Privacy Policy

The World Marrow Donor Association (WMDA) respects everyone’s right to the protection of personal data and we process personal data with care and confidentiality. We only collect personal data that is necessary for our operations, and protect it in the manner required by the nature of the data. Data is only handled by persons who are required to do so by their tasks. Our employees and partners in cooperation are bound by a confidentiality agreement.

The processing of personal data is essential for the WMDA’s operations, and the appropriateness of the processing is important in order to maintain the trust of our members and customers, and indirectly of donors and patients, and the society in general.

Who we are?

The World Marrow Donor Association (WMDA) was founded in 1994 is made up of organisations and individuals who promote global collaboration and best practices for the benefit of stem cell donors and transplant patients.

WMDA is led by the WMDA Board and Committees whose members are all experts in their fields. Day-to-day activities are carried out by our WMDA office, a team of professionals based in Leiden, the Netherlands.

In 2017, WMDA took over the activities of the global donor and cord blood unit database Bone Marrow Donors Worldwide (BMDW), now called Search & Match Service and the NetCord Foundation.

What data is collected about me?

We only collect data necessary for communication purposes, invoicing, and user account management of our restricted products and services. The minimal data we collect are the following details:

  • Name
  • Email address

In case of a paid service or product, we in addition collect the following details:

  • Your position
  • Phone number
  • Organisation name
  • Organisation address
  • Invoicing address

For some of our products, we might collect supplementary data, such as educational background or experience in the field of hematopoietic stem cell transplantation to assess your application for acceptance.

In addition, we collect the donor and cord blood unit data that individual national registers are sending to provide a global donor and cord blood unit database to physicians in our position as data processor. The data files with information on donors and cord blood units contain pseudonymised personal information.

During your visit on one of our websites we also collect log information including your IP address for technical support.

How is my data obtained?

The data originate directly from the registered persons themselves, or an official representative of the registered person or affiliated organisation. The data is mainly obtained through completion of digital online forms and replenished by data received through email or other communication channels.

Why is my data processed and what is the legal basis?

The General Data Protection Regulation (GDPR) requires organisations to define the legal basis for processing your data.

The majority of WMDA’s data processing is necessary for the performance of a contract with you when you requested access to any of our products or services.

  • Communication related to the purchased product or service
  • Processing sales transactions or other payments and verifying financial transactions for the purchased products or services
  • Support, troubleshooting and solving problems with the websites, including instances when we want to improve your user experience.

Some of your data might be collected and processed in our own legitimate interest.

  • IP addresses to help diagnose problems, administer our websites, track ad performance, and collect demographic information
  • Statistical information from google analytics
  • Communication to our members with e.g. updates and news to build a strong and loyal membership community.

Our legitimate interest is always balanced against your interests or fundamental rights and freedoms.

Is my data disclosed to parties outside the WMDA? If so, why and where?

Your information is not submitted or transferred to third parties, and is not accessible to parties outside the WMDA, aside from information system suppliers who have access to the systems for technical reasons. We will not share your information with any third parties unless we have your permission or are required by law to do so.

We will never sell or pass on your personal information to third parties for their own marketing purposes.

Is my data transferred outside the EU?

The WMDA products, services and applications that contain personal data are run on servers located  within the EU, which means that data is not transferred outside the EU.

How is my data protected?

The processing of the data is restricted to persons responsible for customer communications within the WMDA or responsible for access to any of WMDA’s products and services. They have received training on the use of information systems and information security and data protection measures. Access rights to the information systems are secured by passwords and/or reliable automatic authentication. All employees or other representatives authorised to access data in any of WMDA’s products or services have signed a confidentiality agreement to ensure faithful processing and handling of your data. Our contracts with the suppliers of information systems include provisions on data protection practices, such as confidentiality and the destruction of data.

However, no internet-based product or service, including email, is 100% secure, so we cannot be held responsible for unauthorised or unintended access that is beyond our control.

Is my data used for profiling or automated decision-making?

Your data will not be used for profiling or automatic decision-making.

For how long is my data stored?

Data received by any digital online form is stored until the data is processed within our customer relationship management system or any other communication has been completed. The information is kept in our customer management system until the person or affiliated organisation notifies us that he or she would like the data to be changed or deleted. Data of organisations are checked yearly to ensure that it is up to date. In addition, incorrect and outdated contact information is deleted.

User accounts of WMDA’s products and services will be closed and removed when:

  • the user hasn’t used the product or service for more than 1.5 years (after 1 year account inactivated; inactive accounts older than 6 months are removed)
  • the user abandoned to pay for the service
  • the user is no longer an employee of an organisation allowed to use the WMDA’s product or service.
  • the user of any education programmes completed the course and didn’t register for a continuing course.

Contact data from previous users of WMDA’s products and services might be kept into the customer management system for future communication on new products or when the user also fulfils additional activities within the WMDA.

The WMDA’s products or services also store log data and back-up data. Log data are kept for six months. Back-up files from the data are stored based on a rotation scheme for a maximum of 1 year.

How can I review my data and rectify any inaccurate information?

You are always in control of your data that we store. You have the right:

  • to be informed about how your data is used. It is the intention of this page to give you an overview of how WMDA uses your data. However, everyone’s journey through WMDA’s services is different and you can obtain more information or ask specific questions about your data by contacting the WMDA office at
  • to request a copy of the information we hold about you
  • to update or amend the information we hold about you if it is wrong
  • to change your communication or marketing preferences at any time
  • to erasure (also called the right to be forgotten). Applications to apply this right will be considered by WMDA on a case by case basis
  • to restrict how your data is processed
  • to raise a concern or complaint about the way in which your information is being used.

Access to and rectifications of data can be requested by sending a message to the WMDA office at

For more information on your rights, you can also visit the website from the Dutch competent authority at the UK competent authority at

Changes to this Privacy Policy

This Privacy Policy was updated in September 2018. We will keep it under review and make updates from time to time. If we make any significant changes to the way we treat your personal information, we will make this clear on the WMDA website or by contacting you directly.

How can I ask questions about this Privacy Policy?

If you still have any questions, comments or concerns after reading this Privacy Policy, you can contact us by sending a message to the WMDA office at

Contact information

World Marrow Donor Association (WMDA)

Schipholweg 57, 1st floor, unit 4

2316 ZL Leiden,

The Netherlands

Tel: +31 88 505 7900