We use cookies to enhance your browsing experience and personalize content in accordance with our Privacy Policy. Click 'Accept' to consent to our use of Cookies & Privacy Policy.

Privacy Policy

Privacy Policy

PRIVACY POLICY FOR THE WF EDUCATION WEBSITE, ADMIN PORTAL, AND MOBILE APP

  1. Introduction

    This privacy policy (the “Policy”) describes how we will collect, use, share and otherwise process your personal data in connection with your use of:

    • WF Education App v 1.0 mobile application available for download on Apple Store and Google Play Store (the “App”). This includes all features and services within the App.
    • WF Education Website (the “Website”) and Admin Portal, which are accessible via https://wf.education, and provide a variety of services and functionalities for donors, university students, Office Bearers (“OBs”), administrators (“admins”), and super administrators (“super admins”).
    • Any of our services (the “Services”) accessible through the App or Website, unless such Services state that a separate or additional privacy policy applies to a particular service, in which case only that privacy policy applies.

    Please note that this App and the Website are not intended for use by children and children cannot access these platforms. However, as part of the services these platforms are designed to provide, we process and share student data with our authorized users, including donors, office bearers (OBs), admins, and super admins. These users will have access to relevant student information to track sponsorship details, view donation histories, and generate reports on donations, students, and agencies, among other uses.

    By using the App, Website, Admin Portal, and related Services, you agree to the collection and use of your personal data as described in this Policy. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

  2. Important Information and Our Identity

    The World Federation of Khoja Shia Ithna-Asheri Muslim Communities (KSIMC) is the controller and is responsible for your personal data (“TWF”, “we”, “us”, “our” in this Policy).

    We have a dedicated Legal and Compliance team to oversee data protection matters. If you have any questions about this Policy, please contact us using the details set out below.

    Contact Details

    Our full details are:

    • Full name of legal entity: The World Federation of Khoja Shia Ithna-Asheri Muslim Communities (KSIMC)
    • Email address: education@world-federation.org
    • Postal address: The World Federation of KSIMC Islamic Center, Wood Lane, Stanmore, Middlesex HA7 4LQ, United Kingdom
    • Telephone number: +44 20 8954 9881

    You have the right to make a complaint at any time to the Information Commissioner's Office (“ICO”), the UK regulator for data protection issues.

  3. Changes to the Policy and Your Duty to Inform Us of Changes

    We keep our Policy under regular review.

    This version was last updated on 29th November 2024. It may change in the future and, if it does, those changes will be posted on this page and notified to you when you next use the App, log onto your account on the Website, or access the Admin Portal. The updated Policy may be displayed on-screen, and you may be required to read and acknowledge the changes to continue your use of the App, Website, Admin Portal, or Services.

    It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you. Please visit the My Account section of your Account on the App, the Website or the Admin Portal to update your details.

  4. Third Party Links and Sites

    Our App, Website, and Admin Portal may, from time to time, contain links to and from the websites of third parties. Please note that these websites (and any services accessible through them) are controlled by those third parties and are not covered by this Policy. You should review their own privacy policies to understand how they use your personal data before you submit any personal data to these websites or use these services.

  5. The Data We Collect About You

    We collect, use, store and transfer different kinds of personal data to provide you with our services through the App, Website, and Admin Portal. To make it easier for you to use this Policy, we group these into the following categories. Each of these categories is described in more detail in the “Description of Categories of Personal Data” section below. These categories include:

    • Identity Data
    • Contact Data
    • Profile Data
    • Transaction Data
    • Sponsorship Data
    • Content Data
    • Device Data
    • Usage Data
    • Security Data
    • Cookies Data
    • Connected Data
    • Personalisation Data

    We do not intentionally collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).

    However, we may collect and process data relating to criminal offences through measures taken to secure and protect our services and users. This data will only be processed for security purposes, such as preventing fraud or investigating any potential misuse of the App, Website, or Admin Portal. Further details

  6. Methods of Collecting Your Personal Data

    We collect your personal data in the following way:

