AFCU Data Privacy Notice

Purpose of this privacy notice

The purpose of this privacy notice is to inform our charitable mission partners (such as supporters, guest speakers, conference and event attendees, partner/associate organisations, other 3rd party entities), website visitors and other relevant stakeholders how the Armed Forces Christian Union (AFCU) processes any personal data i.e., about ‘natural’, living people.

This privacy notice describes how we collect and use personal information about you consistent with our legal obligations under the Data Protection Act 2018, specifically UK General Data Protection Regulation (UK GDPR) which deals with the general processing of personal data. This came into effect on 1 January 2021 superseding the EU Regulation 2016/679 General Data Protection Regulation (EU GDPR) as part of the UK’s withdrawal from the EU under the European Union (Withdrawal) Act 2018.

How we use your personal information

We gather and use certain information about you in order to keep in contact with you and enable certain functions of the AFCU. We may also, with your permission, pass details to other UK Christian Military Organisations so that we can enable fellowship and prayer support among UK military Christians. The data that you provide will be seen only by the AFCU permanent staff unless you specifically choose to make certain items visible to other AFCU members via ChurchSuite.

We are committed to respecting your privacy and keeping your personal data secure. When processing personal data, the AFCU adheres to the overarching principles that data should be processed in a manner which is responsible, secure, proportionate, lawful, fair and transparent.

If at any time you no longer wish to hear from us, please tell us on 01973 783123 or email office@afcu.org.uk.

The sort of information that we collect and store includes:

  • Your name.
  • Your rank (where appropriate).
  • Your service (where appropriate).
  • Your contact information – home/work address, email, telephone number and mobile number.
  • Date of birth.
  • Marital status.
  • Spouse’s name (where appropriate).
  • Children’s names and ages (where appropriate).
  • Bank account details if you have completed a form to make a regular donation by standing order.
  • Your Gift Aid status.
  • Your position within an organisation or charitable trust (if relevant, e.g., as a partner organisation).
  • Details about any AFCU organised events you attended (in person or virtually) for organisational purposes.
  • Prayer Support Team (PST) links.
  • Details about unspent criminal convictions attracting custodial sentences for the purpose of supporting any members whilst serving those sentences.
  • IT and security details, such as device details, user activity details and user preferences, browser history details.
  • Details of all contracts and agreements with 3rd parties, including any goods and services provided/received.

Normally we do not collect special categories of personal data (formerly known as ‘sensitive data’). Examples of special category data include information about an individual’s: race; ethnic origin; politics; religion; trade union membership; genetics; biometrics; health; sexual orientation; or unspent criminal convictions.

How personal data is collected

Personal data may be collected directly or indirectly.

Directly There are a number of ways in which we may directly obtain personal data from individuals in the course of our charitable mission dealings. This includes through:

  • Establishing a charitable mission relationship which may involve entering into a contractual or volunteer agreement relationship for the performance of various activities in support of the charitable mission.
  • Completing our online forms.
  • Subscribing to our newsletters and any other website-based subscription services we may set up from time to time.
  • Registering for and attending any meetings or events that we organise.
  • Applying for vacancies or other opportunities.

Indirectly There are a number of ways in which we may obtain other personal data indirectly about individuals. Such data may come from a variety of sources such as in the course of recruitment, charitable mission activities, be publicly available or provided to us by others.

  • Associated entities and third-party organisations. Our charitable missional activities may involve the performance of services with associated entities and other third-party organisations which involve sharing personal data they control as part of that engagement. We do not share your information with other organisations, except in the case of legitimate processing of documents for those involved in AFCU activities, or where required by law.
  • Public open sources. Personal data may be obtained from public registers (such as the Charities Commission), news articles, open data sources, Internet searches and social media platforms (e.g. Facebook).
  • Internal management/administrative systems. We may attach personal data to internal relationship management records to better understand and serve individuals or associated entities in the course of our charitable mission, satisfy a legal obligation, or pursue our legitimate interests.

Why we collect and use this information

We collect and use personal data in different ways in support of our charitable mission activities. Specifically, this includes:

  • For our own internal records necessary to administering our work.
  • To send out our periodic mailings to you by post or email.
  • To provide support to you, such as pastoral or prayer ministry support.
  • To link you with other military Christians or AFCU members in your locality.
  • To enable other members to contact you.
  • Inform you about our events, news, opportunities and other things we think might be relevant to you; and register your attendance request.
  • To request your feedback on products and services that we offer.
  • Administer your donations, including processing Gift Aid.
  • Thank you if you supported our work in a significant way, whether financial, investment of your time or in some other way.
  • Contact you as a representative of a charity or organization (such as a church or charitable trust) for example to confirm speaking arrangements.
  • Keep a record of donations you have made, questions, complaints or other correspondence relating to the work of the AFCU.
  • Supporting network and system security, including of our information systems, applications and websites, or authenticating registered users to certain areas of our sites.
  • Auditing.
  • Detecting and preventing fraud.
  • Complying with legal and regulatory obligation, such as in relation to money laundering, terrorist, fraud and other forms of crime, child safety, tax and immigration requirements.
  • Conducting web analytics.

