LWIC PRIVACY NOTICES PURSUANT TO THE EU GENERAL DATA PROTECTION REGULATIONS (GDPR) OF MAY 2016 / DPA 2018
The European Commission (EU) proposed the General Data Protection Regulation in 2012 to support the evolving European digital economy. One of their goals was to enable a freer flow of data across the EU by drafting a single law for protecting data and streamlining dozens of different data protection laws that applied to each Member State. These laws, like the UK Data Protection Act 1998, were based on the older EU Data Protection Directive from 1995. The EU recognised that whilst the principles and particulars of the 1995 Directive still held true, the digital economy and advances in technology meant that it needed to be updated and overhauled to keep abreast of these rapidly moving areas, and to meet the other challenges that hindered the free flow of information.
A new law was needed to address other challenges, including growing societal concerns around how personal data was used by public and private bodies, especially governments and security agencies. It needed to accommodate a growing desire for people to control how their personal data was being used, and greater transparency around its processing.
On top of these challenges, confusion and inconsistency had grown across the EU concerning such things as seeking, obtaining and managing consent to process data, which the new law would need to address. There was a clear need to better govern newer capabilities, which included automated processing and profiling of individuals. The new law would also need to improve how such processing was governed with clearer, more precise stipulations for these newer capabilities.
The result has been to develop, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data a.k.a. the General Data Protection Regulation (GDPR). The GDPR was agreed and adopted in May 2016 and allowed until May 2018 for member states to implement it in law in their respective countries. It came into full force in the UK in May 2018.
The GDPR established a set of obligations for every entity that processes the personal data of European Union nationals (natural persons) and data subjects regardless of where this processing occurs. Therefore, the law has global application in so far as the data of EU subjects are involved. Some data controllers are required to appoint a Data Protection Officer and to ensure that there is a compliant framework for data processing and cross- border data transfers. There are draconian fines, rising up to €20M (Twenty Million Euros), for breaches and non-compliance.
LWIC is considered a data controller for the purposes ofthe GDPR because it plansto obtain and retain personally identifiable data from European data subjects on online platforms, at fundraising events and training programmes. Therefore, LWIC is required to implement organisational and technical measures for data protection by design and by default.
LivingWord InternationalChurch(“LWIC”) is committed to preserving the privacy of its members, volunteers, donors, and beneficiaries on our websites, mobile apps, emails, social media accounts, text messages, and other emerging digital interfaces (“platforms”). We will never share or sell your information.
Who are we?
Living Word International Church is a faith based, UK registered Charity (1113936) and Company limited by guarantee in England. We are located at Deanway, Chalfont St Giles, HP8 4LH, England.
We are dedicated to working with individuals, families, and communities to reach their full potentials in life based on the Word of God by the power of the Holy Spirit.
When do we collect information from you?
We collect information about you directly from you and from third parties, as well as automatically through your use of our platforms.
Information We Collect Directly From You.
We collect information about you when you visit any of our premises to attend an event or conference, to receive training, to serve as a volunteer, or to receive other services. We may also collect personal and special category information directly from you during the course of your interactions with us, for example, when you register for conferences or events, when you make a donation, and when you complete a Gift Aid donor form or fill other forms. We also collect information from you when you provide such information through the use of our platforms.
Information We Collect Automatically
Over time, we may automatically collect the following information about your use of our platforms through cookies and other technologies: your domain name; your browser type and operating system; your connection speed; web pages you view; links you click; your IP address; your device ID; the duration of your visit; the referring URL, or the webpage from which you clicked through to our platform. We may combine this information with other information that we have collected about you, including, where applicable, full names and your online user name, information about your avatar, and other personal information we hold about you.
Such information about your use of our platforms (e.g. your IP address, operating system, Internet browser, connection speed, and the domain name of your Internet service provider) may be gathered by the following methods:
- We use the following types of cookies:
- Session Cookies. Session cookies exist only during an online session. They disappear from your computer when you close your browser orturn off your computer. We use session cookies to allow our systems to uniquely identify you during your visit to any of our platforms or while you are logged into a site for long period. This allows us to verify your identity, review and respond to your requests, and process your online transactions as you move through our platforms.
- Permanent or Persistent Cookies. Persistent cookies remain on your computer after you have logged off from our platforms, closed your browser or turned off your computer. We use persistent cookies to
collect statistical information about user activity. This enables us to improve our services to you.
- IP Address. You may visit many areas of our platforms anonymously without the need to log into an account or become a registered User. However, even in such cases, we may collect IP addresses automatically. An IP address is a number that is automatically assigned to your computer whenever you register with or begin to use the services of an Internet service provider. Each time you access our platforms and each time you open a page on any of our platforms, our local server or the server of our hosting service will log your IP address.
- Web Beacons. A web beacon is a small piece of data, typically an image of just one pixel that is embedded in emails and web pages and delivered to your device in an HTML email message, in an app, in an advert, or as part of a web page request. Web beacons are typically used for site performance monitoring and analytics such as site traffic reporting, counting unique visitors, auditing, personalisation, page load speed and advertising. We may use web beacons in messages that we send to you to determine whether you have opened those messages and/or clicked on links in those messages. The information from our
use of web beacons may be collected in a form that is personally identifiable information.
