BRF's Privacy Policy

Introduction

The Bible Reading Fellowship (BRF) is dependent on the generosity and goodwill of our supporters and subscribers to fulfil our charitable objectives. Having a positive relationship with our supporters is vitally important to us and we are committed to working in a transparent, ethical, responsible and honest way.

We adhere to the standards of the Fundraising Regulator’s Code of Fundraising Practice and we will also always abide by our BRF Supporter Promise.

We are committed to protecting your personal information and being transparent about what information we hold about you, whether you are a visitor to our websites, a subscriber to our publications, a purchaser of our resources, a financial supporter, a volunteer or participant in one of our programmes or events, or a prayer supporter.

This policy explains how we collect and use the personal information you provide to us, whether this is online, in person or via phone, mobile, email, letter or other correspondence or printed form, and personal information about you that we may obtain from third parties.

If you use our websites or any of our services, or provide us with any personal information, we will bring this policy to your attention so that you are fully aware of how your information will be used and disclosed.

Related policies and links

Our privacy policy in brief

It’s important that you read the full policy to understand what information we hold, how we may use it, and what your rights are - but if you don’t have time to read it all now, here’s a quick summary:

  • We collect information that is personal data. Personal data is information that can be used to help identify an individual, such as name, address, phone number, email address, IP addresses or website pages accessed.
  • We collect information about everyone who engages with BRF. This could be supporters, subscribers, customers, those who participate in our programmes or events, donors, volunteers, freelancers, authors, illustrators, employees or trustees.
  • We collect information to provide services or goods, to provide information, to fundraise for our work, to resource our activities and fulfil our charitable objectives and for administration. This information may also be used for research, profiling and wealth screening, analysis, and for the prevention or detection of crime.
  • We only collect the information that we need or that you agree we can collect.
  • We do our best to keep personal information secure wherever we collect personal data online.
  • We never sell your data and we will never share it with another company or charity for their own purposes.
  • We only share data where we are required by law or with carefully selected service providers who carry out work for us. We recognise the importance of ensuring that all our service providers treat your data as carefully as we would, use it only as instructed, and allow us to check that they do this.
  • Our websites use cookies. For more information, please check our cookies policy.

These are the key points of the privacy policy. You will find the policy in full below, so you’ve got all the details you need.

This policy applies to all the websites we operate, our use of emails and postal mailings for marketing purposes, and any other methods we use for collecting information. It covers what we collect and why, what we do with the information, what we won’t do with the information, and what rights you have.

Who are we?

The Bible Reading Fellowship (BRF) is a UK charity that is passionate about making a difference through the Christian faith, transforming lives and communities through our creative programmes and resources. BRF is the home of the following programmes: Messy Church, The Gift of Years, Who Let The Dads Out?, Barnabas in Schools and Parenting for Faith. Find out more about us.

BRF’s charity registration number is 233280. We are also registered as a company in England and Wales under registration number 301324.

BRF is registered with the Information Commissioner’s Office (ICO) as a data controller, registration number ZA247950. You can find out more about our registration here, including a list of all data related activities that we have registered with the ICO.

BRF's registered address is 15 The Chambers, Vineyard, Abingdon OX14 3FE.

For further information about our privacy policy and data protection, please contact us by:

  • emailing dataprotection [at] brf.org.uk
  • writing to our Data Protection team at BRF's registered address
  • calling us on 01865 319700

What information do we collect? Where do we collect it from?

We will only ever collect the information we need - including data to help improve our services – or which you agree we can collect.

Personal data is any information that can be used to identify you. For example, it can include information such as your name, email address, postal address, telephone number, mobile telephone number, bank account details, credit/debit card details, and whether you are a taxpayer so that we can claim Gift Aid on any donations you may make. It also includes Internet Protocol (IP) addresses (the location of the computer on the internet), details of pages visited on our websites and files downloaded.

We collect information in the following ways:

Information that you give us directly

We collect this information in connection with specific activities, for example, when you use our websites or printed forms or telephone our offices to:

  • make a donation to us
  • purchase a subscription, book or other resource
  • register for an event
  • register on our Messy Church or Who Let The Dads Out? directories
  • create an account on one of our websites
  • engage with our social media
  • sign up for our email newsletters
  • complete a survey, questionnaire or feedback form
  • or otherwise provide us with personal information.

Please note: You don’t have to disclose any of this information to browse our websites. However, if you choose to withhold requested information, we may not be able to provide you with certain services.

