Data Protection Statement
Last updated on the 13th of January 2020
Compliance with the EU General Data Protection Regulation (GDPR)
Walkabout Foundation UK takes the security and privacy of data seriously and is committed to processing data in accordance with its responsibilities under the EU General Data Protection Regulation (GDPR).
Data protection principles
Article 5 of the GDPR requires that personal data shall be:
a. processed lawfully, fairly and in a transparent manner in relation to individuals;
b. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
c. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
e. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
f. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
In this document we provide information about how we manage our data privacy and security obligations.
Scope of this policy
This policy applies to all personal data processed by Walkabout Foundation UK. Our operations officer shall take responsibility for the ongoing compliance with this policy, which shall be reviewed at least annually.
Lawful, fair and transparent processing
We maintain a register to ensure that our processing of your data is lawful, fair and transparent. You have the right to access your personal data and you can contact firstname.lastname@example.org for such purpose. Any such requests made to us shall be dealt with in a timely manner.
Walkabout is exempt from registering with the Information Commissioner’s Office (ICO). However all data we process must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests. More information on your rights and our obligations under current legislation can be found at the ICO’s website (www.ico.org.uk).
We shall note the appropriate lawful basis in our register. Where consent is relied upon as a lawful basis for processing data, we keep evidence of opt-in consent together with your personal data. Where communications are sent to you based on your consent, you will always have the option to revoke your consent. Such option will be clearly available and systems should be in place to ensure such revocation is reflected accurately in our systems.
We shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. As a donor, volunteer, beneficiary, active supporter or participant in our events, we use your data to send you information where we believe there is a legitimate interest to do so. This may include, but not be limited to, updates on our progress, feedback from our beneficiaries and information to facilitate your participation in any of our activities or events. From time to time we would also like to be able to send you marketing materials relating to other areas that we believe could be of interest to you, however we will rely on your consent to do so.
Walkabout shall take reasonable steps to ensure personal data is accurate. Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
Archiving / removal
To ensure that personal data is kept for no longer than necessary, we have an archiving policy for each area in which personal data is processed and review this process annually. The archiving policy shall consider what data should/must be retained, for how long, and why.
We ensure that personal data is stored securely using modern software and systems that are kept-up-to-date. Access to your personal data is limited to personnel who need access and appropriate security is in place to avoid unauthorised sharing of information. When personal data is deleted this is done safely such that the data is irrecoverable. We have back-up and disaster recovery solutions shall be in place.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, we will promptly assess the risk to people’s rights and freedoms and inform promptly any relevant parties.
For any further information, please contact email@example.com
Types of cookies
There are two broad types of cookies – ‘first party cookies’ and ‘third party cookies’:
First party cookies are cookies that are served directly by the website operator to your computer, and are often used to recognise your computer when it revisits that site and to remember your preferences as you browse the site. Basically, these are our cookies.
Third party cookies are served by a service provider on behalf of the website operator, and can be used by the service provider to recognise your computer when you visit other websites. Third party cookies are most commonly used for web site analytics or advertising purposes.
In addition, cookies may be either ‘session cookies’ or ‘persistent cookies’. Your computer automatically removes session cookies once you close your browser. Persistent cookies will survive on your computer until an expiry date specified in the cookie itself, is reached. We use both session and persistent cookies.
Categories of cookies we use
1. Strictly necessary cookies: These cookies are essential for the user to move around the website and to use its features, e.g. donations.
2. Performance cookies: These cookies collect information about how the user makes use of the site, e.g. which pages the user visits most. These cookies do not collect information that identifies the user.
3. Functionality cookies: These cookies remember choices made by or attributes of the user and enhance the features and content you experience during your visit to our website, e.g. language or user’s location. This cookie is also used to remember a user’s preferences for a font size, or customisable parts of a web page.
4. Targeting or advertising cookies: These cookies collect information about the users’ browsing habits. This may also include your use of social media sites, e.g. Facebook, etc. or how you interact with our website which then shows you relevant content elsewhere on the internet. These may also be used to choose the advertisements that are displayed to you on our website and other websites.
We have assessed our cookies based on the ICC Cookie Guide.
What information do we collect using cookies?
We may collect some, or all, of the information available from cookies when you visit our website, depending on how you use it. We monitor how people use our website so we can improve it. We collect this information anonymously.
However, you can choose to use our website anonymously without giving us any information. Please see ‘Changing your cookie preferences’ below.
- the areas of the website you visit;
- the amount of time you spend on the site;
- whether you are new to the site, or have visited it before;
- the country, region, city and/or borough associated with your IP address or device;
- how you came to our website – for example, through an email link or a search engine;
- the type of device and browser you use;
- how you use the website and the quality of your experience – for example we may track your bandwidth when viewing videos;
- how you interact with our donation and sign up forms – for example what you select as your communication preferences; and
- any error messages that you receive on the site
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
These data will not be combined with data from other sources.
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission and these details are not stored within the website’s content management system.
You may revoke your consent at any time. An email to firstname.lastname@example.org making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request).
Registration on this website
You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.
To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.
You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed. We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.
Social media links
Walkabout Foundation has links to third party social networking sites on this website. Aggregated data in the form of Google Analytics can be captured by either the Walkabout Foundation or the social media network, for the purposes of analysing website content performance and user journeys. No information which uniquely identifies an individual is captured. Walkabout Foundation cannot control and is not responsible for any information provided to these third party social networking sites, should you choose to visit them from this site.