- Device ID and Advertising ID. Device ID is a unique identifier that can be used to identify a mobile device such as a PDA or a Smartphone. They can typically only be accessed via an app and not from the mobile web. The latest devices also provide a re-configurable advertising ID that allows ad targeting and tracking without relying on an identifier uniquely linked to the device. We may use device ID and advertising ID, as may be required, to collect statistical information about user activity.
- Tracking Content Usage. If, in the course of using our platforms, you copy and post any text or audio-visual materials including, without limitation, artwork, graphics, video, pictures, logos, or sound (collectively, “Content“) to your own Web site or to a third party Web site, we may automatically track and capture Non- personally identifiable information associated with the use of Content. Please see our Intellectual Property Notice at the end of this page.
What type of information is collected from you?
We only collect data that is relevant for the purpose of providing services to you, to our members, to our volunteers, and to our beneficiaries. Information we collect might include: your name, title, contact address, email address, contact numbers, date of your visit to our premises, date and content of any request, audio-visual files (photographs, videos, graphics, and text collected in the course of services or during events), and information including but not limited to the number of website visits, and resources accessed and downloaded.
We do not store your card information if you make a donation online or purchase a product from an online shop linked to any of our platforms or linked to any of our partners or affiliates. This information is collected by third-party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions.
We also collect information in connection with your privacy preferences such as any consent or restriction that you provide in relation to your information and your visit.
How do we collect information from you?
We obtain information about you when you visit any of our premises or any of our platforms, for example when you attend a service or an event, or you contact us for information, visit our website or social media platforms, make a donation, become a member or if you register to receive our newsletters by postal or electronic mail.
How is your information used?
We may use your information to:
- Send you communications that you have requested about us, our events, donations, charity news, and how you can support us
- Process donations you have made
- Process requests you have made
- Answer your inquiry by post, telephone, mobile phone, or by email
- Register you for events and conferences
- Establish and maintain contact with you including providing you with regular
correspondence or newsletters Provide you with access to our platforms
- Communicate with you about your use of our platforms
- Provide other services that are relevant to you such as periodic reminder emails about events, services or other information which we believe may be of interest to you.
In addition, we may use your information in automated technologies as follows:
- System Administration. We may use your information for the purposes of system administration, monitoring our system, assisting in diagnosing problems with our servers, performance and traffic on our platforms, and to gather broad demographic information about visitors to our premises and platforms.
- Notices to Registered Users. If you have registered for an account on any of our platforms, we may use your personally identifiable information to send you e-mails regarding your registration, including confirmation to verify the accuracy of any information you have provided, and instructions on how to participate or make contributions to our newsletters or platforms. We may also send you e-mails to verify your identity or to notify you if we believe your use of our platforms violates any applicable agreement for the use of our platforms.
- Promotional E-mails. We may use your personally identifiable information to send you e-mails periodically listing promotions or events relating to our services and activities or from our marketing partners or sponsors. You have the choice to opt-out of receiving such promotional e-mails by simply scrolling down in any such email and clicking on the email’s “SafeUnsubscribe” link. Once we have processed your opt-out request, we will not send you promotional e-mails unless you opt back in to receiving such communications, including through implicit opt-ins when you download our promotional news or other information from our platforms or attend our hosted events.
- Product and Service Announcement E-mails. We may use your personally identifiable information to send you e-mails periodically on our new service updates. You have the choice to opt-out of receiving such e-mails by writing to us or sending an e-mail to email@example.com or following the instructions in such correspondence. Once we have processed your opt-out request, we will not send you automated service announcement e-mails unless you opt back in to receiving such communications.
- Contact Information. If you contact us by telephone, e-mail or letter, we may keep a record of your contact information and correspondence. If you report a problem with any of our platforms, we may collect this information in a file specific to you. You may contact us by postal mail or by sending an email to firstname.lastname@example.org to request the removal of this information from our
You can choose to receive or not to receive information from us. If you do not wish to receive information from us please send your written request by postal or send an email to email@example.com to request the removal of your information from our database. Where applicable, you may also tick the relevant boxes on the Communications Preferences form or subscribe / unsubscribe options in our print and electronic newsletters and mail-shots, respectively. Unless we receive your consent, we will not contact you for event notifications, donations, promotions, or marketing purposes by email, phone or post.
Access to Your Information (User Choice)
You can request access to personal information that we hold about you and you may request to opt-out of using your data to customise information we send to you or share about you. We will provide you with access to your personal information and respond to any related request within 30 working days of receiving your request, unless we are legally obliged to refuse your request.
- Access or Change your Information. Upon request, we will update or correct personal information previously collected, but only to the extent that such action will not compromise the privacy or security interests of other users of any of our platforms. Additionally, upon request, we will delete from our database any personal information you do not want us to hold. However, it may be impossible to entirely delete your information without some residual data or metadata being retained due to the manner in which data backups are made and maintained.
