- How we collect personal information from you
- What information we collect about you
- How we might use your information
- Social media
- Basis of processing your data
- Applying for a job or volunteering with us
- How and where we store your information
- Third Parties
- Where we store your personal information
- When we share your information
- How we treat children and vulnerable persons
- Your choices and telling us when things change
- Your information - your rights
- Changes to this policy
Thank you for the support you give to the persecuted church through Open Doors. Your gifts, prayers and actions give practical help as well as courage and strength to those who risk their lives as witnesses for Christ. Because of you, our brothers and sisters in the persecuted church know that they are not alone or forgotten.
Our Privacy Pledge
- We store your personal data securely.
- We ensure your data’s security when dealing with banks and the postal service.
- We won’t share your details with anyone else.
- We won’t call you asking for donations.
- You can change your preferences or opt out from communications at any time.
- If you have any questions, comments or want to change your mailing or contact preferences, contact email@example.com or call 01993 460015.
About Open Doors
Open Doors UK and Ireland (ODUK&I) is an international ministry serving persecuted Christians and churches worldwide. We are a charity registered in England and Wales (1125684), Ireland (20140984) and Scotland (SC043710). Our correspondence address is: Open Doors UK, PO Box 6, Witney, Oxfordshire, OX29 6WG, United Kingdom.
For the purposes of this document, ‘us’, ‘we’ and ‘our’ refer to ODUK&I.
How we collect personal information from you
Personal information is collected directly from you when you interact with Open Doors. For example,
- Making a donation
- Purchasing a gift
- Sending or receiving an email
- Making an enquiry
- Visiting our websites
- Applying for a role at Open Doors
- Taking part in an event
- Volunteering for Open Doors
- Signing up to a campaign or newsletter
- Where we have a face to face relationship with you
Information may be collected in person, over the phone, through our websites, social media, email or from something you’ve posted to us.
What information we collect about you
The information we hold will typically include some or all of the following:
- Your name
- Postal address
- Email address
- Phone number
- Your year or date of birth, to ensure we send you age appropriate materials
- The activity that you have completed or the information you have requested
If you make a donation, we may collect:
- Bank details
- Credit card details
- Gift Aid Declaration details
If you interact with us online, we may also collect:
- IP addresses
- Details of pages visited
- Details of files downloaded.
Website usage information is collected using cookies: see the section on Cookies below.
We may collect information from Companies House, the Charity Commission, and information published in articles, newspapers or social media.
Where you provide the information, we may collect personal data such as:
- your denomination or church
- your religious beliefs
For employees and supporters travelling with Open Doors, we may store and share with a travel organiser or company your medical details, and if you participate in an event that we have organised, we may ask you to provide information to make sure we can manage the event safely and efficiently. We may also ask you for details of any accessibility needs you may have, so that we ensure our event is inclusive, in line with the provisions of the Equality Act 2010.
We may also receive information about you from other sources (including public sources). This is explained in the ‘How we might use your information’ section below.
How we might use your information
We may use the personal data we collect to:
- Keep you up-to-date on news and the impact of Open Doors’ work
- Ask for financial and non-financial support, such as volunteering or prayer
- Process donations you give us, or to support your fundraising for us, including Gift Aid
- Provide information or resources, such as church packs, you have requested
- Provide a personalised service, such as customised website content or personalised emails
- Keep records of your relationship with us, e.g., feedback you have given or complaints you have made
- Classify supporters by location, for example Scotland, Ireland or Wales
- Conduct market research to aid our understanding of our supporters and their views, so we can provide a better service.
Tailoring our communications
We have a duty to make sure that we’re spending your donations wisely, and that means doing some research and analysis to ensure we send you the most appropriate communications, including acknowledging your past support and actions, demonstrating accountability and impact. In order to work out whom to contact, what to say and when to get in touch, we carry out the following activities:
- We look at information such as postcodes of supporters
- We look at whether donations have been given regularly
This helps us to tailor appropriate communications to you, to demonstrate the impact of your support, as well as improve your experience as a supporter.
We may use your information to invite you to become involved with us in new ways or raise funds.
Personalising our interactions with you and responding to information about you.
Major gifts require a higher level of accountability both in presenting funding proposals and in demonstrating impact. We undertake in-house research and may engage other organisations to help us identify organisations and individuals who wish to support the persecuted church, using information donors have given us and publicly available records. We may also collect information on donors’ interests, for example board memberships, hobbies, or articles in newspapers or magazines. We use this information to tailor our communications and to invite potential supporters to meetings, groups and events which may be of interest to them.
