Apply

Privacy Policy

1. Who We Are

New Ventures Worldwide (NVW) is a Charitable Incorporated Organisation (CIO) registered in England and Wales. We place young people aged 18 to 30 on safe, structured volunteering placements with children and young people in schools, outdoor camps, and community projects across Europe, Africa, Australasia, and the Americas.

We are the data controller for the personal data we collect and process. This means we are responsible for deciding how and why your personal data is used, and we are committed to handling it lawfully, fairly, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. How to Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or want to raise a concern about how we handle your data, please contact us:

New Ventures Worldwide CIO

Email: [email protected]

Website: www.newventuresworldwide.org

We aim to respond to all privacy-related enquiries within 30 days.

2. Legal basis on which AFS collects your personal data

AFS collects and processes your Personal Data on the basis of different legal grounds, depending on the nature of the Personal Data being provided and the type of processing involved. Personal data means any information capable of identifying an individual. It does not include anonymised data.

Consent

Most of the Personal Data stored and processed by AFS relies on your consent in order to process your Personal Data. Where AFS requires your consent in order to collect and process certain Personal Data, we seek your consent at the time of provision, and such processing will only be performed where consent is secured. If consent is not given, we anonymise personal data.

Legitimate Interest

A second ground relied upon by AFSfor other types of processing of your Personal Data is that it is necessary for the purposes of legitimate interests pursued by AFS. Such legitimate interests will include where AFS sends you marketing about our products and services, where we believe you have a reasonable expectation that we will perform a particular type of processing on your behalf, or where such processing is strictly necessary for fraud detection and prevention. AFS will only rely on such a ground where an assessment has been performed balancing the interests and rights involved and the necessity of the processing in order to provide our services, products and features to you.

Compliance with a Legal Obligation

A third ground relied upon for certain types of processing is that it is necessary in order to allow AFS to comply with a legal obligation. An example of this would be where AFS is required to retain accounting records for fixed periods of time in order to comply with local legal requirements.

3. What Personal Data We Collect

3.1 Prospective and Active Volunteers

When you apply for a placement or interact with us as a prospective volunteer, we may collect:

  • Full name, date of birth, and contact details (email address, phone number, postal address)
  • Nationality, passport details, and visa information
  • Educational background, qualifications, and employment history
  • Emergency contact details
  • Health and medical information relevant to your placement
  • Enhanced DBS check results or equivalent background check information
  • References from third parties
  • Photographs and video content (where you have provided consent)
  • Payment information (processed securely through our payment provider; we do not store card details)
  • Communications with us before, during, and after your placement

 

3.2 Partner Organisations

When we work with schools, colleges, universities, and other partner organisations, we may collect:

  • Names, job titles, and contact details of staff and careers advisors
  • Institutional information such as school name, address, and website
  • Records of communications and partnership agreements

 

3.3 Website Visitors

When you visit our website, we automatically collect certain technical data including:

  • IP address and browser type
  • Pages visited, time of visit, and referring website
  • Cookie data (see Section 9 for details)

 

3.4 Special Category Data

Some of the information we collect is classified as special category data under UK GDPR, including health and medical information and criminal record check results. We only collect this where it is strictly necessary for safeguarding purposes, to fulfil our legal obligations, or with your explicit consent.

4. How We Use Your Personal Data

We use personal data for the following purposes, each supported by a lawful basis under UK GDPR:

 

4.1 Processing Applications and Managing Placements

Lawful basis: Contract (Article 6(1)(b)) and, for special category data, explicit consent (Article 9(2)(a)) or substantial public interest (Article 9(2)(g)).

  • Assessing your application and conducting interviews
  • Matching you with a suitable host organisation and placement
  • Arranging and coordinating your travel, arrival, and onboarding
  • Providing support during and after your placement
  • Processing deposits and fees

 

4.2 Safeguarding

Lawful basis: Legal obligation (Article 6(1)(c)) and substantial public interest (Article 9(2)(g)).

  • Conducting DBS checks or equivalent background screening
  • Sharing relevant information with host organisations to ensure safe placements
  • Maintaining records required by safeguarding legislation

 

4.3 Communications and Marketing

Lawful basis: Consent (Article 6(1)(a)) or legitimate interests (Article 6(1)(f)) where you have an existing relationship with us.

  • Sending you information about placements, programme updates, or news
  • Inviting you to events, webinars, or information sessions
  • Contacting partner organisations about collaboration opportunities

You can withdraw your consent or opt out of marketing communications at any time by clicking the unsubscribe link in any email or by contacting us directly.

 

4.4 Improving Our Services

Lawful basis: Legitimate interests (Article 6(1)(f)).

