Grants:Administration/Privacy FAQ
Grantees sometimes come to us with questions about how our Community Resources team handles their personal data. As a general rule, the Wikimedia Foundation is bound by our Privacy Policy. We prepared this list of frequently asked questions to help answer questions specific to grantees, which is also a supplement to the Grant Application Form Privacy Statement.
Why do we collect your data?
editThe Community Resources team needs to collect some personal and banking data for a few reasons:
- to send money to grantees;
- for screening and compliance purposes under U.S. law; and
- to keep tax records about our grants and grantees.
For example,
- we need enough grantee bank account information to wire funds. The information needed to wire funds is different for each country, and may also change depending on how funds are sent. That’s the point of the program, after all!
- U.S. law—particularly the USA PATRIOT Act and Executive Order 13224—requires us to conduct a review every time we send money to make sure that we aren’t inadvertently funding activities that aren’t legally permitted (such as money-laundering or terrorism).
- to approve an organization’s grant, we must determine that the organization is not-for-profit in order to comply with US tax regulations. In the U.S., this means we need some documentation showing the organization’s 501(c)(3) status; outside the U.S., we need some documentation showing the organization has a similar status in another country.
How much data do we keep?
editWe keep information voluntarily submitted from grant applicants and their banks. This includes some personal information, such as full legal names, addresses, and additional information as required or as submitted. We also keep enough bank account information to wire funds, including:
- the name of the financial institution;
- the address of the bank branch;
- the bank account number (IBAN outside US);
- the SWIFT (Society for Worldwide Interbank Financial Telecommunication) code or BIC (Business Identifier Code) (outside US);
- the ABA routing number (within US);
- a country-specific banking code or tax code required by the receiving bank or country, if needed (e.g. IFSC in India);
- the preferred currency for receiving grants; and
- account-holder information that may differ depending on whether the grantee is an individual, organization, or group.
Please note that bank requirements differ by country and by the payment methods we use for sending funds, so additional information may be requested or submitted and kept, as needed.
Grantees ask their banks to provide us with a current list of the names of people with access to the bank accounts we send funds to because we need this information for screening purposes. We keep this information on file along with the other bank account details mentioned here.
Where do we keep your data?
editWe store personal and banking data in two ways:
- Ourselves, in secure folders on our servers or other secure locations or formats of comparable security. No system is completely safe from breach, but we use a number physical and technical measures, policies, and procedures (such as access control procedures, network firewalls, and physical security) to protect your data.
- With our service providers. We put requirements, such as confidentiality agreements, in place to help ensure that these service providers treat your information consistently with, and no less protective of your privacy than, the principles of the Privacy Policy.
Who has access to your data?
editAccess to grantees’ data is restricted to Wikimedia Foundation staff, contractors, and service providers.
How long do we keep your data?
editSeven (7) years after the most recent grant-related activity for contact.
Whom do we share your data with?
editExcept in limited circumstances, we won’t share your data with anybody other than Wikimedia Foundation staff and contractors. We comply with the Privacy Policy’s limitations on sharing data. For example, we may share your data for legal reasons (such as screening grantees or complying with a valid and enforceable warrant or subpoena) or with our service providers. Please consult the Privacy Policy for a complete list of of exceptions and more detailed explanations of those exceptions.