We aim to be transparent with you about how we collect your data, and we will not do anything you wouldn’t reasonably expect from us.
Grace Baptist Mission is a Charitable Incorporated Organisation registered in England and Wales, charity no. 1157506. Our registered address is: 12 Abbey Close, Abingdon-on-Thames, Oxon, OX14 3JD.
What information may we collect about you?
We collect personal data when you opt-in to receive mailings, emails and other communications, when you make a donation, book for one of our events, apply to serve through our Envision programme, apply to serve in mission long-term, or become the contact person for a member church or a supporting church. This data may include:
- Your name, gender, title, and date of birth where needed
- Your postal/billing address
- Your telephone numbers
- Your email address (work or personal)
- The church or organisation to which you belong
- Bank account details
- Other information you enter on our website
- Records of your correspondence with us including your requests to opt-in to our mailings.
- Details of your visit to the website, and interaction with our email communications, including your IP address.
We use this information to provide you with the services you request and give you the best access possible to our network’s resources. You do not have to provide us with this information but if you choose not to we may be unable to give you the information or service you request.
Where do we collect your data from?
From our website
Indirectly from third parties
You may choose to provide us with your data by using a third party, such as when you make a donation through a third party payment website such as CAF or Stewardship. We do not actively seek data from any third party marketing organisations.
From publically available data
We may collect information already published in the public domain, such as the Grace Directory of Churches, other published church directories, or a particular church or organisation’s website.
For some events you may need to tell us sensitive data such as dietary or access requirements so we can provide for your needs. By providing us with the church you attend and/or organisations you are affiliated with you agree to us holding and using this information.
Under 16s/Under 13s
If you are aged 16 or under and would like to participate in an event, make a donation or get involved with us, please make sure that you have your parent or guardian’s permission before giving us your personal information.
We do not collect sensitive personal information about you unless there is a clear reason for doing so, for example at our summer holiday events, where we need this information to ensure safeguarding or care for participants. For some events we will collect health information so that leaders on our events have the relevant information to care for participants. When we collect information about a child or young person, we will make it clear why we are collecting this information and how it will be used.
How we use your data?
We may use the personal data we collect to:
- Provide you with the information, resources or services you have requested
- process event bookings, and/or inform you of any changes
- set up standing orders and receive one-off card payments
- send you a letter of thanks with a receipt if requested
- Keep you up to date with the work you are supporting, and advise you of any changes in that work
- Administer any donation or payment that you make, including processing gift aid where appropriate
- Keep a record of your correspondence, donations history, questions you may ask us or comments or complaints you may make
- Check or update the contact details we have for you
- Conduct a survey to help us improve our work
- Contact you in your capacity as a representative of a church or organisation
- Ensure that potentially vulnerable people are treated appropriately, particularly with regard to financial giving or legacies
Lawful basis for processing personal data
We rely on a variety of legal bases from processing your data depending on the activity being undertaken.
We use consent as the lawful basis for holding data for all mailshots by email, and for those who book into free events that we organise.
We use legitimate interest as the lawful basis for holding data on missionaries and employees, Envision volunteers, member churches, other supporting churches, everyone who receives mailshots by post, and all donors who have donated in the last seven years
We use contract as the lawful basis for holding data where an individual has booked themselves into a GBM event by completing an application form and paying a deposit. This applies in the case of holidays and camps. This does not apply to free events.
Disclosure of your data?
When we employ agents to carry out tasks on our behalf we may share data with them. These functions may include such things as delivering packages, or operating our pension scheme.
We may need to pass on information if required by law or by a regulatory body. For example if we’re required to by HMRC, or a law enforcement agency, or to protect GBM in the cases of suspected fraud or defamation. We may use IP address information to identify a user if we feel that there are or may be safety and/or security issues or to comply with legal requirements.
We will not sell or share personal details to third parties for the purposes of their marketing.
How long will we hold information and keep it accurate?
We take reasonable steps to create an accurate record of any personal data you have submitted.
We will keep your information for no longer than is necessary for the purposes for which it is being processed. Details of financial transactions must be kept for seven years. Data used for our mailshots is reviewed and updated on a regular basis.
If you request to have no further contact with us we will keep some basic (anonymised) information about you on our suppression list in order to avoid sending you content in the future.
GBM has security measures in place to protect against the loss, misuse and alteration of personal data under our control.
Information is stored by GBM on secure servers. Only authorised personnel are able to access personal information, and we ensure access to information is password protected or secured via locked filing cabinets. We encrypt financial information you input before it is sent to us.
Your rights to access information
The Data Protection Act gives you the right to access information held about you.
Any access request may be subject to a fee (as amended from time to time) to meet our costs in providing you with details of the information we hold about you.
Right to withdraw consent and complain to a supervisory body
You have the right to be informed of how we use your information and the right to object to us processing your personal data for marketing purposes and to withdraw consent at any time. You also have the right to lodge a complaint with a supervisory body. Find out more here: www.ico.org.uk (link is external). You can change your preferences at any time by emailing us at [email protected] from the email address already registered with us.
We may update this policy from time to time without notice to you. By continuing to use our website you will be deemed to have accepted such changes.
How can you access and amend the information we hold about you?
Our point of contact for Data Protection is our Head of Communications who can be emailed at [email protected] or phoned on 01235 520147.