Information that you give us indirectly

Your information may be shared with us by fundraising sites like MyDonate or JustGiving. These independent third parties will only do so when you have indicated that you wish to support The Bible Reading Fellowship and with your consent. You should check their privacy policy when you provide your information to understand fully how they will process your data.

Information that we collect from your use of our websites

Website usage information is collected using cookies. This helps us to see how many people use our websites, how many people visit on a regular basis, and how popular individual pages are. Cookies are also essential to our websites running correctly and delivering goods and services to users. For more information, please see our cookies policy.

Information from third parties

We may receive information about you from third parties, for example from a friend who wants to send you a gift or information, book an event or make a donation in your name.

We may receive updated delivery and address information from our delivery agents so that we can correct our records and deliver your next purchase or communication more easily. If we receive information about you from third parties, we will provide you with details of whom we received it from as soon as possible thereafter.

Information from public sources

We may combine information you provide to us with information available from public sources or records in order to gain a better understanding of our supporters and those who engage with us. This helps us to improve our fundraising methods, resources and programmes. Such information may be found in places such as Companies House and information that has been published online and in print.

Sensitive/special categories of data

Data Protection law recognises that certain categories of personal information are more sensitive. This is known as sensitive personal data or special categories of data and covers health information, race and ethnicity, religious or philosophical beliefs and political opinions amongst other things.

We do not collect sensitive personal information about you unless there is a clear reason for doing so, such as involvement in an event where we need this information to ensure safeguarding, to carry out appropriate checks on volunteers, or care for participants. For some events we will collect health information so that leaders on our events have the relevant information to care for participants.

When we collect this information, we will make it clear to you what we are collecting and why and what are our legitimate interests or other legal grounds for processing this information.

Under 16s/under 13s

If you are aged 16 or under and would like to participate in an event, make a donation or get involved with us, please make sure that you have your parent or guardian’s permission before giving us your personal information.

When we collect information about a child or young person, we will make it clear why we are collecting this information and how it will be used.

Children from 13 upwards may give their own consent in relation to any online services that we may offer.

How do we use personal data?

We may use the personal data that you provide in the following ways:

  • to process and send you your subscription and/or any books and other resources you have ordered from BRF
  • to process any donation(s) we may receive from you, to claim Gift Aid on these donations and to update you on how your donations are being used
  • to process event bookings
  • to set up direct debits, standing orders and one-off card payments
  • to provide you with support and advice if you are a Messy Church or Who Let The Dads Out? group leader or part of The Gift of Years network
  • to provide you with information that you have requested about our work or our activities
  • to provide you with information about other resources, events or programmes we offer that are similar to those you have already purchased or enquired about and to which you have not objected to receiving
  • to communicate with supporters
  • to record the contact that we have with you
  • to provide you with information about BRF and how you can support our work as a charity (where you have consented to receiving this information as applicable)
  • to invite you to participate in surveys or research
  • for administration purposes, e.g. we may contact you about a donation you have made or event you have expressed an interest in or registered for
  • for internal record keeping, such as the management of feedback or complaints
  • to notify you about changes to our services
  • to analyse and improve the services we offer
  • to analyse the use of our websites and ensure their content is presented in the most effective manner for you and your device (see also our cookies policy)
  • to further our legitimate charitable aims such as sending you information about how donations are being used or sending you an annual report

You can choose at any time which marketing materials you want to receive from BRF and in which format. If there is something you would prefer not to receive, please email dataprotection [at] brf.org.uk, write to our Data Protection team at BRF, 15 The Chambers, Vineyard, Abingdon OX14 3FE, or call us on 01865 319700.

BRF’s websites and cookies

Like many organisations, we use cookies to help us make our websites – and the way you use them – work better and to track information about how people are using them. For more information, see our cookies policy.

Google Analytics

We use Google Analytics and other services to collect information about how our websites are used. These help us to know how often users visit our websites, what pages they visit when they do so, and how they use our content online.

Links to other websites

Our website contains links to other websites belonging to third parties and we sometimes choose to participate in social networking websites including, but not limited to, YouTube, Facebook, Twitter, Pinterest and Instagram.

We may also include content from websites such as these on our website. However, we do not have any control over the privacy practices of these other websites. You should make sure when you leave our website that you have read and understood the other website's privacy policy in addition to our own.

Do we sell or share personal information?

