This privacy policy (the “Policy”) describes how we will collect, use, share and otherwise process your personal data in connection with your use of:
Please note that this App and the Website are not intended for use by children and children cannot access these platforms. However, as part of the services these platforms are designed to provide, we process and share student data with our authorized users, including donors, office bearers (OBs), admins, and super admins. These users will have access to relevant student information to track sponsorship details, view donation histories, and generate reports on donations, students, and agencies, among other uses.
By using the App, Website, Admin Portal, and related Services, you agree to the collection and use of your personal data as described in this Policy. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
The World Federation of Khoja Shia Ithna-Asheri Muslim Communities (KSIMC) is the controller and is responsible for your personal data (“TWF”, “we”, “us”, “our” in this Policy).
We have a dedicated Legal and Compliance team to oversee data protection matters. If you have any questions about this Policy, please contact us using the details set out below.
Contact Details
Our full details are:
You have the right to make a complaint at any time to the Information Commissioner's Office (“ICO”), the UK regulator for data protection issues.
We keep our Policy under regular review.
This version was last updated on 29th November 2024. It may change in the future and, if it does, those changes will be posted on this page and notified to you when you next use the App, log onto your account on the Website, or access the Admin Portal. The updated Policy may be displayed on-screen, and you may be required to read and acknowledge the changes to continue your use of the App, Website, Admin Portal, or Services.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you. Please visit the My Account section of your Account on the App, the Website or the Admin Portal to update your details.
Our App, Website, and Admin Portal may, from time to time, contain links to and from the websites of third parties. Please note that these websites (and any services accessible through them) are controlled by those third parties and are not covered by this Policy. You should review their own privacy policies to understand how they use your personal data before you submit any personal data to these websites or use these services.
We collect, use, store and transfer different kinds of personal data to provide you with our services through the App, Website, and Admin Portal. To make it easier for you to use this Policy, we group these into the following categories. Each of these categories is described in more detail in the “Description of Categories of Personal Data” section below. These categories include:
We do not intentionally collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).
However, we may collect and process data relating to criminal offences through measures taken to secure and protect our services and users. This data will only be processed for security purposes, such as preventing fraud or investigating any potential misuse of the App, Website, or Admin Portal. Further details
We collect your personal data in the following way:
We use cookies (small files placed on your device) and similar tools across the Website and the App to improve your experience and our platforms’ performance and security. For detailed information on the cookies we use, the purposes for which we use them and how you can manage your cookie preferences, see our Cookie Policy. Please note that blocking or deleting cookies may impact your ability to fully use certain features of the App, Website, or Admin Portal.
We are committed to ensuring that only authorized individuals have access to the personal data we process, based on their role and the purpose for which the data is needed:
We will only use your personal data when we have a lawful basis to do so. Our lawful basis for each purpose for which we use your personal data is specified below. Most commonly we will use your personal data in the following circumstances:
Purpose or activity | Type of personal data | Lawful basis for processing |
---|---|---|
Purpose or activity
To permit you to install and register as a new user on the App or Website
|
Type of personal data
Identity, Contact, Device
|
Lawful basis for processing
Consent (User consent is required to install and register on the App or Website)
|
Purpose or activity
To process donations, including payment processing and transaction history
|
Type of personal data
Identity, Contact, Transaction
|
Lawful basis for processing
Legal Obligation (To comply with legal obligations such as tax and financial regulations related to donations)
|
Purpose or activity
To communicate with you regarding your donations, sponsorship, or any related updates
|
Type of personal data
Identity, Contact, Transaction, Sponsorship
|
Lawful basis for processing
Consent (To communicate related to donations and sponsorships)
|
Purpose or activity
To send you service communications (e.g. donation receipts)
|
Type of personal data
Identity, Contact, Transaction
|
Lawful basis for processing
Legal Obligation (To fulfil legal obligations for providing receipts and financial records)
|
Purpose or activity
To enforce our terms and conditions, including collecting money owed
|
Type of personal data
Identity, Transaction
|
Lawful basis for processing
Legal Obligation (To recover debts and enforce legal agreements under applicable laws)
|
Purpose or activity
To personalise your experience on the platforms (e.g. displaying relevant information about the child you sponsor)
|
Type of personal data
Identity, Contact, Transaction, Device, Location
|
Lawful basis for processing
Consent (Personalisation requires user consent)
|
Purpose or activity
To comply with legal obligations, including fraud prevention or financial regulations
|
Type of personal data
Identity, Contact, Transaction
|
Lawful basis for processing