  • Analysing website traffic and usage patterns to improve our website
  • Reviewing placement outcomes and volunteer feedback to develop our programmes

 

4.5 Legal and Regulatory Compliance

Lawful basis: Legal obligation (Article 6(1)(c)).

  • Maintaining records required by charity law, HMRC, or other regulators
  • Responding to lawful requests from public authorities

5. Who We Share Your Data With

We do not sell, rent, or lease your personal data to third parties. We may share your data with:

 

5.1 Host Organisations and Local Partners

We share relevant volunteer information (such as name, background check results, and health information relevant to your placement) with the host organisations and local partners you will be working with. These include schools, outdoor camps, community projects, and partner organisations such as VIA in Germany. This is necessary to arrange and manage your placement safely.

 

5.2 Service Providers

We work with trusted third-party service providers who process data on our behalf under data processing agreements, including:

  • Email marketing platforms (Mailchimp)
  • CRM and project management software
  • Payment processors
  • Website hosting providers

 

5.3 Regulatory and Statutory Bodies

We may share data with the Disclosure and Barring Service (DBS), HMRC, the Charity Commission, or other public authorities where we are legally required to do so.

 

5.4 Emergency Situations

In the event of a medical or safety emergency involving a volunteer on placement, we may share relevant personal data with emergency services, healthcare providers, or your nominated emergency contacts.

6. International Data Transfers

Because NVW places volunteers in countries across Europe, Africa, Australasia, and the Americas, we may transfer personal data outside the UK. Where we do so, we ensure appropriate safeguards are in place, which may include:

  • Transfers to countries recognised by the UK government as providing an adequate level of data protection
  • Use of UK Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms
  • Contractual obligations on host organisations and partners to handle data securely and in line with UK GDPR principles

You can request further information about the safeguards we apply to international transfers by contacting us.

7. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes for which it was collected, taking into account our legal and regulatory obligations. Our general retention periods are:

  • Volunteer application records (unsuccessful): 12 months from the date of application
  • Volunteer placement records (completed placements): 7 years from the end of the placement, in line with charity accounting requirements
  • Safeguarding and DBS records: as required by applicable safeguarding legislation
  • Partner contact information: for the duration of the partnership plus 3 years
  • Website visitor logs: up to 12 months
  • Marketing consent records: until consent is withdrawn plus 3 years

After the relevant retention period, data is securely deleted or anonymised.

8. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

8.1 Right of Access

You have the right to request a copy of the personal data we hold about you (a Subject Access Request).

8.2 Right to Rectification

You have the right to ask us to correct any inaccurate or incomplete personal data we hold about you.

8.3 Right to Erasure

In certain circumstances, you have the right to ask us to delete your personal data. This right does not apply where we are required to retain data by law or for safeguarding purposes.

8.4 Right to Restriction of Processing

You have the right to ask us to restrict how we process your data in certain circumstances, for example while a dispute is being resolved.

8.5 Right to Data Portability

Where processing is based on your consent or a contract, you have the right to receive your personal data in a structured, commonly used format.

8.6 Right to Object

You have the right to object to processing based on our legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will stop processing immediately.

8.7 Rights Related to Automated Decision-Making

We do not currently make decisions about individuals based solely on automated processing.

8.8 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at [email protected]. We will respond within one month. We may need to verify your identity before processing a request.

9. Cookies

Our website uses cookies to help it function correctly and to understand how visitors use it. Cookies are small text files stored on your device by your browser.

9.1 Types of Cookies We Use

Essential cookies: necessary for the website to function and cannot be switched off.

Analytics cookies: help us understand how visitors interact with our website so we can improve it. We use tools such as Google Analytics for this purpose. Analytics cookies are only set with your consent.

Preference cookies: remember choices you make to improve your experience.

9.2 Managing Cookies

When you first visit our website, you will be asked to consent to non-essential cookies. You can manage or withdraw your cookie preferences at any time through your browser settings or our cookie consent tool. Please note that disabling certain cookies may affect the functionality of the website.

For more information about cookies and how to manage them, visit www.allaboutcookies.org.

10. How We Keep Your Data Secure

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, or disclosure. These include:

  • Encrypted email transmission using industry-standard protocols (SPF, DKIM, and DMARC)
  • Access controls limiting data access to staff who need it to do their job
  • Secure password policies and multi-factor authentication where appropriate
  • Regular review of our data handling practices and service provider agreements

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office (ICO) within 72 hours and inform affected individuals as required by law.

11. Links to Third-Party Websites

Our website may contain links to third-party websites. This Privacy Policy applies only to our website and services. We are not responsible for the privacy practices of any third-party sites and encourage you to read their privacy policies before providing any personal data.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The most recent version will always be available on our website, with the date it was last updated shown at the top of the document. Where changes are material, we will notify you by email or by a prominent notice on our website.