Last Modified: July 2021

INTRODUCTION

Thank you for visiting World Bicycle Relief. We value your support and interest. We respect your privacy and are committed to protecting it through our compliance with this policy. This Privacy Policy, part of our overall Terms of Use, applies to www.worldbicyclerelief.org (the “Website”), owned and operated by World Bicycle Relief, a non-profit organization.

We take your privacy seriously. This privacy policy aims to give you information on how we collect and process your personal data through your use of this Website, including any data you may provide through this Website, for example by browsing it, donating online, fundraising for us or taking part in one of our events.  Please read this policy carefully to understand how we will treat your information.

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them. You may have received a copy of this Privacy Policy in connection with an offline donation or other offline interaction you have had with World Bicycle Relief.

World Bicycle Relief is made up of different charitable entities, including World Bicycle Relief UK, World Bicycle Relief NFP (USA), World Bicycle Relief CA (Canada), World Bicycle Relief gGmbH (Germany), World Bicycle Relief Australia and World Bicycle Relief (Switzerland) (the Charity Group or we, our and us.). World Bicycle Relief NFP and World Bicycle Relief UK are joint data controller and responsible for processing data collected from UK persons. In creating this Privacy Policy we are guided by the law relevant to each jurisdiction, including the General Data Protection Regulation (GDPR) of the EU, the UK General Protection Regulation and the Data Protection Act 2018 (DPA) of England and Wales,  the Australian Privacy Principles, the Federal Acts on Data Protection of Switzerland and the California Civil Code.

CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES

We keep our privacy policy under regular review. This version was last updated in July 2021.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

PERSONAL DATA WE COLLECT

We process personal data that we collect in various ways.  We collect data directly from you when you contact us online and offline, for example when you complete a form on our website or send an email.  We might also collect personal data through your employer (for example as part of a workplace giving activity), cookies (see more below) or where the information is available in the public domain.

We may collect the following information:

1. Identity Data. This may include your name, email address, mailing or billing address, country, phone number, gender, date of birth, marital status, title or employer name.

2. Fundraising Data. This may include information on a fundraising page that you set up. The fundraising data may include your name, address, telephone number, email address, profile pictures, gender, date of birth, salutation, relationships, interests and hobbies, educational details and employment details.

3. Usage Data. We may process data about your use of our Website and services. The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, interest categories, age range, length of visit, page views and Website navigation paths, as well as information about the timing, frequency and pattern of your service use.

4. Correspondence Data. We may process information contained in any enquiry or communication you submit to us, including internal staff members regarding our programs, organisation, donations and services and could include the communication content and metadata associated with the communication.

5. Transaction Data. We may process information relating to transactions, including donations and purchases of goods, that you enter into with us and/or through our Website. The transaction data may include your Identity Data and your payment or banking details.

6. Email Data. We may process information contained in or relating to email communication from and to World Bicycle Relief. The email data may include personal data including name, email, email preferences, location, gender, employer, interests or persona and/or service data including emails delivered, clicked or opened, browser language, list or workflow membership, referral source, page views, and form submissions.

During any communication with us, you should not provide us with any other person’s persona information unless you have the express consent of that individual to do so.

PURPOSES FOR PROCESSING PERSONAL DATA

Purpose/Activity	Type of data	Lawful basis for processing including basis of legitimate interest and why it is reasonably necessary for our function and activities
To register your donation or that you have fundraised for us	(a) Identity (b) Fundraising	Performance of a contract with you
To provide our charitable services	(a) Identity (b) Fundraising (c) Usage (d) Correspondence (e) Transaction (f) Email	(a) Performance of a contract with you (b) Necessary for our legitimate interests (to keep our records updated and to continue providing our charitable services)
To process your donation	(a) Identity (b) Fundraising	(a) Performance of a contract with you (b) Necessary for our legitimate interests (to keep our records updated and to continue providing our charitable services)
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Asking for feedback	(a) Identity (b) Correspondence (c) Email	(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study feedback on our charitable services)
To administer and protect our charity and this Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	(a) Identity (b) Usage (c) Transaction	(a) Necessary for our legitimate interests (for running our charity, provision of administration and IT services, network security, to prevent fraud and in the context of a charity reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation
To deliver relevant Website content to you and measure or understand the effectiveness of the messages and content we serve to you	(a) Identity (b) Fundraising (c) Usage (d) Correspondence (e) Email	Necessary for our legitimate interests (to study how our supporters and contacts use our charitable services, to develop them, to grow our charity and to inform our future strategy)
To use data analytics to improve our Website and communications	(a) Technical (b) Usage	Necessary for our legitimate interests (to define types of supporters, to keep our Website updated and relevant, to develop our charity and to inform our strategy)
To make fundraising or donation suggestions and recommendations to you or that may be of interest to you	(a) Identity (b) Fundraising (c) Usage (d) Transaction (e) Correspondence (f) Email	(a) Necessary for our legitimate interests (to develop our charity and grow it) (b) Consent

