Scripture Union is committed to keeping your data safe. This Privacy Notice explains how, when and why we collect data from you, and what we use it for.
Who we are
Scripture Union is a Christian charity working to create opportunities for children and young people to explore the Bible, respond to Jesus and grow in faith.
To find out more, visit the Who we are page.
Scripture Union is registered as a charity in England and Wales (number 213422), and is also registered as a company limited by guarantee (number 00039828).
For the purposes of this notice, ‘us’, ‘our’ and ‘we’ refer to Scripture Union.
In carrying out our day-to-day activities we process and store personal information relating to our supporters, customers, volunteers, guests, contractors and employees. We are therefore required to adhere to the requirements of the General Data Protection Regulation, May 2018 (the GDPR).
We take our responsibilities very seriously, and we ensure the personal information we obtain is held, used, transferred and otherwise processed in accordance with the regulations and all other applicable data protection regulations including, but not limited to, the Electronic Privacy Regulations.
We also follow the guidance issued by the Fundraising Regulator on treating donors fairly. We believe this helps support our staff and fundraisers who come into contact with supporters to provide high-quality customer care, ensuring that anyone donating to the charity is in a position to make a free and informed decision.
We are registered with the Fundraising Regulator and endeavour to meet the high standards promoted by their code of Fundraising Practice.
What personal information do we collect?
Personal information is information that can be used to identify you. We collect personal information about you when you ask about our activities, register to use our services (for example, create an online account), make a donation, attend or book on an event, engage with our social media or message boards, order products and services (such as publications and email newsletters), apply for a job or to volunteer with us, tell us your story, use our apps and website, provide us with feedback or make a complaint, participate in training, when your image is captured on CCTV, by photograph or video, or when you otherwise provide personal information.
The information we collect and hold may typically include:
- your name
- date of birth
- email address
- postal address (home or work)
- telephone number
- mobile telephone number
If you make a payment relating to an order, donation, event booking or volunteer application, we may also collect:
- bank account details
- credit/debit card details
- other financial records and, for Gift Aid purposes, whether you are a UK taxpayer
If you interact with us online, we may also collect:
- your IP address
- details of pages visited
- details of files downloaded
We do not collect sensitive or special category information about you unless there is a clear reason for doing so. We will make it clear to you when collecting this information as to what we are collecting and why.
If you apply to work with us in a paid capacity or as a volunteer, we may also collect:
- personal and sensitive personal data such as the information on your CV or as requested in the application form
- health, dietary and mobility requirements for health and safety purposes
- disclosure of criminal convictions
Why do we collect and how do we use your information?
When collecting personal data from you, we will make clear why your information is being collected and how it will be used. In accordance with the GDPR, we will process your data under one of the following bases:
- Legitimate interests – where consent is unnecessary and our processing is considered expected and non-intrusive
- Consent – where you have given specific permission to process your data to contact you for marketing purposes
- Contract – where processing is required to fulfil contractual obligations to you
- Legal obligation – where there is a legal obligation to process your data
- Vital interests – where the processing of your information is required to save or protect your life
We will process your personal information in accordance with this notice and our obligations under applicable data protection regulations for one or more of the following purposes:
- to provide you with the services, products or information you have requested
- to fulfil contractual obligations to you
- for administration purposes, such as to contact you about a donation or sales order you have made or about activities you have expressed an interest in, registered for or volunteered on
- to process any donations, orders, event bookings or team fees we may receive from you (including the processing of Gift Aid via HM Revenue & Customs)
- for financial or legal obligations, such as ensuring your donation is used correctly, VAT purposes, contractual payments, grant applications
- for internal record keeping, such as the management of feedback or complaints and financial reporting
- to analyse and improve the services we offer
- to keep you informed of our work, resources and activities, and to provide you with opportunities to manage your contact preferences
- to ask for your support for our charitable purposes and to keep you up to date with similar or new products, subscriptions or resources that we think you may benefit from using, but in accordance with your preferences
- to invite you to events that are beneficial to you or your church or organisation
- to invite you to participate in surveys or research
We will not use your information for marketing purposes if you have asked us not to. However, your details will be retained on a ‘do not mail’ list to help ensure we do not continue to contact you in the future.
Recruitment and volunteering
- to support the recruitment and selection process of staff and volunteers
- to effectively fulfil our obligations to our employees and volunteers
- to use third parties to provide services such as qualifications, health screening, psychometric evaluation or skills tests
- to ensure the safeguarding and wellbeing of participants and volunteers on events, such as reference checks, Disclosure and Barring Service (DBS) applications and health information
- to provide you with quick booking or application processes for future events for which you may like to register
Under 18s and adults at risk of harm
If you would like to participate in an event, make a donation or get involved with us, please make sure that you have your parent/guardian’s permission before giving out your personal information.
Donating, ordering, entering a competition or making an enquiry
We do not generally accept donations or orders directly from someone under the age of 13. We understand that a child or young person may want to donate or order products or resources, and encourage this to happen via their parent or guardian.
We will collect information about you such as your name, address, date of birth and, if over the age of 13, your email address, phone numbers and the ways in which you would like to be contacted when you make a donation, place an order or enquire about something.
For competitions, we will also ask for your age and the contact email and phone number of your parent or guardian so that they (if you are under 16) can be contacted in the event of winning.
Attending an event
If you register to participate in an event, personal information about you will be collected to ensure that you are kept safe and well provided for. We may collect information about you related to age, health, parent and family details, school and church club information. If you are under the age of 13, a parent or guardian may provide this information on your behalf.
