1.1 The website https://assets.worldvision.org.uk/ (the “Website”), or any related website incorporating the subdomain worldvision.org.uk or https://www.musthavegifts.org, are owned and operated by World Vision UK (“WVUK”, “us”, “we”), a company registered in England and Wales with company number 01675552 and a charity registered in England and Wales with charity number 285908 and registered address World Vision House, Opal Drive, Fox Milne, Milton Keynes, Buckinghamshire, MK15 0ZR.
1.2 We are committed to protecting your privacy and will only use the information that we collect about you lawfully. This privacy notice is intended to give you an understanding of how and why we use the information you give us.
1.3 Deirdre Bowen-Cassie, Risk and Compliance Officer, is our Data Protection Officer and responsible for data protection compliance. If you have any questions about this privacy notice, please contact her on firstname.lastname@example.org, or by writing to World Vision UK, World Vision House, Opal Drive, Fox Milne, Milton Keynes, MK15 0ZR, or calling our Supporter Services Team on 01908 841010.
1.4 Please read the following carefully to understand our practices regarding your personal data and how we will treat it. By using our website or providing us with your personal information you agree to your personal information being used and stored in the manner set out in this policy. We may update this policy from time to time without notice to you, so please check it regularly.
2. How we collect information about you
Information you give us
2.1 We may collect information from you in the following ways:
(b) You make a donation to us (which may be financial or non-financial/in-kind), or respond to our mailings and appeals (this includes when you purchase a Must Have Gift and sponsor a Child yourself or on someone else’s behalf);
(c) You contact us in relation to volunteering for us, act as an ambassador or fundraise on our behalf;
(d) You tell us about your ‘World Vision story’;
(e) You attend an event (e.g. the Summer Ball, legacy celebration events, a parliamentary event);
(f) You apply for a job with us or become an employee or provide services via an agency or provide consultancy services directly to us;
(g) You request and/or receive a copy of the World Vision magazine or any other materials from us;
(h) You register a website account for ‘My Sponsorship’; or
(i) You contact us with enquiries or other correspondence (including via social media) or become involved with us in another way (e.g. by indicating you would like to hear more from us, or you would like to make a donation to us, either directly or via your Church.
2.2 If you interact with us in one of the ways listed above, we may collect and process personal information about you such as:
(a) Your name, address, email address, telephone number, your age;
(b) Information you enter onto our website or in other hard copy forms at an event;
(c) Records of your correspondence with us, if you have contacted us;
(d) Details of your visit to our website, including your IP address;
(e) Financial information such as your bank or card details;
(f) Whether you have a relationship to another supporter (e.g. husband/wife).
2.3 We may also collect sensitive personal information about you, such as details about a health condition or disability, where it will mean we can communicate with you appropriately in the future. We may also collect this information if you plan to attend an event.
2.4 When your political affiliation or religious beliefs are of general public knowledge, we may also record that information against your profile. If they are not in the public domain, we will only do so where we have your consent or drawn this specifically to your attention.
Information we receive from other sources
2.6 Please refer to paragraphs 3.2 and 3.3 for further details on information we receive from other sources.
3. Why and how we use your information and on what basis
3.1 GDPR provides 7 legal bases for processing your data. We will only process your data under one of the following bases:
(a) Contract (usually our HR and employee data)
(b) Consent (usually our supporter data where you have given specific, granular opt-in permission to process your data to fulfill our relationship)
(c) Legitimate Interest (where consent is unnecessary and our processing is considered expected and non-intrusive)
3.2 We will process your personal information in accordance with this policy and our obligations under applicable data protection laws and regulations, for one or more of the following purposes:
(a) To administer your purchase or donation or support your fundraising, including processing Gift Aid;
(b) To provide you with the services, activities or information you have indicated you are happy to receive or which you have asked for;
(c) To comply with applicable laws and regulations, and requests from statutory agencies;
(d) For our own internal administrative purposes and to keep a record of your relationship with us;
(e) For the purposes of internal research such as supporter satisfaction research;
(f) For marketing purposes, to provide you with information about us, our fundraising campaigns, the opportunity to leave a gift in a will, our events, our services, and any other information, products, activities or services that we provide or provide access to (e.g. supporter updates);
(g) Where you have provided your consent, to publish details of your ‘World Vision story’;
(h) To provide you with information about volunteering opportunities;
(i) To provide you with details about our campaigns
(j) To provide essential event information where you have signed up to attend;
(k) To manage your communication preferences with us generally;
(l) To provide you with information about goods or services we feel may interest you;
(m) To notify you about changes to our service and/or donor/sponsorship opportunities;
(n) To ensure that content from our website is presented in the most effective manner for you and for your computer/mobile device.
