COVID-19: Stewardship is operating as usual and we are aiming to provide as close to normal service as we can.
Please click here for regular updates

Privacy Notice

 

Respecting you and the data you share with us is really important to us. This Privacy Notice sets out the ways in which we use your personal information, your rights and the options available to you.

 

Contents:

1. Introduction

2. When Do You Collect Information About Me?

3. What Personal Information Do You Use?

4. Why Do You Need My Personal Information?

5. Who Might You Share My Information With?

6. How Long Will You Hold a Record of My Information?

7. What Are My Rights?

8. Other Important Information

9. Who Can I Contact About Data at Stewardship?

10. Changes to This Notice

 

 

1. Introduction

Stewardship Services (UKET) Limited (registered charity number 234714 and registered company number 90305) is committed to protecting your privacy. At all times we aim to respect any personal information you share with us, or that we receive from others, and keep it safe.

Certain personal information will be required by us in order to fulfil our contractual obligations when providing certain professional services. Otherwise the provision of your personal information to us is voluntary. However, without providing us with your personal information, your use of our services may be impaired. For example, you will be unable to make a donation.

Back to top

 

2. When Do You Collect Information About Me?

A. When You Give It to Us Directly

For example, personal information that you submit through our website by making a donation; in order to allow your church or charity to use our services; or that you give to us when you communicate with us by email, phone or letter.

B. When We Obtain It Indirectly

For example, your personal information may be shared with us by third parties that we choose to use including, for example, Eventbrite (when booking events or training) or SurveyMonkey (when completing surveys and polls). Where we have not already done so, we will notify you when we receive personal information about you from them and tell you how and why we intend to use that personal information.

C. When We Obtain It from Our Client Charities

In the course of supplying independent examination of accounts and other similar professional services, we may receive personal data provided by client charities, in cases where you have undertaken transactions or otherwise been connected with them. For example, information on your giving to that charity, amounts received by you from the charity, minutes from trustee meetings, or other records.

D. When It Is Available Publicly

Your personal information may be available to us from external, publicly available sources. 

E. When You Visit Our Website

When you visit our website, we automatically collect the following types of personal information:

  • Technical information, including the internet protocol (IP) address used to connect your device to the internet, browser type and version, time zone setting, browser plug-in types and versions and operating systems and platforms.
  • Information about your visit to our website, including the uniform resource locator (URL) clickstream to, through and from the website (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, referral sources, page interaction information (such as scrolling and clicks) and methods used to browse away from the page. 

We also collect and use your personal information by using cookies on our website. Please see our Cookie Notice.

In general, we may combine your personal information from these different sources for the purposes set out in this Notice.

Back to top

 

3. What Personal Information Do You Use?

We may collect, store and otherwise use the following categories of personal information:

  • Your name and contact details, including postal address, telephone number and email address;
  • Your position in an organisation, and information related to the work that you do there;
  • Your date of birth (when we need to verify your identity and for security);
  • Your nationality (when we are helping you set up a charitable company, or if you are applying to receive funds from us as an individual);
  • Your financial information, such as bank details, credit and debit card details, account holder name, sort code and account number;
  • Your National Insurance Number and employer details (if you use our Payroll Giving or administration service);
  • Links to your social media (for example, if you contact us through one of our social media channels);
  • Information about your computer or mobile device and your visits to and use of our website, including, for example, your IP address and geographical location;
  • Your photographs, if you have uploaded your photo to our Give.net fundraising page;
  • Information about our services which you use/which we consider may be of interest to you; and/or
  • Any other personal information which you choose to share with us or we obtain (see Section 2).

If you are applying to receive funds from us as a Christian worker or Bible College student, we also collect additional information on your application to help us verify your eligibility.  This includes your marital status, religious belief, your household income and National Insurance Number, the details of any connected church, charity or supporting institution, and the title of any course of study.

Do You Collect or Use Special Categories of Personal Information?
The EU General Data Protection Regulation (“GDPR”) recognises certain categories of personal information as sensitive and therefore requiring more protection, for example information about your health, ethnicity and religious beliefs.

In certain situations, Stewardship may collect and use these special categories of personal information, for example information about your religious beliefs which you communicate to us when applying for a recipient account. We will only collect and use these special categories of personal information if there is a valid reason for doing so and the GDPR allows us to do so.

Back to top

 

4. Why Do You Need My Personal Information?

We collect and use your personal information in the following ways:

A. To Administer and Provide Services

When you request us to provide you with one of our products or services, we use information about you: 

  • To administer the agreed service and monitor any payments;
  • To contact you about the service (e.g. for payments or renewal purposes);
  • To run/administer our website, keep it safe and secure and ensure that content is presented in the most effective manner for you and for your device;
  • To fulfil our contractual obligations when providing certain professional services including accounts examination and book keeping; and
  • To fulfil regulatory responsibilities required of us when providing those services.