MARKETING

You may receive marketing communications from us by post if you have previously requested information from us, fundraised for us or provided us with a donation and you have not opted out of receiving postal marketing.

You will only receive marketing communications from us via email if you have given us your express consent.

Opting out

You can ask us to stop sending you marketing messages at any time by following the opt-out links or instructions on any marketing message sent to you or by contacting us at any time.

PROVIDING YOUR PERSONAL DATA TO OTHERS

We may share your personal data with the parties set out below for the purposes set out in the table above, however personal data will never be sold to other entities: 

1. Other charities in the Charity Group acting as joint controllers or processors to provide IT and system administration services and undertake reporting on us.

2. Our third party service providers who provide IT and system administration services.

3. Professional consulting firms or partners with the purpose of more effective communication with our supporters or for other internal marketing related studies or promotions.

4. Third parties who provide processing services in respect of the collection of personal data and storage of personal data to enable us to send marketing communications to you.

5. Fundraising Data including supporter names, comments and the gift amount is displayed with consent on fundraising pages. If a supporter requests their information to be anonymous, it is displayed as such and never with their personal details.

6. Financial transactions relating to our Website and services are handled by our payment service providers. We will share transaction data with our payment service providers only to the extent necessary for the purposes of processing your payments, refunding payments and managing complaints or queries relating to such payments and refunds.

7. Regulators and other authorities who require reporting of processing activities in certain circumstances.

8. Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.

THIRD PARTY LINKS

This Website may include links to third-party Websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party Websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy policy of every Website you visit.

INTERNATIONAL TRANSFERS

WBR NFP, some of our charities in our Charity Group and other third parties are based outside the European Economic Area (EEA), so there will be processing of your personal data which will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

1. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.

2. Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

In relation to Australian fund raising and donations, the transfer of data will be to outside Australia, and in such circumstances, a transfer of data does not alter our commitment to safeguarding your privacy.  We require all our external service providers to handle your information in accordance with this Privacy Policy and in a manner that is consistent with the Australian Privacy Principles. In accepting this Privacy Policy, you provide us with consent to disclose your personal information outsider Australia.  You understand that through providing your consent, if an oversea recipient handles your information in a way that reaches the Australian Privacy Principles, you may not be able to access redress overseas.  Any liability under the Australian Privacy Principles 8.1 for breaches by overseas recipients of your information is waived.  However, this does not alter our commitment to ensure that your privacy is protected.

RETAINING AND DELETING PERSONAL DATA

1. Personal data that we process for any purpose shall not be kept for longer than is necessary for that purpose.

2. We will anonymize your personal data after seven years of inactivity.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.

YOUR RIGHTS

You have the right to:

1. Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

2. Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

3. Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

4. Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

5. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

a. If you want us to establish the data’s accuracy.

b. Where our use of the data is unlawful but you do not want us to erase it.

c. Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.

d. You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

6. Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

7. Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within 30 days if in Australia or otherwise, within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

COOKIES – ABOUT

1. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

2. Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date.  A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

3. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

COOKIES THAT WE USE

1. Cookies (or browser cookies). A cookie is a small text file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.

2. Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies.

3. Web Beacons. Pages of our Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related Website statistics (for example, recording the popularity of certain Website content and verifying system and server integrity).

4. The purpose of these cookies is to collect details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website and Information about your computer and internet connection, including your IP address, operating system, and browser type.

5. Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests.

COOKIES FROM SERVICE PROVIDERS

1. Our service providers use cookies and those cookies may be stored on your computer when you visit our Website.

2. We use Google Analytics to analyze the use of our Website. Google Analytics gathers information about Website use by means of cookies. The information gathered relating to our Website is used to create reports about the use of our Website. Google’s privacy policy is available at: https://www.google.com/policies/privacy/

MANAGING COOKIES

1. Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version.

