ICRAF's Privacy Policy

Privacy Policy

  1. Introduction

    Welcome and thank you for your interest in the International Centre for Research in Agroforestry (ICRAF, ‘we’, ‘us’ or ‘our’) www.worldagroforestry.org (Website).

     This Privacy Policy tells you about the information we collect from you when you use our website, make an enquiry and/or sign up to receive our e-newsletter via our website. In collecting this information, we are acting as a data controller and, by law, are required to provide you with information about us, why and how we use your data, and the rights that you have over your data.

     For the purpose of this Privacy Policy, "personal information" means any information that identifies you personally, either alone or in combination with other information available to us. Personal information does not include technical, device or usage information that cannot be used to identify you personally, nor does it include "aggregate" information, which is data collected on the use of the website or about a group or category of websites or users, from which individual identities or other personal information have been removed. This Privacy Policy in no way restricts or limits our collection and use of aggregate and non-personal information, and we may share such data about our users with third parties for various purposes.

     Please read this Privacy Policy carefully. By accessing or using the website, you agree to be bound by the terms and conditions described herein and all terms and conditions incorporated by reference. If you do not agree to all of the terms and conditions set forth below, you may not use the website.

  2. What we collect
    1. If the website offers you the option to register, we will collect the information you provide to us in the registration form. This may include identification data such as your name, email address or other account or registration data.
    2. Profile information that you provide for your user profile (e.g., first and last name).
    3. User content (e.g., photos, comments and other materials) that you post to the website.
    4. Any communication between you and ICRAF. For example, we may send you website-related emails (e.g., account verification, changes/updates to features of the website, technical and security notices). Note that you may opt out of website-related emails.
    5. We will collect information about you when you interact with us, for example, when you report a problem, contact or communicate with us.
    6. When you visit the website, we may use cookies and similar technologies like pixels, web beacons and local storage to collect information about how you use ICRAF and provide features to you. You are always free to decline our cookies if your browser permits, although in that case you may not be able to access certain features on the site and may be required to re-enter information more frequently to use certain services.
    7. To deliver our newsletter we use a third party provider (MailChimp) We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter.
    8. When you use a mobile device like a tablet or phone to access our website, we may access, collect, monitor, store on your device, and/or remotely store one or more “device identifiers”. Device identifiers are small data files or similar data structures stored on or associated with your mobile device, which uniquely identify the device. A device identifier may be data stored in connection with the device hardware, data stored in connection with the device's operating system or other software or data sent to the device by ICRAF.
    9. When you use the website, our servers automatically record certain information about your device. This information may include an equipment identifier (e.g., IMEI, UDID), country of origin, Internet Protocol (“IP”) address, and the dates and times of your requests. We use this information to provide and support, if needed, and to create de-identified or aggregate information about our users.
    10. We use a third party provider, (MailChimp) to manage our social media interactions. If you send us a private or direct message via social media, the message will be stored by the provider in accordance with their terms. It will not be shared with any other organization.
    11. Metadata is usually technical data that is associated with User Content. For example, metadata can describe how, when and by whom a piece of User Content was collected and how that content is formatted.
    12. Users can add or may have metadata added to their User Content including a hashtag (e.g., to mark keywords when you post a photo), geotag (e.g., to mark your location to a photo), comments or other data. This makes your User Content more searchable by others and more interactive. If you geotag your photo or tag your photo using other's APIs then, your latitude and longitude will be stored with the photo and searchable (e.g., through a location or map feature) if your photo is made public by you in accordance with your privacy settings.

  3. What we use the data for
    1. Help you efficiently access your information after you sign in
    2. Remember information so you will not have to re-enter it during your visit or the next time you visit the website
    3. Provide personalized content and information to you and others
    4. Provide, improve, test and monitor the effectiveness of our website
    5. Develop and test new products and features
    6. Monitor metrics such as total number of visitors, traffic and demographic patterns
    7. Diagnose or fix technology problems
    8. Automatically update the application on your device
    9. Provide you with customer support
    10. Perform research and analysis about your use of, or interest in, our products, website or content
    11. Communicate with you by email, postal mail, telephone and/or mobile devices (including through in-application advertising) about websites that may be of interest to you, either from us, our parent or subsidiary companies or other third parties
    12. Enforce our terms, conditions and policies and to communicate with you
    13. Manage and improve the website
    14. For complaints: when we receive a complaint from a person we create  a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint
      • We will only use the personal information we collect to process the complain. We do compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.
      • We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
      • We will keep personal information contained in the complaint files in line with our Retention Policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need-to-know’ principle.
      • Similarly, where enquiries are submitted to us, we will only use the information supplied to us to deal with the enquiry and any subsequent issues.
      • When we take enforcement action against someone, we may publish the identity of the defendant in our Annual Report or elsewhere. Usually we do not identify any complainants unless the details have already been made public.