Legal Obligation (to comply with applicable laws, including anti-money laundering and fraud prevention)
|
Purpose or activity
To manage and report on sponsorship activities via the Admin Portal
|
Type of personal data
Identity, Contact, Transaction, Sponsorship
|
Lawful basis for processing
Legal Obligation (For OBs and admins to manage donor and Sponsorship Data as part of the charity’s operations and to comply with regulatory and reporting obligations)
|
Purpose or activity
To provide reports and analytical data to OBs and admins
|
Type of personal data
Identity, Contact, Transaction, Sponsorship
|
Lawful basis for processing
Consent (To use donor and Sponsorship Data to generate reports and analytics)
|
Purpose or activity
To provide university students with access to their loan application form and information about their loan repayment scheme
|
Type of personal data
Data found on their loan application form, including Sponsorship Data, Transaction Data
|
Lawful basis for processing
Consent (To process Sponsorship Data and other related personal data on the Website to provide university students access to their data)
|
Purpose or activity | Type of personal data | Lawful basis for processing |
---|---|---|
Purpose or activity
To combine the information we collect about you into a single profile across the App, Website, and Admin Portal
|
Type of personal data
Identity, Contact, Transaction, Sponsorship
|
Lawful basis for processing
Consent (To create and manage a unified profile across platforms with your consent)
|
Purpose or activity
Personalising user experience by displaying relevant sponsorship information and transaction history across the App, Website, and Admin Portal
|
Type of personal data
Identity, Contact, Transaction, Sponsorship, Device
|
Lawful basis for processing
Consent (To personalise user experience based on your interactions, such as donation history, sponsorship details, and preferences)
|
Purpose or activity
Profiling for communication preferences and donation history to better tailor updates and information across the App, Website, and Admin Portal
|
Type of personal data
Identity, Contact, Transaction, Sponsorship
|
Lawful basis for processing
Consent (To use personal data for profiling and tailoring communication, ensuring relevant updates and information are provided)
|
Purpose or activity | Type of personal data | Lawful basis for processing |
---|---|---|
Purpose or activity
To administer, monitor and improve the App, Website, and Admin Portal, including troubleshooting, data analysis and system testing
|
Type of personal data
Identity, Contact, Device
|
Lawful basis for processing
Consent (For collecting data for improvement and troubleshooting across platforms)
|
Purpose or activity
Applying security measures to our processing of your personal data, including processing in connection with the App, Website, and Admin Portal
|
Type of personal data
All personal data under this Policy
|
Lawful basis for processing
Legal obligation (applying appropriate technical and organisational measures under Article 32 of the UK GDPR)
|
Purpose or activity | Type of personal data | Lawful basis for processing |
---|---|---|
Purpose or activity
To process and claim Gift Aid on your donations
|
Type of personal data
Identity, Contact, Transaction
|
Lawful basis for processing
Legal obligation (to comply with Gift Aid regulations under UK tax law)
|
Purpose or activity
To comply with our other legal obligations, including compliance with tax legislation, judicial requests, and requests from law enforcement or government authorities
|
Type of personal data
All personal data under this Policy
|
Lawful basis for processing
Legal obligation (to comply with tax, charity laws, and respond to legal, judicial, or government authority requests)
|
Purpose or activity | Type of personal data | Lawful basis for processing |
---|---|---|
Purpose or activity
To deploy and process personal data collected via cookies that are strictly necessary for the operation or security of the App, Website, and Admin Portal
|
Type of personal data
Usage Data, Device Data
|
Lawful basis for processing
Consent (For cookies that are necessary for operation)
|
Purpose or activity
To deploy and process personal data collected via cookies that are not strictly necessary, as set out in our Cookie Policy
|
Type of personal data
Usage Data, Device Data
|
Lawful basis for processing
Consent (For non-essential cookies, such as those used for remembering log in credentials)
|
Purpose or activity | Type of personal data | Lawful basis for processing |
---|---|---|
Purpose or activity
To notify you of updates to our terms and conditions and Policy
|
Type of personal data
Contact
|
Lawful basis for processing
Legal obligation (To inform users of our processing under Articles 13 and 14 of the UK GDPR)
|
Purpose or activity
To respond to your requests to exercise your rights under this Policy (e.g., access, correction, erasure)
|
Type of personal data
As relevant to your request
|
Lawful basis for processing
Legal obligation (Complying with data subject requests under Chapter III of the UK GDPR)
|
Purpose or activity
To otherwise respond to your enquiries, fulfil your requests and to contact you where necessary
|
Type of personal data
As relevant to your enquiry or request
|
Lawful basis for processing
Consent (To respond to user enquiries and requests across all platforms)
|
Purpose or activity | Type of personal data | Lawful basis for processing |
---|---|---|
Purpose or activity
Share personal data with our third-party providers for purposes not otherwise set out above (see the “Disclosure of your personal data” section)
|
Type of personal data
Identity, Contact, Transaction, Sponsorship
|
Lawful basis for processing
Consent (Consent to share personal data with third-party providers for specific purposes as outlined in this Policy)
|
We do not make decisions based solely on automated processing or profiling that produce legal effects concerning you (or have similarly significant effects).