We never sell or share your personal information with other organisations to use for their own purposes.

However, if we run an event in collaboration with another named organisation, your details may need to be shared with them and those who provide services to help us deliver the event. We will make it clear what will happen to your data when you register.

Sensitive/special categories of data

If you provide us with sensitive/special categories of personal data including, but not limited to, your racial or ethnic origin, political opinions, religious or philosophical beliefs or your physical or mental health, we will only use this for the specific purpose for which you gave permission and where it is within our legitimate interests to process or where we have other legal grounds to do so.

Profiling and wealth screening

As a charity our desire is to make a difference through the Christian faith. We are committed to keeping our fundraising costs as low as we can.

In 2016-17, less than 6% of our expenditure was used for fundraising. We don’t run expensive advertising campaigns, but instead build interest in BRF’s mission through existing relationships with those buying our Bible reading notes, books and other resources and those attending our events and involved in our programmes, as well as those making financial gifts.

Over 95 years, BRF has been fruitful with this approach. To continue to keep our fundraising costs low, we aim to be relevant to all our supporters and to tailor any financial requests we make of you so that they are more likely to reflect your specific interests in BRF’s mission, and to be at an appropriate level.

To achieve this more tailored and relevant approach:

  • We may carry out desk and online research. This involves reviewing sources of publicly available information, such as business websites, geographic and demographic information and news articles, to try and build up a profile of your interests and preferences.
  • We may also carry out wealth screening. This is a process which uses a trusted third-party partner to automate some of this work by screening your name and address details against publicly available information. The third party doing this work will only use your data to help us with our fundraising. It cannot use your data for any other purposes. We never share any of your financial transactions with BRF with this third party.

You can opt out of your data being used for profiling and wealth screening at any time or ask for an explanation of what we do by emailing dataprotection [at] brf.org.uk with the subject line 'Please stop analysis of my data' or by writing to our Data Protection team at BRF, 15 The Chambers, Vineyard, Abingdon OX14 3FE, or calling us on 01865 319700.

Who has access to your personal information for processing data and how do we keep it safe?

We maintain a high level of security in relation to the collection, storage and disclosure of your information. This is very important to us and we take all necessary steps to ensure that any information we hold about you is safe.

Storing your information

We place great importance on the security of all personal data associated with our subscribers, supporters and customers.

Information is stored by BRF on secure servers at our offices, off-site and in the Cloud. We may also store information in paper files.

We have security measures in place to attempt to protect against the loss, misuse and alteration of personal data under our control. For example, only authorised personnel are able to access personal information, we ensure access to information is password protected or secured via locked filing cabinets and we encrypt financial information you input before it is sent to us.

While we cannot ensure or guarantee that loss, misuse or alteration of data will not occur while it is under our control, we use our best efforts to try to prevent this.

Any sensitive or special categories of data you may provide to us are only shared on an absolute need to know basis, and are deleted after each relevant event unless we need to keep that information for a longer period e.g. for safeguarding reasons.

We enforce strict procedures and security features to protect your information and prevent unauthorised access, although we cannot completely guarantee the security of any information you transmit to us.

Where you or we have provided a password enabling you to access parts of our websites or use our services, it is your responsibility to keep this password confidential. Please don’t share your password with anyone. If you think anyone else has gained access to your password, please let us know as soon as possible.

Transferring your information outside of Europe

Although most of the information we store and process stays within the UK, some information may be transferred to countries outside the European Economic Area (EEA).

This may occur if, for example, one of our supplier's servers on which personal information is stored is located in a country outside the EU or if we use a cloud IT platform where data is dispersed between a number of different servers. These countries may not have similar data protection laws to the UK. However, we will ensure that your privacy continues to be protected as outlined in this privacy policy and in accordance with our legal obligations under applicable data protection legislation.

By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.

If you have engaged with us from outside the EEA, your information may also be processed by volunteers operating outside the EEA, for example if you engage with one of our programmes from a country outside the EEA and we pass your details to a national coordinator to provide you with advice and support.

Payment by credit or debit card

If you use your credit or debit card to donate to us, buy something or pay online or over the phone, we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard. Find out more information about PCI DSS standards by visiting their website at www.pcisecuritystandards.org.

Only those staff authorised to process payments will be able to see your card details. Once your transaction is completed, we do not store your full credit or debit card details.

