Privacy policy

From Wikimedia UK
Jump to navigation Jump to search

Important information about who we are

This website is owned and operated by Wikimedia UK (The Charity), who is the Data Controller.

Wikimedia UK is a registered charity (registered in England No. 1144513, registered in Scotland No. SC048644) and a company limited by guarantee (06741827 England).

The registered office is:

Wikimedia UK

Office 1, Ground Floor, Europoint, 5-11 Lavington Street, London SE1 0NZ

Wikimedia UK Data Protection Officer (DPO), Sharon Mitcheson, Head of Finance & Operations, is responsible for answering any questions you have about this Privacy Notice. Sharon may be contacted at the above address, by email: sharon.mitcheson@wikimedia.org.uk

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection issues (www.ico.org.uk).  We would, however, appreciate the chance to deal with any concerns you may have before you approach the ICO, so please feel free to contact us first.

We may update this Privacy Notice from time to time.  If we make significant changes, we will post a notice on our websites.

The personal data we collect from you, how we collect it and how we use it

People who support us

This section explains what information Wikimedia UK collects, keeps and stores about you if you inquire about our activities, make a donation to us, support a campaign, express an interest in or inform us of your intention to leave a gift in your Will, or ask a question about our services.

What personal data do we collect?

The personal data we collect may include:

  • Your name, address, email address, telephone numbers;
  • Age, date of birth;
  • Location;
  • Bank account/card details;
  • Gender;
  • Your prior involvement with our fundraising campaigns;
  • Contact preferences and consents;
  • Gift aid status, fundraising status, reason for donating, information about events you’re taking part in,
  • School or organisation name;
  • Employee or NI number;
  • Social media handles; and
  • Details of executors and beneficiaries and your family relationships.

We do not store your credit or debit card details.

We may collect sensitive data, such as health information, religious beliefs and political opinions, about our supporters but only where there is a clear reason for doing so - such as providing the appropriate facilities or support to enable you to participate in an event - and with your explicit consent.

We may obtain your personal data from third party data suppliers, but only if they provide appropriate evidence that you have agreed that your personal data may be shared with other organisations. We also gather general information about the use of our websites such as pages visited and areas that are of most interest to users. For further information please see section

Visitors to our website

Occasionally we obtain publicly available information, such as contact information, or we research information to help us perform due diligence checks to ensure we are not being abused by fraudsters or criminals posing as genuine donors, or to ensure that there are no conflicts of interest from potential supporters or organisations prior to our engagement. We do these checks to help protect Wikimedia UK from abuse.

Why do we collect your personal data?

We use your personal data in order to:

  • Deal with your enquiries, requests and complaints;
  • Process your donations and orders made online or through our shops;
  • Provide you with information about our work and opportunities to participate;
  • Comply with our legal obligations, policies and procedures, for example claiming Gift Aid;
  • Provide and personalise our services;
  • Administer bequests in your Will;
  • Conduct our campaigns, fundraise and send marketing;
  • Tailor the advertising and marketing you see on social media and digital channels to share the most appropriate and relevant information with you;
  • Measure the effectiveness of digital marketing and advertising; and
  • Conduct market research.

We process your personal data for these purposes in accordance with our legitimate interests in conducting fundraising, processing payments, promoting our charitable activities, customising our social media communications, and responding to you when you make an enquiry. We also process your data when required under law or with your consent, such as when you consent to receive marketing from us. We will never pass your personal data on to other organisations for them to use for their own marketing purposes.

We may use your personal data to tailor the advertising you see on social media, and to measure its effectiveness. This may be by providing a third party platform with a list of email addresses or phone numbers which they use to target individuals with, or exclude them from seeing, our advertisements.

We will only email or phone you where we have your consent to deliver marketing to you. You can indicate your marketing preferences when you make a donation, or register your interest in our work.  If you no longer wish to receive marketing communications or appeals, it’s quick and easy to let us know at the contact details provided at the bottom of this Privacy Notice. You may opt-out also of our marketing communications at any time by clicking the ‘unsubscribe’ link at the end of our marketing emails. We will never pass your personal data on to other organisations for them to use for their own marketing purposes.

Wikimedia UK has a legitimate interest in keeping lists of people who no longer wish to be contacted (known as a suppression list) to ensure that we do not unintentionally contact them in the future.  The suppression list also collects emails that bounce, are blocked, or invalid. Wikimedia UK also keeps suppression lists of supporters and prospects who have requested removal from our postal mailing or marketing lists for the same reason.

We are committed to protecting the privacy of the children and young people that engage with us through our website, digital services, marketing materials,communication lists and online or in-person events. Please see Wikimedia UK’s Safeguarding Policy for more details for how we manage communications with children and young people.  

