Why do we collect your data?
The Community Resources team needs to collect some personal and banking data for a few reasons:
- to send money to grantees;
- for screening and compliance purposes under U.S. law; and
- to keep tax records about our grants and grantees.
- we need enough grantee bank account information to wire funds. The information needed to wire funds is different for each country, and may also change depending on how funds are sent. That’s the point of the program, after all!
- U.S. law—particularly the USA PATRIOT Act and Executive Order 13224—requires us to conduct a review every time we send money to make sure that we aren’t inadvertently funding activities that aren’t legally permitted (such as money-laundering or terrorism).
- to approve an organization’s grant, we must determine that the organization is not-for-profit in order to comply with US tax regulations. In the U.S., this means we need some documentation showing the organization’s 501(c)(3) status; outside the U.S., we need some documentation showing the organization has a similar status in another country.
How much data do we keep?
We keep information voluntarily submitted from grant applicants and their banks. This includes some personal information, such as full legal names, addresses, and additional information as required or as submitted. We also keep enough bank account information to wire funds, including:
- the name of the financial institution;
- the address of the bank branch;
- the bank account number (IBAN outside US);
- the SWIFT (Society for Worldwide Interbank Financial Telecommunication) code or BIC (Business Identifier Code) (outside US);
- the ABA routing number (within US);
- a country-specific banking code or tax code required by the receiving bank or country, if needed (e.g. IFSC in India);
- the preferred currency for receiving grants; and
- account-holder information that may differ depending on whether the grantee is an individual, organization, or group.
Please note that bank requirements differ by country and by the payment methods we use for sending funds, so additional information may be requested or submitted and kept, as needed.
Grantees ask their banks to provide us with a current list of the names of people with access to the bank accounts we send funds to because we need this information for screening purposes. We keep this information on file along with the other bank account details mentioned here.
Where do we keep your data?
We store personal and banking data in two ways:
- Ourselves, in secure folders on our servers or other secure locations or formats of comparable security. No system is completely safe from breach, but we use a number physical and technical measures, policies, and procedures (such as access control procedures, network firewalls, and physical security) to protect your data.
Who has access to your data?
Access to grantees’ data is restricted to Wikimedia Foundation staff, contractors, and service providers.
How long do we keep your data?
Seven (7) years after the most recent grant-related activity for contact.