Privacy Policy
Last Modified: July 2021
INTRODUCTION
Thank you for visiting World Bicycle Relief. We value your support and interest. We respect your privacy and are committed to protecting it through our compliance with this policy. This Privacy Policy, part of our overall Terms of Use, applies to www.worldbicyclerelief.org (the “Website”), owned and operated by World Bicycle Relief, a non-profit organization.
We take your privacy seriously. This privacy policy aims to give you information on how we collect and process your personal data through your use of this Website, including any data you may provide through this Website, for example by browsing it, donating online, fundraising for us or taking part in one of our events. Please read this policy carefully to understand how we will treat your information.
It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them. You may have received a copy of this Privacy Policy in connection with an offline donation or other offline interaction you have had with World Bicycle Relief.
World Bicycle Relief is made up of different charitable entities, including World Bicycle Relief UK, World Bicycle Relief NFP (USA), World Bicycle Relief CA (Canada), World Bicycle Relief gGmbH (Germany), World Bicycle Relief Australia and World Bicycle Relief (Switzerland) (the Charity Group or we, our and us.). World Bicycle Relief NFP and World Bicycle Relief UK are joint data controller and responsible for processing data collected from UK persons. In creating this Privacy Policy we are guided by the law relevant to each jurisdiction, including the General Data Protection Regulation (GDPR) of the EU, the UK General Protection Regulation and the Data Protection Act 2018 (DPA) of England and Wales, the Australian Privacy Principles, the Federal Acts on Data Protection of Switzerland and the California Civil Code.
CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES
We keep our privacy policy under regular review. This version was last updated in July 2021.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
PERSONAL DATA WE COLLECT
We process personal data that we collect in various ways. We collect data directly from you when you contact us online and offline, for example when you complete a form on our website or send an email. We might also collect personal data through your employer (for example as part of a workplace giving activity), cookies (see more below) or where the information is available in the public domain.
We may collect the following information:
1. Identity Data. This may include your name, email address, mailing or billing address, country, phone number, gender, date of birth, marital status, title or employer name.
2. Fundraising Data. This may include information on a fundraising page that you set up. The fundraising data may include your name, address, telephone number, email address, profile pictures, gender, date of birth, salutation, relationships, interests and hobbies, educational details and employment details.
3. Usage Data. We may process data about your use of our Website and services. The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, interest categories, age range, length of visit, page views and Website navigation paths, as well as information about the timing, frequency and pattern of your service use.
4. Correspondence Data. We may process information contained in any enquiry or communication you submit to us, including internal staff members regarding our programs, organisation, donations and services and could include the communication content and metadata associated with the communication.
5. Transaction Data. We may process information relating to transactions, including donations and purchases of goods, that you enter into with us and/or through our Website. The transaction data may include your Identity Data and your payment or banking details.
6. Email Data. We may process information contained in or relating to email communication from and to World Bicycle Relief. The email data may include personal data including name, email, email preferences, location, gender, employer, interests or persona and/or service data including emails delivered, clicked or opened, browser language, list or workflow membership, referral source, page views, and form submissions.
During any communication with us, you should not provide us with any other person’s persona information unless you have the express consent of that individual to do so.
PURPOSES FOR PROCESSING PERSONAL DATA
| Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest and why it is reasonably necessary for our function and activities | |
|---|---|---|---|
| To register your donation or that you have fundraised for us | (a) Identity
(b) Fundraising |
Performance of a contract with you | |
| To provide our charitable services | (a) Identity
(b) Fundraising (c) Usage (d) Correspondence (e) Transaction (f) Email |
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to keep our records updated and to continue providing our charitable services) |
|
| To process your donation | (a) Identity
(b) Fundraising |
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to keep our records updated and to continue providing our charitable services) |
|
| To manage our relationship with you which will include:
(a) Notifying you about changes to our terms or privacy policy (b) Asking for feedback |
(a) Identity
(b) Correspondence (c) Email |
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study feedback on our charitable services) |
|
| To administer and protect our charity and this Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) Identity
(b) Usage (c) Transaction |
(a) Necessary for our legitimate interests (for running our charity, provision of administration and IT services, network security, to prevent fraud and in the context of a charity reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation |
|
| To deliver relevant Website content to you and measure or understand the effectiveness of the messages and content we serve to you | (a) Identity
(b) Fundraising (c) Usage (d) Correspondence (e) Email |
Necessary for our legitimate interests (to study how our supporters and contacts use our charitable services, to develop them, to grow our charity and to inform our future strategy) | |
| To use data analytics to improve our Website and communications | (a) Technical
(b) Usage |
Necessary for our legitimate interests (to define types of supporters, to keep our Website updated and relevant, to develop our charity and to inform our strategy) | |
| To make fundraising or donation suggestions and recommendations to you or that may be of interest to you | (a) Identity
(b) Fundraising (c) Usage (d) Transaction (e) Correspondence (f) Email |
|
MARKETING
You may receive marketing communications from us by post if you have previously requested information from us, fundraised for us or provided us with a donation and you have not opted out of receiving postal marketing.
You will only receive marketing communications from us via email if you have given us your express consent.
Opting out
You can ask us to stop sending you marketing messages at any time by following the opt-out links or instructions on any marketing message sent to you or by contacting us at any time.
PROVIDING YOUR PERSONAL DATA TO OTHERS
We may share your personal data with the parties set out below for the purposes set out in the table above, however personal data will never be sold to other entities:
1. Other charities in the Charity Group acting as joint controllers or processors to provide IT and system administration services and undertake reporting on us.
2. Our third party service providers who provide IT and system administration services.
3. Professional consulting firms or partners with the purpose of more effective communication with our supporters or for other internal marketing related studies or promotions.