Here are some examples of the sources we might use:
- Public registers (e.g. Electoral roll, Companies House, Land records)
- Articles in newspapers or magazines
- Subscription services (e.g. Directory of Social Change, opencharities.org, Trustfunding.org, New Trust List service)
- Internet search engine results
- Open postings on social media sites such as LinkedIn and Twitter
- The Charity Commission, Local Authority and government websites
- Public websites and blogs
- Professional registers (e.g. NHS employees (doctors), Academics, Solicitors, Accountants, Chartered Surveyors, House of Lords Register of Interests, City of London Directory and Livery Companies Guide, Office of the Scottish Charity Register (OSCR), ACF (Association of Charitable Foundations), Smee & Ford), Deaths and marriages registers (e.g. Mortascreen or National Deceased Register)
If you make a major gift to our work, you will be offered a Relationship Manager who will discuss and agree with you any concerns you may have about the personal data we hold and the methods of contact suitable for you. We will do this at the earliest convenient opportunity. Where you do not wish to pursue such a relationship with us, we will not retain any additional, publicly sourced, personal data about you that we have used for this purpose.
Your settings or the privacy policies for social media and messaging services might give permission to access information from these sources. If we do access this data, for example to assess the effectiveness of our communications, we will not currently add this to your personal details that we hold. We advise you to check the privacy settings on your social media provider to ensure you are happy with the level of privacy you have chosen.
Basis of processing your data
If you are a new supporter, on or after 25 May 2018, we will process your personal data on the basis of the consent you provide us with. You are free to request a change to your contact preferences at any time by contacting us by telephone, post or email, as shown in the section ‘Your choices and telling us when things change’ below.
We will send you whatever you’ve asked for, e.g. a resource you’ve ordered – or write a letter to acknowledge a gift. This doesn’t affect your other communications preferences.
- If you are an existing supporter, as at 25 May 2018, and have requested emails, we will continue to send emails to you. The General Data Protection Regulations (GDPR) call this legitimate interest.
- We may also contact you by post or telephone where we have a legitimate interest to do so – for example, to follow up a request you have made. We will never call to seek a donation. For example, where you have previously made donations to ODUK&I, we may continue to send you information about the work your donation is making possible or other ways to get involved.
- Where you have previously asked us not to contact you in this way, we will continue to respect your contact preferences.
- You can amend your preferences at any time by contacting us by via telephone, post or email as shown in the section ‘Your choices and telling us when things change’ below.
- When you make a donation or a series of donations, express an interest in our work, or show a potential to give to our work, we will rely on our legitimate interest in order to collect additional information as noted in the Fundraising section above. This helps us to identify those supporters who would benefit from an initial discussion with a Relationship Manager and to ensure we demonstrate appropriate levels of accountability for how we use donors’ funds.
- We may also share details of the difference our work makes and update you on other ways you could support your persecuted family, for example letter writing, using new resources or raising funds.
- Legacies are an important way in which many supporters choose to remember their persecuted brothers and sisters. As an organisation we have policies that document the need to keep data, and, in turn the need to delete data. With regard to legacies, we may keep data you provide indefinitely to carry out the administration of legacies - sometimes we have to prove for how long someone has supported ODUK&I - and to communicate with the families of those leaving us legacies. In this case the deletion of personal data would not be appropriate. This is explained further in the “How and where we store your information” section below.
- ODUK&I also has a legal duty to forward information if it is required by law or by a regulatory body. For example, a Gift Aid audit by the HMRC, or if asked for details by a law enforcement agency.
Applying for a job or volunteering with us
If you apply for a job with us, and you provide personal and sensitive personal data such as the information on your CV or Application Form, we will process and store the personal data we collect to:
- Support the recruitment and selection process
- Answer any questions you may have
- Use third parties to provide services such as references, qualifications, verification of information you have provided, health screening and psychometric evaluation or skills tests
- Undertake checks on criminal convictions
- Provide anonymised data to monitor compliance with equal opportunities policy.
If you work for Open Doors via an agency that Open Doors has a contract with, we commit to ensure that the agency is also compliant with the General Data Protection Regulations.
If you submit your personal information to a job board, online recruitment tool, social media platform, headhunting agency etc. your details could then be passed to Open Doors. We recommend that you ensure you have given your consent to that organisation who may share your data. If we receive your details via a third party and are unclear about consent, we may either check with you before using your data further or fully delete the information.
If you do not join us as an employee or volunteer for any reason, your data will be stored for a proportionate length of time in line with the ODUK&I Data Retention Policy to ensure compliance with best practice, fairness and legislation.
If you volunteer or travel on a trip with us, and provide personal and sensitive data, such as dietary, mobility requirements or specific health information, we will store, process and disclose the personal information we collect to:
- Deliver a safe trip or event for you and others involved, including the disclosure of sensitive data, such as medical information, to our partner(s) where necessary.
- Provide the administration of these events or opportunities to serve.
- Monitor the quality of the volunteering opportunity or trip provided.
- Answer any questions or feedback you may have.
- Provide anonymised data to monitor compliance with our equal opportunities policy.
Legal basis of processing your data
If you provide personal and sensitive data when applying for a job or to volunteer with us, we will process that data based on consent given by you at the point that the data is collected, or if existing information, based on legitimate interest.
How and where we store your information
We will keep your personal information only for as long as we consider it necessary to carry out each activity. We have a Data Retention Policy and Schedule to manage this, to summarise:
In the course of carrying out the day-to-day operations within ODUK&I, a wide range of recorded information is created. Records need to be properly retained to enable ODUK&I to meet its business needs, legal requirements and obligations, accounting and tax considerations, as well as realising what is required to evidence events or agreements in the event of allegations or disputes and to ensure that any records of historic value are preserved.
The untimely destruction of records could affect:
- The conduct of ODUK&I business
- The ability of ODUK&I to defend or instigate legal actions
- The reputation of ODUK&I and
- The ability to comply with statutory obligations.
Conversely, the permanent retention of records is undesirable and disposal is necessary to free up storage space, reduce administrative burdens and to ensure that ODUK&I does not unlawfully retain records for longer than necessary (particularly those pertaining to personal data).
If you have any questions about our Data Retention Policy, please contact us in writing at:
Data Protection Officer
PO Box 6,
We ensure that we have appropriate technical controls in place to protect any personal data you provide. For example, we ensure that any online forms are encrypted and our network is protected and routinely monitored. Despite all our efforts, the internet cannot be guaranteed to be 100 per cent secure, and there is always a risk when you submit data. Nevertheless, we continue to invest in protecting your data in full compliance with best practice.
We ensure that access to personal data is restricted only to those staff members or volunteers whose job roles require such access and that suitable training is provided for these staff members and volunteers. All employees and volunteers sign a confidentiality agreement when they commence working with ODUK&I.
We may make limited use from time to time of trusted external companies to collect or process personal data on our behalf, such as fulfilling orders or processing donations. When we do so, we carry out checks on these companies, and to ensure they will handle personal data securely and safely we have contractual arrangements with the companies to ensure our requirements are clear. When we do use external companies, we remain responsible for the storing and processing of your personal data.
Credit / Debit card security
If you use your debit or credit card to donate to us, purchase something or pay for a trip, whether online, over the phone or by mail, we will process your information securely in accordance with the Payment Card Industry Data Standard.
We do not store your debit or credit card details once your transaction has been completed.
We hold bank account details for the purpose of collecting direct debits in accordance with direct debit mandate rules.
Where we store your personal information
The data we process and store is within the European Economic Area (EEA). It may be that some of our suppliers use cloud-based storage; however, we take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. We adopt the Information Commissioners approved measures and therefore ensure that personal data is held in compliance with European data protection regulations. We take all reasonable steps to ensure that your data is stored and processed securely in accordance with this policy. By submitting your personal data you agree to this transfer, storing and processing of your information.
Should you travel overseas with us, we may share personal information with partners who deliver our work in overseas locations. For example, this may include sensitive personal data such as medical information and passport details. When we do so we will make you aware of the data being transferred and gain your consent to do so.
When we share your information
We do not share or swap your information with any other charities or organisations for the purposes of their marketing – as this would conflict with our core values and desire to treat supporters with respect.
Our service providers and third parties
From time to time we may employ trusted suppliers to carry out tasks on our behalf, such as fulfilling orders, managing events, supporting our systems, or processing donations. These agents are bound by contract to protect your data and we remain responsible for their actions.
We use external parties to provide services such as event ticketing, data capture and email processing. In some circumstances we work with suppliers who may hold your data outside of the EU in the US and who also subscribe to the US-EU privacy passport. In some cases supporters who use these services may become a customer of the third party in conjunction with being a customer of ODUK&I if this is the case we will make it clear on the web page, and to exercise your rights to be forgotten or to access your data you will need to make these requests directly to these third parties.
We may provide third parties with general information about users of our site, but this information is both aggregated and anonymous. However, we may use IP address information to identify a user if we feel that there are or may be safety and/or security issues or to comply with legal requirements.
What are cookies?
We collect data using cookies. A cookie is a text file that is sent from our website as soon as you visit the site. It is stored on your computer’s hard drive and helps us to identify your computer (not you) and collects information in an aggregate, anonymous way.