Prospect Research

Wikimedia UK undertakes prospect research under its legitimate interest, which is the identification of, and subsequent research into, prospective major donors and influencers (including individuals, trusts and companies) with a view to maximising their support for us. It involves the gathering and analysis of biographical, financial, corporate and philanthropic information from a wide variety of sources, both publicly available and those unique to Wikimedia UK.

The nature of data collected includes:

  • Contact Details
  • Home Address
  • Personal Email
  • Donation History
  • Professional Memberships
  • Education and Training History

Personalisation and profiling

We carry out targeted fundraising and campaign activity to ensure that we are contacting you with the most appropriate and relevant communications, for example by providing timely news about our work, and letting you know the different ways you can support us and help us to raise funds. In order to do this, we may use profiling techniques and engage with insight companies to provide us with general information about you, about your lifestyle and purchasing habits.

We may also use your personal data to understand the likelihood of you responding to a fundraising communication from us, and potentially donating. For example, we may use systems such as Access Charity CRM to create supporter categories within our database based on postcodes and we will, where appropriate, store this information on your record. We will also use broad demographic information such as statistics and analysis from third parties to better understand how our own supporter base compares to the general population.

Who do we share your personal data with?

We may share your personal data with third parties who provide a service to us (for example transaction processing). This includes trusted partners that work with us in connection with our charitable purposes, and other entities that act as fundraisers for Wikimedia UK (for example donation platforms such as Charities Aid Foundation and Benevity), or provide Wikimedia UK information and marketing services. We also share your data when we need to perform due diligence checks to ensure we are not being abused by fraudsters or criminals posing as genuine donors.

How long do we keep your personal data?

We keep your personal data for as long as required to operate the service in accordance with legal requirements and tax and accounting rules. Where your information is no longer required, we will ensure it is destroyed in a secure manner. This will generally be within six years of your last donation.

Job and Volunteer applicants

This section explains what information Wikimedia UK collects, keeps and stores about you when you apply for a role with us.

What personal data do we collect?

We may collect a range of information about you, including:

  • Your name, address and contact details, such as email address and telephone number;
  • Your contact preferences;
  • Date of birth, age, gender, nationality, residency status, criminal convictions, outstanding disciplinary proceedings and languages spoken;
  • Referee information;
  • Details of your qualifications, skills, experience, education and employment history;
  • Information about your current salary;
  • Whether or not you have a disability for which we need to make reasonable adjustments during the recruitment process; if you have disclosed this to us
  • Whether or not you have a disability for which we need to make reasonable adjustments for you to carry out your employment; if you have disclosed this to us
  • Information about your entitlement to work/volunteer in the UK; and
  • Equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health, and religion or belief. We will only collect this sensitive information with your explicit consent, which can be withdrawn at any time.

We collect this data in a variety of ways. For example, you may have filled in an application form, submitted a CV or resume, provided your passport details or other identification documents, or we may have collected it through interviews or other forms of assessment.

We may also collect information about you from third parties, such as references supplied by former employers. For job applicants, Wikimedia UK will only seek information about you from third parties once we have made you an offer of employment. In all cases the application process will make clear at what point we will be contacting third parties. For volunteer applicants, Wikimedia UK will seek information from third parties during the volunteer recruitment process.

Why do we collect your personal data?

We process your personal data in order to administer your job or volunteer application and to monitor recruitment statistics. In some cases, we need to process your data to ensure we are complying with our legal obligations, e.g. checking an individual’s right to work in the UK.

We have a legitimate interest in processing your personal data in order to manage our recruitment process, assess and confirm your suitability for the position and decide who to offer a role to. We may also need to process data from job and volunteer applicants in accordance with our legitimate interest in responding to, and defending against, legal claims.

We process health information if we need to make a reasonable adjustment to the recruitment process for applicants who have a disability.  This is to carry out our obligations and exercise specific rights in relation to employment. These obligations only exist where prospective candidates and employees have disclosed health information to us.

For some roles Wikimedia UK is obliged to seek information about criminal convictions and offences.  This is necessary to carry out our obligations and exercise specific rights in relation to employment and volunteering.

  • when applicants are asked to confirm they have the right to work in the UK;
  • when applicants confirm that they are not barred from undertaking roles working within regulated activity; and
  • when confirming that the applicant has a clean and valid driving licence where driving is an essential requirement for the role.

If an applicant is unable to fulfil these requirements, they will not be able to progress any further with their application. Should an applicant wish to challenge any compliance-related decision within the recruitment process they should contact the Finance & Operations team via email at info@wikimedia.org.uk

Who do we share your personal data with?

As part of the recruitment process, we may need to share your data with third parties in order to conduct any necessary background checks and vetting processes, such as contacting previous employers/referees to obtain a reference, and/or the Disclosure and Barring Service to conduct criminal record checks. As part of the recruitment process, we will make clear to you which checks will be required and at what stage of the process.