4. Third parties who provide processing services in respect of the collection of personal data and storage of personal data to enable us to send marketing communications to you.
5. Fundraising Data including supporter names, comments and the gift amount is displayed with consent on fundraising pages. If a supporter requests their information to be anonymous, it is displayed as such and never with their personal details.
6. Financial transactions relating to our Website and services are handled by our payment service providers. We will share transaction data with our payment service providers only to the extent necessary for the purposes of processing your payments, refunding payments and managing complaints or queries relating to such payments and refunds.
7. Regulators and other authorities who require reporting of processing activities in certain circumstances.
8. Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
THIRD PARTY LINKS
This Website may include links to third-party Websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party Websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy policy of every Website you visit.
INTERNATIONAL TRANSFERS
WBR NFP, some of our charities in our Charity Group and other third parties are based outside the European Economic Area (EEA), so there will be processing of your personal data which will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
1. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
2. Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
In relation to Australian fund raising and donations, the transfer of data will be to outside Australia, and in such circumstances, a transfer of data does not alter our commitment to safeguarding your privacy. We require all our external service providers to handle your information in accordance with this Privacy Policy and in a manner that is consistent with the Australian Privacy Principles. In accepting this Privacy Policy, you provide us with consent to disclose your personal information outsider Australia. You understand that through providing your consent, if an oversea recipient handles your information in a way that reaches the Australian Privacy Principles, you may not be able to access redress overseas. Any liability under the Australian Privacy Principles 8.1 for breaches by overseas recipients of your information is waived. However, this does not alter our commitment to ensure that your privacy is protected.
RETAINING AND DELETING PERSONAL DATA
1. Personal data that we process for any purpose shall not be kept for longer than is necessary for that purpose.
2. We will anonymize your personal data after seven years of inactivity.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.
YOUR RIGHTS
You have the right to:
1. Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
2. Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
3. Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
4. Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
5. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
a. If you want us to establish the data’s accuracy.
b. Where our use of the data is unlawful but you do not want us to erase it.
c. Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
d. You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
6. Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
7. Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within 30 days if in Australia or otherwise, within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
COOKIES – ABOUT
1. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
2. Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date. A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
3. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
COOKIES THAT WE USE
1. Cookies (or browser cookies). A cookie is a small text file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.
2. Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies.
3. Web Beacons. Pages of our Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related Website statistics (for example, recording the popularity of certain Website content and verifying system and server integrity).
4. The purpose of these cookies is to collect details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website and Information about your computer and internet connection, including your IP address, operating system, and browser type.
5. Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests.
COOKIES FROM SERVICE PROVIDERS
1. Our service providers use cookies and those cookies may be stored on your computer when you visit our Website.
2. We use Google Analytics to analyze the use of our Website. Google Analytics gathers information about Website use by means of cookies. The information gathered relating to our Website is used to create reports about the use of our Website. Google’s privacy policy is available at: https://www.google.com/policies/privacy/
MANAGING COOKIES
1. Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version.
2. Blocking all cookies will have a negative impact upon the usability of many websites.
3. If you block cookies, you will not be able to use all the features on our Website.
DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
CHILDREN UNDER THE AGE OF 13
Our Website is not intended for children under 13 years of age without parental consent and supervision. We do not target our offerings toward, and do not knowingly collect, any personal information from users under 13 years of age, unless a parent has consented in writing to the child’s use of our Website and to our collection of certain information from the child. We will not require a child under the age of 13 to provide more information than is reasonably necessary to participate in our activities. Parents may review their child’s personal information, ask to have it deleted and refuse to allow any further collection or use of their child’s information. A parent wishing to do so should contact us as indicated in the “Our Details” section below.
CALIFORNIA PRIVACY RIGHTS
California Civil Code Section § 1798.83 permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us as by submitting the following form https://www.tfaforms.com/4666911.
OUR DETAILS
1. This Website is owned and operated by World Bicycle Relief NFP.
2. Our data privacy manager is Jeff Bosken and he can be contacted at email jbosken@worldbicyclerelief.org
3. We are registered in and have principal contacts below. You may contact the person relevant to your country if you have any questions or concerns about this Privacy Policy
- United Kingdom under registration number 1141613 at: PO Box 1336, Cambridge, CB1 0BQ; Contact: Allison Dufosee at email uk@worldbicyclerelief.org
- Germany under Finanzamt Schweinfurt St Nr 249 /142 /70088 at: Romstraße 1, 97424 Schweinfurt; Contact: Kristina Jasiunaite at email de@worldbicyclerelief.org
- United States under Tax ID 20-5080679 and at: 1000 W Fulton Market, 4th Fl, Chicago, IL 60607; Contact: Jeff Bosken at email info@worldbicyclerelief.org
- Canada under registration number 804964500RR0001 and at: 255 Courtneypark Drive West, Mississauga, ON L5W 0A5; Contact: Jeff Bosken at email info@worldbicyclerelief.org
- Australia under ABN registration number 85 610 648 612 at: PO Box 6305
West Gosford, NSW 2250; Contact: Jeff Bosken at email info@worldbicyclerelief.org - Switzerland under registered number CHE-435.393.943 at: Rue Fendt 1, 1201 Geneva, Switzerland. Contact: Anna Weyerhaeuser at email ch@worldbicyclerelief.org
4. If you remain unsatisfied with our policy or management of your query or concern, then you can contact the regulator in the country relevant to you.
- In Australia this is the Office of the Australian Information Commissioner at GPO Box 5218, Sydney NSW 2001, phone 1300 363 992; by email at enquiries@oaic.gov.au
- In the UK this is the Information Commissioners with all details at ico.org.uk