We collect cookies:
- To enable users to complete actions on our website without creating an account
- For account registration and logging in
Cookies may be used to collect information about your visit to our website, such as:
- Traffic data
- Location data
- Device information
- The date and time of your visit
- The pages that you visit
We may use this information to:
- Customise the content on our website and help to understand visitors’ current and future needs
- Process any requests, applications or transactions you may make
- Aid internal administration and analysis
You can find more information about cookies at Cookiepedia and at aboutcookies.org.uk
Most browsers allow you to turn off the cookie function. To do this you can look at the help function on your browser or visit aboutcookies.org.uk.
To experience the ODUK&I website to the full, we recommend that you leave cookies turned on. If you turn off cookies then you may not be able to enter parts of the site.
Third Party Cookies
ODUK&I works with a number of third party suppliers who set cookies on our website to enable them to provide us with services. These are mainly used for reporting and advertising purposes so we can improve the way we communicate.
We use websites such as YouTube and Vimeo to embed videos and you may be sent cookies from these websites. We do not control the setting of these cookies, so we suggest you check the third party website for more information about their cookies and how to manage them.
As some of these services may be based outside of the UK and the European Union, they may not fall under the jurisdiction of UK courts. If you are concerned about this you can change your cookie settings (see above) and can find more information about this here.
How we treat children and vulnerable persons
We do not actively seek to collect data for children under the age of 12, and we require a date of birth for anyone under 21 to ensure that we provide age appropriate materials.
Supporters in vulnerable circumstances
We recognise the importance of identifying and supporting people in vulnerable circumstances. Members of our Inspire Team who send or respond to supporter emails, mailings or calls are trained to identify signs of vulnerable circumstances and to deal with the supporter appropriately in line with our 'Guidelines for safeguarding vulnerable supporters' policy.
Personal information will be recorded so that we may respond appropriately in future, for example by ceasing fundraising requests or no longer making calls.
Your choices and telling us when things change
You can change your preferences on which communications you receive from us, including marketing and fundraising materials, or how we contact you, by mail, phone or email, at any time.
You can do so by:
Calling us on: +44 (0)1993 460015
Emailing us on: firstname.lastname@example.org
Write to us at:
PO Box 6
Updating your details
We want to communicate with you effectively. It’s much easier if your details are up to date, so we really appreciate it if you let us know when your details change. You can do so in the same way as updating your preferences (above).
If we are unsure of the details you have entered on a form, or if you have changed address and given the Post Office permission to share this, we may use Post Office address search, postcode lists or other available sources to confirm data that you provide us with.
However, if you continue to give regularly and items such as the Open Doors magazine are returned to us, we may use external sources to update your address details, if we are unable to reach you in any other way. This is so that we may update you on how your money has been spent through our news and stories.
How to have your information deleted
The General Data Protection Regulations introduce a right for individuals to have personal data erased and this can be requested verbally or in writing from the data protection officer or via Inspire. If you have donated to us and requested that we Gift Aid your donation, we are legally required to keep your information for at least six years after the date of your last gift, and in these circumstances we cannot delete your data. However, we can and will remove your consent to be contacted by us.
How your data will be deleted
We retain information on previous customers for analysis purposes, and so the action we will take is to anonymise your data so that we can continue to use this information for historical research and statistical purposes whilst preserving your privacy. We have a standard procedure for doing this across all of our record systems. Our commitment is to complete this change within one month of the request being received.
What about data you share with other organisations - will this be deleted?
We do not share your information with third parties except where we need to fulfil a contract, e.g. a Gift Aid claim or if you travel with us, and this data is subject to our need to retain this information.
Your information - your rights
For any of the following areas, please contact the Data Protection Officer:
Data Protection Officer
PO Box 6
Telling us to stop processing
You have the right to ask us to stop using your personal information for marketing purposes or for any other purpose where there is no legal requirement for continued processing.
How to request a copy of the information that we hold about you, otherwise known as a Subject Access Request
You have the right to ask for a copy of all the information related to you that we hold.
How to ask us to amend or delete your information
If your information is out of date, or if there is no longer justification for us to hold it, you can ask for it to be updated, removed or blocked by contacting the Data Protection Officer in writing.
How to request your information
You can ask for a copy of any personal information that you have provided to us in the past. We will provide it in a clear and easy to follow format.
Changes to this policy
This policy was last updated in March 2019. We may amend this policy from time to time to take account of changes to our processes or changes to data protection or other associated legislation. If we make any significant changes to this policy we will show this clearly on our website, and/or by contacting you directly.