The St Timothy Foundation Privacy Policy
Overview: What you need to know in brief
sttimothy.org.uk is the website of The St Timothy Foundation. The St Timothy Foundation are the “Data Controllers” of this website. We operate this website to communicate with our members and raise the profile of the incredible and invaluable work of The St Timothy Foundation. We use the lawful basis of consent, legitimate interests and compliance with a legal obligation for processing personal data. We use a limited amount of third parties that process personal data either directly on our website or indirectly through external lines to the service providers own webpage.
Preservation of your privacy is important to The St Timothy Foundation, and we are committed to letting you know how we use your personal information, keeping personal data safe and secure and to making only responsible use of your data. We ask you to read this Privacy Notice and Cookie Notice in full prior to your engagement and if you have any questions or concerns to contact us at info@sttimothy.org.uk.
This notice may be updated from time to time: Last updated November 2022
Full Notice
1.Who we are
www.sttimothy.org.uk is the website of The St Timothy Foundation. This means that The St Timothy Foundation are the “Data Controllers” of this website. References to “we”, “us”, “you” or “our” in this privacy statement are references to The St Timothy Foundation.
The St Timothy Foundation is a charity registered in England and Wales, registered charity number: 1151171.
This statement relates to the various contact types associated with The St Timothy Foundation, including members, individual contacts of members, supporters, mentors and mentees.
2. Why we have a website
We have two main purposes for operating this website: Communication and Raising Awareness
Communication
We use this website to communicate information about our organisation, services, events and about information that may be of interest to our members and the wider public. We also operate this website to enable our users to communicate with us. In addition, we maintain a presence on social media platforms such as Facebook, Instagram and local electronic notice boards.
Raising Awareness
We use this website to further our mission in providing support to and to make life better for the people of Nzara, South Sudan and to also make sure their voices are heard.
3.What personal data we collect
In order to operate our services and this website, we must process personal data. In all instances, we endeavour to collect the minimal amount of information necessary to achieve our purposes. We use the lawful basis of consent, legitimate interests and compliance with a legal obligation for processing personal data.
Depending on the way you contact us, the way we collect data is including but not limited to the following:
name, email address, postal address, telephone number, organisation, location, consent for all events and payment details for regular payments and/or paid events only.
Online feedback or research surveys – name, organisation and email address.
In all instances where we collect personal data from individuals it is to deliver our charitable services.
4. How we use your personal data
We use your personal information to help provide the services you have requested from us.
Marketing
Marketing our events and services is important for our work. When you contact us and at other times, you are invited to opt-in to our marketing communications. You can unsubscribe at any time from these communications without affecting the way we interact. If in any case, your specific, unambiguous consent is not received, we will not send you marketing information.
Our email marketing may be trackable at an individual level, allowing us to determine, for example, opens and link clicks. This information is generally used to help assess the effectiveness of communications.
We never share your information with third parties for marketing purposes without asking for specific, unambiguous consent. For example, some of our events may be delivered alongside a relevant partner (eg community voluntary service organisations). On some occasions, we might ask you if we can share those details with the partner. This will be very clear on event sign up. If in any case, this consent is not received then your data will not be shared.
Sharing personal data
We never share your information with third parties, unless it is necessary to deliver a service you have requested from us.
5. Your Data Subject Rights
The St Timothy Foundation as an organisation is committed to ensuring the rights and freedoms of our website users are respected and that you as a data subject are enabled to exercise your rights. Under data protection law, you have specific rights including:
To update your data
If you wish to access or rectify personal data that has been collected (see section 3 for examples) or if you wish to receive any personal data we hold on you, please contact info@sttimothy.org.uk and we will respond to your request within one calendar month.
To delete your data
If you wish to have your data removed entirely from our records, please contact info@sttimothy.org.uk and we will respond to your request within one calendar month.
Please note that for legal reasons we are required to keep financial/transactional records for a minimum period of six years from the end of the financial year in which the transaction was made.
To move your data
If you wish to have your data transferred from The St Timothy Foundation to another organisation, please contact info@sttimothy.org.uk and we will respond to your request within one calendar month.
To withdraw your consent
If you wish to withdraw your consent from receiving our email communications, this can be done by clicking ‘update your preferences’ or ‘unsubscribe’ at the bottom of an email you receive from us.
To object to, or restrict data processing
If you object to the processing of your personal data, or wish to restrict the way in which it is processed by us, please contact info@sttimothy.org.uk and we will respond as soon as possible.
6. How long we retain your data
We retain your personal data for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation, typically 6 years). In addition, personal data may be securely archived with restricted access (and other appropriate safeguards) where there is a need to continue to retain it.
We will ask you on a regular basis to update your details with The St Timothy Foundation.
Financial records, including those of event payments and refunds, will be retained for a minimum period of six years from the end of the financial year in which the booking was made in order to comply with statutory obligations.
7. How we keep personal data safe
The sttimothy.org.uk website processes a small amount of personal data. However, we take our duty to protect this data very seriously and have in place technical and organisational safeguards to do this.
Examples of technical safeguards include: regular security testing; website backups; disaster recovery systems, cryptography hash functions, autolocking, lock-outs and data restoration
Examples of organisational safeguards include: access controls to personal data; staff training; organisational policies, procedures, and handbooks.
To the best of our ability, we will keep any personal data safe. However, no system or transmission over the Internet is 100% secure. This means that we are unable to absolutely guarantee the security of personal data.
If you become aware of something that gives your concern about the security of your personal data, please contact info@sttimothy.org.uk.
8. Use of Third Parties
As an organisation The St Timothy Foundation use a small number of third-party service operators to host our website and to enhance the experience of our website. Please be aware that when you click links, you may be leaving The St Timothy Foundation website and we have no control over third-party websites use of personal data or cookies.
Please note: Some of these websites may transfer data outside the EU/EEA. In such cases additional safeguards such as Standard Contractual Clauses and Data Processor Addendums are in place.