are required to protect your personal information with adequate safeguards, along with notifying you if their processing goes beyond the instructions that we provided. You should check the privacy policies of these organisations and companies to understand how they may use and store your personal information.
Aside from the instances outlined above, we’ll always treat your personal information as private and will not disclose it to any third parties without you knowing about it. Sometimes there are exceptions, such as in relation to legal proceedings or where we’re required to do so by law and cannot tell you (e.g. for a criminal investigation). Your personal information will only be shared by us with third parties that we deal with for lawful purposes, and who observe the principles outlined by the EU/UK Data Protection Laws.
Yes, our Websites use cookies. Where cookies are used, a statement will be sent to your browser explaining the use of cookies. To learn more, please refer to Appendix B for our Cookie Policy.
In accordance with your legal rights under the EU/UK Data Protection Laws, you have the following data protection rights:
The right to access
You have a "subject access request" right, under which you can ask us to verify whether we’re processing personal information about you, what that personal information is, what we use that personal information for, to whom we may disclose it, as well as certain other information.
The right to rectification
You can ask us to correct our records if you believe they contain incorrect or incomplete information about you.
The right to erasure
You can ask us to erase/delete your personal information after you withdraw your consent to processing, or when we no longer need it for the purpose it was originally collected.
The right to restrict processing
You can ask us to temporarily restrict our processing of your personal information if you contest the accuracy of your personal information, prefer to restrict its use rather than having us erase it, or need us to preserve it for you to establish, exercise, or defend a legal claim. A temporary restriction may apply while verifying whether we have overriding legitimate grounds to process it. You can ask us to inform you before we lift that temporary processing restriction.
The right to object to direct marketing
You can object to our use of your personal information for direct marketing purposes. We may need to keep some minimal information to comply with your request to cease marketing to you.
Right to withdraw consent
You can withdraw consent that you have previously given to one or more specified purposes to process your personal information. This will not affect the lawfulness of any processing carried out before you withdraw your consent. It may mean we’re not able to provide certain products or activities to you and we’ll advise you if this is the case. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal information is not disclosed to any person who has no right to receive it. No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds. Usually, we will have 30 days to respond to any of the requests listed above. However, we reserve the right to verify your identity, and we may, in the case of complex requests, require a further two months (60 days) to respond. We may also charge for administrative time in dealing with any requests that we deem to be manifestly unreasonable or excessive. We may also require further information to locate the specific data you seek, and certain legal exemptions under EU/UK Data Protection Laws may apply when we respond to your subject access request. So that we can fully comply, please note that these requests may also be forwarded to third-party data processors that are involved in the processing of your personal data on our behalf. If you would like to exercise any of the rights set out above, please contact us at [email protected].
If you make a request and are not satisfied with our response, or you believe that we are illegally processing your personal data, you have the right to complain to the to the relevant supervisory authority in your country. Please refer to Appendix D: How To Contact The Appropriate Supervisory Authority for contact details.
If you’d like to make a complaint, would like to exercise one of your data protection rights, or have any questions about our Privacy Policy, do not hesitate to contact our Data Protection Officer directly via email at [email protected].
If your complaint is not resolved, you feel that we have not addressed your concern in a satisfactory matter, or to report any concerns that you may have about our data handling practices, you may contact the relevant supervisory authority in your country. Please refer to Appendix D: How To Contact The Appropriate Supervisory Authority below for contact details.
Cookies are small text files that are stored in your computer’s memory and hard drive when you visit certain webpages. They are used to enable websites to function or to provide information to the owners of a website. We do not use cookies to collect personal information.
Cookies help us to provide customised services and information. For example, we use cookies on all of our Websites to collect anonymous traffic data and also to improve your experience with the Websites (e.g. to keep you logged in if you request this). In broad terms, we use cookies on our Websites for the following purposes:
Analytical purposes
We use analytical cookies that allow us to recognise, measure and track visitors to our Websites. This helps us to improve and develop the way our Websites work, for example, by determining whether site visitors can find information easily, or by identifying the aspects of our Websites that are of the most interest to visitors. For these purposes, we may store the following:
In addition, we use third-party service providers to provide certain analytics services to us in connection with the operation of the Websites, including (without limitation) the collection and tracking of the data and information listed above. We may disclose visitor data, including personally identifiable information, to enable those third-party service providers to provide such services. Such data may be sent to those third-party service providers and their local overseas suppliers, where the standard of data protection may be lower than the country in which you reside.
