Ubuntu Pathways Privacy Policy

INTRODUCTION

Ubuntu Pathways (“we”) promises to respect any personal data you share with us, or that we get from other organizations, and keep it safe. We will not sell, trade, or share your personal information with anyone else, nor send donor mailings on behalf of other organizations. We aim to be clear when we collect your data and not do anything you wouldn’t reasonably expect.

Developing a better understanding of our supporters through their personal data, such as contact details, allows us to make better decisions, fundraise more efficiently and, ultimately, enables us to transform the lives of orphaned and vulnerable children in the townships of Port Elizabeth, South Africa. We have made improvements to this policy to make it more understandable to our supporters.

Our marketing communications include updates on our life-changing work and information on our campaigns and events. If you would like to receive such communications but have not opted in, please contact us on +44 (0) 207 612 7610 or at info@ubuntupathways.org.

WHERE WE COLLECT INFORMATION ABOUT YOU FROM

We collect information in the following ways:

  • When you give it to us DIRECTLY

You may give us your information in order to sign up for one of our events, make a donation, purchase our products, or communicate with us. We also collect your information via our website when you make a donation or sign up to join our mailing list there.

  • When you give it to us INDIRECTLY

Your information may be shared with us by independent event organizers, for example, Classy, Virgin Money Giving, Crowdrise, or Eventbrite. These independent third parties will only do so with your consent and only when you have indicated that you wish to support Ubuntu Pathways. You should check their privacy policy when you provide your information to understand fully how they will process your data.

  • When you give permission to OTHER ORGANIZATIONS or INDIVIDUALS to share or when it is available publicly

We may combine information you provide to us with information available from external sources in order to gain a better understanding of our supporters and improve our fundraising methods, products, and services. The information we get from other organizations may depend on your privacy settings or the responses you give, so you should regularly check them. This information comes from the following sources:

Third-party organizations and individuals

You may provide permission to a company or other organization to share your data with third parties, including charities. This could be when you buy a product or service, register for an online competition, or sign up with any third-party sites that connect you to us.

At times, specifically for events, Ubuntu hosts and host committee members provide us with contact information of people they want us to invite, and they enter our database this way. As everyone who receives our communication, these people are given the option of unsubscribing.

Social Media

Depending on your settings or the privacy policies for social media and messaging services like Facebook, Instagram, WhatsApp, or Twitter, you may give us permission to access information from those accounts or services.

Information available publicly

This may include information found in places such as Companies House, Guidestar, and information that has been published in articles and/or newspapers.

Information collected as you use our WEBSITE

Like most websites, we use “cookies” to help us make our site––and the way you use it––better. Cookies mean that a website will remember you. They are small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier––for example by automatically filling your name and address in text fields. When you submit contact forms on our website, we store this information for back-up on our content management system.

In addition, the type of device you’re using to access our website and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, which operating system you’re using, what your device settings are, and why a crash has happened. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.

What personal data we collect and how we use it

The type and quantity of information we collect and how we use it depends on why you are providing it.

Supporters

If you support us, for example make a donation, volunteer, register to fundraise or sign up for an event or buy Ubuntu merchandise, we will usually collect:

  • Your name
  • Your contact details and address
  • Your date of birth
  • Your bank or credit card details (these are deleted as soon as payment has been made)

As per nonprofit industry standards, donations that are public are included in our annual report, unless specified otherwise.

Where it is appropriate we may also ask for:

  • Why you have decided to donate to us. This will always be something you opt into––we will never make these questions mandatory, and only wish to know the answer if you are comfortable telling us.

We will mainly use your data to:

  • Acknowledge your donation and ensure you receive the appropriate tax receipt
  • Administer your donation or support your fundraising, including processing gift aid
  • Provide you with the services, products or information you asked for
  • Send you information about events
  • Keep a record of your relationship with us
  • Ensure we know how you prefer to be contacted
  • Understand how we can improve our services, products or information.

If you enter your details onto one of our online forms, and you don’t ‘send’ or ‘submit’ the form, we may contact you to see if we can help with any problems you may be experiencing with the form or our websites.

We may also use your personal information to detect and reduce fraud and credit risk.

Building target groups of supporters for relevant communications

We create targeted groups to ensure communications are relevant and timely, and to provide an improved experience for our supporters. This allows us to target our resources effectively, which donors consistently tell us is a key priority for them. We try to learn about the background of the people who support us because it helps us make appropriate requests to supporters who may be able and willing to give more than they already do. Most importantly, it enables us to raise more funds sooner and more cost-effectively than we otherwise would, helping us provide essential services to South Africa’s most vulnerable children.

When building a profile, we may analyze geographic, demographic, and other information relating to you in order to better understand your interests and preferences and contact you with the most relevant communications. This enables us to reach you with news, invitations, or updates based on your location, giving history, and age-specific campaigns, such as Ubuntu school clubs. In doing this, we may use additional information from third-party sources when it is available. Such information is compiled using publicly available data about you, for example addresses, listed directorships or typical earnings in a given area.