How long do we keep your personal data?

Personal data about unsuccessful candidates will be held for one year after the recruitment exercise has been completed. We may retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.

If your  application is successful, personal data gathered during the recruitment process will be transferred to your personnel file and will be retained in accordance with our retention policy. If your volunteer application is successful, personal data gathered during the recruitment process will be held on your volunteer file on our Customer Relationship Management (CRM) system.

Our current and former employees, volunteers and trustees

This section explains how Wikimedia UK collects and processes personal data relating to its staff and volunteers in order to manage the working relationship with you.

What personal data do we collect?

Wikimedia UK collects and processes a range of information about you that is appropriate to the role you perform with us. This will vary depending on whether you are an employed member of staff, casual worker (‘As and When’), volunteer, contractor, agency worker or student, and may include:

  • Your name, address and contact details, including email address and telephone number, as well as contact preferences;
  • Date of birth, age;
  • Gender, sex, sexual orientation, ethnicity, religion, nationality, residency status, criminal convictions and languages spoken
  • Location;
  • The terms and conditions relating to the work you are doing for Wikimedia UK;
  • Details of your qualifications, skills, experience and employment history, including start and end dates with previous employers and with us;
  • Information about your salary, including entitlement to benefits such as pensions;
  • Details of your bank account and national insurance number;
  • Information about your marital status, next of kin, dependents and emergency contacts;
  • Information about your nationality and entitlement to work in the UK;
  • Information about your criminal record;
  • A record of your entry and exit to Wikimedia UK premises and work locations where permits and sign-in procedures exist for security and health and safety reasons;
  • Details of your schedule (days of work and working/volunteering hours) and attendance at work/volunteering;
  • Details of periods of leave taken by you, including holiday, sickness absence, family leave and extended leave, and the reasons for the leave;
  • Details of any staff disciplinary or grievance procedures, or any breach of our volunteer code of conduct, in which you have been involved, including any warnings issued to you and related correspondence;
  • Assessments of your performance, including appraisals, performance reviews and ratings, training you have participated in, performance improvement plans and related correspondence;
  • Information about medical or health conditions that you have disclosed to us, including whether or not you have a disability for which the organisation needs to make reasonable adjustments; and
  • Equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief.

We collect your information in a variety of ways. For example:

  • From an application form, covering letter or CV;
  • From your passport or other identity documents;
  • From forms completed at the start or during your employment or volunteering opportunities with us;
  • From correspondence with you; or
  • Through interviews, meetings or other assessments.

We may also collect information about you from third parties, such as recruitment agencies, references supplied by former employers, and information from criminal records checks as permitted by law.

Why do we collect your personal data?

Wikimedia UK needs to process your data in order to enter into a working or volunteering relationship with you and to meet our contractual obligations under any agreement with you. For example, if you are an employee, we need to process your data to provide you with an employment contract, to pay you in accordance with that contract and to administer any benefits.

In some cases, Wikimedia UK needs to process data to ensure that we are complying with our legal obligations. For example, it is required to check a worker’s right to work or volunteer in the UK, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled. For certain positions, it’s necessary to carry out criminal records checks to ensure that individuals are permitted to carry out the role in question. Wikimedia UK also reserves the right to carry out a criminal records check on any employee, regardless of role.

In other cases, Wikimedia UK has a legitimate interest in processing personal data before, during and after the end of the working relationship. Processing staff and volunteer data allows the organisation to:

  • Run recruitment and talent management processes;
  • Maintain accurate and up-to-date records and contact details (including details of who to contact in the event of an emergency), and records of contractual and statutory rights;
  • Operate and keep a record of disciplinary, grievance or problem solving processes, to ensure acceptable conduct within the workplace;
  • Operate and keep a record of performance and related processes and workforce management processes;
  • Operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay and other benefits to which they are entitled;
  • Obtain occupational health advice, to ensure that it complies with duties in relation to individuals with disabilities, meet its obligations under health and safety law, and ensure that workers are receiving the sick pay or other benefits to which they are entitled;
  • Operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that Wikimedia UK complies with duties in relation to leave entitlement, and to ensure that workers are receiving pay or other benefits to which they are entitled;
  • Ensure effective general HR, volunteering and business administration;
  • Provide references on request for current or former employees and volunteers;
  • Respond to and defend against legal claims; and
  • Maintain and promote equality, diversity and inclusion in the workplace.

Some special categories of personal data, such as information about health or medical conditions, are processed to carry out employment law obligations (such as those in relation to employees with disabilities and for health and safety purposes).

Where we process other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done with your explicit consent or where it is in the public interest to do so, such as to ensure meaningful equal opportunity or diversity monitoring.

