Automatic collection of information
When you visit the Website our servers automatically record information that your browser sends, known as Log Data. This data may include information such as your device’s Internet Protocol (IP) address, browser type and version, operating system type and version, device name and characteristics, country, location, language preferences or the webpage you were visiting before you came to our Website, pages of our Website that you visit, the time spent on those pages, information you search for on our Website, access times and dates, and other statistics and technical information. This information is primarily needed to maintain the security and operation of our Website, and for our internal analytics and reporting purposes.
Collection of personal information
You can visit the Website without telling us who you are or revealing any information by which someone could identify you as a specific, identifiable individual. If, however, you wish to use some of the Website’s features, you will be asked to provide certain Personal Information (for example, your name and e-mail address). We receive and store any information you knowingly provide to us when you publish content or fill any online forms on the Website. You can choose not to provide us with your Personal Information, but then you may not be able to take advantage of some of the Website’s features. Users who are uncertain about what information is mandatory are welcome to contact us.
What personal data is collected
Media: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact forms: If you use a contact form to get in touch with us then we will receive all of the data sent using that form, including the name & email address you use as well as whatever contents you include in the message body.
Analytics: This Website uses Google Analytics to receive information about how the Website is used.
User Data: For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Use and processing of collected information
We typically only hold data that either helps us fulfil our missional and charitable aims as missionaries or that we are legally obliged to. Any of the information we collect from you may be used to:
- Update you about our ministries, family, events, and any matters of interest related to our work;
- Send you other communications which you have requested or that may be of interest to you;
- Maintain our own accounts and records;
- Fundraise and promote the interests of our work;
- Process and record financial donations that you have made;
- Communicate with you about your views or comments;
- Run and operate our Website and Services, including to personalize your experience and improve our Website;
- Respond to queries and emails of our users and/or send notification emails such as password reminders, updates, etc;
- Enable us to meet all legal and statutory obligations;
Information collected automatically is used only to identify potential cases of abuse and establish statistical information regarding Website usage. This statistical information is not otherwise aggregated in such a way that would identify any particular user of the system.
We may process Personal Information related to you if one of the following applies: (i) You have given your consent for one or more specific purposes. Note that under some legislations we may be allowed to process information until you object to such processing (by opting out), without having to rely on consent or any other of the following legal bases below. This, however, does not apply, whenever the processing of Personal Information is subject to European data protection law; (ii) Provision of information is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof; (iii) Processing is necessary for compliance with a legal obligation to which you are subject; (iv) Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in us; (v) Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party. In any case, we will be happy to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Information is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
As a Data Controller, we will comply with all legal obligations to keep personal data up to date; to store and destroy it securely; to not collect or retain excessive amounts of data; to keep personal data secure, and to protect personal data from loss, misuse, unauthorised access and disclosure and to ensure that appropriate technical measures are in place to protect personal data. If you have any concerns about how your data is being used, please get in contact with us.
Information transfer and storage
Depending on your location, data transfers may involve transferring and storing your information in a country other than your own. You are entitled to learn about the legal basis of information transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by us to safeguard your information. If any such transfer takes place, you can find out more by checking the relevant sections of this document or inquire with us using the information provided in the contact section.
Your data, such as comments, uploaded media, messages sent to us, etc., will be stored indefinitely. They may be deleted at any time according to our discretion (e.g. were we to need to clear up storage space) or upon receiving a request to delete such data. Contact details saved with MailChimp will remain in the database there even after unsubscribing – these can be deleted upon request but this will prevent any resubscription in future using the same email address. Users will continue to exist on the Website until a request is made to delete them. Data related to finances, e.g. donation records, will be kept for an extended period of time. For example, it is current best practice to keep financial records for a minimum period of 7 years.
- Consent: We may process your data if you have given us specific consent to use your personal information in a specific purpose.
- Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate operating interests.
- Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfil the terms of our contract.
- Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
- Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
Most of the data we process is given with consent or because it is necessary for our legitimate interests to enable our charitable and missional aims. For example, maintaining contact details to enable us to keep you up to date about our work. Where your information is to be used other than in accordance with the above, we will first obtain your consent to that use.
Privacy Protection Laws
Our processing of personal and sensitive data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and other legislation relating to personal data and rights such as the Human Rights Act 1998.
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. Our website is not specifically intended for use by children under the age of 13 years old.
The rights of users
You may exercise certain rights regarding your information processed by us. When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights. In particular, unless subject to an exemption under the GDPR, you have the right to do the following:
- You have the right to withdraw consent where you have previously given your consent to the processing of your information;
- You have the right to object to the processing of your information if the processing is carried out on a legal basis other than consent;
- You have the right to learn if information is being processed by us, obtain disclosure regarding certain aspects of the processing (such as why we have that information, who has access to the information and where we obtained the information from) and obtain a copy of the information undergoing processing;
- You have the right to verify the accuracy of your information and ask for it to be updated or corrected – If the data we hold on you is out of date, incomplete or incorrect, you can inform us and your data will be updated;
- You have the right, under certain circumstances, to restrict the processing of your information, in which case, we will not process your information for any purpose other than storing it (this includes when there is a dispute in relation to the accuracy or processing of your personal data, to request that a restriction is placed on further processing);
- You have the right, under certain circumstances, to obtain the erasure of your Personal Information from us;
- If you feel that we should no longer be using your data or that we are illegally using your data, you can request that we erase the data we hold – when we receive your request we will confirm whether the data has been deleted or the reason why it cannot be deleted, e.g. any data we are obliged to keep for administrative, legal, or security purposes (e.g. to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms and Conditions and/or comply with legal requirements).