    • Registration. When you register as a donor, OB, or admin on our platforms, we collect your Identity Data and Contact Data. This occurs when you sign up via the App or Website, providing basic identity and contact information.
    • Donations and Transactions. If you make a donation through our TWF website, the Website or through the App, we collect your Identity Data, Contact Data, and Transaction Data (such as payment method, amount donated, frequency, and currency). We also collect data regarding the students you sponsor, including Sponsorship Data (such as the name and educational details of the student).
    • Account Statements. We may collect your Identity Data, Contact Data, and Transaction Data from account statements provided to us by our finance team. Our finance team receives the information from third-party payment providers to ensure the proper allocation of your donation and for accounting purposes.
    • Loan Application Forms (Sponsorship Data). We collect personal data related to students through loan application forms completed by students or their guardians. These forms are provided to us by agencies in contact with the students. The data collected through these forms includes Sponsorship Data such as the student’s name, educational details, bank account details, and performance data (e.g., grades). The agencies ensure that students or their guardians complete these forms, and we process the information to manage the sponsorship and funding.
    • Communications. When you communicate with us via email or telephone, we collect your Identity and Contact Data. If the communication relates to an error or problem you are having with the App, Website, or Admin Portal, we will also collect Usage Data for diagnosis and improvement.
    • Use of the Platforms. Each time you access and use our App, Website, Admin Portal, and Services, we collect Content, Device, Cookies, Personalisation and Usage Data. We collect Content Data where you upload content to the App or Website or interact with the content available in these platforms. We collect Device, Cookies, Personalisation and Usage Data by using cookies and other similar technologies. Please see our Cookie Policy for further details.
    • Monitoring of Platform Usage. We monitor usage across the App, Website, and Admin Portal to improve the performance and security of these platforms, as well as user experience. This includes collecting Device, Content, Cookies, and Usage Data.
    • Connected Data. We collect Connected Data when you choose to connect your device to your account on the App, Website, or Admin Portal.
    • Information We Receive from Third Parties. We do not receive your personal information from third parties, except as specifically mentioned in this section.
    • Unique application numbers. When you install or uninstall the App, or when the App checks for updates automatically, it may send us a unique identifier (a number specific to the App) along with information about your device, such as the type of operating system you are using.
  7. Cookies

    We use cookies (small files placed on your device) and similar tools across the Website and the App to improve your experience and our platforms’ performance and security. For detailed information on the cookies we use, the purposes for which we use them and how you can manage your cookie preferences, see our Cookie Policy. Please note that blocking or deleting cookies may impact your ability to fully use certain features of the App, Website, or Admin Portal.

  8. Data Access Permissions

    We are committed to ensuring that only authorized individuals have access to the personal data we process, based on their role and the purpose for which the data is needed:

    • Donors: Donors have access to the Website and the App. They can access to their own personal data related to their donation activities (e.g. Identity Data, Contact Data, and donation history). They will have access only to the personal data of the student they sponsor (Sponsorship Data). Donors do not have access to the personal data of other donors or students, apart from the student they sponsor.
    • University Students: University students have access to the Website. They can access their loan application form, which includes their personal data such as their identity, contact details, education background and financial information (referred to as Sponsorship Data in this Policy), as well as information about their loan repayment scheme.
    • OBs: OBs have access to the Website, the Admin Portal, and the App. They have broader access to both donor data and student data as part of their administrative duties, to ensure the effective administration of the sponsorship scheme and TWF’s operations, as well as compliance with operational, legal, and financial regulations. This includes viewing Sponsorship Data, transaction history, and other relevant information related to the students and donors they manage.
    • Admins and Super Admins: Admins and Super Admins have access to the Admin Portal. They can access all donor and student data to oversee and manage the platform’s operations, and for operational and compliance purposes. They have the highest level of access, which includes the ability to modify user roles, manage donor, student, agency, contact, loan, fees, and account data, manage permissions, and configure platform settings.
  9. Our Use of Your Personal Data

    We will only use your personal data when we have a lawful basis to do so. Our lawful basis for each purpose for which we use your personal data is specified below. Most commonly we will use your personal data in the following circumstances:

    • Consent. Where you have freely consented before the processing in a specific, informed and unambiguous indication of what you want. You can withdraw your consent at any time by contacting us at education@world-federation.org (see the “Your legal rights” section below). We will make all reasonable efforts to address your consent withdrawal requests in a timely manner.
    • Performance of a contract. Where we need to process your personal data to perform a contract with you or where you ask us to take steps before we enter into a contract with you. Where we rely on performance of a contract and you do not provide the necessary information, we will be unable to perform your contract.
    • Legitimate interests. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
    • Legal obligation. Where we need to use your personal data to comply with a legal or regulatory obligation. Where we rely on legal obligation and you do not provide the necessary information, we may be unable to fulfil a right you have or comply with our obligations to you, or we may need to take additional steps, such as informing law enforcement or a public authority or applying for a court order.
    Delivery and Improvement of our Platforms
    Purpose or activity Type of personal data Lawful basis for processing
    Purpose or activity
    To permit you to install and register as a new user on the App or Website
    Type of personal data
    Identity, Contact, Device
    Lawful basis for processing
    Consent (User consent is required to install and register on the App or Website)
    Purpose or activity
    To process donations, including payment processing and transaction history
    Type of personal data
    Identity, Contact, Transaction
    Lawful basis for processing
    Legal Obligation (To comply with legal obligations such as tax and financial regulations related to donations)
    Purpose or activity
    To communicate with you regarding your donations, sponsorship, or any related updates
    Type of personal data
    Identity, Contact, Transaction, Sponsorship
    Lawful basis for processing
    Consent (To communicate related to donations and sponsorships)
    Purpose or activity
    To send you service communications (e.g. donation receipts)
    Type of personal data
    Identity, Contact, Transaction
    Lawful basis for processing
    Legal Obligation (To fulfil legal obligations for providing receipts and financial records)
    Purpose or activity
    To enforce our terms and conditions, including collecting money owed
    Type of personal data
    Identity, Transaction
    Lawful basis for processing
    Legal Obligation (To recover debts and enforce legal agreements under applicable laws)
    Purpose or activity
    To personalise your experience on the platforms (e.g. displaying relevant information about the child you sponsor)
    Type of personal data
    Identity, Contact, Transaction, Device, Location
    Lawful basis for processing
    Consent (Personalisation requires user consent)
    Purpose or activity
    To comply with legal obligations, including fraud prevention or financial regulations
    Type of personal data
    Identity, Contact, Transaction
    Lawful basis for processing
    Legal Obligation (to comply with applicable laws, including anti-money laundering and fraud prevention)
    Purpose or activity
    To manage and report on sponsorship activities via the Admin Portal
    Type of personal data
    Identity, Contact, Transaction, Sponsorship
    Lawful basis for processing
    Legal Obligation (For OBs and admins to manage donor and Sponsorship Data as part of the charity’s operations and to comply with regulatory and reporting obligations)
    Purpose or activity
    To provide reports and analytical data to OBs and admins
    Type of personal data
    Identity, Contact, Transaction, Sponsorship
    Lawful basis for processing
    Consent (To use donor and Sponsorship Data to generate reports and analytics)
    Purpose or activity
    To provide university students with access to their loan application form and information about their loan repayment scheme
    Type of personal data
    Data found on their loan application form, including Sponsorship Data, Transaction Data
    Lawful basis for processing
    Consent (To process Sponsorship Data and other related personal data on the Website to provide university students access to their data)
    Account Management and Profiling
    Purpose or activity Type of personal data Lawful basis for processing
    Purpose or activity
    To combine the information we collect about you into a single profile across the App, Website, and Admin Portal
    Type of personal data
    Identity, Contact, Transaction, Sponsorship
    Lawful basis for processing
    Consent (To create and manage a unified profile across platforms with your consent)
    Purpose or activity
    Personalising user experience by displaying relevant sponsorship information and transaction history across the App, Website, and Admin Portal
    Type of personal data
    Identity, Contact, Transaction, Sponsorship, Device
    Lawful basis for processing
    Consent (To personalise user experience based on your interactions, such as donation history, sponsorship details, and preferences)
    Purpose or activity
    Profiling for communication preferences and donation history to better tailor updates and information across the App, Website, and Admin Portal
    Type of personal data
    Identity, Contact, Transaction, Sponsorship
    Lawful basis for processing
    Consent (To use personal data for profiling and tailoring communication, ensuring relevant updates and information are provided)
    Troubleshooting, Improvement and Security
    Purpose or activity Type of personal data Lawful basis for processing
    Purpose or activity
    To administer, monitor and improve the App, Website, and Admin Portal, including troubleshooting, data analysis and system testing
    Type of personal data
    Identity, Contact, Device
    Lawful basis for processing
    Consent (For collecting data for improvement and troubleshooting across platforms)
    Purpose or activity
    Applying security measures to our processing of your personal data, including processing in connection with the App, Website, and Admin Portal
    Type of personal data
    All personal data under this Policy
    Lawful basis for processing
    Legal obligation (applying appropriate technical and organisational measures under Article 32 of the UK GDPR)
    Rights and Obligations
    Purpose or activity Type of personal data Lawful basis for processing
    Purpose or activity
    To process and claim Gift Aid on your donations
    Type of personal data
    Identity, Contact, Transaction
    Lawful basis for processing
    Legal obligation (to comply with Gift Aid regulations under UK tax law)
    Purpose or activity
    To comply with our other legal obligations, including compliance with tax legislation, judicial requests, and requests from law enforcement or government authorities
    Type of personal data
    All personal data under this Policy
    Lawful basis for processing
    Legal obligation (to comply with tax, charity laws, and respond to legal, judicial, or government authority requests)
    Cookies and Personalisation
    Purpose or activity Type of personal data Lawful basis for processing
    Purpose or activity
    To deploy and process personal data collected via cookies that are strictly necessary for the operation or security of the App, Website, and Admin Portal
    Type of personal data
    Usage Data, Device Data
    Lawful basis for processing
    Consent (For cookies that are necessary for operation)
    Purpose or activity
    To deploy and process personal data collected via cookies that are not strictly necessary, as set out in our Cookie Policy
    Type of personal data
    Usage Data, Device Data
    Lawful basis for processing
    Consent (For non-essential cookies, such as those used for remembering log in credentials)
    Other Service-Related Communications
    Purpose or activity Type of personal data Lawful basis for processing
    Purpose or activity
    To notify you of updates to our terms and conditions and Policy
    Type of personal data
    Contact
    Lawful basis for processing
    Legal obligation (To inform users of our processing under Articles 13 and 14 of the UK GDPR)
    Purpose or activity
    To respond to your requests to exercise your rights under this Policy (e.g., access, correction, erasure)
    Type of personal data
    As relevant to your request
    Lawful basis for processing
    Legal obligation (Complying with data subject requests under Chapter III of the UK GDPR)
    Purpose or activity
    To otherwise respond to your enquiries, fulfil your requests and to contact you where necessary
    Type of personal data
    As relevant to your enquiry or request
    Lawful basis for processing
    Consent (To respond to user enquiries and requests across all platforms)
    Personal Data Sharing
    Purpose or activity Type of personal data Lawful basis for processing
    Purpose or activity
    Share personal data with our third-party providers for purposes not otherwise set out above (see the “Disclosure of your personal data” section)
    Type of personal data
    Identity, Contact, Transaction, Sponsorship
    Lawful basis for processing
    Consent (Consent to share personal data with third-party providers for specific purposes as outlined in this Policy)
  10. Automated Decision Making and Profiling