2. Blocking all cookies will have a negative impact upon the usability of many websites.

3. If you block cookies, you will not be able to use all the features on our Website.

DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

CHILDREN UNDER THE AGE OF 13

Our Website is not intended for children under 13 years of age without parental consent and supervision. We do not target our offerings toward, and do not knowingly collect, any personal information from users under 13 years of age, unless a parent has consented in writing to the child’s use of our Website and to our collection of certain information from the child. We will not require a child under the age of 13 to provide more information than is reasonably necessary to participate in our activities. Parents may review their child’s personal information, ask to have it deleted and refuse to allow any further collection or use of their child’s information. A parent wishing to do so should contact us as indicated in the “Our Details” section below.

CALIFORNIA PRIVACY RIGHTS

California Civil Code Section § 1798.83 permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us as by submitting the following form https://www.tfaforms.com/4666911.

OUR DETAILS

1. This Website is owned and operated by World Bicycle Relief NFP.

2. Our data privacy manager is Jeff Bosken and he can be contacted at email jbosken@worldbicyclerelief.org

3. We are registered in and have principal contacts below. You may contact the person relevant to your country if you have any questions or concerns about this Privacy Policy

• United Kingdom under registration number 1141613 at: PO Box 1336, Cambridge, CB1 0BQ; Contact: Allison Dufosee at email uk@worldbicyclerelief.org
• Germany under Finanzamt Schweinfurt St Nr 249 /142 /70088 at: Romstraße 1, 97424 Schweinfurt; Contact: Kristina Jasiunaite at email de@worldbicyclerelief.org
• United States under Tax ID 20-5080679 and at: 1000 W Fulton Market, 4th Fl, Chicago, IL 60607; Contact: Jeff Bosken at email info@worldbicyclerelief.org
• Canada under registration number 804964500RR0001 and at: 255 Courtneypark Drive West, Mississauga, ON L5W 0A5; Contact: Jeff Bosken at email info@worldbicyclerelief.org
• Australia under ABN registration number 85 610 648 612 at: PO Box 6305
  West Gosford, NSW 2250; Contact: Jeff Bosken at email info@worldbicyclerelief.org
• Switzerland under registered number CHE-435.393.943 at: Rue Fendt 1, 1201 Geneva, Switzerland. Contact: Anna Weyerhaeuser at email ch@worldbicyclerelief.org

4. If you remain unsatisfied with our policy or management of your query or concern, then you can contact the regulator in the country relevant to you.

• In Australia this is the Office of the Australian Information Commissioner at GPO Box 5218, Sydney NSW 2001, phone 1300 363 992; by email at  enquiries@oaic.gov.au
• In the UK this is the Information Commissioners with all details at ico.org.uk

World Bicycle Relief UK 

Complaints Policy 

 

Introduction 

1.  World Bicycle Relief UK views complaints as an opportunity to learn and improve for the future and a chance to put things right for the person or organisation that has made the complaint.  

 2. Our policy is:   

• To provide a fair complaints procedure which is clear and easy to use for anyone wishing to make a complaint  
• To publicise the existence of our complaints procedure so that people know how to contact us to make a complaint  
• To make sure everyone at WBR UK knows what to do if a complaint is received  
• To make sure all complaints are investigated fairly and in a timely way  
• To make sure that complaints are, wherever possible, resolved and that relationships are repaired  
• To gather information which helps us to improve what we do  

   

Definition of a Complaint  

3. A complaint is any expression of dissatisfaction, whether justified or not, about any aspect of World Bicycle Relief UK encompassing both our fundraising and advocacy work in the UK or project work carried out by any other organisation in the World Bicycle Relief group in other countries.  

 4. Complaints may come from any individual, volunteer or organisation that has a legitimate interest in World Bicycle Relief UK, including the general public, if something is perceived to be improper. A complaint can be received verbally, by phone, email, or in writing. This policy does not cover complaints from staff, who should refer to WBR UK’s internal policy on such matters.   