We cannot provide the services unless we use the information about you in this way.

B. Do What We Are Required to Do By Law

Sometimes we are required by law to use information about you:

  • To help prevent and detect crime (including, for example, the prevention or detection of fraud); and
  • To comply with a legal or regulatory obligation.
  • To audit and/or administer our accounts.
  • For the establishment, defence and/or enforcement of legal claims.

We can use your personal information in this way because we are required to do so by law.

C. To Inform You About and Promote Our Other Activities

When you give us your permission to do so, we will also email you with additional content to enhance your experience of our services or to keep you up-to-date with other Stewardship activities, products and services that we think may be of interest to you. You can change this consent and opt-out of these communications at any time by following the ‘unsubscribe’ link provided at the bottom of all emails.

From time to time, we may use your personal information to offer suggestions about other products or services that we provide, where we believe they will be of benefit to you.  We can use your personal information in this way because it is in our legitimate interests to provide you with the right information at the right time, so that we may look at ways of extending the relationship that we have with you.

D. To Improve Our Services

We may also contact you to seek your opinion on the services that we provide or on our proposals to change and improve these in the future.

In order to make better, more informed improvements to the service we provide to you and to improve the relevancy of our communications with you, we may occasionally cross-check the personal information you provide against public sources of information (for example, the Charity Commission Register of Charities).

E. To Process Your Application For a Job With Us

When you apply for a job through our Working For Us page or send in your CV.  You can read more in our specific section covering personal information provided during recruitment.

Back to top

 

5. Who Might You Share My Information With?

We will disclose some of your information to agents, statutory bodies, partners, affiliates and suppliers in order to provide our services to you. Those parties may include (but are not limited to):

  • Statutory bodies (for example, HMRC or the Charity Commission);
  • Payment processors (for example, Banks or Card Payment Intermediaries);
  • ID Verification Services: to confirm your identity as part of our anti money laundering procedures (this is not a credit check);
  • Validation services: to confirm your address and ensure any Direct Debit instructions are set up correctly.
  • Post fulfilment services: to send information to you by post;
  • IT Software and Security contractors: to maintain, develop and secure the software that we use to provide our services to you;
  • Email marketing provider - TTmail: to send, track and report your interest in messages from us, if you give us consent to do so;
  • Any additional people you may have authorised to act on your behalf or to receive your personal information during the provision of our products or services;
  • Your chosen recipients of your donation(s) (please note that you can donate anonymously if you prefer);
  • Analytics and search engine providers;
  • Professional service providers such as accountants and lawyers;
  • Parties assisting us with research to monitor the impact/effectiveness of our work and services; and/or
  • Regulatory authorities who oversee the work we do.

We do not sell your personal data or information to any third party organisations.

When you use our secure online donation function you will be directed to a specialist payment services provider who will receive your financial information to process the transaction. We will provide your personal information to the payment services provider only to the extent necessary for the purpose of processing your donation.

Back to top

 

6. How Long Will You Hold a Record of My Information?

We keep your data for as long as it is necessary to provide the services that you have asked for, and to meet our legal obligations to HMRC and other accounting regulations. As a general rule, we will keep your data for seven years from the end of your relationship with us. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it, or (iii) you validly exercise your right of erasure (see section 7), we will remove it from our records at the relevant time.

If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to comply with your request and avoid sending you unwanted materials in the future.
When you give permission to receive emails from us about other Stewardship activities, your information will be kept with us until you notify us that you no longer wish to receive these messages, or:

  • If your inbox rejects our messages more than 20 times consecutively, your email address will be added to our suppression list which means you’ll no longer receive communications from us.
  • After 12 months of inactivity we will contact you to see if you still wish to receive communications from us. If you do not respond to this communication we will remove you from our list and you will be unsubscribed.

Back to top

  

7. What Are My Rights?

Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for marketing purposes, or to unsubscribe from our email list at any time.