    We do not make decisions based solely on automated processing or profiling that produce legal effects concerning you (or have similarly significant effects).

  11. Criminal Offence Data

    We do not collect criminal offence data about you as part of our regular operations.

    In the event of possible fraud or security concerns, we may, in exceptional circumstances, process data related to criminal offences as part of our efforts to monitor and protect the security of our App, Website, and Admin Portal. This may include situations where there is a suspicion of fraudulent activity or attempts to bypass security measures. In such circumstances we will provide that information to law enforcement and/or use it to establish, exercise or defend a legal claim. In those circumstances, according to the type of activity and purpose, we will rely on legitimate interests (protecting our business, employees and other users) and legal obligation (where required by legal, judicial or law enforcement to disclose or process that information). UK law authorises that processing under the Data Protection Act 2018 and although the appropriate authorisation will depend on a case-by-case basis, monitoring for criminal behaviour through the use of our platforms is in the Substantial public interest (preventing or detecting unlawful acts) and processing information related to suspected criminal activity for legal claims is permitted under the additional condition of legal claims.

  12. Our Processing of Student Data

    We process the following categories of personal data about the sponsored students.

    Purpose or activity Type of personal data Lawful basis for processing
    Purpose or activity
    To display student information for donors, university students, OBs, and admins to view in the App, Website, and Admin Portal
    Type of personal data
    Identity, Sponsorship
    Lawful basis for processing
    Consent (From students/guardians to display their data to donors, OBs, and admins, and from the students/guardians to process their personal data on our platforms)
    Purpose or activity
    To track and manage student sponsorships
    Type of personal data
    Identity, Sponsorship
    Lawful basis for processing
    Consent (From students/guardians to manage and track sponsorship data)
    Purpose or activity
    To include student data in student reports for donors, OBs, and internal use
    Type of personal data
    Identity, Sponsorship
    Lawful basis for processing
    Consent (From students/guardians to include their data in generated student reports)
    Purpose or activity
    To comply with legal obligations and data protection regulations
    Type of personal data
    Identity, Sponsorship
    Lawful basis for processing
    Legal Obligation (ensuring compliance with data protection laws)
  13. Disclosures of Your Personal Data