Direct Marketing

With your consent, we will contact you to let you know about the progress we are making and to ask for donations or other support. Occasionally, we may include information from partner organizations or organizations who support us in these communications. We make it easy for you to tell us how you want us to communicate, in a way that suits you. If you don’t want to hear from us, that’s fine. Just let us know when you provide your data or contact us on +44 (0) 207 612 7610 or privacy@ubuntupathways.org

We do not sell or share personal details to third parties for the purposes of marketing. But if we run an event in partnership with another named organization, your details may need to be shared. We will be very clear what will happen to your data when you register.

Sharing your story

Sometimes people––both clients and donors––may choose to share their story, including testimonials of their involvement with Ubuntu, participation in an event, promotion, and/or campaign with us. We will never share details of your story and why you’re involved with this organization without your explicit consent. If we have the explicit and informed consent of the individuals, or their parent or guardian if they are under 18, this information may be made public by us at events, in materials promoting our campaigning and fundraising work, on our website, or in documents such as our annual report. We often have photographers and videographers at our events, and we may post what they have captured on our social media and website, unless specifically requested otherwise.

Children’s data

We collect and manage information from donors and supporters under 18, and aim to manage it in a way which is appropriate to the age of the child. Information is usually collected when children fundraise for us and/or support us through Ubuntu Clubs at their schools and colleges. In such cases, we always reach out and seek consent from the appropriate guardian or supervisor before engaging with children. Our events have specific rules about whether children can participate, and we‘ll make sure advertising for those events is age-appropriate.

How we keep your data safe and who has access

We use one of the world’s leading customer relationship management platforms, Salesforce, which is also used by adidas, Amazon web services, and other high-profile companies. For more information, you can view Salesforce’s full privacy statement here. In addition, you can refer to the Salesforce Privacy Shield and the Payment Card Industry Compliance statement.

We also use Pardot, Salesforce’s marketing automation system. Pardot takes security precautions as a top priority and will continue our efforts to keep our clients’ information safe. You can find more information here.

In addition, we use Blackbaud, a supplier of software and services specifically designed for nonprofit organizations, to ensure that there are appropriate technical controls in place to protect your personal details. For example, our online forms are always encrypted and our network is protected and routinely monitored. Blackbaud adheres to the new EU-U.S. Privacy Shield principles, which require US companies to better safeguard data, provide clear notices, limit their collection and use of data, and give EU and Swiss data subjects certain rights to access and correct their data. For more information, see Blackbaud’s full privacy statement and the Blackbaud Privacy Shield Certification Notice.

We use Classy, a social enterprise that creates world-class online fundraising software for nonprofits. Classy collects information so that customers can log onto their Sites and use their Services and Applications. Individuals (and agents of individuals) who provide Classy with information directly or indirectly by donating to or participating in a Campaign or by otherwise using their services.

Classy has implemented and maintains appropriate technical and organizational security measures, policies, and procedures designed to reduce the risk of accidental destruction or loss, or unauthorized disclosure or access to such information appropriate to the nature of the information, concerned. Classy also adheres to the new EU-U.S. Privacy Shield principles outlined above that give EU and Swiss data subjects certain rights to access and correct their data. For more information, see Classy’s privacy statement.

Braintree is a payment processor used by Classy. It maintains technical, physical, and administrative security measures designed to provide reasonable protection for your information against loss, misuse, unauthorized access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centers, and information access authorization controls. For more information, please view Braintree’s privacy policy here.

We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers, and contractors.

We use external companies to collect or process personal data on our behalf. We do comprehensive checks on these companies before we work with them, and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they have collect or have access to.

Some of our suppliers run their operations outside of the European Economic Area (EEA). Although they may not be subject to same data protection laws as companies based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.

We may need to disclose your details if required to the police, regulatory bodies or legal advisors. We will only ever share your data in other circumstances if we have your explicit and informed consent.

Keeping your information up to date

Where possible we use publicly available sources to keep your records up to date; for example, LinkedIn, company profile, and information provided to us by other organizations as described above.

We would really appreciate it if you let us know if your contact details change.

Your right to know what we know about you, make changes or ask us to stop using your data

You have the right to get a copy of the information that is held about you. This right of subject access means that you can make a request under the Data Protection Act to any organization processing your personal data. You also have the right to ask us to stop processing your personal data, and if it’s not necessary for the purpose you provided it to us for (e.g. processing your donation or registering you for an event) we will do so. If there are any discrepancies in the information we provide, please let us know and we will correct them. Contact us on +44 (0) 207 612 7610 or privacy@ubuntupathways.org if you have any concerns. For further information on your data privacy rights, see the Information Commissioner’s guidance here.

Changes to this policy

We may change this Privacy Policy from time to time. If we make any significant changes in the way we treat your personal information, we will make this clear on the Ubuntu Pathways Website or by contacting you directly.

If you have any questions, comments or suggestions, please let us know by contacting us at privacy@ubuntupathways.org.