1.1 We are Divine Renovation Ministry UK (“DRUK”) and we operate from 5 - 7 Cromwell Road, London, SW7 2HR. We operate as an area of activity of Kristos Media Charitable Company Limited by Guarantee (company number: 5603035, and charitable registration number: 1112003). Kristos Media operate from their national office at Douglas Bank House, Wigan Lane, Wigan, Lancashire, United Kingdom, WN1 2TB.
The terms “we”, “us” or “our”, when used throughout this policy, refer to Divine Renovation Ministry UK as a team operating as an area of activity of Kristos Media. We are committed to protecting and respecting your privacy.
1.3 For the purpose of the Data Protection Act 1998, (the “DPA”) and the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, (the “GDPR”), we are the data controllers and are located at Divine Renovation Ministry UK.
1.4 We comply with the DPA and will comply with the GDPR once this becomes applicable from 25 May 2018 in respect of the collection, holding, storage, use, and processing of personal data about our individuals (such personal data is held in both manual and electronic records).
2. What we collect
2.1 Personal data
(a) We collect and use the following types of personal data about our individuals:
(i) personal information such as
- postal address;
- phone numbers (home, work and mobiles as applicable);
- email address(es);
- contact preferences;
- information given when registering to use or completing forms on our website;
- information given when registering for a ‘My ChurchSuite’ account;
- information given when registering for any DRUK event;
• information on donations made;
• information that our individuals give us – for example when making donations, such as bank account details for setting up regular direct debits, credit card details for processing credit card payments, employer details for processing a payroll gift, or taxpayer status for gift aid purposes;
- information given when using our website; and
- information given when taking part in DRUK’s social mediafunctions or on our website.
(ii) the marketing preferences of our individuals and whether and when consent to receive marketing communications has been given or withdrawn.
(iii) correspondence between individuals and ourselves (whether by telephone, e-mail or otherwise).
(b) We also collect and use certain technical information about our individuals’ visits to our website which may include, for example, internet protocol (“IP”) addresses, login information, browser type and version, pages accessed, files downloaded, full Uniform Resource Locators, (“URLs”), clickstream to, through and from the website (including date and time), products viewed or searched for, page response times, download errors, length of visits to certain pages and page interaction information (such as scrolling, clicks and mouse-overs).
(c) We collect some of the personal information set out above directly from individuals and some from third parties (for example, we may receive personal information from individuals when they make a donation to us through a third-party website, such as Just Giving or GoCardless, and the individual has given the third-party website permission to share information with us).
(d) We collect some of the personal information set out above directly from event attendees and some from third parties (for example, we may receive personal information from event attendees when they register to attend an event through a third-party website, such as Eventbrite or ChurchSuite, and the event attendee has given the third-party website permission to share information with us).
(e) Individuals do not have to disclose personal data to us to browse the website or to use our social media sites, but individuals do need to provide us with certain personal data in order for us to provide them with certain services.
(f) The safety of children is very important to us. We do not knowingly collect the personal data of those who are under 16 years old without the consent of their parent or guardian.
3. Website Cookies
4. How we use information
(a) providing individuals with the products, services and information that they ask us for;
(b) corresponding with individuals and recording any relevant communications;
(c) sending marketing information to our individuals;
(d) keeping records of donations made and actions taken by our individuals;
(e) claiming gift aid on donations;
(g) recording campaigning activities by individuals;
(h) performing our obligations under any contracts that we enter into with individuals;
(i) telling individuals about changes to our services;
(j) ensuring that content from our website is presented effectively for individuals and for their computers;
(k) administering our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
(l) improving our website to ensure that content is presented most effectively for individuals and their computers;
(m) allowing individuals to choose to take part in interactive features of our services; and
(n) keeping our website safe and secure.
5. How we share information
5.1 We share individuals’ information with ChurchApp Limited Company (Company No: 08532235), which has its registered office at Unit B4, Lancaster House, 10 Sherwood Rise, Nottingham, England, NG7 6JE (“CAL”) in their role as the provider DRUK’s secure database platform.
Beyond this, we will only share individuals’ personal data if:
(a) we are working with partners whom we have carefully selected to carry out work on our behalf, such as service providers and sub-contractors (for example, IT services providers and providers of technical, payment and delivery services) to perform any contract we enter into with them. The kind of work we may ask them to do includes processing, packaging, mailing and delivering purchases, answering questions about us and any services we provide, carrying out research or analysis to assist us in our mission and processing credit card payments.
