Privacy Policy

The Good Shepherd Mission
Approved by Trustees on: 11 April 2018
Next Review Date: April 2021

1. Introduction to the Privacy Policy
This policy sets out how The Good Shepherd Mission (GSM) protects your privacy.  This policy sets out the different types of personal data we collect, why we collect it and what you can do if you would like to remove your data or change any details we may hold.  It also outlines the legal rights you have in respect to your personal data.  This policy seeks to provide you with the information required by the European General Data Protection Regulations (GDPR), coming into force on 25 May 2018. These rights are not affected by Brexit.

2. The basis and purposes for GSM holding personal data
Your consent will be obtained for GSM to hold personal data about you. This will be obtained through you giving consent by emailed or paper consent forms or through our website. We will ask for your consent when you request information about our activities, make a donation, or volunteer with us.
The purposes for us holding your data are:

  • For promoting the aims and objectives of GSM
  • For employing staff and recruiting volunteers
  • For running activities in pursuit of the GSM’s objects
  • For seeking financial support for the GSM
  • For sending newsletters, and other information about GSM and related events and activities
  • For administrative tasks connected with the above purposes

GSM will never use your data for automated ‘profiling’, i.e. to evaluate personal attributes such as economic situations or personal preferences.

3. Categories of Personal Data held by GSM
We collect information such as your name, home address, email address and phone number for the above purposes.  If you support GSM financially, we will hold data provided by you on donation, standing order or Gift Aid forms. This is so that we can process your gifts and keep necessary charity accounting records. We do not store details of any debit/credit cards.  Any other information you provide, such as feedback on activities/newsletters, are used to develop the work of GSM.

3.1. Data stored by the GSM website
The GSM website uses ‘analytical’ cookies. They allow us to analyse how visitors use the site and improve the way it works. The GSM website does not store any information that would, on its own, allow us to identify individual users without your permission. Any cookies that may be used by the website are used either solely on a per session basis, or to maintain user preferences. Cookies are not shared with any third parties. If you do not wish to receive cookies you can easily modify your web browser to refuse cookies or to notify you when you receive a new cookie. However, you may not be able to use all the features of the GSM website if cookies are disabled. Our website will from time to time contain hyperlinks to other sites, both in the UK and abroad. GSM cannot be responsible for data protection and privacy practices of these sites.

4. Who is my data shared with?
Personal data held by GSM is not shared with external parties unless required for:

  • Administrative processing of financial transactions, when details will be shared with GSM’s bank.
  • Donating through our website and Stewardship, when they will use cookies help to make the interaction between you and their website faster and easier. Cookies don't store any personal or confidential information about you.
  • Producing annual financial statements, when data will be shared with GSM’s Independent Examiner.
  • Complying with legal requirements, e.g. providing personal details of GSM trustees annually to the Charity Commission.
  • Safely storing your data.

5. How do we ensure your data is secure?
The main GSM database of supporters is stored on the GSM computer and backed up to secure online storage. All digital storage of data is password protected, with access restricted to GSM staff as necessary. Similarly, financial records are password protected and backed up online. Names of donors are kept anonymous when possible.  Paper forms are stored in a locked filing cabinet in an office which is locked when nobody is using it.  Banking information is protected by our bank’s strict security measures.

6. How long do we hold your personal data for?
GSM seeks to build long-term relationships with our supports over a period of years. In view of this, we retain your details as follows:

  • For general enquiries, single events, time-limited appeals, and sending of news or prayer letters: one year after our last contact with you, or if you request to be deleted sooner.
  • For donors to GSM: Six years after your last gift. 
  • Financial records: Six years from the end of the financial year in which the transaction was made, in line with Companies Act guidance.

You have the right to request that your data is deleted at any time. However, there are some situations where we are legally required to hold information for a certain amount of time, eg  relating to donors. If you request that your data is deleted we will either delete your data or inform you why we are unable to do so.

7. Your rights and your personal data
You have the following rights with respect to your personal data:
When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.

1. The right to access information we hold on you

  • At any point you can contact us to request the information we hold on you as well as why we have that information, who has access to the information and we obtained the information from. Once we have received your request

we will respond within one month.

  • There are no fees or charges for the first request but additional requests for the same data may be subject to an administrative fee.

2. The right to correct and update the information we hold on you

  • If the data we hold on you is out of date, incomplete or incorrect, you can inform us and your data will be updated.

3. The right to have your information erased

  • If you feel that we should no longer be using your data or that we are illegally using your data, you can request that we erase the data we hold.
  • When we receive your request we will confirm whether the data has been deleted or the reason why it cannot be deleted (for example because we need it for our legitimate interests or regulatory purpose(s)).     

4. The right to object to processing of your data

  • You have the right to request that we stop processing your data. Upon receiving the request we will contact you and let you know if we are able to comply or if we have legitimate grounds to continue to process your data. Even after you exercise your right to object, we may continue to hold your data to comply with your other rights or to bring or defend legal claims.   

5. The right to data portability

  • You have the right to request that we transfer some of your data to another controller. We will comply with your request, where it is feasible to do so, within one month of receiving your request.   

6. The right to withdraw your consent to the processing at any time for any processing of data to which consent was sought.

  • You can withdraw your consent easily by telephone, email, or by post (see Contact Details below).

7. The right to lodge a complaint with the Information Commissioner’s Office.

  • If you have concerns about the way we have handled your personal data, you can raise these with the Information Commissioner’s Office. Tel: 0303 123 1113, Website


8. Contact Details
If you need to contact us to discuss any privacy matter our contact details are below. These can also be found on the contact page of our website

Good Shepherd Mission
17 Three Colts Lane, London, E2 6JL

Tel: 020 7739 3822