KING’S SCHOOL OF THEOLOGY PRIVACY NOTICE
constrainedly Effective date: 24 March 2022
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed bythe GDPR.
Who are we?
King’s School of Theology (“we”, “us”, “our”) is the data controller (contact details below). We operate under charity number 1184982.
How do we process your personal data?
King’s School of Theology complies with its obligations under the GDPR by
- keeping personal data up to date;
- storing and destroying it securely;
- not collecting or retaining excessive amounts of data;
- protecting personal data from loss, misuse, unauthorised access and disclosure;
- ensuring that appropriate technical measures are in place to protect personal data.
What is the legal basis for processing your information?
KST may process your Personal Data because:
- We need to perform a contract with you
- You have given us permission to do so
- The processing is in our legitimate interests and it’s not overridden by your data protection interests or fundamental rights and freedoms
- To comply with the law
How Do You Collect My Personal Data?
We collect your personal information in the following ways:
Information that you give us directly
We collect this information in connection with specific activities. For example, when you use our website or online forms or call our team to, among other things:
- Register for an event or course
- Engage with us on social media or our website
- Request further information on the course
- Make a donation
Information that we receive from third parties
We may receive information about you from third parties such as event booking sites or payment processors. They will only do this if you have given your consent for them to do so.
What do we do with your personal data?
We use the data we collect about you to help us to fulfil our charitable objectives. This includes using your information, among other things, to:
- Communicate with our supporters and those who engage with us
- Process donations, orders and event bookings
- Administer student and alumni records
- Inform of news, events, activities or services running at KST
- Manage our employees and volunteers
- Fundraise and promote the interests of the charity
- Maintain our own accounts and records (including the processing of gift aid applications)
Contact details and (in some cases) grading information for current and past students are stored on Moodle, via mykst.org.uk. You can view their privacy notice here.
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
We will not share your data with third-parties, other than those listed above.
What do we do to ensure the security of your data?
- We do not store any of your personal information on our website
- We use two-factor authentication where possible to add an extra layer of security to protect data
- Within our team, we set appropriate permissions for access to data, to ensure that your data is not compromised
- We keep our security settings up to date to ensure that if there is a breach, we can quickly rectify it or regain access to accounts
How long do you keep my data?
We keep your personal data for no longer than is necessary for the purposes for which it is processed, according to the purposes set out in this Privacy Notice. Specifically, we retain gift aid declarations and financial paperwork for up to 6 years after the calendar year to which they relate. We keep employee and volunteer records for 7 years beyond the point of contract termination. And we keep some alumni records indefinitely in order to provide transcripts and references.
We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
What are your rights?
If you are a resident of the European Economic Area (EEA), you have certain data protection rights, which means that you have the right of access to your data which we store and process.
- If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below.
- In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading below.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal items or telemarketing), then please contact us using the contact details provided under the “How to contact us” below.
- Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
We will respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Changes to this Policy
How to Complain
In the first instance, please contact our Data Protection Officer for clarifications, to exercise your relevant rights or for queries and complaints, using the contact details below.
You have the right to lodge a complaint with the Data Protection Authority for data protection in your area of the EEA. In the UK this is the Information Commissioner’s Office (ICO). Phone: 0303 1231113, email, or report a concern: https://ico.org.uk/concerns/
How to contact us
Please contact our Data Protection Officer via firstname.lastname@example.org or 0843 289 9450.