3.3 Where the law allows us to do so, in order to improve the quality and accuracy of the information you have provided to us, we regularly check the accuracy of the data we already hold about you (such as your telephone number, email address or address) against external data lists which are in the public domain (e.g. using the Royal Mail’s National Change of Address database and postcode validation). We may also use third parties to check this on our behalf. We will only check the accuracy of the existing information we hold. If, for example, you have not provided us with a telephone number, we will not obtain a telephone number for you and use it to contact you. If we obtain updated details, we would combine this with the information we currently hold about you.
3.4 We may use unautomated profiling and screening techniques to analyse your personal information and create a profile about you, your interests and preferences from publicly available information. This helps us to ensure communications are relevant and we make appropriate requests for donations and other forms of support. The types of information collected about you from the public domain will include:
(a) Your age;
(b) Your qualifications;
(c) A wealth band which will be an estimate of your wealth based on publicly available information;
(d) Your trusteeships and the type of charity which you are a trustee of i.e. grant making);
(e) Your company directorships;
(f) Your donation history;
(g) Whether you are from a family who is likely to have inherited wealth (i.e. are you a member of the British aristocracy);
(h) Whether you are a member of a Livery Company;
(i) Whether you are a member of the National Gardens Scheme https://wwww.ngs.org.uk;
(j) Whether you have invested in Venture Capital Trusts approved by HMRC;
(k) Whether your property is estimated to be valued in excess of £1million;
(l) Your primary business organisation.
4. Where is your information stored
4.1 The information we collect from you may be transferred to and stored at a destination outside the European Economic Area (“EEA”), e.g. the World Vision offices of the communities we support. It may also be processed by persons operating outside of the EEA. If we send your personal data outside the EEA we will take reasonable steps to ensure that the recipient implements GDPR-compliant measures to protect your information. By submitting your details you agree to this use of your data.
4.2 Online payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
4.3 The transmission of information via the internet is not completely secure (though note that online payment transactions are securely encrypted). Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
5. How long do we keep your data
5.1 We will process and retain your data only for the minimum required period in line with our data retention policy. In the instance of a financial relationship this will be 6 plus 1 years for HMRC purposes. For non-financial relationships and where there is no other activity we will not retain your data beyond 2 years. Please be aware that in the event of exercising your right to erasure we will inform you if we are unable to do so due to overriding legal obligations.
6. Who has access to your information / who we share your data with
6.1 We may allow our staff, consultants and/or external providers acting on our behalf to access and use your information for the purposes for which you have provided it to us (e.g. to deliver mailings, analyse data and to process payments) or for purposes set out in this privacy notice. We will only provide them with the information they need to deliver the relevant service. We will ensure your information is transferred securely and treated with the same diligence as if we were handling it directly.
6.2 We do not sell your data to third parties for the purposes of marketing. In other cases we will not share your personal data with third parties except in accordance with this privacy notice or when we have your permission.
6.3 We may disclose your information to other organisations and agencies if we are under a duty to disclose or share it in order to comply with any legal obligation, or in order to enforce or apply any agreements; or to protect the rights, property or safety of us or others. For example, we may share your information with HMRC for the purpose of administering Gift Aid.
6.4 In accordance with our Safeguarding Policy and our commitment to protect vulnerable children from all forms of exploitation and abuse, we may share details, including personal data, relating to serious breaches of our Safeguarding Policy and Procedures with statutory authorities such as the police, the National Crime Agency (NCA), the Child Exploitation and Online Protection Agency (CEOP) and the Charity Commission.
7. World Vision partnership
7.1 We may need to disclose your information to other offices in some circumstances with your consent. World Vision UK is part of the World Vision partnership which works in almost 100 countries. World Vision offices in other countries may be best placed to manage your relationship and provide you with any necessary support.
7.2 For example, if you sponsor a child through World Vision UK, or are involved in some other World Vision activity that involves a personal link to our overseas programmes, elements of your personal data necessary to fulfil the activity (e.g. your name and address) will be shared with relevant World Vision offices in that country in accordance with this policy. We will only share your details with another World Vision office in accordance with data protection laws and regulations and where we have your consent to do so.
7.3 Other members of the World Vision partnership may legally be obliged to share data in accordance with their relevant domestic legislation and potential law enforcement requirements.