  

Complaints Procedure    

5. Written complaints may be sent to World Bicycle Relief UK at Sigma House, Oak View Close, Edginswell Park, Torquay, Devon TQ2 7FF or by email to uk@worldbicyclerelief.org. Verbal complaints may be made by phone to (+44) 0333 3055218 or in person to any of WBR UK’s staff or trustees at the same address as above or at any of our events. Complaints may also be made via any of WBR’s social media accounts.   

 6. The person who receives a phone or in person complaint should:  

• Write down the facts of the complaint 
• Take the complainant’s name, address and telephone number 
• Note down the relationship of the complainant to WBR UK, e.g. donor, volunteer, sponsor 
• Tell the complainant that we have a complaints procedure 
• Tell the complainant what will happen next and how long it will take 
• Where appropriate, ask the complainant to send a written account by post or by email so that the complaint is recorded in the complainant’s own words  

  

Resolving Complaints    

7. Any complaints received should be notified to the CEO of WBR UK immediately.  If the complaint is straightforward and can be resolved by the person responsible for the issue being complained about, they should do so if possible and appropriate. If it has not been resolved by the person receiving the complaint, the CEO will either investigate it themself or delegate an appropriate person, who, if requested by the complainant, could be a Trustee, to investigate it and to take appropriate action. If the complaint relates to a specific person, they should be informed and given a fair opportunity to respond.  

 

8. All complaints should be acknowledged by the person handling the complaint within five working days. The acknowledgement should say who is dealing with the complaint and when the person complaining can expect a reply. A copy of this Complaints Policy should be attached or enclosed with the response.  

 

9. Ideally, complainants should receive a definitive reply within a month. If this is not possible because, for example, an investigation has not been fully completed, a progress report should be sent within a month with an indication of when a full reply will be given. Whether the complaint is justified or not, the reply to the complainant should describe the action taken to investigate the complaint, the conclusions from the investigation, and any action taken as a result of the complaint.  

  

10. If the complainant feels that the problem has not been satisfactorily resolved following receipt of an outcome letter, they can request that the complaint is reviewed by the Trustees.  

  

11. The CEO will inform the Chair of Trustees of the complaint and the need for a review. The Chair of Trustees will nominate one or more of the Trustees to investigate the complaint and report to the Chair on the outcome. If the complaint has been investigated by one of the Trustees at the request of the complainant, the Chair will review the complaint. The request for a review by the Trustees/Chair should be acknowledged within five working days of receiving it. The acknowledgement should say who will deal with the case and when the complainant can expect a reply.  

  

12. The nominated Trustee(s)/Chair should investigate the facts of the complaint. This may involve reviewing any documentation that is relevant to the case and/or speaking to any relevant individuals, including staff, volunteers, or other trustees. If the complaint relates to a specific person, they should be informed and given a further opportunity to respond. The nominated Trustee(s)/Chair should report on their findings and their recommendations for responding to the complaint to the Chair and the CEO (unless the CEO is involved in the complaint) as soon as possible. The Chair will keep the Board of Trustees informed of progress with any complaint, and the outcome and recommendations, at regular intervals.  

 

13. Ideally, complainants should receive a definitive reply within a month. If this is not possible because for example, an investigation has not been fully completed, a progress report should be sent with an indication of when a full reply will be given. Whether the complaint is upheld or not, the reply to the complainant should describe the action taken to investigate the complaint, the conclusions from the investigation, and any action taken as a result of the complaint. The decision of WBR UK taken at this stage is final, unless the Board decides it is appropriate to seek external assistance with resolution.  

 

Further Action 

14. In the event that the complainant is not satisfied with the response from WBR UK to their complaint, they can raise their complaint with external bodies such as the Fundraising Regulator, the Advertising Standards Authority or the Charity Commission. More information can be found here: https://www.gov.uk/complain-about-charity 

15. The Board may vary the procedure for good reason. This may be necessary to avoid a conflict of interest, for example, a complaint about a Chair or trustee should not also have the Chair and/or trustee involved as a person leading a review.  

 

Review  

16. Complaints made to WBR UK will be reviewed annually to identify any trends which may indicate a need to take further action.  

 

Confidentiality  

17. All complaint information will be handled sensitively, telling only those who need to know and complying with any relevant data protection requirements.   

 

Responsibility  

18. The Trustees of World Bicycle Relief UK are responsible for this policy and its implementation.   

 

April 2023