The Good Shepherd Mission uses two types of cookies on our website: 1) per session cookies, which are temporary cookies that remain in the cookies file of your browser until you leave the website; 2) persistent cookies, which remain in the cookies file of your browser for longer. These cookies are used to store information between visits.
The Good Shepherd Mission
Approved by Trustees on: 11 April 2018
Next Review Date: April 2021
This policy sets out how The Good Shepherd Mission (GSM) protects your privacy. This policy sets out the different types of personal data we collect, why we collect it and what you can do if you would like to remove your data or change any details we may hold. It also outlines the legal rights you have in respect to your personal data. This policy seeks to provide you with the information required by the European General Data Protection Regulations (GDPR), coming into force on 25 May 2018. These rights are not affected by Brexit.
2. The basis and purposes for GSM holding personal data
Your consent will be obtained for GSM to hold personal data about you. This will be obtained through you giving consent by emailed or paper consent forms or through our website. We will ask for your consent when you request information about our activities, make a donation, or volunteer with us.
The purposes for us holding your data are:
• For promoting the aims and objectives of GSM
• For employing staff and recruiting volunteers
• For running activities in pursuit of the GSM’s objects
• For seeking financial support for the GSM
• For sending newsletters, and other information about GSM and related events and activities
• For administrative tasks connected with the above purposes
GSM will never use your data for automated ‘profiling’, i.e. to evaluate personal attributes such as economic situations or personal preferences.
3. Categories of Personal Data held by GSM
We collect information such as your name, home address, email address and phone number for the above purposes. If you support GSM financially, we will hold data provided by you on donation, standing order or Gift Aid forms. This is so that we can process your gifts and keep necessary charity accounting records. We do not store details of any debit/credit cards. Any other information you provide, such as feedback on activities/newsletters, are used to develop the work of GSM.
3.1. Data stored by the GSM website
4. Who is my data shared with?
Personal data held by GSM is not shared with external parties unless required for:
• Administrative processing of financial transactions, when details will be shared with GSM’s bank.
• Producing annual financial statements, when data will be shared with GSM’s
• Complying with legal requirements, e.g. providing personal details of GSM trustees annually to the Charity Commission.
• Safely storing your data.
5. How do we ensure your data is secure?
The main GSM database of supporters is stored on the GSM computer and backed up to secure online storage. All digital storage of data is password protected, with access restricted to GSM staff as necessary. Similarly, financial records are password protected and backed up online. Names of donors are kept anonymous when possible. Paper forms are stored in a locked filing cabinet in an office which is locked when nobody is using it. Banking information is protected by our bank’s strict security measures.
6. How long do we hold your personal data for?
GSM seeks to build long-term relationships with our supports over a period of years. In view of this, we retain your details as follows:
• For general enquiries, single events, time-limited appeals, and sending of news or prayer letters: one year after our last contact with you, or if you request to be deleted sooner.
• For donors to GSM: Six years after your last gift.
• Financial records: Six years from the end of the financial year in which the transaction was made, in line with Companies Act guidance.
You have the right to request that your data is deleted at any time. However, there are some situations where we are legally required to hold information for a certain amount of time, eg relating to donors. If you request that your data is deleted we will either delete your data or inform you why we are unable to do so.
7. Your rights and your personal data
You have the following rights with respect to your personal data:
When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.
1. The right to access information we hold on you
• At any point you can contact us to request the information we hold on you as well as why we have that information, who has access to the information and we obtained the information from. Once we have received your request
we will respond within one month.
• There are no fees or charges for the first request but additional requests for the same data may be subject to an administrative fee.
2. The right to correct and update the information we hold on you
• If the data we hold on you is out of date, incomplete or incorrect, you can inform us and your data will be updated.
3. The right to have your information erased
• If you feel that we should no longer be using your data or that we are illegally using your data, you can request that we erase the data we hold.
• When we receive your request we will confirm whether the data has been deleted or the reason why it cannot be deleted (for example because we need it for our legitimate interests or regulatory purpose(s)).
4. The right to object to processing of your data
• You have the right to request that we stop processing your data. Upon receiving the request we will contact you and let you know if we are able to comply or if we have legitimate grounds to continue to process your data. Even after you exercise your right to object, we may continue to hold your data to comply with your other rights or to bring or defend legal claims.
5. The right to data portability
• You have the right to request that we transfer some of your data to another
controller. We will comply with your request, where it is feasible to do so, within one month of receiving your request.
6. The right to withdraw your consent to the processing at any time for any processing of data to which consent was sought.
• You can withdraw your consent easily by telephone, email, or by post (see
Contact Details below).
7. The right to lodge a complaint with the Information Commissioner’s Office.
• If you have concerns about the way we have handled your personal data, you can raise these with the Information Commissioner’s Office. Tel: 0303 123 1113, Website www.ico.org.uk
8. Contact Details
If you need to contact us to discuss any privacy matter our contact details are below. These can also be found on the contact page of our website www.goodshepherdmission.org.uk
Good Shepherd Mission
17 Three Colts Lane, London, E2 6JL
Tel: 020 7739 3822