Exodus Privacy Policy

The vision of Exodus is to see generations of young people, boldly following Jesus and becoming lifelong disciple makers 

We are delighted to share our vision and adventure with thousands of young people, youth leaders, parents, volunteers, staff, interns and supporters.

This Privacy Policy applies to everyone who connects with Exodus and sets out why and how we collect and use the personal information provided to us (online, in person, in other correspondence or from other sources).

The principles that guide our approach are as follows:

We believe deeply that each individual matters and so your interaction with Exodus will reflect that. In particular, we are committed to your privacy and looking after your personal information with the highest standards of care and integrity. We are also committed to operating lawfully and within the General Data Protection Regulation (the GDPR).

We gather the information essential to help us serve you or which you have agreed we can use for your specific connection or involvement.

We only use or store your information for as long as you are connected or involved, or where we have a legal obligation to retain specific records.  We dispose of all unnecessary information in a timely and appropriate manner.

We strive keep your information secure (digital and physical). We will never pass it on to another charity or company for their own purposes and we only share data with carefully selected service providers who work for us and care for your data as we do. We will also respond swiftly where action regarding data is required (e.g. Data Breach or Subject Data Access Requests).

You can email (hello@exodusonline.org.uk) phone (028 92661 220) or write to us (Data Team, Exodus, 29 Railway Street, Lisburn, BT28 1XP). We are registered with The Charity Commission Northern Ireland - registered as a company in Northern Ireland (NI065788).

Personal data is any information that can be used to identify you. For example, it can include information such as your name, email address, postal address, telephone number, mobile telephone number, bank account details, credit/debit card details and whether you are a taxpayer so that we can claim Gift Aid on any donations you may make.

Sensitive Information - Some types of information are more sensitive than others e.g medical information, religious beliefs or information about special needs, and this is recognised in law. We will only ask for personal information about you if there is a good reason for doing so – e.g. to help us place people in the roles or opportunities that suit them best; to be aware of any health concerns for team members.

When we collect this information, we will make it clear to you what we are collecting and why and what are our legitimate reasons for doing so.

We collect information in the following ways:

1) Information that you give us directly

We collect information in connection with specific activities, for example, when you use our websites or printed forms or telephone our offices to:

• Apply as a leader or participant in a programme such as teams, mentoring, volunteering or internships.
• Make a donation
• Purchase a resource, residential stay
• Register for an event
• Engage with our social media
• Sign up for our email newsletters or printed prayer mailings
• Complete a survey, questionnaire or feedback form.
• Apply for and/or take up a role as a staff or board member
• Otherwise provide us with personal information.

2) Information that you give us indirectly

Your information may be shared with us by fundraising sites such as JustGiving. These independent third parties will only do so when you have indicated that you wish to support Exodus and with your consent. You should check their privacy policy when you provide your information to understand fully how they will process your data.

3) Information from Others

We may receive information about you from other connected individuals, for example from a friend who wants to book an event or make a donation on your behalf, a family member who names you as a next of kin, a participant who names you as a referee or a church member who names you as their church leader.

If we receive information about you from third parties, we will provide you with details of whom we received it from as soon as possible.

4) Information from Public Sources

We may combine information you provide to us with information available from public sources or records in order to gain a better understanding of our supporters and those who engage with us. This helps us to improve our fundraising methods, resources and programmes. Such information may be found in places such as Companies House and information that has been published online and in print.

We use your personal data for purposes such as and similar to:

• To assign participants to their correct programmes and opportunities.
• To record the agreements we have with team members and others
• To provide support and information for participants and leaders.
• To respond to concerns or emergencies.
• To keep track of training and vetting in relation to appropriate safeguarding practices.
• To enable us to comply with legal obligations and retain relevant historical records.
• To manage our employees and volunteers;
• To communicate news, events, activities and opportunities with supporters and invite them to participate in surveys or research
• To fundraise and promote the interests of the organisation.
• To maintain our own accounts and records (including the processing of gift aid applications).
• To for administration purposes and processes e.g. donation handling, register of interest, record keeping, management of feedback.
• To notify about changes to our services

Please note: You don’t have to disclose any of this information to browse our websites. However, if you choose to withhold requested information, we may not be able to provide you with certain services.

