Effective date: 20 June 2023
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed bythe GDPR.
Who are we?
King’s School of Theology (“we”, “us”, “our”) is the data controller (contact details below). We operate under charity number 1184982.
How do we process your personal data?
King’s School of Theology complies with its obligations under the GDPR by
- keeping personal data up to date;
- storing and destroying it securely;
- not collecting or retaining excessive amounts of data;
- protecting personal data from loss, misuse, unauthorised access and disclosure;
- ensuring that appropriate technical measures are in place to protect personal data.
What is the legal basis for processing your information?
KST may process your Personal Data because:
- We need to perform a contract with you
- You have given us permission to do so
- The processing is in our legitimate interests and it’s not overridden by your data protection interests or fundamental rights and freedoms
- To comply with the law
How Do You Collect My Personal Data?
We collect your personal information in the following ways:
Information that you give us directly
We collect this information in connection with specific activities. For example, when you use our website or online forms or call our team to, among other things:
- Register for an event or course
- Engage with us on social media or our website
- Request further information on the course
- Make a donation
Information that we receive from third parties
We may receive information about you from third parties such as event booking sites or payment processors. See section below on What We Do With Your Personal Data.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
We may also collect information how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Embedded content from other websites
Articles on our website may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
What do we do with your personal data?
We use the data we collect about you to help us to fulfil our charitable objectives. This includes using your information, among other things, to:
- Communicate with our supporters and those who engage with us
- Process donations, orders and event bookings
- Administer student and alumni records
- Inform of news, events, activities or services running at KST
- Manage our employees and volunteers
- Fundraise and promote the interests of the charity
- Maintain our own accounts and records (including the processing of gift aid applications)
Contact details and (in some cases) grading information for current and past students are stored on Moodle, via mykst.org.uk. You can view their privacy notice here.
Payment details for purchases made through our website are processed via Stripe. You can read their privacy notice here.
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
We will not share your data with third-parties, other than those listed above.
What do we do to ensure the security of your data?
- We use two-factor authentication where possible to add an extra layer of security to protect data
- Within our team, we set appropriate permissions for access to data, to ensure that your data is not compromised
- We keep our security settings up to date to ensure that if there is a breach, we can quickly rectify it or regain access to accounts
How long do you keep my data?
We keep your personal data for no longer than is necessary for the purposes for which it is processed, according to the purposes set out in this Privacy Notice. Specifically, we retain gift aid declarations and financial paperwork for up to 6 years after the calendar year to which they relate. We keep employee and volunteer records for 7 years beyond the point of contract termination. And we keep some alumni records indefinitely in order to provide transcripts and references.
We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
What are your rights?
If you are a resident of the European Economic Area (EEA), you have certain data protection rights, which means that you have the right of access to your data which we store and process.
- If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
- In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading below.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal items or telemarketing), then please contact us using the contact details provided under the “How to contact us” below.
- Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
We will respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Changes to this Policy
How to Complain
In the first instance, please contact our Data Protection Officer for clarifications, to exercise your relevant rights or for queries and complaints, using the contact details below.
How to contact us
Please contact our Data Protection Officer via firstname.lastname@example.org or 0843 289 9450.