Privacy policy

Policy number: IAFPP1

The Duke of Edinburgh’s International Award Foundation

 Issued on: 1 January 2014

Issue control


Policy number

Issued on

Effective date

Issued by



1 January 2014

1 January 2014

Mike Heath





Issue control 2

Contents. 3

Purpose of the privacy policy. 4

Applicability. 4

Information we collect. 4

How we use information we collect. 6

Transparency and choice. 7

Information you share. 7

Information we share. 8

Information security. 9

Enforcement. 9

Changes. 10

Getting help. 10

Policy authority. 10


Purpose of the privacy policy

There are many different ways you can use the services of The Duke of Edinburgh’s International Award Foundation – to participate in the Award, log your activities, search for information, and to communicate with your Award Leader or others involved in the Award. When you share information with us, for example by creating your Online Record Book (ORB) account, we can make those services even better – to help you connect with others or to make sharing with them quicker and easier. As you use our services, we want you to be clear how we’re using information and the ways in which you can protect your privacy.

Our privacy policy explains:

  • what information we collect and why we collect it
  • how we use that information
  • the choices we offer, including how to access and update information.

We’ve tried to keep it as simple as possible, but if you’re not familiar with terms like cookies, IP addresses, pixel tags and browsers, then read about these key terms first. Your privacy matters to us so whether you are new to the ORB or have been using it for some time, please do take the time to get to know our practices. If you have any questions please contact us.


Our privacy policy applies to all of the services offered by us and our associates, including services offered on other sites (such as any advertising services), but excludes services that have separate privacy policies that do not incorporate this privacy policy.

Our privacy policy does not apply to services offered by other companies or individuals, including products or sites that may be displayed to you in search results, sites that may include our services, or other sites linked from our services. Our privacy policy does not cover the information practices of other companies and organisations who advertise our services, and who may use cookies, pixel tags and other technologies to serve and offer relevant ads.

Information we collect

We collect information to provide better services to all of our users – from basic information such as your age and whether you are male or female, and what Award level you are undertaking, to more complex things like which activities you are undertaking.

We collect information in two ways:

Information you give us

For example, our online service requires you to sign up for an ORB account. When you do, we’ll ask for personal information such as your name, email address or telephone number. If you want to take advantage of some of the sharing features we offer, we may also ask you to include a photo for your profile or to upload photos of your activities.

Information we get from your use of our services

We may collect statistical information about the services that you use and how you use them, for example the activities you are undertaking, the time you spent completing these activities, or how you interact with sponsored pages and content.

This information includes:

Device information

We may collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number). We may associate your device identifiers or phone number with your ORB account. A unique device identifier is a string of characters that is incorporated into a device by its manufacturer and can be used to uniquely identify that device. Different device identifiers vary in how permanent they are, whether they can be reset by users, and how they can be accessed. A given device may have several different unique device identifiers. Unique device identifiers can be used for various purposes, including security and fraud detection, syncing services such as a user’s email inbox, remembering the user’s preferences and providing relevant sponsored pages.

Log information

Like most web based applications, our servers automatically record the page requests made when you log in. These ‘server logs’ typically include your web request, Internet Protocol (IP) address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser. When you use our services or view content provided by us, we may automatically collect and store certain information in server logs. This may include:

  • details of how you used our service, such as your search queries
  • telephony log information such as your email, SMS routing information and type of communication
  • your IP address. Every computer connected to the Internet is assigned a unique number known as an Internet protocol (IP) address. Since these numbers are usually assigned in country-based blocks, an IP address can often be used to identify the country from which a computer is connecting to the Internet.


Device event information

This includes crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL and cookies that may uniquely identify your browser or your ORB account.

Unique application numbers

Certain services include a unique application number. This number and information about your installation (for example, the operating system type and application version number) may be sent to us when you install or uninstall that service or when that service periodically contacts our servers, such as for automatic updates.

Local storage

We may collect and store information (including personal information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.

Cookies and anonymous identifiers

We use various technologies to collect and store information when you visit an Award site and this may include sending one or more cookies or anonymous identifiers to your device. We also use cookies and anonymous identifiers when you interact with services we offer to our partners, such as advertising services or Award features that may appear on other sites. A cookie is a small file containing a string of characters that is sent to your computer when you visit a website. When you visit the website again, the cookie allows that site to recognise your browser. Cookies may store user preferences and other information. You can reset your browser to refuse all cookies or to indicate when a cookie is being sent. However, some website features or services may not function properly without cookies.