All transactions online are processed by WorldPay, Monek, PayPal, SagePay, Elavon and GoCardless, and all card transactions processed offline are through WorldPay.

We hold bank account details for the purpose of collecting direct debits in accordance with direct debit mandate rules.

Sharing your information

BRF does not sell or share any information about you to other organisations.

BRF may disclose your personal information only in the following circumstances:

  • To third parties who provide a service to us and are our data processors. We employ other companies and individuals to perform functions on our behalf. Examples include fulfilling orders, delivering packages, sending postal mail and email, removing repetitive information from customer lists, analysing data (including wealth screening), providing marketing assistance, processing credit card payments, and providing customer service. These data processors have access to personal information needed to perform their functions, but may not use it for other purposes. We require these third parties to comply strictly with our instructions and data protection laws and will make sure that appropriate controls are in place.
  • Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies), or in order to enforce or apply our rights (including in relation to our website or other applicable terms and conditions) or to protect BRF (for example in cases of suspected fraud or defamation).

How long do we keep your data for?

  • We will hold your personal information on our systems for as long as is needed to fulfil the function for which we hold the data or as long as is required by law for the relevant activity. For example, HMRC requires us to keep a record of donations, Gift Aid and financial transactions for seven years.
  • If you request that we stop sending you marketing or fundraising information, we will keep a record of your contact details and appropriate information to enable us to comply with your request not to be contacted by us.
  • Legacy income is vital to the running of the charity. We may keep data you provide to us until 24 months after a legacy gift is received, or until we are notified that BRF is not a beneficiary from the estate, to carry out legacy administration and communicate effectively with the families of people leaving us legacies. This also enables us to identify and analyse the source of legacy income we receive.
  • Where your information is no longer required we will ensure that it is disposed of in a secure manner.
  • Information will only be kept as long as is necessary for the purposes for which you provided it or we obtained it and will be minimised to ensure we only keep what is necessary.

What are your rights?

We’d like to keep all who engage with BRF up to date with our progress. So, to update you on what we’re doing and ask whether you are able to support us, we’d like to keep in touch with you (by post, phone, email, text and other electronic means) about our progress and how you can continue to help us in this important mission.

We will not use your information for marketing or fundraising purposes if you have asked us not to or we do not have your permission to use it for these purposes. (In certain circumstances we must obtain your permission before we contact you for marketing or fundraising purposes.) However, we will retain your basic details on a suppression list to help ensure that we do not continue to contact you.

If you are registered to receive one of our email newsletters, every email communication provides a clear opportunity for you to opt out of/unsubscribe from future email communications.

The Data Protection Act and the upcoming General Data Protection Regulation give you certain rights over your data and how we use it. You have the right to:

  • request a copy of the information we hold about you and details of what we do with that information (known as a subject access request)
  • update or amend the information we hold about you if it is wrong
  • change your communication preferences at any time
  • withdraw your consent to use of your personal information where we are relying on consent as the legal ground for processing it
  • ask us to remove your personal information from our records
  • ask us to restrict the processing of your personal information
  • obtain a portable copy of certain personal information where this is processed automatically
  • object to the processing of your information for marketing purposes or profiling
  • raise a concern or complaint about the way in which your information is being used
  • ask us to explain any automated processing or profiling we carry out and the impact of this on you

If you wish to exercise any of these rights, please contact our Data Protection team in writing at BRF, 15 The Chambers, Vineyard, Abingdon OX14 3FE or by emailing dataprotection [at] brf.org.uk. Some of these rights are not available until 25 May 2018 - if this is the case, we will let you know that when you contact us.

If we are not sure who you are, we may ask for reasonable proof of your identity before providing you with information or carrying out any of the above actions.

Complaints, compliments or comments

If you are unhappy with our work or something that we have done or failed to do, we want to know about it. We also welcome your views on what we do well. Your comments enable us as an organisation to learn and continuously improve our services. You can get in touch with us here.

If you wish to raise a data protection concern or complaint with a supervisory body, you can address a complaint to the Information Commissioner’s Office. For more information, visit www.ico.org.uk.

Changes to the Privacy Policy

We keep this policy under regular review. If we make any significant changes in the way we treat your personal information, we will make this clear on our websites or by contacting you directly.

Details of the sections of the policy that have been changed will be noted here.

You do not have to agree to any changes if these are not compatible with the initial purposes for which you provided or we collected your data.

This policy replaces all previous versions and is correct as of 1 November 2017.