- You have the right to receive your information in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance (known as data portability). This provision is applicable provided that your information is processed by automated means and that the processing is based on your consent, on a contract which you are part of or on pre-contractual obligations thereof.
If you are resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.
If you are under 18 years of age, reside in California, and have a registered account with us , you have the right to request removal of unwanted data that you publicly post on our Website. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on our Website, but please be aware that the data may not be completely or comprehensively removed from our systems.
If any complaint with us is not satisfactorily resolved, you can contact the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs in writing at 1625 North Market Blvd., Suite N 112, Sacramento, California 95834 or by telephone at (800) 952-5210 or (916) 445-1254.
The right to object to processing
Where Personal Information is processed for the public interest, in the exercise of an official authority vested in us or for the purposes of the legitimate interests pursued by us, you may object to such processing by providing a ground related to your particular situation to justify the objection. Upon receiving the request we will contact you and let you know if we are able to comply or if we have legitimate grounds to continue to process your data. Even after you exercise your right to object, we may continue to hold your data to comply with your other rights or to bring or defend legal claims. You must know that, however, should your Personal Information be processed for direct marketing purposes, you can object to that processing at any time without providing any justification. To learn, whether we are processing Personal Information for direct marketing purposes, you may refer to the relevant sections of this document.
How to exercise these rights
Any requests to exercise User rights can be directed to us through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by us as early as possible.
Privacy of children
Our Website does not specifically address anyone under the age of 18 and we do not knowingly collect any Personal Information from children under the age of 18. In the case we discover that a child under 18 has provided us with personal information, we will immediately delete this from our servers. If you are under the age of 18, please do not submit any Personal Information through our Website. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide Personal Information through our Website without their permission. If you have reason to believe that a child under the age of 18 has provided Personal Information to us through our Website, please contact us. You must be at least 18 years of age to consent to the processing of your Personal Information (in some cases we may allow your parent or guardian to do so on your behalf).
Messages we send
We offer electronic newsletters to which you may voluntarily subscribe at any time. You may choose to stop receiving our newsletters by following the unsubscribe instructions included in these emails or by contacting us.
The CAN-SPAM Act is a law that sets the rules for commercial email. It establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. To be in accordance with CAN-SPAM, we agree to the following: to not use false or misleading subjects or email addresses; to identify the message as an advertisement in some reasonable way, if applicable; to include the physical address of our business or site headquarters; to monitor third-party email marketing services for compliance, if one is used; to honour opt-out/unsubscribe requests quickly; to allow users to unsubscribe by using the link at the bottom of each email.
Do Not Track signals
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. Tracking is not the same as using or collecting information in connection with a website. For these purposes, tracking refers to collecting personally identifiable information from consumers who use or visit a website or online service as they move across different websites over time. However, no uniform technology standard for recognizing and implementing DNT signals has been finalized.
Our Website does not track its visitors over time and across third party websites. However, some third party sites may keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you.
Links to other websites
Our Website contains links to other websites that are not owned or controlled by us. Please be aware that we have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to be aware when you leave our Website and to read the privacy statements of each and every website that may collect Personal Information.
Embedded content from other websites
We may employ third-party companies and individuals due to the following reasons: to facilitate our Website; to provide the Website on our behalf; to perform Website-related services; or to assist us in analysing how our Website is used. We want to inform our Website users that these third parties have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose. Examples include, sending visitor comments through an automated spam detection service, using your contact information in MailChimp to send updates, using Google Analytics to process statistics about the Website, receiving emails from users in our Gmail account, and storing contact lists on Cloud storage services such as OneDrive. You can be reassured that we will treat your personal data as strictly confidential. It will only be shared with third parties where it is necessary for the performance of our tasks or where you first give us your prior consent or it is legally required for us to do so.
Our site utilises a firewall and regular malware scanner to strengthen site security, as well as running regular backups of the site and its content. The site utilises an SSL certificate for added security. Our hosting providers further secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. Data that is received in our other accounts, such as Gmail or MailChimp, is protected by the security and privacy policies of such companies. We maintain reasonable administrative, and technical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of Personal Information in its control and custody. However, no data transmission over the Internet or wireless network can be guaranteed. Therefore, while we strive to protect your Personal Information, you acknowledge that (i) there are security and privacy limitations of the Internet which are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and our Website cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third-party, despite best efforts.
In the event we become aware that the security of the Website has been compromised or users Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When we do, we will post a notice on the Website. We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
If we wish to use your personal data for a new purpose, not covered by this policy, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Changes and amendments
Acceptance of this policy
You acknowledge that you have read this Policy and agree to all its terms and conditions. By using the Website you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorized to use or access the Website.
If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to individual rights and your Personal Information, you may do so via our contact form
This document was last updated on January 1st, 2020