    We may share your personal data with the following third parties:

    • Internal Third Parties. Internal teams responsible for maintaining the App, Website, and Admin Portal.
    • External Third Parties.
      • Your Apple/Android Provider and mobile network operator. To allow you to install the App and ensure compatibility with your mobile device.
      • Our professional advisors. Including lawyers, auditors, and insurers who provide legal, accounting, and insurance services.
      • Service providers that you have appointed. We may need to contact them to fulfil your requests, such as your banking or payment card provider to process your transactions.
    • Data Processors. We engage third-party data processors to process personal data on our behalf. The processors are contractually bound under a Data Processing Agreement (DPA) and will act only on our explicit instructions.
    • Business Transfers. In the event we choose to sell, transfer or merge parts of our business or our assets or seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Policy.
    • HM Revenue and Customs, regulators, law enforcement. When necessary, to exercise our rights or comply with a legal obligation.
  14. International Transfers

    We do not transfer your personal data outside the UK.

  15. Data Security

    All information you provide to us is stored on our secure servers and located in the UK. Any payment transactions will be encrypted using Secured Sockets Layer (SSL) technology.

    Where we have given you (or where you have chosen) a password that enables you to access certain parts of our App, Website, Admin Portal, or Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. If you suspect that your account has been compromised, please contact us immediately.

    Once we have received your personal data, we will use strict procedures and security features to protect your personal data from loss, unauthorised use, or access. These include, but are not limited to:

    • Encryption of sensitive data
    • Firewalls and secure server protocols to prevent unauthorized access
    • Access control mechanisms to ensure only authorized personnel can access sensitive data
    • Regular security testing to identify and address vulnerabilities
    • Heightened security measures specifically for student data and other categories of sensitive data

    We may collect and store personal data on your device using application data caches and browser web storage (including HTML5) or other similar technology (including any session ID). Please see our Cookie Policy.

    We have put in place procedures to detect and respond to personal data breaches and notify you and the ICO when we are legally required to do so.

  16. Data Retention

    The personal data we collect from donors, university students, or OBs will be retained for as long as necessary to fulfil the purposes for which the data was collected, including processing donations, managing user accounts, and generating reports.

    • Donor and OB Data: We may retain your personal information (including contact, identity, security, and transaction data) for as long as you remain an active user of the app. If your account becomes inactive, we will retain your data as required for tax or legal purposes.
    • Sponsorship Data: Personal data related to students will be retained for reporting, transparency, and operational purposes (e.g., tracking donations, sponsorships, and academic progress). This data may be retained as long as necessary for these purposes or until we no longer have a legal or operational reason to hold it.

    In some circumstances, you can ask us to delete your data. See the “Your legal rights” section below for further information.

    Once we no longer have a legal right to hold your personal data, we will delete or, in some circumstances, we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

    If you do not use the App for a period of 12 months, we will consider your account to be inactive. As a result, we may delete your personal data in accordance with our data retention policy.

  17. Description of Categories of Personal Data
    • Identity Data: First name, last name, title, date of birth and profile data (username).
    • Contact Data: First name, last name, contact address, email address, telephone numbers, communication preferences and copies of communications between you and us (e.g., support queries or updates.
    • Profile Data: your email address, username, password, and role
    • Transaction Data: Includes financial data such payment card details, transaction history (e.g., payment amount, payment frequency, due amount), donations made, and the applicable terms and conditions.
    • Sponsorship Data: Information about sponsored students, including full name, educational details, marks/percentages, and agency data.
    • Content Data: Any information that users generate, upload, or interact with while using the App.
    • Device Data: Type of device used, unique device identifier, mobile network information, mobile operating system, mobile browser type, IP address, time zone setting, and other device-related information.
    • Usage Data: Logs and detail of your use of our Apps and Services, being the dates and times on which you download, access and update the App and our Services, error logs, actions taken within the App and resources accessed. This also includes Cookies Data.
    • Security Data: Data related to security measures, including Usage Data and Cookies Data.
    • Cookies Data: Information collected through cookies and similar technologies, including those described in our Cookie Policy.
    • Connected Data: Information stored on your device that you permit the App to connect to, such as login information.
    • Personalisation Data: This includes Cookies Data, Device Data, Content Data, Transaction Data, Connected Data, and Usage Data, to personalise the Website, the App and the Services.