An anonymous identifier is a random string of characters that is used for the same purposes as a cookie on platforms, including certain mobile devices, where cookie technology is not available.

How we use information we collect

We use the information we collect from our services to provide, maintain, protect and improve them, to develop new ones, and to protect the Foundation and our users. We also use this information to offer you tailored content – such as giving you more relevant sponsor pages or advertisements.

We may use the name you provide for your ORB profile across all of the services we offer that require an ORB account. In addition, we may replace past names associated with your ORB account so that you are represented consistently across all our services.

When you contact us, we may keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about our services, such as letting you know about upcoming changes or improvements.

We use information collected from cookies and other technologies, such as pixel tags, to improve your user experience and the overall quality of our services. For example, by saving your language preferences, we’ll be able to have our services appear in the language you prefer. When showing you tailored sponsor pages, we will not associate a cookie or anonymous identifier with sensitive categories, such as those based on race, religion, sexual orientation or health.

A pixel tag is a type of technology placed on a website or within the body of an email for the purpose of tracking activity on websites, or when emails are opened or accessed, and is often used in combination with cookies.

We will not combine Double Click cookie information with personally identifiable information unless we have your opt-in consent.

We will ask for your consent before using information for a purpose other than those that are set out in this privacy policy.

We may process personal information on our servers in many countries around the world. We may process your personal information on a server located outside the country where you live.

Transparency and choice

People have different privacy concerns. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used.

You may set your browser to block all cookies, including cookies associated with our services, or to indicate when a cookie is being set by us. However, it’s important to remember that our services may not function properly if your cookies are disabled. For example, we may not remember your language preferences.

Information you share

Many of our services let you share information with others. Remember that when you share information publicly, it may be indexable by search engines.

Accessing and updating your personal information

Whenever you use our services, we aim to provide you with access to your personal information. If that information is wrong, we strive to give you ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. When updating your personal information, we may ask you to verify your identity before we can act on your request.

We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backups).

Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.

Information we share

We do not share personal information with companies, organisations and individuals outside the Foundation unless one of the following circumstances apply:

With your consent

We will share personal information with companies, organisations or individuals outside the Foundation when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information. This is a particular category of personal information relating to confidential medical facts, racial or ethnic origins, political or religious beliefs or sexuality.

With domain administrators

If your ORB account is managed for you by our system administrator or a National Award Operator system administrator to provide help desk user support they will have access to your ORB account information (including your email and other data). Your relevant system administrator may be able to:

  • view statistics regarding your account
  • change your account password
  • suspend or terminate your account access
  • access or retain information stored as part of your account
  • receive your account information in order to satisfy applicable law, regulation, legal process or enforceable governmental request
  • restrict your ability to delete or edit information or privacy settings.

For external processing

We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our privacy policy and any other appropriate confidentiality and security measures.

For legal reasons

We will share personal information with companies, organisations or individuals outside of Foundation if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

  • meet any applicable law, regulation, legal process or enforceable governmental request
  • enforce applicable terms of service, including investigation of potential violations
  • detect, prevent, or otherwise address fraud, security or technical issues
  • protect against harm to the rights, property or safety of the Foundation, our users or the public as required or permitted by law.

We may share aggregated, non-personally identifiable information publicly and with partners such as publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our services.

Information security

We work hard to protect the Foundation and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information we hold. In particular:

  • we encrypt many of our services using SSL
  • we review our information collection, storage and processing practices including physical security measures, to guard against unauthorised access to systems
  • we restrict access to personal information to Foundation employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.


We regularly review our compliance with our privacy policy. We also adhere to several self-regulatory frameworks. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.


Our privacy policy may change from time to time. We will not reduce your rights under this privacy policy without your explicit consent. We will post any privacy policy changes on the ORB or other Foundation sites and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes). We will also keep prior versions of this privacy policy in an archive for your review.

Getting help

If you need any further information about this policy, please contact Mike Heath, Head of Information Management at the Foundation.

Policy authority

This policy is owned and managed by the Foundation’s information management team.