Faithful Companions of Jesus (UK registered charity number 239285) (“the Charity”) is committed to protecting and respecting your privacy. For the purposes of the General Data Protection Regulations (GDPR), the Data Protection Act 2018 and any subsequent UK legislation covering data protection the Data Controller is the Charity.
This Policy sets out why we collect personal information about individuals and how we use that information. It explains the legal basis for this and the rights you have over the way your information is used.
This Policy covers the Charity in relation to the collection and use of the information you give us. We may change this Policy from time to time. If we make any significant changes we will advertise this on our websites or contact you directly with the information. Please check this page occasionally to make sure you are happy with any changes.
If you have any questions about this Policy or concerning your personal information please contact Sr Patricia Binchy, by email to our Generalate firstname.lastname@example.org or by post to FCJ Generalate, Gumley House Convent, Twickenham Road, Isleworth, Middlesex, England TW7 6DN.
What type of personal information we collect
The type and amount of information we collect depends on why you are providing it.
The information we collect when you make an enquiry or a prayer request will usually include your name, email address and the reason for contacting the Charity. This information is collected so that we can respond to your enquiry or prayer request. In making an enquiry or prayer request you may include further information that either identifies you or another person. If you are providing us with information about another person, please ensure that you have got their permission before doing so. You may be providing us with information about your or another’s religious beliefs and state of health which are both special categories of personal data.
If you are a supporter, for example making a donation or volunteering, to asking for your name and contact details we may also ask you for your reasons for supporting the Charity.
If you are a grant or job applicant, the information the Charity asks you to provide is as set out in the and necessary for the purposes of our considering the application.
If you supply goods or services to the Charity, we will collect personal information of the individual contact or contacts that the Charity requires in relation to arranging those goods or services. Usually this will be a name, job role, work email address and work telephone number.
Where you sign up for our newsletter, we will collect your first name and email address so that we can send this newsletter to you.
How we collect information
We may collect information from you whenever you contact us or have any involvement with us for example when you:
- visit our websites (see our Cookies policy)
- donate to us
- volunteer for us
- enquire about our activities or services
- submit a prayer request
- sign up to receive our newsletters
- post content onto our websites/social media sites (e.g. Facebook, Twitter, Instagram, YouTube)
- attend a meeting with us and provide us with information
- take part in our events
- contact us in any way including online, email, phone, SMS, social media or post
Where we collect information from
We collect information:
- From you when you give it to us directly: You may provide your details when you ask us for information or make a donation, volunteer, attend our events, or contact us for any other reason.
- When it is available on social media: Depending on your settings or the privacy policies applying for social media and messaging services you use, like Facebook, Instagram or Twitter, you might give us permission to access information from those accounts or services.
How we use your information
We will use your personal information in a number of ways which reflect the legal basis applying to processing of your data. These may include:
- providing you with the information, advice or services you have asked for
- organising volunteering activity you have told us you want to be involved in
- sending you communications with your consent that may be of interest including our newsletter about our services and activities,
- when necessary for carrying out your obligations under any contract between us
- seeking your views on the services or activities we carry on so that we can make improvements
- maintaining our organisational records and ensuring we know how you prefer to be contacted
- analysing the operation of our websites and analysing your website behaviour to improve the websites and their usefulness
- publishing material that you have provided on our websites e.g. articles that you have written for our newsletter
- posting pictures on our website or in our newsletters
Our legal basis for processing your information
The use of your information for the purposes set out above is lawful because one or more of the following applies:
- Where you have provided information to us for the purposes of requesting information or requesting that we carry out a service for you, we will proceed on the basis that you have given consent to us using the information for that purpose, based on the way that you provided the information to us. For example, if you sign up to receive our newsletter by email, we will obtain your to send you the newsletter. You may withdraw consent at any time by emailing us at email@example.com. This will not affect the lawfulness of processing of your information prior to your withdrawal of consent being received and actioned.
- It is necessary for us to hold and use your information so that we can carry out our obligations under a contract entered into with you or to take steps you ask us to prior to entering into a contract.
- It is necessary to comply with our legal obligations. For example, we are required to retain records of donations for six years in order to comply with relevant tax legislation.
- There are circumstances where it is necessary for the Charity’s legitimate interest or the legitimate interests of you or a third party to process the personal information concerned. For instance, where the purpose of our processing is the provision of information or services to you, it is often necessary for your (or the Charity’s) legitimate interests that we provide the information or service requested, and given that you have made the request, would presume that there is no prejudice to you in our fulfilling your request. If you would like more information about how we have assessed the legitimate interest legal basis for each purpose, please contact firstname.lastname@example.org for more information.
How we keep your information safe
We understand the importance of security of your personal information and take appropriate steps to safeguard it.