Our lawful basis for processing this information

We process this information under the Data Protection Act 2018, specifically UK General Data Protection Regulation (UK GDPR) which came into effect on 1 January 2021 and supersedes the EU Regulation 2016/679 General Data Protection Regulation (EU GDPR). This legislation governs the protection of living, identifiable natural persons regarding the processing of personal data, and the movement of that data into and out with the UK.

For personal data to be processed lawfully, they must be processed on the basis of one or more of the legal grounds set out in the UK GDPR, which are the grounds that the AFCU adheres to. These specified legal bases are as follows:

  • Consent: you have given clear consent for us to process your personal data for a specific purpose. [Such as opting-in to receive communications from us by email, telephone, text message or post including by logging into My ChurchSuite; or allowing other members to see information you choose to make available to them].
  • Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
  • Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
  • Vital interests: the processing is necessary to protect someone’s life.
  • Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
  • Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests (i.e., requiring a balancing test between our respective legitimate interests). For example, those going on mission we have a legitimate basis for holding the information required to allow you to travel safely, including insurance, passport information, flight details, visa applications and emergency contact details.

The AFCU will be the ‘data controller’ for the purposes of data-protection laws in relation to any personal information we hold about living data subjects.

The AFCU will never transfer the personal data of supporters and third-party organisations outside of the European Economic Area or to another third country without your permission.

Storing this information

We hold your information confidentially in a secure database system, which only staff trained in data protection may access.

How long we retain personal data for

As a basic principle, we only retain personal data for as long as it is necessary. We retain personal data in support of our charitable mission objectives and activities, especially to stay in contact with you and to comply with applicable laws, regulations and other obligations that we are subject to. Unless a different time period is specified, e.g., under specific legislative, regulatory or contractual obligations, we will normally hold personal data for the following lengths of time:

  • Personal details including name and contact information: While actively engaged with the AFCU and up to six years after such engagement ceases. For volunteers, while they are volunteering with us and up to one year after volunteering ceases.
  • Personnel and training records: While engagement continues and up to six years after engagement ceases. For volunteers, while they are volunteering with us and up to one year after volunteering ceases unless they have served in significant roles (e.g. trustee and leadership) and/or an incident occurred during their period of service to the AFCU in which case six years will be the norm.
  • Contractual and agreement details, including any goods and services provided: Six years following the termination of the contract or agreement date (or each individual contract or agreement date if more than one). For volunteers, while they are volunteering with us and up to one year after volunteering ceases.
  • Financial details: While actively engaged personally or commercially with the AFCU and up to six years after such activities cease.
  • Credit card, charitable giving, payment for AFCU organised events or other activities, information and payment details: While actively engaged and up to six years after such activities cease.
  • Location details: While actively engaged with the AFCU and up to six years after such activities cease.
  • Device details: While actively engaged with the AFCU and up to six years after such activities cease.
  • User activity details and user preferences: While actively engaged with the AFCU and up to six years after such activities cease.
  • Browser history details: While actively engaged with the AFCU and up to six years after such activities cease.
  • Electronic identification data including IP address and information collected through cookies: While actively engaged with the AFCU and up to six years after such activities cease.

When the applicable time period has expired, if there are no other legitimate grounds for retaining personal data, it will be disposed of in an appropriate and secure way.

Security

We will always hold your information securely.

To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security safeguards.

We also follow stringent procedures to ensure we work with all personal data in line with the Data Protection Act 1998.

Requesting access to your personal data

Under data protection legislation, you have the right at any time to find out more about the personal data that we hold on you, what we are doing with that personal data, and why.

To make a Subject Access Request, contact office@afcu.org.uk.

You also have the right to:

  • Object to processing that is likely to cause, or is causing, damage or distress;
  • Request that we restrict or suppress the processing of your personal data, for example on grounds of its accuracy;
  • Request that we assist you in moving, copying or transferring personal data;
  • Object to the processing of your personal data, such as for the purposes of direct marketing;
  • Object to decisions being taken by automated means;
  • In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • Claim compensation for damages caused by a breach of the Data Protection regulations.

If you have a concern about the way we are collecting or using your personal data, we ask that you raise your concern with us in the first instance office@afcu.org.uk. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/.

Changes to this notice

We may make changes to this Privacy Notice and these will be published on our website www.afcu.org.uk.

Further information

If you would like to discuss anything in this Privacy Notice, change your mind on what/ how we may process your personal data, or if you would like to receive a copy of our Data Protection Policy please contact:

Data Protection Officer, Armed Forces Christian Union, Unit 24 Shrivenham Hundred, Majors Road, Watchfield, SN6 8TZ (office@afcu.org.uk/ telephone: 01793 783123).

The AFCU is a Charity registered in England and Wales (registration number 1193977).