1. What is this Policy and why should you read it?
1.2 You should read this Policy, so that you know what we are doing with your personal data. Please also read any other privacy notices/policies that we give you, that might apply to our use of your personal data in other specific circumstances – for example, if you are employed by us or volunteer with us or if you provide a service to us – because this Policy only deals with personal data collected and used by us via our website.
2. Our data protection responsibilities
2.1 “Personal data” is any information that relates to an identifiable natural person. Your name, address and contact details are all examples of your personal data (to the extent that they identify you).
2.2 The term “process” means any activity relating to personal data, including, by way of example, collection, storage, use, consultation and transmission.
2.3 We are a "controller" of your personal data. This is a legal term. It means that we make decisions about how and why we process your personal data and, because of this, we are responsible for making sure it is used in accordance with applicable data protection laws.
3. What types of personal data do we collect when you use and/or interact with us via our website?
3.1 When you visit and/or interact with us via our website, we may collect the following types of personal data:
3.1.1 Contact information: name, phone number and email address (to the extent that you provide these to us, for example when you contact us via the website and/or subscribe to our newsletter). To the extent that you include personal data in any enquiry or event sign-up form sent to us via the website, we will process that personal data too as a result; and
3.2 If any of the personal data you have given to us changes, such as your contact details, please inform us without delay by contacting us as set out at section 12.
4. What do we do with your personal data, and why?
4.1 We process your contact information in order to respond to any enquiry made by you and/or send you newsletters you have subscribed to, and for the management and administration of the Trust. Our lawful basis under UK data protection laws for processing this personal data is: (1) responding to your enquiries: legitimate interest (i.e. it is a legitimate interest that we respond appropriately to your enquiry, and this does not cause you any detriment); (2) sending you a newsletter: with your consent (we only do this if you have consented to receive the newsletter – and each newsletter includes a link for you to unsubscribe. If you want to withdraw your consent at any time you can also contact us as set out at section 12); and (3) for the management and administration of our Trust: legitimate interest and/or to comply with legal obligations.
4.2 We process website usage information in order to ensure that the website functions properly and to ensure its security. See more details about cookies at section 9.
4.3 We may also convert your personal data into statistical or aggregated form to better protect your privacy, or so that you are not identified or identifiable from it. Anonymised data cannot be linked back to you. We may use it to conduct research and analysis, including to produce statistical research and reports.
5. Who do we share your personal data with, and why?
5.1 Sometimes we need to disclose your personal data to other people.
Inside the Community of Sant’Egidio spread throughout the world
Sant’Egidio has a number of Communities around the world. If you have a query regarding another Community, we may share your data with the Community entity to which your query relates.
Outside the Community of Sant’Egidio spread throughout the world
5.2 From time to time we may ask third parties to carry out certain business functions for us, such as IT support and mailing our newsletters. These third parties will process your personal data on our behalf (as our processor). We will disclose your personal data to these parties so that they can perform those functions. Before we disclose your personal data to other people, we will make sure that they have appropriate security standards in place to make sure your personal data is protected and we will enter into a written contract imposing appropriate security standards on them. Examples of these third party service providers or sub-contractors may include marketing and website service providers, or our IT systems software and maintenance, back up, and server hosting providers.
5.3 In certain circumstances, we will also disclose your personal data to third parties who will receive it as controllers of your personal data in their own right for the purposes set out above, in particular if we need to disclose your personal data in order to comply with a legal obligation, to enforce a contract or to protect the rights, property or safety of our volunteers or others.
5.4 We have set out below a list of the categories of recipients with whom we may share your personal data:
5.4.1 consultants and professional advisors including legal advisors and accountants;
5.4.2 courts, court-appointed persons/entities, receivers and liquidators;
5.4.3 professional bodies;
5.4.4 insurers; and
5.4.5 governmental departments, statutory and regulatory bodies.
We may also share your personal data with third parties, as directed by you.
5.5 Third parties, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions (for example, making a donation to us). For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
6. Where in the world is your personal data transferred to?
6.1 Where our processing activities require your personal data to be transferred outside the United Kingdom or the European Economic Area (for example but not limited to if you have query regarding another Community within Sant’Egidio and we share that with the Community entity to whom it relates, or where our use of a service provider involves your data being processed in the United States and/or Israel), we will only make that transfer if:
6.1.1 the country to which the personal data is to be transferred ensures an adequate level of protection for personal data;
6.1.2 we have put in place appropriate safeguards to protect your personal data, such as an appropriate contract with the recipient (please contact us as set out at section 12 if you would like more information);
6.1.3 the transfer is necessary for one of the reasons specified in data protection legislation, such as the performance of a contract between us and you; or
6.1.4 you explicitly consent to the transfer.
7. How do we keep your personal data secure?
7.1 We will take specific steps (as required by applicable data protection laws) to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage. For any questions, please contact as set out at section 12 if you would like more information.
8. How long do we keep your personal data for?
8.1 We will only retain your personal data for a limited period of time. This will depend on a number of factors, including:
8.1.1 any laws or regulations that we are required to follow;
8.1.2 whether we are in a legal or other type of dispute with each other or any third party;
8.1.3 the type of information that we hold about you; and
8.1.14 whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.
9.2 The cookies used on our website are set out in the table below:
10. What are your rights in relation to your personal data and how can you exercise them?
10.1 You have certain legal rights, in relation to any personal data about you which we hold. Some of the rights which may be available to you are: the right to access your personal data; the right to data portability (if certain conditions are met); rights in respect of inaccurate or incomplete personal data; the right to object to or restrict our processing of personal data (certain conditions apply); and the right to erasure of your personal data (if conditions are met).
10.2 Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know. Your withdrawal of your consent won’t impact any of our processing up to that point.
10.3 Where our processing of your personal data is necessary for our legitimate interests, you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.
10.4 If you wish to exercise any of your rights please contact us as set out at section 12 in the first instance.
10.5 You also have the right to lodge a complaint with the ICO, which is the UK data protection regulator. More information can be found on the ICO’s website at https://ico.org.uk/.
11.1 We may update this Policy from time to time to reflect changes to the type of personal data that we process and/or the way in which it is processed. We also encourage you to check this Policy on a regular basis.
12. Where can you find out more?
12.1 If you want more information about any of the subjects covered in this Policy or if you would like to discuss any issues or concerns with us, you can contact us in any of the following ways:
By email at: firstname.lastname@example.org
By telephone at: +447470512900
By post at: Sant’Egidio, c/o London Jesuit Centre, 114 Mount Street, London W1K 3AH
PLEASE READ THE TERMS AND CONDITIONS IN CONJUNCTION WITH OUR WEBSITE'S TERMS AND CONDITIONS.