Privacy Policy

1. Introduction

World Humanitarian Aid ("WHAid", "we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed.

Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it. By using our website and services, you confirm that you have read and understood this policy.

This policy applies to all personal data we process in connection with your use of the WHAid website, donation platform, subscription service, event ticketing, and VIP programme.

2. Who We Are

World Humanitarian Aid is an independent charity. We are not funded by any government, political organisation, or public body. Our operations are funded entirely through donations from members of the public, subscription fees, and event proceeds.

As an independent charity, we act as the data controller for the personal information we hold about you. This means we determine the purposes and means of processing your personal data.

Our contact details for data protection purposes are set out in Section 12 of this policy.

3. Information We Collect

We collect and process the following categories of personal data:

3.1 Account Registration Data

When you create an account, we collect your full name, email address, and a securely hashed password. We may also collect your country of residence where required for compliance purposes.

3.2 Donation and Transaction Information

When you make a donation or purchase an event ticket, we collect the amount donated, the date and time of the transaction, the billing name associated with the payment, and the billing country. We also retain a payment reference ID provided by our third-party payment processor. We do not store full card numbers. Please see Section 6 for further detail on payment data.

3.3 Technical Data

When you visit our website, we automatically receive your IP address, browser type and version, operating system, the referring URL (if applicable), and information about which pages you visit and when. This data is used for security monitoring, fraud detection, and to improve the performance of our website.

3.4 Cookies

We use session cookies to maintain your authenticated session while you are logged in. Please see Section 11 for our full cookies policy.

4. How We Use Your Information

We use the personal data we collect for the following purposes:

• a.Processing donations and payments: To complete your donation or ticket purchase, generate a receipt, and maintain an accurate record of your transactions.
• b.Account management: To create and maintain your account, authenticate your identity when you log in, and allow you to manage your subscription, tickets, and donation history.
• c.Fraud detection and security: To detect, investigate, and prevent fraudulent transactions, unauthorised access, and other potentially illegal or prohibited activity.
• d.Legal and regulatory compliance: To meet our obligations under anti-money laundering (AML) law, counter-terrorism financing (CTF) regulations, charity law, and other applicable legal requirements. This includes retaining financial records as required by law.
• e.Communications: To send you transactional communications such as donation receipts, ticket confirmations, and important account notifications. We do not send unsolicited marketing emails.
• f.VIP programme administration: If you are selected as our VIP of the month, we use your name and your chosen charity details to facilitate the $10,000 donation and to publish your selection on our website.

5. Legal Basis for Processing

Under the UK General Data Protection Regulation (UK GDPR) and, where applicable, the EU GDPR, we rely on the following legal bases for processing your personal data:

5.1 Performance of a Contract

Processing your account data, donation transactions, and subscription details is necessary to fulfil our contractual obligations to you. When you make a donation or purchase a ticket, we process your data to complete that transaction.

5.2 Legitimate Interests

We process certain technical data, such as IP addresses and browser information, on the basis of our legitimate interests in maintaining the security of our platform, detecting fraud, and improving our services. We have carried out a balancing test and are satisfied that our legitimate interests do not override your fundamental rights and freedoms.

5.3 Legal Obligation

We are required by law to retain certain financial records and to carry out anti-money laundering due diligence. Processing for these purposes is necessary to comply with a legal obligation to which we are subject. We cannot grant exemptions or deletions for data retained under a legal obligation.

6. Payment Data

All payment card transactions are handled by accredited third-party payment processors. We do not receive, transmit, or store your full card number, card verification value (CVV), or full payment credentials at any point.

What we retain from each payment transaction is limited to:

• -A payment reference ID issued by the payment processor
• -The last four digits of the card used (where provided by the processor)
• -The billing name associated with the payment
• -The billing country associated with the payment

The billing name and billing country are retained for anti-money laundering (AML) compliance purposes. Under AML regulations, we are required to record and retain information that allows us to identify the source and destination of funds processed through our platform.