We collect and use your information in the following situations:

1. When it is necessary for us to perform a contract (such as being a team member) that we have with you.
2. When our use of your information is for the purposes of our legitimate interests. This means a balancing the interests of Exodus against your rights and freedoms, and having due regard to your reasonable expectations about the use of your data.It includes updating our financial supporters with information on how their giving is making a difference.
3. When we believe there is a vital interest such as protecting your life when you cannot give consent.
4. When we believe it is necessary to use your information to comply with a legal obligation to which we are subject such as Gift Aid returns to HMRC
5. When we have your consent. Such as sending you emails, text message and other methods of electronic communication from time to time to keep you updated on the ministry accordance with your choices.
   Where we rely on consent to use your information, you have the right to withdraw that consent at any time. Please see the 'Your choices and rights' section of this policy for more details.

We will use Explicit consent when asking for sensitive data such as medical information that is necessary for your involvement in a programme.

We place great importance on the security of all personal data associated with our participants, supporters and customers.

Storage

We work to ensure all personal and sensitive personal data is protected securely against unauthorised access and theft. We place a high value on trustworthiness, integrity and confidentiality; staff, interns and volunteers with access to personal information are trained to an appropriate level.

Information is stored by Exodus on a password protected cloud based database and in paper format in secure filing in our offices. Information on paper is kept to a minimum and shredded once no longer needed.

Staff computers are encrypted and the access to financial, sensitive or special categories of information carries more restricted access, and is deleted after a relevant event or involvement; unless we need to keep that information for a longer period e.g. for safeguarding reasons.

While we cannot ensure or guarantee that loss, misuse or alteration of data will not occur while it is under our control, we use our best efforts to try to prevent this.

We will hold your personal information on our systems for as long as is needed to fulfil the function for which we hold the data or as long as is required by law for the relevant activity. For example, HMRC requires us to keep a record of donations, Gift Aid and financial transactions for seven years.

If you request that we stop sending you marketing or fundraising information, we will keep a record of your contact details and appropriate information to enable us to comply with your request not to be contacted by us.

Where your information is no longer required we will ensure that it is disposed of in a secure manner.

Information will only be kept as long as is necessary for the purposes for which you provided it or we obtained it and will be minimised to ensure we only keep what is necessary.

We never sell or share your personal information with other organisations to use for their own purposes. However Exodus may disclose your personal information only in the following circumstances:

1) Collaboration
If we run an event or initiative in collaboration with another named organisation, your details may need to be shared with them and those who provide services to help us deliver the event. We will make it clear what will happen to your data when you register.

2) Legal Requirement
If we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies), or in order to enforce or apply our rights (including in relation to our website or other applicable terms and conditions) or to protect Exodus (for example in cases of suspected fraud or defamation).

3) Specialised Services
We employ other companies and individuals to perform functions on our behalf. Examples include payments, applications, communication, web, event management, file storage and sharing. These data processors have access to personal information needed to perform their functions, but may not use it for other purposes. We require these third parties to comply strictly with our instructions and data protection laws and will make sure that appropriate controls are in place.

You have the following rights with regard to good information handling, which we affirm and will endeavour to uphold:

The right to be informed

As set out in this privacy policy so you can see we are fair and transparent in how we process the information you give us.

The right of access

You can ask us for the data we hold about you (this is a data subject access request).  We are happy to give you all the information which we can.  

The right to rectification

If you think the information we hold about you is not correct, let us know – we will find and update it.

The rights to erasure and to restrict processing

You can ask to be forgotten.  If we can, we will then delete or destroy the information we hold about you.  There may be a compelling reason why this is not possible (e.g. a legal obligation for us to continue to hold your data) but we will always take your request seriously.  If we can’t completely delete your data for some reason, it is likely that we could store it without actively continuing to process it (restrict processing).

The right to data portability

If you want it, we will give you the information we hold about you in an appropriate transferable form.  

The right to object

If you don’t like how we have processed your data based on legitimate interest or for marketing purposes, you have the right to say so, and we will stop processing your information in that way.  You can always opt out of any mailings we send and we make sure that it is easy for you to do so. You also have rights relating to automated processing and profiling. We don’t use automated processing and we don’t profile people.

You can choose at any time which emails or printed materials you want to receive from Exodus and in which format.

If you have any questions about any aspects of this policy or think we have made a mistake in any way, please let us know and we will work hard to make things right.  You can email (hello@exodusonline.org.uk) phone (028 92661 220) or write to us (Data Team, Exodus, 29 Railway Street, Lisburn, BT28 1XP).

If your concern is not addressed you can contact the Information Commissioner's Office (UK) on 0303 123 1113; via email https://ico.org.uk/global/contact-us/email/ or by writing to the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire,  SK9 5AF

You can contact the Data Protection Commissioner (Ireland) on +353 (0761) 104 800; via email info@dataprotection.ie or by writing to:  The Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23