In order to meet our charitable objectives, we carry out fundraising activities to raise public awareness and to garner financial support for the important work we do. We do so in line with our Fundraising Policy.
We are a registered member of the Fundraising Regulator and are committed to abiding by the Code of Practice - the fundamentals principles of which are to act legally, be open, be honest and to be respectful. Responsible and lawful personal data processing is also a critical mandate of the code.
In planning any fundraising activities or events we need to consider the ‘lawful basis’ – the reason, for processing any personal data to ensure we do so in accordance with GDPR and the Data Protection Act 2018.
The lawful bases under GDPR:
Consent – you’ve explicitly consented to your personal data being processed for a specific purpose.
Performance of a contract – a contract is in place with an individual/organisation and certain legal terms and conditions apply.
To comply with a legal obligation – we may be subject to a legal obligation to process certain personal information.
To protect vital interests – if there is an immediate risk to someone’s health, we may need to process their personal data.
Performance of a task carried out in the public interest – much of our core work is carried out for this reason as it is in the public interest to eliminate child sexual abuse material from the internet.
Legitimate interests – much of our fundraising activity as a whole will fall under this reason. i.e. processing certain personal data supports the core activities that we perform as a charity.
We manage your personal data within a secure Client Records Management (CRM) system which enables us to maintain accurate records. This system, as with the rest of information technology infrastructure, forms part of our ISO27001 Standard Information Security Management System (ISMS).
Note that victim identification is not within our remit. Where we use any case studies or ‘stories’ for our marketing or fundraising activities, the information therein has been adjusted and anonymised to protect the victims we see online. Any use of partner case studies – such as those of the Marie Collins Foundation will have been authorised and the individual’s consent sought before any such sharing or subsequent publication by us.
We utilise Stripe for credit/debit card processing of online donations and the website widget is via Donorbox. The IWF does not have access to credit / debit card information or bank details in this transaction. Online donations are processed in accordance with the Payment Card Industry Data Security Standards (PCI-DSS).
Donorbox facilitates a regular payment option and more information can be found via their website.
We do not publish donor details without their express written permission.
We like to claim Gift Aid on your donations where it is permissible for us to do so. You can find out more about this on our donations page.
Any donation cheques sent directly to us are forwarded as quickly as possible to our bank for processing. We will always want to acknowledge receipt and thank anyone who chooses to aid our mission in this way. Where a donor has supplied contact details, we will endeavour to reach out to them to thank them for their generosity which we constitute being a legitimate interest. We will not subsequently retain their personal data, unless they choose to subscribe to our newsletter or to receive other relevant updates about the organisation.
We promote the use of Amazon Smile, Give as you Live and Charity Challenge on our donations page to further support our fundraising efforts. If you choose to utilise any of these links for the purposes of supporting us, any personal data processed will be done so by those companies as the data controller.
At the present time we do not accept cash donations.