Volunteering (age-dependent, usually 16+)
For your volunteer application to be assessed, the information collected is of a more personal nature. This ensures that you are kept safe and well provided for should you be appointed. The information we collect about you may relate to age, health, parent and family details, school and church club information.
Anyone under the age of 18 (either as a participant or a volunteer) must have parental or guardian permission to attend the event; this will be confirmed during the application process.
You will also be able to let us know how you would like us to keep in touch with you and for what reasons.
We understand that additional care may be needed when we collect and process the personal information of adults at risk of harm who use our services, support us financially, purchase our products or services, wish to participate in any of our events or otherwise contact us. We appreciate that additional care may be needed when we use your personal information: we will manage appropriately any data we collect about you and we will work to ensure that you understand fully your data rights.
The accuracy of your information
We aim to ensure that all information we hold about you is accurate and, where necessary, is kept up to date. If any of the information we hold about you is inaccurate and either you advise us or we become otherwise aware, we will ensure it is amended and updated as soon as possible.
The type of communications and information you receive about us and the ways in which you can engage with our work is your choice. You can change your mind at any time. If you have an online account you can update your communication preferences in your account or you may also do so by contacting us via post or telephone (details are included in the ‘Your rights’ section below) or by email [email protected]
We undertake data cleaning on a regular basis to ensure the accuracy of our data. On occasions, your data may be shared with carefully selected companies to undertake the data cleaning process.
Storing your information
We will keep your information for as long as required to enable us to operate our services, but we will not keep your information for any longer than is necessary. We will take into consideration our legal obligations and industry standards or best practice when determining how long we should retain your information.
Although most of the information we store and process stays within the UK, some information may be transferred to countries outside the European Economic Area (EEA). This may occur if, for example, a service provider’s servers are located in a country outside the EEA. Whilst such countries may not have similar data protection laws to the UK, we will take steps to ensure your privacy continues to be protected as outlined in this Privacy Notice.
Once your information is no longer required for business purposes and has reached the end of its recommended retention period, we will ensure that it securely disposed of.
Information sharing and disclosure
We will not sell or share your information with any third party to use for their own purposes.
We may share your information with suppliers that enable us to carry out activities that support or enable our charitable purpose.
All our suppliers are required to comply with data protection laws and our high standards and they are only allowed to process your information in strict compliance with our instructions. We always make sure that appropriate contracts and controls are in place and we regularly monitor all our suppliers to ensure their compliance.
We may disclose your personal information to third parties if we are required to do so through a legal obligation (for example, to the police or a government body); to enable us to enforce or apply our terms and conditions or rights under an agreement; or to protect us, for example, in the case of suspected fraud or defamation.
We will not share your information for any other purposes.
Our service providers
From time to time we may engage suppliers to carry out tasks on our behalf, such as processing and fulfilling orders, managing events, processing DBS applications, supporting our systems or processing transactions. These suppliers are protected by contractual agreements and the GDPR.
Credit and debit card payment information
If you use your credit or debit card to donate to us or buy a product or service online or by phone, we will ensure that the transaction is processed securely and in accordance with the Payment Card Industry Data Security Standard (PCI DSS). Find out more information about PCI DSS standards by visiting the website www.pcisecuritystandards.org.
We do not store your credit or debit card details following the completion of your transaction. All card details and validation codes are securely destroyed once the payment or donation has been processed. Only staff authorised to process payments will have access to your card details.
For all areas of our website that collect personal information, we use a secure server. We enforce strict procedures and security features to protect your information and prevent unauthorised access.
We may use IP addresses to block disruptive use, to record website traffic, to personalise the way our information is presented to you or to identify your approximate location where it is required or authorised by law.
With cookies, the information we collect and share is anonymous and does not personally identify you. It does not contain your name, address, telephone number or email address.
What is a cookie? A cookie is a small file of letters and numbers that we may put on your computer or mobile device when you access our website. These cookies allow us to distinguish you from other users of the website, helping us to provide you with a good experience when you browse our website and also allowing us to improve our site. For example, they will tell us whether you have visited our site before or whether you are a new visitor.
Access the All About Cookies website to find out more about cookies and how you can disable them.
We take your data rights seriously. The GDPR provides you with the following rights:
- The right to be informed – you have the right to know about what and how we process your personal information
- The right of access – you have the right to request a copy of the information that we hold about you
- The right to rectification – you have the right to correct data that we hold about you that is inaccurate or incomplete
- The right to erasure – in certain circumstances you can ask for the data we hold about you to be erased from our records
- The right to restrict processing – where certain conditions apply you have the right to restrict processing of your data
- The right to data portability – you have the right to have the data we hold about you transferred to another organisation
- The right to object – you have the right to object to certain types of processing such as direct marketing
- Rights in relation to automated decision making and profiling – we do not carry out automated decision making and profiling
Please note that these rights do not apply in all circumstances due to legal or regulatory compliance.
For more information on these rights, please read the relevant guidance issued by the Information Commissioner Office.
If you wish to find out more about these rights or obtain a copy of the information we hold about you, please contact Scripture Union:
Opal Court, Opal Drive
Fox Milne, Milton Keynes MK15 0DF
Telephone: 01908 856000
Email: [email protected]
Changes to the Privacy Notice
We regularly review and update this Privacy Notice and will update, modify, add or remove sections at our discretion. You are encouraged to revisit the Privacy Notice regularly to read the latest version. This version is dated 19 July 2018.
If you have any questions or queries about this Privacy Notice, please contact our Data Protection Lead by using the contact us form, Telephone: 01908 856000, or Email: [email protected]