Keeping Your Personal Information Up toDate
We will keep your personal information up to date based on the information you have provided to us. Please contact us if you wish to change personal information that is out of date or inaccurate. We shall take reasonable steps, within the shortest possible time, to correct any of your information which is inaccurate, incomplete or out of date.
How Long Do We Keep Your Personal Information
How We Share Your Information
We may share your information, including personal information, as follows:
- Service Providers. We may disclose the information we collect from you to third party service providers or agents who perform functions on our behalf. Merger. If we merge with another organisation or if substantially all of our assets are transferred to another organisation, or as part of a liquidation proceeding, we may transfer the information we have collected from you to the other organisation.
- Legal Process. We also may disclose the information we collect from you in order to comply with a legal request such as a court order or subpoena. To Protect Us and Others. We also may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, security threats, suspected fraud, violations
of our Terms of Service or this Policy, or as evidence in litigation.
- Aggregate and De-Identified Information. We may share aggregate or deidentified or pseudonymized information about users with third parties and publicly for marketing, research or similar purposes. Please note that except as noted above, we will not sell or share your personal information with any third party without your consent.
Safeguarding Your Information
We are committed to ensuring that your personal information is secured. Therefore, we implement adequate technical and organisational measures for data protection by design and by default. This enables us to mitigate the risk of unauthorised access or disclosure of your information.
We protect your personal information using various technologies and safeguards, including Secure Socket Layer (“SSL”), which is an encrypted communication protocol. SSL is a standard format for transmitting secure data from your computer to our local or third party servers. SSL works by using a private key to encrypt data that is transferred over the SSL connection. You will know SSL is being used when you see “https” preceding a Web address, rather than “http.”
Additionally, we restrict employee access to databases containing personal and financial information, we impose confidentiality requirements upon employees who do have access to databases containing personal and financial information, and we make reasonable endeavours to ensure that our subcontractors, affiliates, partners, and third party service providers similarly implement technical and organisational measures for data protection. In order to most efficiently serve you, credit card transactions and billing may be handled by third party financial institutions, which may only use your personal and financial information in connection with the business services they perform for us. All information they receive is via SSL.
Although we use reasonable efforts to safeguard the security of your personal and financial information, transmissions made on or through the Internet are vulnerable to attack and cannot be guaranteed to be secure. In addition, submissions made via e- mail are not protected by SSL technology and are vulnerable to interception during transmission. You hereby accept that we are not responsible for any intercepted
information sent via the Internet, and you agree to hold us harmless and release us from any and all claims arising out of or related to unauthorised and accidental access to, loss of, and disclosure of your personal information or for any intercepted information that causes loss or harm to you in any way.
Special Note Regarding Children Under 16 Years of Age
We do not intentionally collect or maintain any personally identifiable information from natural persons under the age of 16 (“Minors”) without the consent of a parent, guardian or other responsible adult. Where we collect such information, it is restricted to basic information for the purposes of protecting the vital interests of the minor (e.g. in an emergency); acting in the legitimate interest of the minor; performing a task in the public interest; performing a legal obligation; or performance of a contract for the benefit of the minor.
If you discover your minor child or minor ward has submitted his or her information to us without your consent, you must contact us to either provide your consent or request to have such information deleted from our database by sending an e-mail request to firstname.lastname@example.org together with the e-mail address that was submitted by the Minor. Upon receiving the request, we will use reasonable efforts to delete such information.
Some information on our platforms may not be appropriate for minors. For example, some text or audio-visual content may contain sermons, speeches, messages, articles, or videos that are appropriate for adults only. Minors are only authorized by us to access age-appropriate content on our platforms. If we learn that a Minor is using our platforms except as provided in this section, we will require verified parental or
guardian consent, in accordance with the GDPR; Children’s Online Privacy Protection Act of 1998 (“COPPA“); and other applicable regulations and statutes.
Links to Third Party websites
From time to time, our platforms may contain links to third parties such as affiliate groups, partners and service providers (e.g. Google maps). These links are provided as a convenient way for you to obtain further information only and the content of such third party websites, apps, and social media accounts (“platforms”) is not approved by or the responsibility of our organisation.
These links may allow third parties to collect personally identifiable information and non- personally identifiable information directly from you. Additionally, we may use third parties to provide components of our platforms. In either case, such third parties may have separate privacy policies and data collection practices, independent of us. We: (a) have no responsibility or liability for these independent policies or actions; (b) are not responsible for the privacy practices or the content of such third party platforms; and (c) do not make any warranties or representations about the contents, products or services offered on such third party platforms or the security of any information you provide to them.
How to contact us
Living Word International Church
GDPR PRIVACY NOTICES Page 11
Chalfont St Giles
Tel: +44 (0) 1753 551 405
Last updated August 2019
Copyright and the use of LWIC Intellectual Property (Logo, images, video, text etc.)
Written permission must be obtained from LWIC before any proprietary material can be used in any manner. We use technological tools to monitor the Internet for violations.