Our third-party payment processors operate their own privacy policies. We recommend you review the privacy policy of the payment provider used at the point of transaction.

7. AML and Financial Compliance

As a charity that receives donations and processes financial transactions, WHAid is subject to anti-money laundering (AML) and counter-terrorism financing (CTF) legislation. Compliance with these laws is not optional, and certain aspects of our data processing cannot be overridden by your data protection rights.

We are legally required to retain financial records, including transaction details and donor information, for a minimum of seven years from the date of the transaction. This obligation exists independently of whether you close your account or request erasure of your data.

We may be required to share information about transactions or donors with regulatory authorities, law enforcement agencies, or financial intelligence units if we are required to do so by law, by court order, or as part of a lawful investigation. In such circumstances, we may not be permitted to inform you that a disclosure has been made.

Where we identify a transaction or donor that raises concerns under our AML or CTF obligations, we reserve the right to suspend or decline that transaction and to report the matter to the relevant authority without prior notice to the individual concerned.

8. Data Sharing

We do not sell, rent, or trade your personal data to third parties for any commercial purpose. We share personal data only in the following circumstances:

8.1 Payment Processors

We share the minimum necessary data with our third-party payment processors to complete your transaction. These processors are contractually bound to process your data only for the purposes of completing the payment and are not permitted to use your data for their own commercial purposes.

8.2 Regulatory and Law Enforcement Authorities

We may disclose personal data to regulators, law enforcement agencies, tax authorities, or other government bodies where we are required to do so by law, or where we believe in good faith that disclosure is necessary to comply with a legal obligation, protect our legal rights, or prevent fraud or crime.

8.3 Service Providers

We may share data with trusted service providers who assist us in operating our website and services, such as hosting providers and email delivery services. These providers act as data processors under our instruction and are bound by contractual obligations to keep your data secure and confidential.

8.4 No Selling of Data

We will never sell your personal data to advertisers, data brokers, or any other commercial third party. Your data is collected solely to deliver and improve our services, and to comply with our legal obligations.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

Specifically:

• a.Account data: We retain your account data for the duration of your account. If you request deletion of your account, we will remove your profile information. However, transaction records and associated identifying information linked to donations or payments will be retained for seven years from the date of the relevant transaction, as required by AML and financial record-keeping legislation.
• b.Financial records: All financial records, including donation receipts, payment references, billing names, and billing countries, are retained for a minimum of seven years from the date of the transaction. This retention period applies regardless of account status.
• c.Technical and log data: Server logs and IP address records are retained for a shorter period, typically up to 12 months, for security and fraud detection purposes.

10. Your Rights

Under UK GDPR and, where applicable, EU GDPR, you have the following rights in relation to your personal data:

To exercise any of these rights, please contact us using the details in Section 12. We may need to verify your identity before processing your request.

11. Cookies

We use a minimal set of cookies to operate the WHAid platform.

11.1 Session Cookies

When you log in to your WHAid account, we set a session cookie to maintain your authenticated session. This cookie is strictly necessary for the platform to function. It does not track your browsing behaviour across other websites and is deleted when you log out or close your browser.

11.2 No Advertising or Tracking Cookies

We do not use advertising cookies, tracking pixels, third-party analytics cookies, or any cookie that shares your data with advertising networks. We do not build profiles of your browsing behaviour for marketing purposes.

11.3 Managing Cookies

You can configure your browser to refuse cookies or to alert you when cookies are being set. Please note that disabling session cookies will prevent you from logging in to your WHAid account and accessing authenticated features.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have a complaint about how we have handled your personal data, please contact us:

We aim to respond to all data protection enquiries within 30 days. If your request is complex or you have made a number of requests, we may extend this period by up to a further two months. We will notify you if we need to do so.

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority. In the United Kingdom, this is the Information Commissioner's Office (ICO) at ico.org.uk.