You also have the following rights:

  • Right of access: You can write to us to ask for confirmation of what personal information we hold on you and to request a copy of that personal information. Provided we are satisfied that you are entitled to see the personal information requested and we have successfully confirmed your identity, we will provide you with your personal information subject to any exemptions that apply.
  • Right of erasure: You can request that we delete your personal information from our records as far as we are required to do so. In some cases we may suppress your personal information in order to stop further communications with you, rather than delete all of your personal information.
  • Right of rectification: If you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated. You can also ask us to check the personal information we hold about you if you are unsure whether it is accurate.
  • Right to restrict processing: You have the right to ask for processing of your personal information to be restricted if there is disagreement about its accuracy or legitimate use.
  • Right to object: You have the right to object to processing where we are (i) processing your personal information on the basis of the legitimate interests basis (see section 4 above), (ii) using your personal information for direct marketing or (iii) using your information for statistical purposes.
  • Right to data portability: Where we are processing your personal information (that you have provided to us) either (i) by relying on your consent or (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering in a contract, and in either case we are processing your personal information using automated means (i.e. with no human involvement), you may ask us to provide the personal information to you – or another service provider – in a machine-readable format.
  • Rights related to automated decision-making: You have the right not to be subject to a decision based solely on automated processing of your personal information which produces legal or similarly significant effects on you, unless such a decision (i) is necessary to enter into/perform a contract between you and us/another organisation, (ii) is authorised by EU or Member State law to which Stewardship is subject (as long as that law offers you sufficient protection), or (iii) is based on your explicit consent.

Please note that some of these rights only apply in certain circumstances. At all times you have the right to make a complaint to the Information Commissioner’s Office www.ico.org.uk if you think that any of your rights have been infringed by us.

If you have any concerns or complaints about the way we use your personal information, please contact us using the details below.

Back to top

 

8. Other Important Information

8.1 Security and Storage of Personal Information

Stewardship is committed to keeping your personal information safe and secure. We have appropriate and proportionate security policies and organisational and technical measures in place to help protect your personal information.

Your personal information is only accessible by appropriately trained staff, volunteers and contractors, and stored on secure servers which have features to prevent unauthorised access.

8.2 International Transfers of Your Personal Information

Given that we are a UK-based organisation and many of our recipients are based in the UK, we will normally only transfer your personal information within the European Economic Area (“EEA”), where all countries have the same level of data protection law under the GDPR.

However, because we occasionally give donations and grants to recipients based or operating overseas, as well as using agencies and/or suppliers to process your personal information on our behalf, it is possible that personal information we collect from you will be transferred to and stored outside a location in the EEA.
Please note that some countries outside the EEA have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals.

Where your personal information is transferred, stored and/or otherwise processed outside the EEA in a country that does not offer an equivalent standard of protection to the EEA, we will take all reasonable steps necessary to ensure that the recipient of data implements appropriate safeguards (such as by entering into standard contractual clauses which are approved by the European Commission) designed to protect your personal information and to ensure that your personal information is treated securely and in accordance with this Notice; where appropriate we will seek your consent. If you have any questions about the transfer of your personal information, please contact us using the details below.

Unfortunately, no transmission of your personal information over the internet can be guaranteed to be 100% secure – however, once we have received your personal information, we will use strict procedures and security features to try and prevent unauthorised access.

8.3 Lawful Basis for Processing Your Personal Information

The GDPR requires us to rely on one or more “lawful basis” to use your personal information. We consider the basis listed below to be relevant:

  • Where you have provided your consent for us to use your personal information in a certain way (for example, we will ask for your consent to use your personal information to send you monthly email updates).
  • Where necessary so that we can comply with a legal obligation to which we are subject (for example, where we are obliged to share your personal information with regulatory bodies which govern our work and services).
  • Where necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract (for example, if you apply to use one of our professional services).
  • Where there is a legitimate interest in us doing so. The GDPR allows us to collect and use your personal information if it is reasonably necessary to achieve our or others’ legitimate interests (as long as that use is fair, balanced and does not unduly impact your rights).
  • Where necessary for the performance of a contract to a client charity with whom you have undertaken transactions or been otherwise connected.

In broad terms, our “legitimate interests” means the interests of running Stewardship as a charitable entity and pursuing our aims and ideals, for example to enable donors to connect with chosen charitable causes, assisting with the formation of individual charities or running our consultancy helpline.

When we use your personal information to achieve such legitimate interests, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted by law).

8.4 Links and Third Parties

We link our website directly to other sites. This Notice does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external websites you visit via links on our website.

8.5 Children’s Personal Information

When we process children’s personal information where required (for example, for the Stewardship family account), we will not do so without their consent or, where required, the consent of a parent/guardian. We will always have in place appropriate safeguards to ensure that children’s personal information is handled with due care. Stewardship's services are not aimed at children under 13.

Back to top

 

9. Who Can I Contact About Data at Stewardship?

If you have questions about privacy or have a concern or complaint about our handling of personal data, you can contact our Data Protection Officer, who will investigate the matter:

[email protected]

Stewardship, 1 Lamb's Passage, London EC1Y 8AB

Back to top

  

10. Changes to This Notice

We may update this Notice from time to time. We will notify you of significant changes by contacting you directly where reasonably possible for us to do so and by placing an updated notice on our website. This Notice was last updated on 20 May 2019.

Back to top