Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
Who we are
Christian Hope is an international charity that works with churches and other organisations to share the Christian faith and alleviate poverty through child sponsorship and community-based development projects.
We are a charity registered with the Charity Commission in the UK, Registration Number: 1061526.
We are also a Data Controller, registered with the Information Commissioner’s Office, Registration Number: Z8429530.
What data we collect
We may collect and process personal information about you such as:
Your name, address, email address, telephone number, your age;
Information you enter onto our website or in other hard copy forms at an event;
Records of your correspondence with us, if you have contacted us;
Details of your visit to our website, including your IP address;
Financial information such as your bank or card details;
Whether you have a relationship to another supporter (e.g. husband/wife).
We may also collect sensitive personal information about you, such as details about a health condition or disability, religious affiliation, socio-economic background
How we use your personal data
We collect personal data to help us to process your requests, keep in touch with you and to help us to interact with you in the most effective way. Examples of this include:
keeping you up to date on our work and fundraising appeals
managing our employees and volunteers
taking donations or other payments
claiming Gift Aid on donations
providing services, products or information you have requested
exchanging correspondence and photos between child and sponsor
ensuring that content from our site is presented in the most effective way for you and your computer
Legal basis for processing your personal data
We will always make sure that we consider why we are processing your personal data and identify our legal basis for doing so. Often this will be because you have given us your explicit consent. We may also process your data where we are furthering our legitimate aims and have assessed that the processing is not likely to be too intrusive, or to unduly infringe on your rights and freedoms. In legal terms, this is called the “legitimate interests” basis.
The Legitimate Interests basis
We have a duty to promote ourselves and our work; to responsibly raise as much money as possible to further our charitable aims; to update our supporters and the general public on our progress; and to operate in an effective way. We always pursue these interests in a respectful manner, with our supporters at the heart of what we do and in line with our Christian ethos. We might further our legitimate interests in the following ways:
To communicate with you about marketing and fundraising materials or products:
To respond to requests for information, such as where you have asked for a fundraising pack.
To send you mail relating to activity that we think you may be interested in (unless you have told us you do not want this). We will always consider how much mail you receive from us, and what the topic is, to ensure that it is appropriate.
If you are a child sponsor, to forward messages from our country offices where your sponsored child lives.
To contact you by telephone for fundraising or marketing purposes where you have provided us with your number.
To fulfil Gifts of Kindness, if you have ordered either for yourself or to send them to a gift recipient.
To use social media so that you see CHI adverts on your newsfeed.
Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with our operational partners and third-party suppliers for purposes connected with the providing services by Christian Hope International. We will not sell or share your data to other third parties for any reason.
How long we keep your personal data
We take the principles of data minimisation and removal seriously and ensure that we only ever ask for the minimum amount of data for the associated purpose and delete that data promptly once it is no longer required.
How and where we store your personal data
We take the care of your data very seriously and we use a combination of organisational and technological security measures to protect your personal information. This includes the use of secure servers, firewalls, virus & malware protection. We follow payment card industry (PCI) security compliance guidelines when processing credit card payments.
Access to data is password protected. We make sure that only staff who need to access your personal data can do so. Any member of our staff who has access to your personal data is given training to make sure that they understand the importance of keeping your information safe and secure at all times.
Some data is stored in hard copy form in lockable filing cabinets in secure rooms within our head office. Paper records are shredded in accordance with our retention policy.
Whilst we take all of the measures that we’ve outlined above, unfortunately, the transmission of information using the internet is not completely secure. Although we will do our best to protect your personal data sent to us this way, we cannot guarantee the security of data transmitted to our site.
In the extremely unlikely event that we experience a data breach, our Data Protection Coordinator would immediately notify and work with the Information Commissioner’s Office as necessary.
When your data might be transferred outside of Europe
CHI is aware that countries outside of the European Union have differing standards of data privacy. Much of our data is kept within CHI systems here in the UK, or within our cloud service provider’s European data centre, but there are some exceptions that you should be aware of. If you are a child sponsor, your name, Ray of Hope reference number, circumstances and other details may be made available to our international partners. Your contact and financial details are never shared.
For all organisations we work with who process data outside the EU, we have appropriate standards and safeguards in place giving you at least the same level of protection as here in the UK.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -
The right to request a copy of your personal data which the Board of Trustees of Christian Hope International holds about you;
The right to request that the Board of Trustees of Christian Hope International corrects any personal data if it is found to be inaccurate or out of date;
The right to request your personal data is erased where it is no longer necessary for the Board of Trustees of Christian Hope International to retain such data. We will make it as easy as possible for you to do this (for example by putting ‘unsubscribe’ links at the bottom of all our marketing emails).
The right to withdraw your consent to the processing at any time
The right to request that the data controller provide the data subject with his/her personal data
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
The right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
The right to lodge a complaint with the Information Commissioners Office. A full summary of your legal rights over your data can be found on the Information Commissioner’s website; https://ico.org.uk/
If you would like to access the rights listed above, or any other legal rights you have over your data under current legislation, please get in touch with us. Please note that relying on some of these rights, such as the right to deleting your data, will make it impossible for us to continue to deliver some services to you.
A breach is more than just losing personal data. It is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. We take this very seriously. We will investigate the circumstances of any loss or breach, to identify if any action needs to be taken. Action might include changes in procedures, where there will help to prevent a re-occurrence or disciplinary or other action, in the event of negligence. We will notify the ICO within 72 hours of a breach if it is likely to result in a risk to the rights and freedoms of individuals.
Our Data Protection Co-ordinator is responsible for ensuring compliance with the data privacy legislation. Any questions or concerns about the interpretation or operation of this policy should be taken up in the first instance with them.
Any volunteer or employee who considers that the policy has not been followed in respect of personal data about themselves or others should raise the matter with the Data Protection Co-ordinator in the first instance.
You can contact our Data Protection Co-ordinator on 01708 377795 or email email@example.com.
You can contact the Information Commissioners Office on 0303 123 1113 or via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.