We only choose partners we trust and only pass personal data to them where they have undertaken to keep your personal data secure. We do not allow these partners to use your data for their own purposes or disclose it to other third parties and we will take all reasonable care to ensure that such partners keep your data secure; or
(b) we are legally required to do so e.g. by law or by an order of a court of competent jurisdiction; or
(c) there is a medical emergency in which an individual’s personal information must be shared for benefit of their health and/or wellbeing.
We will not sell individuals’ information. We will not share individuals’ information with other organisations other than as stated above.
6. Legal basis for processing information
We rely on various legal bases to justify our processing of individuals’ personal data. Further details of these are set out below.
(b) The processing is necessary for our legitimate interests. These legitimate interests include processing, packaging, mailing and delivering purchases, answering questions about us and any services we provide, carrying out research or analysis to assist us in our mission and processing credit card payments.
(c) The processing is necessary to perform a contract to which the relevant individuals are parties or to take steps that they have asked us to take before entering into a contract, such as registering for an event which we are hosting or purchasing a DRUK media resource, information pack, or merchandise.
(d) The processing is necessary for us, as the data controller, to comply with our legal obligations, such as sharing personal data where we are legally required to do so e.g. by law or by an order of a court.
7. Where we transfer and store information
7.2 All information that individuals provide to us is stored on our secure servers and/or on the servers of our suppliers who we have engaged to host various IT systems for us. Any payment transactions will be encrypted using TLS technology. Where we have given individuals (or where they have chosen) a password which enables them to access certain parts of our website, they are responsible for keeping this password confidential. We ask them not to share this password with anyone.
7.3 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect individuals’ personal data, we cannot guarantee the security of data transmitted to our website; any transmission is at individuals’ own risk. Once we have received personal information, we will use strict procedures and security features to try to prevent unauthorised access.
7.4 Our mission is to assist parish priests and lay leaders in the UK by engaging them through various media, events, newsletters, consultation and opportunities to learn. We will keep individuals’ information only for as long as they engage with us in any of the above ways, and only as long as we need it:
(a) to administer their relationship with us;
(b) to comply with the law; or
(c) to ensure we do not communicate with individuals who have asked us not to.
8. Individuals’ rights
(a) Access. We will confirm to individuals whether or not we are processing and using personal data about them, at their request and, if so, provide them with access to and a copy of such personal data and the other details to which they are entitled.
(b) Rectification. We will correct any inaccurate personal data and complete any incomplete personal data (including by providing a supplementary statement) that we hold about individuals without undue delay at their request.
(c) Prevention of processing likely to cause damage or distress. We will respect our individuals’ rights to require us to cease or not to begin processing their personal data for a specific purpose, or in a specific way, that is likely to cause unwarranted damage or distress, either to the relevant individual or a third party.
(d) Erasure. We will erase personal data concerning an individual at their request without undue delay in certain circumstances, (for example, among other things, if their personal data is no longer needed for the purposes for which it was collected or otherwise used).
(e) Restriction. We will restrict the processing of individuals’ personal data in certain circumstances (for example, among other things, if they believe that their personal data held by us is inaccurate), if requested by them to do so.
(f) Data portability. We will respect the rights of individuals to receive personal data about them that they have provided to us in a structured, commonly used and machine-readable format and to transmit such personal data to another data controller without hindrance from us in certain circumstances.
(g) Right to object. We will respect the general rights of individuals to object to the processing of their personal data in certain circumstances.
(h) Right to object to marketing. We will respect individuals’ rights regarding use of their personal data for direct marketing purposes. In particular, we will not begin or we will cease processing any personal data of individuals for direct marketing purposes if at any time individuals ask us not to do so.
(i) Automated individual decision-making, including profiling. Where requested, we will not make decisions based on automated processing, including profiling and we will ensure that you can always obtain a review by one of our staff members of any automated decisions and are able to express your point of view and contest any such decisions.
We will not make any automated decisions based on sensitive personal information unless we have obtained your explicit consent to do so, or this is otherwise necessary for substantial public interest reasons based on applicable law.
8.2 We will process all personal data in line with individuals’ rights in each case to the extent required by and in accordance with applicable law only (including, without limitation, in accordance with any applicable time limits and requirements regarding fees and charges).
8.3 We will respect individuals’ rights regarding use of their personal data for direct marketing purposes. In particular, we will not begin or we will cease processing any personal data of individuals for direct marketing purposes if at any time an individual asks us to stop.
9. Contact and complaints
9.3 We are not a ‘public authority’ as defined under the Freedom of Information Act 2000 and we will not therefore respond to requests for information made under that Act.