Our websites have security measures in place that protect the loss, misuse or alteration of the personal information that the Charity handles in operating its websites. Our web sites are hosted on secure servers owned by Totally Communications. Totally Communications ensures that access to live client data is restricted and managed as far as practicable and has policies in place for the Management of Access to Client Data (Access Control). The website is deployed on Amazon Web Services (AWS). Clients data is all located on Amazon AWS instances in the EU, and never leaves the EU. Amazon Web Services (AWS) is ISO 27001 certified. Totally Communications continues to monitor the GDPR compliance status of AWS. Totally Communications will set up security groups (firewalls) on AWS for client networks. In addition, the servers run ‘fail2ban’ which includes IDS (Intrusion Detection Systems). For websites (WordPress sites) managed by Totally Communications, ‘WordFence’ is used that utilises a Web Application Firewall. Patching for Plugins and WordPress core is undertaken automatically as new releases are deployed. All discs with data are encrypted. Secure coding standards/ practices are deployed by the Totally Communications Development Team, adhering to OWAST top 10 most critical ‘Web Application Security Risks’.
We always ensure only authorised persons have access to your information, which means only our staff, volunteers and contractors, and that everyone who has access is appropriately trained to manage your information.
No data transmission over the internet can however be guaranteed to be 100% secure. So while we strive to safeguard your information, we cannot guarantee the security of any information you provide online and you do this at your own risk. For instance, we would urge users of our websites and individuals emailing us to be careful about including sensitive personal data in these communications.
For your convenience, the charity’s websites contain hyperlinks to third party web sites. We do not control, endorse, or guarantee the content found on such websites and you should consider the privacy policies of these third parties.
Who has access to your information?
- Third parties who provide services for us, for example our website hosts (Totally Communications), our legal advisers, and our accountants. We select our third party service providers with care. We provide these third parties with the information that is necessary to provide the service and, where required, we will have an in place that requires them to operate with the same care over data protection as we do.
- Analytics and search engine providers that help us to improve our websites and their use.
- Third parties in connection with restructuring or reorganisation of our operations, for example if we merge with another charity. In such event we will take steps to ensure your privacy rights will be protected by the third party.
Owing to matters such as financial or technical considerations the information you provide to us may be transferred to countries outside the European Economic Area (EEA), which are not subject to the same data protection regulations as apply in the UK. We meet our obligations under GDPR by ensuring that the information has equivalent protection as if it were being held within the EEA. We do this by ensuring that there are appropriate safeguards in place with any third parties processing your data outside the EEA. This will usually be because the country either benefits from an adequacy determination for GDPR purposes and/or, where appropriate, we have entered into an agreement with the third party which contains model EU clauses.
We may also disclose your personal information if we are required to do so under any legal obligation and may use external data for the purposes of fraud prevention and credit risk reduction, or where doing so would not infringe your rights, but is necessary and in the public interest.
Other than this, we will not share your information with other organisations without your consent.
Keeping your information up to date
We really appreciate it if you let us know if your contact details change. You can do so by contacting us at email@example.com.
Our use of “cookies”
“Cookies” are small pieces of information sent by a web server to a web browser, which enable the server to collect information from the browser. They are stored on your hard drive to allow our websites to recognise you when you visit. Please read our cookies policy here.
We appreciate that individuals communicating with the Charity may be of all ages. We do not knowingly collect personal information from children. If a situation arises where we do need to obtain consent to collect information about children who are under 16, we will ask for consent from a parent or guardian to collect that information. We remind parents/guardians that they have the primary obligation to ensure that their children’s use of the internet is well supervised.
How long we keep your information for
We will hold your personal information for as long as it is necessary for the relevant activity. By way of example, we hold records of donations you make for at least six years so we can fulfil our statutory obligations for tax purposes. Please see our Records Retention Policy here.
Where we rely on your consent to contact you for marketing purposes (e.g. by way of sending you our newsletter), we will treat your consent as lasting only for as long as it is reasonable to do so. This will usually be for two years. We may periodically ask you to renew your consent.
If you ask us to stop contacting you with marketing or fundraising materials, we will keep a record of your contact details and limited information needed to ensure we comply with your request.
You have the right to request details of the processing activities that we carry out with your personal information through making a Subject Access Request. Such requests have to be made in writing. More details about how to make a request, and the procedure to be followed, can be found in our Data Protection Policy. To make a request contact us at firstname.lastname@example.org.
You also have the following rights:
- the right to request rectification of information that is inaccurate or out of date;
- the right to erasure of your information (known as the “right to be forgotten”);
- the right to restrict the way in which we are dealing with and using your information; and
- the right to request that your information be provided to you in a format that is secure and suitable for re-use (known as the “right to portability”);
- rights in relation to automated decision making and profiling including profiling for marketing purposes.
All of these rights are subject to certain safeguards and limits or exemptions, further details of which can be found in our Data Protection Policy. To exercise any of these rights, you should contact email@example.com.
If you are not happy with the way in which we have processed or dealt with your information, you can complain to the Information Commissioner’s Office. Further details about how to complain can be found here.
This Policy may be changed from time to time and we will advertise this on our websites. If we make any significant changes we will contact you directly with the information.
Do please check this Policy each time you consider giving your personal information to us.
This Policy was last updated in 8th November 2018.