- Responsible Authority
The responsible authority which operates https://www.nothingtohidefoundation.org/ (hereinafter: “Website”) is Wise, a trading name of TransferWise Ltd, (“Wise”, “us”, “we”, “our'') an international business with headquarters on the 6th Floor of The Tea Building, 56 Shoreditch High Street, London E1 6JJ. Our registration number with the Information Commissioner’s Office UK (ICO) is Z2976089. If you have any questions about how we protect or use your data, please email us at [email protected].
- Information we collect about you
Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Information you give us: when give consent to sign up to Nothing To Hide, we will ask you to provide us with the following personal data:
- First Name
- Last Name
- Email address
- Phone number
- Address (street, city, province/territory, postal code)
Other personal data we collect: we use this information for several purposes, such as calculating usage levels, helping diagnose server problems, and administering the Website.
- Internet Protocol (IP) address (a number that is automatically assigned by your internet service provider to the computer you used)
- The type of browser and operating system you used
- The date and time you visited the Website
- The Internet address of the site from which you linked to the Website
- Pages on the website that you have viewed
- Information you give us: when give consent to sign up to Nothing To Hide, we will ask you to provide us with the following personal data:
- How we use this information
We use information that we collect about you or that you provide to us, including any Personal Information:
- To keep you informed about and invite you to participate in our global advocacy efforts for transparency in international finance.
- To keep you informed of ways you can get involved to demand more transparency from lawmakers.
- To provide you with information about how banks in your country hide fees in their transfer costs
- To analyse how the Website is used, investigating and resolving technical problems, maintaining security, and personalizing content.
- To operate, maintain, and provide to you the features and functionality of the Website.
- Third Party Services
What type of cookies do we use?
When you visit Nothing To Hide, NationBuilder may send one or more cookies - a small text file containing a string of alphanumeric characters - to your computer that uniquely identifies your browser and lets NationBuilder help you log in faster and enhance your navigation through Nothing To Hide. A cookie does not collect personal information about you. A persistent cookie remains on your hard drive after you close your browser. Persistent cookies may be used by your browser on subsequent visits to the site. Persistent cookies can be removed by following your web browser’s directions. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of Nothing To Hide may not function properly if the ability to accept cookies is disabled.
Legal basis for processing in the UK and the EEA
The legal basis that we use (in accordance with applicable legislation) to collect and process your data in the UK and the EEA (European Economic Area) is consent, which you grant when you sign up to the Nothing To Hide campaign. You can withdraw your consent at any time.
Transfer of data
We may transfer and store your data at a destination outside the UK and EEA. It may also be processed by staff operating outside the UK and EEA who work for us or at one of our third party service providers. In these cases, we ensure that both ourselves and our partners take adequate and appropriate technical and organisational security measures to protect your data. We also ensure we have appropriate safeguards (including Standard Contractual Clauses and confidentiality agreements) in place with these parties receiving the data outside the UK and EEA.
Our campaign is aimed at adults aged 18 and over and are not designed for children. We do not knowingly collect data from this age group. If a child's data is collected without the verified consent of the parents, it will be deleted.
How we protect your personal information
We take the protection of your data very seriously and take a number of measures to ensure that it remains protected. We have implemented measures designed to secure your data from accidental loss and from unauthorized access, use, alteration and disclosure.
All personal information you provide to us is stored in secure servers behind firewalls. We update and patch our servers in a timely manner. We run a Responsible Disclosure and bug bounty program to identify any security issues in Wise services. Our technical security team proactively monitors for abnormal and malicious activity in our servers and services. When information you’ve given us is not in active use, it is encrypted at rest. This means it’s unreadable from server hard-drives without the decryption secret.
We do regular audits such as SOC 2. As part of these audits, our security is validated by external auditors. We restrict access to your personal information to those employees of Wise who have a business reason for knowing such information. We continuously educate and train our employees about the importance of confidentiality and privacy of customer personal information. We maintain physical, electronic and procedural safeguards that comply with the relevant laws and regulations to protect your personal information from unauthorised access.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do try to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to us or which we obtain. Any transmission of Personal Information is at your own risk.
We will retain your data for the duration of the campaign, which will run until the end of 2030 or until you decide to unsubscribe. We will only access your data internally on a need to know basis, and we’ll only access or process it if absolutely necessary. You can always contact [email protected] to request for your information to be deleted. You can remove yourself at any time from our communication list by following the unsubscribe link at the bottom of any email we send you.
Depending on the applicable laws, you may have the right to access the information stored about you. Your right of access can be exercised in accordance with the relevant data protection laws. If you have any questions about the use of your personal information, please contact us. Under certain circumstances, you may have the following rights:
- You have the right to be informed;
- You have the right to rectification;
- You have the right to erasure;
- You have the right to restrict processing;
- You have the right to data portability;
- You have the right to object;
- You have rights in relation to automated decision-making and profiling;
- You have the right to withdraw consent to processing at any time by contacting us or unsubscribing from our mailing list using the unsubscribe link or in your account settings. Keep in mind withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal of consent;
- You have the right to file a complaint with a supervisory authority or another public body that is responsible for the enforcement of data protection laws.
- Links to Other Websites
Contact the appropriate authority
If you are of the opinion that we have not adequately answered your questions or concerns, or believe that your data protection rights have been violated, you can complain to a supervisory authority or another public body that is responsible for the enforcement of data protection laws. In the UK, this is the Information Commissioner's Office, whose contact details can be found on the ICO website.
Last Updated: March 1, 2022