Who do we share your personal data with?

Wikimedia UK shares your data with third parties in order to obtain pre-employment or volunteer references from other employers and, if applicable to your role, to obtain necessary criminal records checks from the Disclosure and Barring Service, Disclosure Scotland and AccessNI. Wikimedia UK may also share your data with third parties in the context of TUPE transfers. In those circumstances the data will be subject to confidentiality arrangements.

Wikimedia UK also shares your data with third parties that process data on our behalf, in connection with payroll, the provision of benefits, the provision of occupational health services, the provision of IT services, our CRM system and the off-site archiving of personal data once you have left Wikimedia UK employment.

How long do we keep your personal data?

If you are an employee or volunteer, we will hold your personal data for six years after the end of your working relationship with us.

Sharing your data and transfers to other countries

In addition to the third parties described in each relevant section above, we may share your personal data:

  • With partners, suppliers and subcontractors, including:
    • Providers of fundraising pages, advocacy, email marketing, and events;
    • Our Customer Relationship Management systems;
    • Analytics and search engine providers that assist us in the improvement and optimisation of our site;
  • Where we are under a duty to disclose or share your personal information in order to comply with any legal obligations, or in order to enforce or apply our Terms of Use and other agreements, or to protect the rights, property, or safety of Wikimedia UK, our donors, beneficiaries or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
  • Where required to do so by law, or where the disclosure is ‘necessary’ for purposes of national security, taxation and criminal investigation;
  • For employees, with payroll agencies, HMRC, pension, insurance companies and statutory bodies; and
  • Where we have your written consent.

The data that we collect from you may be transferred to, and stored in, a location outside of the United Kingdom (UK). Some of our partners run their operations outside of the UK and these countries may not provide the same standard of data protection as the UK. Your data may also be processed by staff operating in these locations who work for us or for our service providers. This includes staff engaged in, among other things, the hosting of the site and the provision of support services. In these instances, we will take the necessary steps to make sure appropriate protections are in place (in accordance with UK Data Protection Law) and that information is safeguarded. These safeguards include ensuring that Wikimedia UK and the relevant recipient enter into Standard Contractual Clauses. If you would like to receive a copy of these safeguards, please contact us as indicated below (see Section 5).

Third Party Websites

Our websites may contain links to third party websites. This notice only applies to this site so if you follow a link to a third-party site, please make sure you read the privacy policy on that site. We do not accept any responsibility for third party sites.

How do we keep your data safe?

We take the security of your personal data very seriously. We have internal policies, controls and security measures in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees or volunteers in the proper performance of their duties.

We work hard to make sure that our security procedures do the job they are designed to do and any communications between you and our websites are protected by encryption (this means that communications are turned into codes that only Wikimedia UK websites can understand, which stops unauthorised people seeing them). We work closely with industry leading technical partners to make sure that all your personal data, including payment data, is safe and secure.

Please be aware that any personal data you choose to post on the public areas of our websites can be read, collected, or used by other users. We are not responsible for the personal data you choose to make public. In addition, we are not responsible for the content you publicly post on the site that can be found via web-based search engines.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of the site, you are responsible for keeping this password confidential. We ask you not to share that password with anyone.

Your legal rights

You have the following rights in relation to your personal data:

  • The right to be informed about the data we hold and share about you. This is described to you through this Privacy Notice and in the service-specific information leaflet we provide to you if you are a service user, or through your line manager if you are a member of staff or a volunteer.
  • The right to access your personal data. By making a subject access request you can find out what personal data we hold about you, why we hold it and who we disclose it to. You can make a subject access request to us in writing, via email, or by calling your point of contact in the organisation.  We may require you to provide proof of your identity.
  • The right to edit and update your personal data. Please keep us informed if your personal data changes during the duration of your relationship with us.
  • In certain cases, the right to request to have your personal data deleted.
  • In certain cases, the right to restrict processing of your personal data.
  • The right to data portability, i.e. to receive a copy of the personal data you have provided to us in a way that is accessible and machine-readable, for example as a csv file, and to request the transfer of this data to another organisation where technically feasible.
  • The right to object to our processing, including automated decision-making and profiling.

If you wish to exercise your rights, please contact our Data Protection Officer (DPO) at the contact details provided in Section 1, providing as much information as possible about the nature of your contact with us to help us locate your records. Any changes you have requested may take 30 days before they take effect. Once we have received your request, and verified your identity if necessary, we will respond within one month, unless a longer period is permitted by applicable law, such as where the request in question is complex.

You can object to our use of your personal data for marketing at any time by contacting the team below. Please address requests to:

Team Contact Information

Email: info@wikimedia.org.uk

Retrieved from "https://wikimedia.org.uk/w/index.php?title=Privacy_policy&oldid=179174"