  4. Who has access to the data
    1. We will not rent or sell your personal information to third parties outside ICRAF without your consent, except as noted in this Policy.
    2. We may share your information as well as information from tools like cookies, log files, and device identifiers and location data, with third-party organizations that help us provide the website to you ("Service Providers"). Our Service Providers will be given access to your information as is reasonably necessary under confidentiality terms. 
    3. We will remove parts of data that could be used to identify you and share anonymized data with other parties. We may also combine your information with other information in a way that it is no longer associated with you and share that aggregated information.
    4. If you delete information that you posted to the website, copies may remain viewable in cached and archived pages of the website, or if other users or third parties have copied or saved that information.
    5. In addition, we may disclose the personal information we collect through the website when we, in good faith, believe disclosure is appropriate to:
      • Comply with applicable law
      • Prevent or investigate a possible crime, such as fraud or identity theft
      • Enforce the terms of the website or other agreements that govern your use of the website and/or our website
      • Protect the rights, property or safety of ICRAF, our users or others
      • Protect your vital interests.
    6. We may disclose your information without giving you prior notice if we believe it is necessary to prevent imminent and serious bodily harm to a person. Nothing in this privacy policy is intended to limit any legal objections or defences you might have towards efforts by third parties to compel disclosure of your information, including legal orders from the government.
    7. If you comment on our blog or other public forums, you should be aware that any information you submit there can be read, collected or used by other users of those blogs, and could be used to send you unsolicited messages. We are not responsible for the information you choose to submit in these blogs or for any content you receive as a result of sharing such information.
  5. How we store and secure your data
    1. Most of the information we collect is retained by us on our servers. If you are using the website from a country other than the country in which our web servers are located, the various communications will necessarily result in the transfer of information across international boundaries.
    2. By registering for and using the website, you consent to the transfer of information to Kenya or to any other country in which ICRAF, its Affiliates or Service Providers maintain facilities, and the use and disclosure of information about you as described in this Privacy Policy.
    3. We use commercially reasonable safeguards to help keep the information collected through the website secure, and take reasonable steps (such as requesting a unique password) to verify your identity before granting you access to your account. However, ICRAF cannot ensure the security of any information you transmit to ICRAF or guarantee that information on the website may not be accessed, disclosed, altered or destroyed.
    4. In case of any breach to our systems we shall inform you within 72 hours of the breach occurring.
    5. Personal information is retained for the length of time it is needed for use and then based on the applicable System Organization Records Disposition Schedule. Non-personal information is maintained indefinitely in aggregate form.

  6. User rights
    1. Rectification – If your personal data is inaccurate or incomplete, you can request for the same to be rectified
    2. Erasure – You may request that your personal data be removed from our servers. ICRAF may however, legally turn down a request for some specific reasons including:
      • Right of Freedom of Expression and Information
      • To comply with a legal obligation
      • Public interest
      • Archiving purposes
      • Exercise or defence of legal claims.
    3. Restrict processing – To block the further processing of data. ICRAF may still be able to store data.
    4. To object to their data being used for processing.

  7. Other websites
    Our site contains links to other websites. When you click on one of these links, you leave ICRAF’s website and go elsewhere. ICRAF does not accept liability for misuse of any information by any website controller to which we may link. We encourage you to read the privacy statements of these linked sites, which may differ from ours. In addition, if you take advantage of an offer from one of our partners, you may be providing information directly to that partner. We encourage you to review the privacy statements of these partners, as we are not responsible for the privacy practices of any partners or linked sites.

  8. Contacting us
    If you have any questions about this Privacy Policy, please contact us on s.onyango@cgiar.org.

  9. Changes to our Privacy Policy
    We may change this Privacy Policy from time to time. If we make any changes to this Privacy Policy that we think materially alter your rights, then we will post the latest policy to this site and change the "Last Updated" date above. We encourage you to review this Privacy Policy whenever you visit the website to understand how your personal information is used.