We do not collect criminal offence data about you as part of our regular operations.
In the event of possible fraud or security concerns, we may, in exceptional circumstances, process data related to criminal offences as part of our efforts to monitor and protect the security of our App, Website, and Admin Portal. This may include situations where there is a suspicion of fraudulent activity or attempts to bypass security measures. In such circumstances we will provide that information to law enforcement and/or use it to establish, exercise or defend a legal claim. In those circumstances, according to the type of activity and purpose, we will rely on legitimate interests (protecting our business, employees and other users) and legal obligation (where required by legal, judicial or law enforcement to disclose or process that information). UK law authorises that processing under the Data Protection Act 2018 and although the appropriate authorisation will depend on a case-by-case basis, monitoring for criminal behaviour through the use of our platforms is in the Substantial public interest (preventing or detecting unlawful acts) and processing information related to suspected criminal activity for legal claims is permitted under the additional condition of legal claims.
We process the following categories of personal data about the sponsored students.
Purpose or activity | Type of personal data | Lawful basis for processing |
---|---|---|
Purpose or activity
To display student information for donors, university students, OBs, and admins to view in the App, Website, and Admin Portal
|
Type of personal data
Identity, Sponsorship
|
Lawful basis for processing
Consent (From students/guardians to display their data to donors, OBs, and admins, and from the students/guardians to process their personal data on our platforms)
|
Purpose or activity
To track and manage student sponsorships
|
Type of personal data
Identity, Sponsorship
|
Lawful basis for processing
Consent (From students/guardians to manage and track sponsorship data)
|
Purpose or activity
To include student data in student reports for donors, OBs, and internal use
|
Type of personal data
Identity, Sponsorship
|
Lawful basis for processing
Consent (From students/guardians to include their data in generated student reports)
|
Purpose or activity
To comply with legal obligations and data protection regulations
|
Type of personal data
Identity, Sponsorship
|
Lawful basis for processing
Legal Obligation (ensuring compliance with data protection laws)
|
We may share your personal data with the following third parties:
We do not transfer your personal data outside the UK.
All information you provide to us is stored on our secure servers and located in the UK. Any payment transactions will be encrypted using Secured Sockets Layer (SSL) technology.
Where we have given you (or where you have chosen) a password that enables you to access certain parts of our App, Website, Admin Portal, or Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. If you suspect that your account has been compromised, please contact us immediately.
Once we have received your personal data, we will use strict procedures and security features to protect your personal data from loss, unauthorised use, or access. These include, but are not limited to:
We may collect and store personal data on your device using application data caches and browser web storage (including HTML5) or other similar technology (including any session ID). Please see our Cookie Policy.
We have put in place procedures to detect and respond to personal data breaches and notify you and the ICO when we are legally required to do so.
The personal data we collect from donors, university students, or OBs will be retained for as long as necessary to fulfil the purposes for which the data was collected, including processing donations, managing user accounts, and generating reports.
In some circumstances, you can ask us to delete your data. See the “Your legal rights” section below for further information.
Once we no longer have a legal right to hold your personal data, we will delete or, in some circumstances, we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
If you do not use the App for a period of 12 months, we will consider your account to be inactive. As a result, we may delete your personal data in accordance with our data retention policy.
You have the following rights under data protection laws in relation to your personal data.
You can exercise any of these rights at any time by contacting us at education@world-federation.org.