Privacy Notice & General Data Protection Policy How we use your information Your privacy is important to us at Pilgrims’ Friend Society. Under new data protection legislation, we need to let you know how we care for your information. Pilgrims’ Friend Society is known as the Data Controller and can be contacted by email: [email protected]; or post at 175 Tower Bridge Road, London, SE1 2AL. The legal grounds for processing your data - why we collect it and how we use it Controlling and processing your data is undertaken pursuant to the legitimate purposes of the charity. This means that we collect and use your information to: send you our magazine, newsletter and other communications regarding our activities; to ask for your prayers and support; to provide information or services that you have requested; to administer your relationship with us; to process donations; to administer volunteering agreements; and to comply with the law regarding data sharing. We also collect and use other information where it is necessary for the purposes of carrying out our contractual obligations and exercising our specific rights, for example, if you purchase goods from us or when we claim gift aid on qualifying donations. If you use our website to subscribe to our newsletters or if you attend a meeting and sign up to receive communications or ask to receive communications through other means from us we will do so on the basis of your opt-in consent. Our communications prioritise requests for prayer, but we will also from time to time ask for financial support. When we fundraise, we adhere to the Key Principles and Behaviours set out in the Code of Fundraising Practice. Our fundraising will be consistent with our ethos and will be legal, open, honest and respectful. If you share special category data with us (information that is sensitive such as religious affiliation) we will process it in line with the specific requirements of the General Data Protection Regulation. When we share your information with our suppliers who work with us to deliver our services (such as the mailing of our magazine and newsletters) we make sure that they comply with Data Protection Laws and that they have appropriate controls in place to secure your information. We will only email you or contact you by phone, SMS or other electronic means if we have your explicit consent as required by the Privacy and Electronic Communications Regulations. The categories of information that we may collect, hold, use and share include: Personal information (such as name, telephone number, address and email address) Characteristics (such as gender, ethnicity, language, nationality, country of birth) Information such as donation records, credit cards details if used for a donation or purchase and gift aid forms If you volunteer, Information needed to administer the volunteering arrangement. Storing your data We will keep your data secure. We hold your data for varying lengths of time depending on the type of information in question but in doing so we always comply with Data Protection legislation. We will contact you regularly to check that the information we are holding and using is accurate and that you agree to us holding it, apart from information that we are legally obliged to retain. Who do we share your information with? We do not share your information with others except as described in this notice unless required to do so by law or in response to a valid request from a competent authority. Your rights Under Data Protection legislation Subject to the conditions prescribed in the applicable laws, you have the right to: (a) access, rectify or request erasure of your personal data; (b) to ask us to restrict processing of it; (c) to request portability of it; (d) to object, on grounds relating to your particular situation, to processing of your personal data which is based on our or a third party’s legitimate interest; and (e) to object to processing of your personal data for direct marketing purposes. You also have the right to lodge a complaint with the supervisory authority and claim compensation for damages caused by a breach of the General Data Protection Regulation (GDPR). To exercise these rights, or to ask any other questions about our compliance with the GDPR please should contact the PFS Data Protection Officer as below. We review our data protection policy every three years. The last review was in May 2018. If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/ Contact: If you would like to discuss anything in this privacy notice, please contact the PFS Data Protection Officer by email [email protected] or by post at 175 Tower Bridge Road, London SE1 2AL.