Restore Enterprise Ltd is committed to protecting individual’s data and privacy in accordance with the provisions of the Data Protection Act 1998 and the General Data Protection Regulations (GDPR) 2018.
1. Who looks after your personal data?
Your personal data will be held by Restore Enterprise Ltd. You can find more information about us and about our work in about us.
2. Who are we?
Restore Enterprise Limited is a UK registered company limited by guarantee.
Within the organisation are office holders who work together to deliver its mandate, such as:
- Community Elders
As part of our mission, we may need to share personal data we hold with the office holders above, so they can carry out their responsibilities. This means we are responsible to you for how we process your data. Under the GDPR, we each are your data controller.
3. Your personal data: What is it?
It is information about a living individual who can identified from that data or any other available data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (GDPR).
4. What data do we collect?
Your name, email address, contact details, IP address, information from cookies, information about your computer or device (e.g. device and browser type), information about how you use our website (e.g. which pages you have viewed, the time when you view them and what you clicked on, the geographical location from which you accessed our website (based on your IP address), company name or business name (if applicable), VAT number (if applicable) and whether you have participated in our webinars or events (and if so how long you were on each webinar call for and / or what dietary requirements you have)
Where they are relevant to our mandate, or where you provide them to us, we may collect demographic information such as gender, age, date of birth, marital status, nationality, education/work histories, academic/professional qualifications, hobbies, family composition, and dependants;
Where you make donations or pay for activities such as fee paid to attend any of our fee-paying events, financial identifiers such as bank account numbers, payment card numbers, payment/transaction identifiers;
The data we collect is likely to constitute sensitive personal data which may be suggestive of your religious beliefs. Where you provide this information, we may also process other categories of sensitive personal data: racial or ethnic origin, sex life, mental and physical health, details of injuries, medication/treatment received, political beliefs, labour union affiliation, genetic data, biometric data, data concerning sexual orientation and criminal records, fines and other similar judicial records.
5. Why we process personal data?
We process personal data for some or all of the following purposes:
- To enable us to meet all legal and statutory obligations;
- To deliver our mandate to our community and to carry out other activities for the benefit of our users as provided for in the constitution;
- To minister to our users and provide them with pastoral and spiritual care;
- To administer membership records;
- To fundraise and promote the interests of the organisation;
- To maintain our accounts and records;
- To inform individuals of news, events, activities we provide;
- To process a donation that you have made (including Gift Aid information);
- To update our users on, products and services, news and events, webinars and courses;
- To find out what our users think of our products and services, events, webinars and courses.
- To understand our users’ motivation and behaviour to improve our digital estate.
- To send communications which have been requested for and that may be of interest to our users.
6. How do we collect your data?
We collect your data when you provide it to us (e.g. by contacting us via our website, registering for one or more of our events or to subscribe to receive emails). We also collect data from your use of our website, using cookies and occasionally from third parties.
7. What is the legal basis for processing your personal data?
Under the GDPR, Restore Enterprise Ltd processes your data on the basis of:
- Legitimate interest – in relation to performing our ecclesiastical duties to our members.
- Legal obligation - in relation to meeting all our legal and statutory obligations as required in our constitution.
- Contract – in relation to an agreement which the person has entered into or because the person has asked for something to be done so they can enter into a contract or agreement with us
- Consent – in relation to informing users of our products and services about our activities and events.
- Special category data – Restore Enterprise Ltd also has a legitimate interest in processing information about your religious beliefs to administer membership or contact details under Article 9(2)(d) of the GDPR. We will first obtain your consent where this is required.
8. Who do we share your personal data with?
Your personal data will be treated as strictly confidential. It will only be shared with third parties where it is necessary in relation to the provision of our products and services or where you have given us prior consent.
Part of our business activity requires using third parties to perform certain business-related functions which involves processing your personal data on our behalf. These organisations include our event booking agencies, data analysis service providers, email service providers, social media network sites and others. When we engage these organisations to perform such functions, they provide us with information, including Personal Data, in connection with their performance of such functions.
Whenever you use the services of our third-party providers you have the option to provide or withhold your personal information in accordance with this privacy notice. However, we will not be able to provide you with any of our products and/or services if you do not provide the required information as requested. For more information about our third-party providers’ privacy policies, click on the relevant links below:
9. How long do we keep your personal data?
We will keep some records permanently if we are legally required to do so. We may keep some other records for an extended period of time. For example, it is current best practice to keep financial records for a minimum period of 7 years to support HMRC audits. In general, we will endeavour to keep data only for as long as we need it. This means that we may delete it when it is no longer needed.
We use appropriate organisational and technical measures such as storing your information on secure servers, using only encrypted payment providers, to protect the personal data we have under our control (having regard to the type and amount of that data), from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.
We will ensure that your information will not be disclosed except if required by law or when requested to by regulatory bodies or law enforcement organisations.
We will only grant access to your information where necessary.
Transfers of your information outside the European Economic Area
Use of automated decision making and profiling
We do not make use of automated decision making and/or profiling decision-making software.
10. What are your rights?
If at any point you believe the information we process about you is incorrect you may request to see this information, and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our office and we will investigate to resolve the matter.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
Under the General Data Protection Regulation (GDPR), you have a number of rights in relation to your personal information including:
- The right to access the personal information we have about you. Individuals can find out if we hold any personal information by making a ‘subject access request’ (SAR) under the GDPR;
- The right to ask us to correct personal information that is wrong or incomplete;
- The right to ask us to stop using or delete your personal information;
- The right to receive any personal information we have on you including: our purpose for processing your personal data, our retention period for that personal data, and who it will be shared with. This is called ‘privacy information’.
11. Further processing
If we wish to use your personal data for a new purpose, not covered by this Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
12. Changes to this privacy notice
13. How to contact us?
Restore Enterprise Limited
N1 4LD, UK