Where are you collecting my personal information from?
We are collecting personal data each time you deal directly with us. This means we will collect data from you when you:
Join or apply for one of our online or offline groups (E.g. our Click to Kick recovery group.)
Join or apply for one of our webinar sessions
Make a donation to our charity, directly or with a giving platform we have an account with.
Fundraise for us
Buy one of our resources
Follow, Like, or interact with us via social media (E.g. on Facebook, Twitter or Instagram).
Fill out a feedback form
Contact us via phone or email to make an inquiry (E.g. to book one of our speakers)
Create a profile for one of our apps
Sign up to an email list on one of our websites
Visit one of our websites (we collect general statistics for things like ‘how many people visited our site’, and not on the individuals who visit).
Come to one of our events and/or book onto one of our events directly, via our website, or with a third party platform we have an account with (E.g. Eventbrite)
What personal information about me are you collecting?
We collect the data you give to us directly. This means that when you provide it, we will collect:
Name, email, address, and Contact Number
Credit card and/or debit card and/or bank details
Church and organisation you are associated with, along with their contact details
When you first made contact with us
What communication we have had with you
Your donation history
Resources you have brought from us
Which online and offline events you have booked onto/enquired about
Social media communications, interactions, and handles. (Stored on the the social media platforms)
Names of partners and family members
Age and date of birth.
Faith and religion
Relevant and appropriate life style issues for the groups you engage with (E.g how often do you use your phone)
Why are you collecting my personal information?
We collect your personal data so we can fulfill the promises we make to you, and fulfill the agreements we have with you. This means we collect your data so we can:
Process your donations and fund the work you want to support.
Comply with legal requirements (E.g. like Gift Aid claims)
Raise funds for the work we do.
Confirm the sale of any resources you buy, tickets you purchase for our events, or places you book for our online courses.
Send you any books or resources you have ordered.
Follow up on interest or information you requested related to our work.
Market and promote the work we do and resources and courses we produce.
Communicate with you and keep you updated with our news and work (E.g. via our email update)
Personalise your experience (E.g. only update you on schools work but not recovery work if you request this)
Connect via emails, letters, social media, the phone, or how ever you want to be contacted.
Process your job application fairly and efficiently.
Process volunteer’s suitability and availability, and process their DBS checks.
Efficiently partner with individuals and organisations who want to collaborate with us.
Provide access to services to users.
Assess suitability for groups and courses (E.g. our Click to Kick recovery groups).
How do you store my personal information?
We store all the date we collect in safe and secure places. This means we store it on:
Our secure database
Our email accounts
Online platforms we use to deliver the services you sign used up for (E.G. using Mail Chimp to send emails to supporters)
Paper/hard copies, which are kept in our locked offices or in a safe place while they are being transported (E.g. in our locked float when being transported back to the office after events.)
On work computers, laptops, hard drives, and other technological equipment.
Who has access to my personal information?
Your personal data is only accessed by staff members within our organisation who need it to carry out the tasks mentioned above. Any highly sensitive information will only be accessed by staff members who absolutely need it, and is not available to every staff member. (For example, information and identity of members in our recovery groups, will only be accessed by therapist/ facilitators who need it to run the group and not every staff member.)
All staff members adhere to a very strict confidentiality agreement, and will not use this data in other contexts or pass on your information.
We also work with external people from time to time. (E.g. financial auditor, volunteers, freelancers, other charities we partner with to deliver projects). However, we will only work with people and organisations who follow the highest GDPR standards, and who work inside of the European Economic Area. They will also need to sign confidentiality agreements or will have their own strict GDPR policy in place. They must also agree to not share your data with anyone else/other organisations. They will only be given access to data relevant to carrying out the necessary task, and not keep any information after our association ends. (E.g. the auditor will only have access to donation history while they check our accounts, to make sure we adhere to financial laws and regulations.)
Do I have the right to not give you with my personal information?
Yes, you are not required to give us any of your personal data. However, in some instances, holding back information can stop us from providing you with a service. (E.g. we will not be able to take a donation from you if you do not provide your payment details.)
Do I have the right to see the information you have about me?
Yes, it’s your right to see a copy of the data we have about you. If you want to receive this information, please send a written letter to our address, found on our contact page. With your address, email, and contact number so we can respond to the request. We aim to respond with the required information within 30 days.
This service is free, unless you make repeated requests. In which case there will be a reasonable charge.
Do I have the right to ask you to change my personal information?
Yes, you can tell us of any changes you think we need to make (e.g, change of address ) or to update and replace your personal data (e.g. add your new mobile number to your contact numbers). You can also ask us to not use your data in a certain way and/or withdraw consent (e.g. to not even use your home number anymore). If you would like us to change your data, please send us an email, see our contact page for our email address, with the title ‘Data Details’, and explain what you would like altered. We aim to respond within 30 days.
Do you ever pass my personal information on?
We take your personal data very seriously and realise how annoying it is to get cold calls from organisation you never gave your details to. For this reason, we will never sell, rent, or trade your personal data. All the data you give to us will be kept within our organisational structures. (E.g. on our own database).
There are only two exceptions to this rule:
1) If we work with third-party companies to help improve our organisation and support our projects. When we work with external organisations, we only work with those inside of the European Economic Area who fully adhere to the highest data protection standards set by GDPR. These organisations must also agree to not share any data they gain from us about you with anyone else. Furthermore, if they do need to take your data outside of our organisational structures (E.g. use their own laptops to fulfil their service) they must agree to delete it after their service with us has come to an end, and must agree to not pass this data on or use it in any way that is unrelated to the service they are providing for us.
2) We may be forced to disclose your data if we are required to by the police, by law, or to enforce our legal rights.
How long do you keep my personal information for?
We will hold your data indefinitely if you are interacting with us and our organisation. (E.g. if you are responding to the emails we send or donating to the charity) If your interaction ends, we will hold your information if laws require us to (E.g. HMRC requires organisation to hold financial information from donors for a set period of time). If your interaction ends and there is no law stating we will need to keep your personal information, we will delete your data after three years, and we will check our data once a year to see if anyone’s information needs deleting.
Do you keep my data secure?
For obvious reasons, we cannot go in detail about how we keep data safe because it could compromise our security. However, we make sure that the hard copies, and digital copies, of all the data we collect is protected and only seen and used by the appropriate people.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
This policy was first published on May 8th 2018. We reserve the right to update this policy, and we will review it at least once every two years to make any necessary changes. We will let you know of any changes via email if you have given your address to us.
For more information about your rights, visit the website of the Information Commissioner’s Office.