Data Privacy Notice: Christian Medical Fellowship
1. Who are we?
In this policy, ‘we’, ‘our’ or ‘us’ refers to the Christian Medical Fellowship. We are a charity registered in England and Wales (number 1131658). Our company number is 06949436, and our registered address is 6 Marshalsea Road, London, SE1 1HL.
2. Your privacy
We respect your privacy and want to communicate with you in a way that suits you, in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and any other relevant data protection legislation. Your privacy is important to us, and this policy explains how we use your personal information and keep it secure.
3. What your personal data?
Personal data relates to any personal information that can identify you as an individual or relates to you as an individual. Examples of personal data include your name, address, and email address.
4. How do we process your personal data?
We comply with our obligations under GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. When you supply personal information to us, we only use this information for the purpose for which it was given and ensure that it is kept securely.
We use your personal data for the following purposes:
- To keep you up to date on news and stories about our mission and work;
- To administer membership records;
- To ask for financial and non-financial support, such as volunteering or prayer;
- To manage our employees and volunteers;
- To maintain our own accounts and records;
- To process purchases of goods and services;
- To process registrations for events;
- To process donations you give us including Gift Aid;
- To inform you of events and activities;
- To operate CMF’s website and deliver the services that individuals have requested;
- To provide a personalised service such as customised website content or personalised emails;
- To classify supporters by location.
- To contact individuals via surveys to conduct research about their opinions.
Unless you ask us not to, we may carry out analysis of the personal information you have provided and add publicly available information to create a profile, in relation to (among other things) your interests, preferences, attitudes and level of potential donations, so we can contact you in the most appropriate way and with the most relevant information.
We may ask you to participate in surveys, which are used to help us improve how we work. They will not result in us providing additional resources and marketing to you, unless clearly stated in the survey. To opt out of surveys, please see the contact section at the end of this Privacy Policy.
5. What data is processed by the data controller?
Some or all of the following where necessary to perform the required tasks:-
- Names, titles, photographs;
- Contact details such as telephone numbers, addresses and email addresses;
- Where they are relevant to our work, or where you provide them to us, we may process demographic information such as gender, age, date of birth, education/work histories and academic/professional qualifications.
- Where you make donations or pay for activities, we use bank account numbers, payment card numbers and payment/transaction identifiers.
- Where you provide the information, we may collect sensitive personal data, including, your religious beliefs or your physical or mental health.
From time to time, we may obtain the date of medical qualification data for some members from the GMC database. The GMC database is open to free access online
6. What is the legal basis for processing your personal data?
-
- Consent: we have your permission to send you certain information after we gave you the relevant details, e.g. when signing up for news or campaign emails. To be clear, you have the right to withdraw your consent at any time by contacting us.
- Contract: we may process your information when we need to do this to fulfil a contract, e.g. if you purchase a conference ticket or resources, or a contract of employment.
- Legal Obligation: we will need to process some information because there are legal reasons to do so, e.g. if you have gift aided donations to us, HMRC requires us to keep the information for 7 years.
- Legitimate Interests: we may process data when it is in our legitimate interest to do so except where such interests are overridden by your interests, rights or freedoms.
- Vital Interests: vital interests are intended only to cover interests that are essential for your life. This may be relevant where you have booked on a CMF conference or overseas trip and require medical attention during the event.
7. Storing your information
We will retain your data for as long as reasonably necessary to maintain and grow our relationship with you, to comply with legal rights and obligations, to maintain historic records, and to protected ourselves from potential disputes. Whenever we process data for these purposes we will ensure that we always keep your personal data rights in high regard and take account of these rights.
We make no commitment to retain your data for any particular period, and we remain free to delete it for any reason and at any time without notifying you.
8. Credit / debit card security
If you use your debit or credit card to pay your subscription, donate to us, purchase something or pay for an event or trip, whether online, over the phone or by mail, we will process your information securely in accordance with the Payment Card Industry Data Security Standard.
We do not store your debit or credit card details once your transaction is completed. To process financial transactions, we may need your bank or credit card details. Online credit card payments are processed through Opayo/Evalon via a secure server.
We hold bank account details for the purpose of collecting direct debits in accordance with the direct debit mandate rules.
Information you give us via the website is stored and processed in the UK. However, because of the nature of the internet, it is possible that your data may pass through countries outside the UK.
9. Sharing your personal data
We never share your data with third parties for marketing purposes.
Your personal data will be treated as strictly confidential and will only be shared with other members of Christian Medical Fellowship for purposes connected with our operations. Some of our service providers may have access to your data to perform services on our behalf, eg, mailings of appeals and magazines or payment processing. We ensure that anyone who provides a service for Christian Medical Fellowship enters into an agreement with us and meets our standards for data security.
10. Storing your information
We will retain your data for as long as reasonably necessary to maintain and grow our relationship with you, to comply with legal rights and obligations, to maintain historic records, and to protect ourselves from potential disputes. Whenever we process data for these purposes we will ensure that we always keep your personal data rights in high regard and take account of these rights.
We make no commitment to retain your data for any particular period, and we remain free to delete it for any reason and at any time without notifying you.
11. Transfer of data abroad
Any electronic personal data transferred to countries or territories outside the EU will only be placed on systems complying with measures giving equivalent protection of personal rights either through international agreements or contracts approved by the European Union.
By submitting your personal data you agree to this transfer, storing and processing of your information.
Should you travel overseas with us, we may share personal information with partners in overseas locations.
12. Legal Duty
We may need to pass on information if required by law or by a regulatory body. For example, a Gift Aid audit by HMRC of if asked for details by a law enforcement agency.
13. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
-
- ‘Right to be informed’, which means we will be completely clear and transparent about how we plan to use your personal information.
- ‘Right of access’, which means you can request details of the personal information we hold about you and how we use it. We will provide this within one month.
- ‘Right to rectification’, which means you can ask us to update or amend the personal information we hold about you, if it is incorrect.
- ‘Right to restrict processing’, which means you can ask us to change, restrict or stop the way we are using your personal information.
- ‘Right to erasure’ (or right to be forgotten), which means you can ask us to remove your personal information from our records.
- ‘Right to object’, which means you can object to us using your personal information for marketing purposes.
- ‘Right to data portability’, which means you can obtain the personal information we hold about you and reuse it for your own purposes.
- ‘Right not to be subject to automated decision making’, which means if we use systems to make a decision about you, you have the right to ask for a person to intervene, which may change the outcome.
- Right to lodge a complaint with a supervisory authority, such as the Fundraising Regulator or the Information Commissioner’s Office (ICO), if you are not satisfied with our response to a request you make to us, or you feel we are not using your information correctly.
If you have an issue with the Christian Medical Fellowship that cannot be resolved, you can contact the ICO at www.ico.org.uk
14. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will update this notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your consent to the new processing.
15. Contact details
To exercise all relevant rights, queries or complaints, please contact Ben Daniel, Director of Operations, at 6 Marshalsea Road, London SE1 1HL or email admin@cmf.org.uk.
You can contact the Information Commissioners Office (ICO) at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or online at www.ico.org.uk