8. Your rights
8.1 We take your data rights seriously. The General Data Protection Regulation, effective in the UK from May 2018, affords you the following rights:
(a) The right of access – you have the right to request a copy of the information that we hold about you;
(a) The right to rectification – you have the right to correct data that we hold about you that is inaccurate or incomplete;
(b) The right to erasure – in certain circumstances you can ask for the data we hold about you to be erased from our records;
(c) The right to restrict processing – where certain conditions apply you have the right to restrict processing of your data;
(d) The right to data portability – you have the right to have the data we hold about you transferred to another organisation;
(e) The right to object – you have the right to object to certain types of processing such as direct marketing;
(f) Rights in relation to automated decision making and profiling – we do not carry out automated decision making and profiling.
For more information on these rights please read the relevant guidance issued by the Information Commissioner Office: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
8.2 You can exercise your data protection rights in the following ways:
(a) Sending an email to email@example.com;
(b) Writing to Supporter Services, World Vision UK, World Vision House, Opal Drive, Fox Milne, Milton Keynes, MK15 0ZR; or
(c) Calling our Supporter Services Team on 01908 841010 between 10am-5pm (Mondays) and 9am-5pm (Tuesday to Friday).
8.3 If you request details of the information we hold about you in accordance with the subject access rights under applicable data protection laws and regulations, under certain circumstances we may charge an administration fee for fulfilling such requests.
8.4 Instructions for unsubscribing from emails are included in each email we send.
8.5 In the event of exercising your data rights we will require suitable identification such as a copy of your passport.
8.6 If you are unhappy with the way we have processed your personal data, please contact our Head of Risk and Compliance using the contact details set out in clause 1 of this privacy notice. If you remain unhappy with how your complaint is dealt with you should contact the Information Commissioner’s Office (https://ico.org.uk/). Alternatively, you are entitled to make a complaint to the Information Commissioner’s Office without first referring your complaint to us.
9.1 For more information on how cookies are used on our website, please see our cookies policy below.
10. Changes to our privacy notice
10.1 We may make changes to this policy from time to time, so we encourage you to check it frequently. By continuing to use our website you will be deemed to have accepted those changes.
1. What are cookies
2.1 We use the following types of cookies:
(a) Essential cookies – these are required for the operation of our website and include, e.g. to enable you to log in to the secure area, ‘My Sponsorship’, of the website or make use of a shopping cart and e-payment services.
(b) Analytic/performance cookies – these allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
(c) Functionality cookies – these are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
(d) Targeting cookies – these cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
2.2 The table below provides more information about the cookies we use and why:
|Type of cookie||Function and further information|
Analytics cookies including Google analytics
|These are common performance cookies that many websites use. They allow us to collect anonymous information about how you and other users use our website and helps us to improve the website. The information collected includes technical information regarding the user's browser, operating system, IP address and screen resolution. It also includes how users came to the website (which search engine and search terms were used, which links were clicked on) and the user's navigation on the website (number of visits, dates and times of visits, time spent on the website, which pages have been loaded etc.). A tracking cookie from Google is also used to protect users from known malicious sites.
|Social media sharing
|Speed of requests to server
||We use certain cookies to optimise the speed of requests to the server.
|Microsoft synchronisation cookie
||This cookie is used widely by Microsoft as a unique user ID. The cookie enables user tracking by synchronising the ID across many Microsoft domains.
|Type of device
||This cookie is used to determine what type of device (smartphones, tablets, computers, TVs etc.) is used by a user.
||Cookies are used to register a unique ID (used by Google) to record statistics of how the user uses YouTube videos across different websites, which videos the user has seen, and to estimate the users’ bandwidth on pages with integrated YouTube videos.
|User and session identification
|Identifying trusted web traffic
||This cookie is used by the content network, Cloudflare, to identify trusted web traffic.
|Disqus comments and login
||These cookies are used to add comments to the website through Disqus and remember the user's Disqus login credentials across websites that use that service.
||This cookie is used to optimise response times by distributing website traffic to several servers.
||Certain cookies are used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.
|Useridentification targeting cookies
||We use a number of user identification targeting cookies, which register a unique ID identifying a returning user’s device. This ID can be used to deliver targeted adverts. In some cases, cookies will categorise the user's interest and demographic profiles (based on the pages they have visited) in terms of resales for targeted marketing. Other details which may be registered by cookies include purchase details, website navigation, IP address, geographical location, visited websites and the adverts a user has clicked. In some cases the ID may be linked to other data (including data from surveys and psychographic, demographical and geographical data) for the purpose of personalising content, adverts and communications with the user. The ID may also be used to identify the user during return visits across websites that use the same advert network, for the purposes of targeted adverts. Targeted adverts may include video clips.
|Statistical data for advertising
||Certain cookies are used to identify the user’s devise during return visits in order to measure the efficacy of online adverts and to enable pay-out of referral commission fees to partners.
3. Third party websites and social networks
4. Disabling cookies
5. Changes to this policy and further information