Thank you for visiting MuslimGiving, a website operated by MuslimGiving Ltd. We are a company incorporated in England, our company registration number is 09643356 and our registered address can be found on Companies House.
The MuslimGiving policy on privacy outlines how we process, use and manage personal information submitted via the MuslimGiving platform.
MuslimGiving are fully committed protecting your information and keeping it secure. By having this commitment, our donors, fundraisers and charities can be confident and reassured when using our services.
By visiting or using the MuslimGiving fundraising platform, you agree to your personal information being used in accordance with this policy.
This policy is prepared in compliance with the requirements of the Data Protection Act 1998, as replaced and superseded by the General Data Protection Regulation (EU) 2016/679, as in force from time to time (Data Protection Law).
How to contact us regarding your data
You can email our Data Protection Officer direct on firstname.lastname@example.org
What information do we collect?
When you access MuslimGiving.org information such as your browser you are using, IP address and the time and date will be collected by us. The MuslimGiving website also collects ‘cookies’ which are small data files that collect information about the way you navigate websites and this helps provide you with an improved personal experience as it will aid the personalisation of navigating and using our services.
You can clear your cookies from your internet browsers at any time and you can also choose to block them.
When you create an account on MuslimGiving we collect contact information about you to set up your account, so that you may either donate or start fundraising. This includes asking you to provide your email address which is your username and a password so you can gain secure access to your account.
From Fundraisers: When you create a fundraising page we will collect and use the details you have consented to provide, including those of the charity or cause you are supporting.
From Donors: To make a donation through MuslimGiving, we will ask for and collect some basic personal and payment information. For Gift Aid purposes, we may also ask for additional details such as your UK home address.
You will also have to create a username and password which we will store securely on our server. These are the details you use to access your account and you must ensure only authorised parties are able to use these details to login.
If you login using a third party site such as Facebook, Google etc this will access your account and bypass the regular login process on our website. The MuslimGiving platform also uses social media plug-ins. If you do not wish to be automatically logged in via any social media or web browsers you must uncheck options such as ‘remember me’ or reject pop-ups via these sites that offer to save your password.
Right to Access Information
With regards to access your own information, you are entitled to:
- Request copies of your personal information that we hold
- Have information that we have you on corrected, if it contains errors or is inaccurate
- Ask us to stop processing and delete your information
With regards to the above, we will accept such requests via email. Our contact details are below. Depending on the nature of the request and what is required we reserve the right to charge an administration fee and request proof of your identity.
What to do if you don’t want us to hold your data
If you decide that you don’t want us to hold your information any longer or you would like to update your preferences, then just email us on email@example.com
How do we use your data?
- Personalising your user experience based on your past donations, charities you have raised funds for and previous usage of our website e.g. through cookies.
- Surveying and gathering your feedback, opinions and ideas in order to improve our services and your user experience.
- Personalising the news, campaigns and messages you receive via MuslimGiving.
- Storing information on your account that you have provided to us. As and when this information is updated by you, this will also be recorded and stored.
- Contacting fundraisers to let them know a donation has been received and other related to their campaign.
- Allowing charities and causes to view campaigns and fundraising pages set up on behalf of (or for) those causes.
- Allowing charities and other causes to view donations made to them
- Processing and managing donations received.
- Identifying, preventing and minimising fraudulent donations and/or payments.
- Identity checking, bank account verification and credit referencing may be carried out where necessary and relevant.
- Helping you connect with your social media followers.
- Using data and statistics for analytical and reporting purposes.
- Allowing companies to view fundraising pages, campaigns and charities set up in their name or carried out by their employees (subject to employees giving their consent).
- When making a donation, your name, amount and accompanying message will be visible to the creator of the page and others. You will have the option to anonymise these details.
- We do not provide your details to any organisations, charities or third parties unless we have your consent.
- All the information you provide will only be used in accordance with this policy.
You may occasionally receive campaign updates, news, events, marketing and other information from us. Where relevant, you can opt-out of receiving such communication or update your personal preferences to indicate what type of updates or notifications you would like to receive.
Who do we share your data with?
For operational and processing purposes, we transfer personal and payment information to approved companies who manage our systems and data.
We only use companies where there is adequate security, privacy and data integrity procedures in place.
For tax and regulation purposes, we may also be required to submit information to HMRC and other authorities such as the Charity Commission.
MuslimGiving have invested heavily in technological and procedural based systems to protect your information and keeping our website secure. However, with the daily threats of malware, hacking and ransomware attacks facing organisations across the globe, as per other internet-based sites, no-one can guarantee 100% security, particularly when under such attacks. Despite the best efforts, MuslimGiving cannot be held liable for unauthorised access beyond our reasonable control.
MuslimGiving is also compliant with GDPR and being assessed for the ISO regulations and requirements.
How long do we keep your data?
We keep your personal data on our database for as long as we have a legitimate reason to use the data and as required by law. If you claim Gift Aid on a donation you make, we are required by HMRC to keep data related to your donation for six years after the tax year in which the donation was made.
Ensure PCI DSS compliance
Anyone involved with the processing, transmission, or storage of card data must comply with the Payment Card Industry Data Security Standards (PCI DSS). Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry.
PCI compliance is a shared responsibility and applies to both Stripe and MuslimGiving. When accepting payments, we do so in a PCI compliant manner. The simplest way to be PCI compliant is to never see (or have access to) full card data at all. Stripe makes this easy for MuslimGiving as they do the heavy lifting to protect our customers’ card information. We are only permitted to retain sensitive information as per PCI DSS regulations for legitimate business need. We never store the card-validation code used to validate card-not-present transactions. Our payment applications comply with the Payment Application Data Security Standard (PA-DSS).
Our hosting site Azure, OneDrive for Business, and SharePoint Online are certified as compliant under PCI DSS version 3.2 at Service Provider Level 1.
To maintain our compliance, we are required to complete the PCI DSS self-assessment questionnaire annually and conduct any applicable network scan on a quarterly basis. MuslimGiving is required to carry out a self-assessment questionnaire (SAQ) which is a validation tool that allows MuslimGiving to self-audit their PCI DSS compliance.
Assessing and validating PCI compliance usually happens once a year, but PCI compliance is not a one-time event — it’s a continuous and substantial effort of assessment and remediation. As MuslimGiving grows so will the core business logic and processes, which means compliance requirements will evolve as well.
Disclaimer and Limitation of Liability
We invest our resources to protect your personal information. However, we are unable to guarantee a 100% secure site. We cannot be held responsible for unauthorised or unintended access that is beyond our control.
We periodically review our policy and place updates on MuslimGiving website. Please review this policy for changes.
We will notify you of material changes we make to this policy and, where required under applicable privacy and data protection legislation, we will also provide notifications of material changes via our website.
If you do not accept the updated policy, please stop using our website.
Complaints or Feedback
Email Us: firstname.lastname@example.org