Data Protection

Prayer Storm's Commitment to the General Data Protection Regulation (GDPR)

GDPR Compliance Statement

Introduction

At Prayer Storm, we are committed to safeguarding the privacy and security of the personal data we collect, store, and process during our operations. This GDPR Compliance Statement outlines how we comply with the General Data Protection Regulation (GDPR) and demonstrates our dedication to protecting the rights of individuals whose data we handle.

Our Commitment to Data Protection

We respect the privacy of our supporters, volunteers, employees, donors, and beneficiaries, and are committed to handling their personal data responsibly. We ensure that personal data is processed in a lawful, transparent, and secure manner.

Lawful Basis for Processing Data

We only collect and process personal data where we have a lawful basis to do so. This includes:

  • Consent: Where individuals have given explicit or implied consent for us to process their personal data for specific purposes, such as receiving newsletters, participating in events or signing up for online services.

  • Contractual Obligations: To fulfil obligations under contracts, such as processing donations or managing volunteer agreements.

  • Legal Obligations: To comply with legal and regulatory requirements.

  • Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, provided that these interests do not override the ‘Rights of Individuals’.

Personal Data We Collect

We may collect and process the following types of personal data:

  • Contact Information: Name, address, email, and telephone number.

  • Financial Information: Bank details, donation history, and Gift Aid declarations.

  • Demographic Information: Age, gender, and interests.

  • Usage Data: Information about how individuals use our website and services.

  • Special Category Data: Sensitive information such as location or health data, where necessary and with explicit consent.

How We Use Personal Data

We use personal data for the following purposes:

  • To process donations and manage financial transactions.

  • To communicate with our supporters, volunteers, and beneficiaries.

  • To send marketing communications.

  • To manage events, campaigns, and volunteer activities.

  • To comply with legal and regulatory requirements.

  • To improve our services and enhance user experience via our website and other digital channels.

Data Sharing and Third Parties

We will never sell personal data to third parties. However, we may share data with trusted partners and service providers who support our operations, such as payment processors, IT service providers, and legal advisors. We ensure that these third parties adhere to strict data protection standards.

International Data Transfers

In certain circumstances, personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA). We ensure that any such transfers comply with GDPR and that adequate safeguards are in place to protect personal data.

Data Security

We implement appropriate technical and organisational measures to protect personal data from unauthorised access, alteration, disclosure, or destruction. This includes regular security assessments, encryption, and secure data storage practices.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Once data is no longer needed, we ensure it is securely deleted or anonymised.

Rights of Individuals

Under GDPR, individuals have the following rights regarding their personal data:

  • Right to Access: Individuals can request access to their personal data held by us.

  • Right to Rectification: Individuals can request that inaccurate or incomplete data be corrected.

  • Right to Erasure: Individuals can request the deletion of their personal data, subject to certain conditions.

  • Right to Restrict Processing: Individuals can request that we limit the processing of their data under certain circumstances.

  • Right to Data Portability: Individuals can request that their data be transferred to another organisation.

  • Right to Object: Individuals can object to the processing of their data based on legitimate interests or direct marketing.

  • Right to Withdraw Consent: Individuals can withdraw their consent for data processing at any time.

Contact Us

If you have any questions about this GDPR Compliance Statement or wish to exercise your rights, please contact us:

In writing at: The Operations Manager, Prayer Storm, 100 Church Road, Gatley, SK8 4NQ. By email at: info @ prayerstorm.org

We are committed to resolving any concerns or complaints in a timely and fair manner.

Updates to This Statement

Last Updated: 28th August 2024

We may update this GDPR Compliance Statement from time to time to reflect changes in our practices or legal requirements. We encourage you to review this statement periodically to stay informed about how we are protecting your data.

This GDPR Compliance Statement is a key part of our commitment to transparency and accountability. Thank you for supporting Prayer Storm and helping us continue our mission while respecting your privacy rights.

PreviousPrivacy PolicyNextCommunity Guidelines

Last updated