Kairos Centre Privacy Policy
1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data (such as name, address, phone number, email address). Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the ‘GDPR’).
2. Who are we?
The Kairos Centre is a data processor and the Poor Servants of the Mother of God (PSMG) is our Data Controller with the Information Commissioner’s Office (contact details below).
3. The purpose of this privacy policy
To give you a clear explanation about how the Kairos Centre use the personal information you provide to us, whether online, via phone, email, in forms, letters or in any other correspondence or from third parties. We ensure that we use your information in accordance with all applicable laws concerning the protection of personal information.
This policy explains:
• What information the Kairos Centre may collect about you and how we collect it
• How we will use that information
• Whether we disclose your details to anyone else
• Your choices regarding the information you provide to us
We have assessed that we have both a contractual and a legal obligation to process and hold the personal information which you provide to us. If you have any queries about this, please contact the Director of the Kairos Centre or the Data Protection Officer by email.
4. We collect information directly from our customers
You may give us your information for the following reasons:
• to complete a registration form for spiritual direction, a retreat or other booking at the Kairos Centre
• to make a donation
• to complete a Gift Aid declaration
• to volunteer
If you wish to use any of the services provided by the Kairos Centre, for example make a donation, volunteer, sign up for an event or retreat we will usually where it is appropriate collect some or all of the information below:
• Your name
• Your contact details
• Your religious affiliation
• Your age
• Your occupation
• Your marital status
• Information on your reasons for attending a retreat or course
• Information on your previous experience of retreats or courses.
• Any other personal information we may need to provide you with an appropriate service such any dietary or mobility requirements
5. Sensitive data
Data Protection law recognises that certain categories of personal information are more sensitive. This is known as sensitive personal data and covers health information, race, and religious beliefs. We do not usually collect ‘sensitive personal data’ about our customers unless there is a clear reason for doing so, such as ensuring your needs are met, or to ensure we match you with an appropriate spiritual director.
6. Sharing data
We will not normally share your data, neither with other organisations nor among the various PSMG Services. We will only share your information if:
• We are legally required to do so, e.g. by a law enforcement agency legitimately exercising a power or if compelled by an order of the Court
• We believe it is necessary to protect or defend our rights, property or the personal safety of our people or visitors to our premises
We will only ever share your data in other circumstances if we have your explicit and informed consent. We will never share, sell or swap your details with any third parties for the purposes of their own marketing or the monetising of your data.
7. Storing data
We store information on computers located in the UK. While we cannot ensure or guarantee that loss, misuse or alteration of data will not occur while it is under our control, we use our best efforts to try to prevent this. Unfortunately, the transmission of data across email is not completely secure and whilst we do our best to try to protect the security of your information we cannot ensure or guarantee that loss, misuse or alteration of data will not occur whilst data is being transferred.
8. Retaining data
We will keep your information only for as long as we need it to provide you with the services or information you have required, to administer your relationship with us, to comply with the law, or to ensure we do not communicate with people that have asked us not to. When we no longer need information we will always dispose of it securely, using specialist companies if necessary to do this work for us. We retain records of your bookings, payments, donations and any other events you have attended.
If you use your credit or debit card to donate to us or buy something in person or over the phone, we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard. You can find out more information about PCI DSS on their website.
We do not store your credit or debit card details at all, following the completion of your transaction on any of our systems. All card details and validation codes are securely stored for up to three months and then securely destroyed once the payment or donation has been processed. Only staff authorised and trained to process payments will be able to see your card details.
9. Your Rights
The General Data Protection regulation gives you certain rights over your data and how we use it. These include:
• the right in certain circumstances to have personal data deleted
• the right in certain circumstances to have inaccurate personal data rectified and updated
• the right to prevent your data being used for direct marketing
• the right of access to a copy of the information we hold about you (known as a subject access request). If you wish to exercise any of these rights please contact the responsible person.
For contact details, see above Section 3.
Subject access requests must be made in writing by post to the responsible person with a description of the information you want to see and proof of your identity
We do not accept subject access requests by email so we can ensure that we only provide personal data to the right person.
We will respond within one month of receipt of your written request and confirmed ID. Please provide as much information as possible about the nature of your contact with us to help us locate your records.
For more information about your rights under the Data Protection Act go to the website of the Information Commissioner’s Office at ico.org.uk. You can contact the Information Commissioner’s Office on 0303 123 1113 or via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK