Effective date: 20 June 2023

Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed bythe GDPR.

Who are we?

King’s School of Theology (“we”, “us”, “our”) is the data controller (contact details below). We operate under charity number 1184982.

How do we process your personal data?

King’s School of Theology complies with its obligations under the GDPR by

  • keeping personal data up to date;
  • storing and destroying it securely;
  • not collecting or retaining excessive amounts of data;
  • protecting personal data from loss, misuse, unauthorised access and disclosure;
  • ensuring that appropriate technical measures are in place to protect personal data.

What is the legal basis for processing your information?

If you are a resident of the European Economic Area (EEA), our legal basis for collecting and using the personal information described in this Privacy Policy will depend on the type information concerned and the specific context in which we collect it. 

KST may process your Personal Data because:

  • We need to perform a contract with you
  • You have given us permission to do so
  • The processing is in our legitimate interests and it’s not overridden by your data protection interests or fundamental rights and freedoms
  • To comply with the law

How Do You Collect My Personal Data?

We collect your personal information in the following ways:

Information that you give us directly

We collect this information in connection with specific activities. For example, when you use our website or online forms or call our team to, among other things:

  • Register for an event or course
  • Engage with us on social media or our website
  • Request further information on the course
  • Make a donation

Information that we receive from third parties

We may receive information about you from third parties such as event booking sites or payment processors. See section below on What We Do With Your Personal Data.


If you are visitor to our website please be aware that we use Cookies. Cookies are small items of computer code that are stored to your device (computer or mobile device). The cookies we use are associated with the Google Analytics tool and software.  This enables us to analyse visits to our website and to collect other statistical data.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you want to prevent the use of cookies you can do so within your web-browsers settings. However, if you do not accept cookies, you may not be able to use some portions of our website.

Usage Data

We may also collect information how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Embedded content from other websites

Articles on our website may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

What do we do with your personal data?

We use the data we collect about you to help us to fulfil our charitable objectives. This includes using your information, among other things, to:

  • Communicate with our supporters and those who engage with us
  • Process donations, orders and event bookings
  • Administer student and alumni records
  • Inform of news, events, activities or services running at KST
  • Manage our employees and volunteers
  • Fundraise and promote the interests of the charity
  • Maintain our own accounts and records (including the processing of gift aid applications)


After graduating or agreeing via a signup form to receive emails from us, your email is passed to MailChimp and you are added to one of our mail lists. MailChimp is the service we use to write, design and send e-mails for our newsletters. You can read MailChimp’s privacy policy and terms.

Google Drive

Student and supporter information, including contact details, applications and registrations, assignment submissions and financial information is stored on KST’s Google Drive. You can view Google’s privacy policy here and terms of use here.


Contact details and (in some cases) grading information for current and past students are stored on Moodle, via mykst.org.uk. You can view their privacy notice here.


Payment details for purchases made through our website are processed via Stripe. You can read their privacy notice here.


Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit Google’s privacy policy here and terms of use here.

We will not share your data with third-parties, other than those listed above.

What do we do to ensure the security of your data?

  • We use two-factor authentication where possible to add an extra layer of security to protect data
  • Within our team, we set appropriate permissions for access to data, to ensure that your data is not compromised
  • We keep our security settings up to date to ensure that if there is a breach, we can quickly rectify it or regain access to accounts

How long do you keep my data?

We keep your personal data for no longer than is necessary for the purposes for which it is processed, according to the purposes set out in this Privacy Notice.  Specifically, we retain gift aid declarations and financial paperwork for up to 6 years after the calendar year to which they relate. We keep employee and volunteer records for 7 years beyond the point of contract termination. And we keep some alumni records indefinitely in order to provide transcripts and references.

We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

What are your rights?

If you are a resident of the European Economic Area (EEA), you have certain data protection rights, which means that you have the right of access to your data which we store and process.

  • If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
  • In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading below.
  • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you.  To opt-out of other forms of marketing (such as postal items or telemarketing), then please contact us using the contact details provided under the “How to contact us” below.
  • Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

We will respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Changes to this Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our website, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

How to Complain

In the first instance, please contact our Data Protection Officer for clarifications, to exercise your relevant rights or for queries and complaints, using the contact details below.

You have the right to lodge a complaint with the Data Protection Authority for data protection in your area of the EEA. In the UK this is the Information Commissioner’s Office (ICO). Phone: 0303 1231113, email, or report a concern: https://ico.org.uk/concerns/

How to contact us

Please contact our Data Protection Officer via info@kingstheology.org or 0843 289 9450.