This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Walkabout Foundation has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
This website uses Google Analytics’ demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section “Refusal of data collection”.
Google Analytics Remarketing
Our websites use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behavior on one device (e.g. your mobile phone), on other devices (such as a tablet or computer).
Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging.
To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.
You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb/.
Walkabout Foundation has a legitimate interest in analyzing anonymous user behavior for promotional purposes.
Google Adwords and Google Conversion Tracking
This website uses Google AdWords. AdWords is an online advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”).
As part of Google AdWords, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that your internet browser stores on your computer. These cookies expire after 30 days and are not used for personal identification of the user. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page.
Each Google AdWords advertiser has a different cookie. Thus, cookies cannot be tracked using the website of an AdWords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can opt-out of this by easily disabling the Google Conversion Tracking cookie by changing your browser settings. In doing so, you will not be included in the conversion tracking statistics.
The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
Refusal of data collection
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
For logged-in users, the Shield Security plugin stores information on the username, the IP address and the time of last login and last activity. This information is purged upon logout or data cleanup.
The Shield Security plugin has an Audit Trail feature that will log the following information:
-Audit Trail message that may include email addresses.
-Originating IP address of the request.
-Logged-in username (where applicable).
-For logged-in users this represents information that may be used to locate (by IP address) and identify individuals and their activity on the site.
This information is stored for security purposes by the site administrator. This data will be retained and then automatically purged from the database after a certain time period, as determined by the site administrator.
Social Login plugin
You can register to the site and login to your account using Facebook Connect or Google Sign In. This is a single sign-on application which allows you to interact with the Walkabout Foundation’s website through your Facebook or Google account. Walkabout Foundation will be able to access your name and other personal details.
If you do not want Facebook or Google to associate your visit to our site with those accounts, please log out of your Facebook and Google accounts.
Ultimate member plugin
The Ultimate Member plugin is used to create user accounts. By submitting your name and email address you can create a personal profile on Walkabout Foundation website and access special areas, such as specific fundraising campaigns and also keep track of your donation history. You can request this data to be deleted at any time by contacting email@example.com
Event Espresso plugin
Event Espresso captures your personal details pertaining to name and email address, to allow you to create fundraising events and buy tickets to events. This information can be provided as a report to you or deleted at any time by contacting firstname.lastname@example.org
This website uses the services of MailChimp to send newsletters. This service is provided by Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
MailChimp is a service which organizes and analyzes the distribution of newsletters. If you provide data (e.g. your email address) to subscribe to our newsletter, it will be stored on MailChimp servers in the USA. MailChimp is certified under the EU-US Privacy Shield. The Privacy Shield is an agreement between the European Union (EU) and the US to ensure compliance with European privacy standards in the United States.
We use MailChimp to analyze our newsletter campaigns. When you open an email sent by MailChimp, a file included in the email (called a web beacon) connects to MailChimp’s servers. This allows us to determine if a newsletter message has been opened and which links you click on. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type, and operating system). This information cannot be assigned to a specific recipient. It is used exclusively for the statistical analysis of our newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to your interests. If you do not want your usage of the newsletter to be analyzed by MailChimp, you will have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter we send. You can also unsubscribe from the newsletter directly on the website.
You may revoke your consent at any time by unsubscribing to the newsletter. The data processed before we receive your request may still be legally processed.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted from our servers and those of MailChimp. Data we have stored for other purposes (e.g. email addresses for the members area) remains unaffected.
Charitable stores personal data about donors and registered users in this website’s database, as well as providing personal data to third party providers such as payment gateways (Stripe, GoCardless.) or newsletter providers (MailChimp).
All or some of the following data may be collected and stored about a donor when they make a donation:
- First & last name
- Email address
- Street address (street number & name, city, post code/zip code, state/province, country)
- Phone number
- Credit/debit card tokens
All or some of the above data may be shared with the payment gateway used to process the donation.
NOTE: These details are not stored in our database:
- Credit/debit card number
- Expiry date
In addition, the following data may be collected for registered users when they create a fundraising campaign:
- First & last name
- Email address
- Street address (street number & name, city, post code/zip code, state/province, country)
- Phone number
- Bio / personal description
By default, all personal data stored for donations made within the last two years will be retained. Personal data is not automatically removed when the data retention period is passed; it is erased when a user specifically requests to have their data erased.
Adobe Fonts / Typekit
To provide the Adobe Fonts service, Adobe may collect information about the fonts being served to your website. The information is used for the purposes of billing and compliance, and may include the following:
- Fonts served
- Web Project ID
- Web Project type (string “configurable” or “dynamic”)
- Account ID (identifies the customer the Web Project is from)
- Service providing the fonts (e.g., Adobe Fonts or Edge Web Fonts)
- Application requesting the fonts (e.g., Adobe Muse)
- Server serving the fonts (e.g., Adobe Fonts servers or Enterprise CDN)
- Hostname of page loading the fonts
- The amount of time it takes the web browser to download the fonts
- The amount of time it takes from the web browser downloading the fonts until the fonts are applied
- Whether or not an ad blocker is installed to help identify whether the presence of an ad blocker affects accurate pageview tracking
- Site visitor IP address, OS, and browser version
Adobe uses the information received from third party websites using Adobe Fonts to provision the Adobe Fonts service and diagnose delivery or download problems. This information is also used to pay and fulfill our contracts with the font foundries whose fonts are utilized.