Usage preferences
Some of the cookies on our Websites are activated when visitors to our Websites make a choice about their use of the site. Our Websites then ‘remember’ the settings preferences of the user concerned. This allows us to tailor aspects of our sites to the individual user.
Session management
The software that runs our Websites uses cookies for technical purposes needed by the internal workings of our servers and application. For instance, we use cookies to keep track of information about a user’s session and determine which options or pages to display in order for the site to function.
Functional purposes
We use these cookies to store information that is needed by our applications to process and operate. For example, they’re used to recognise you if you’ve visited our Websites before, or to remember any preferences you’ve selected previously, such as your preferred language or location.
To make full use of our Websites, your computer or mobile device will need to accept cookies, as our Websites will not function properly without them. In addition, cookies are required in order to provide you with personalised features on our Websites.
When you visit our Websites, you may receive cookies that are set by third parties. For example, you may receive a cookie set by Google. These cookies are used for the purposes described in the “What Cookies Do We Use & Why?” section of this policy. We do not control the setting of these third-party cookies, so we suggest you might wish to check the third-party websites for more information about their use of cookies and how to manage them.
If you wish to remove cookies set by our Websites from your browser in the future, you may delete them. The instructions for removing cookies from your computer or mobile device depend on the operating system and web browser you use. Please note, however, that withdrawing your agreement to the use of cookies on our Websites may impair your experience in using some of our Websites’ functionality.
You’ll still be able to view our Websites, but some interactions may not work normally and will impair the Websites’ functionality.
If you have any other questions about cookies and the use of them on our Websites, contact us at [email protected].
In certain circumstances we may give you the option to limit the public view of your personal information.
If you don’t want your donation to be made public, you have the option to make:
A private donation
Your name and amount of your donation will only be disclosed to the registered Mo Bro or Mo Sister you’ve chosen to support in fundraising for Movember. That information will be available in their private view of their Mo Space; however, your donation amount will be included in the total calculation on their Mo Space.
An anonymous donation
The amount of your donation will be displayed on the public and private view of the Mo Space for the registered Mo Bro or Mo Sister you’ve chosen to support in fundraising for Movember; your name will not be displayed in either the public or private view of their Mo Space.
If you would like to limit the public view of your Mo Space, you have two options:
Movember only
You can change the Privacy settings for your Mo Space to Movember Only. This means that your Mo Space will be visible everywhere on our Websites; however, it will be hidden from internet search engines (e.g. Google), so they won’t be able to display your Mo Space in their search results.
Limited Movember view
Changing your Privacy setting for your Mo Space to Limited Movember View, means that your Mo Space will only be visible to your supporters to enable them to donate to you (and to your team members if you’re part of a Movember Team or Movember Challenge). Your Mo Space will be hidden from internet search engines (e.g. Google), and even from the search functionality on our Websites. This means that you’ll need to forward a link to your Mo Space directly to your supporters in order to receive their donations; they cannot search for your Mo Space page themselves.
If you’re part of a Movember Team, your Mo Team Captain will be able to access your email address and the email addresses of any member of your Mo Team. Changing the default privacy settings in your Mo Space to Limited Movember View will ensure that your Mo Space will not be displayed on your public Mo Team page.
You have the option to select Limited View for any Movember Event you create. This means that your Movember Event will be hidden so that it’s not visible to internet search engines (e.g. Google), and won’t appear in their search results. Similarly, it won’t appear in the results of a general search of our Websites. In order to invite guests to attend your Movember Event, you’ll need to send them a link to your Event page. Please be aware that if you change your Mo Space from public to a Limited Movember View, and/or your Movember Event from public to Limited View, your Mo Space and/or Movember Event may have already been indexed by an internet search engine. It may therefore appear in searches conducted on that search engine, until it re-indexes your Mo Space and/or Movember Event. In some cases, the search engines do not re-index their searches, so your Mo Space and/or Movember Event may still appear on those search engines after you’ve changed your profile settings. If you have a concern that a particular search engine hasn’t removed your Mo Space and/or Movember Event from their search results, please contact us at [email protected] and we’ll contact the search engine directly to request deletion of the reference to your Mo Space and/or Movember Event in their search results.
The following are the contact details for the Supervisory Authorities of the larger countries in which we operate.
The following are the contact details for the Supervisory Authorities of the larger countries in which we operate.