This privacy policy sets out how we use your personal data and states your individual rights in accordance with UK legislation, including the General Data Protection Regulation (GDPR) and Data Protection Act (2018) to which Crosslinks is wholly committed.

Crosslinks is a company limited by guarantee. Registered Company No. 00193144. Registered Charity No. 1164474. Registered Office: 251 Lewisham Way, London SE4 1XF.

How can you contact us?

The Data Protection Officer,
251 Lewisham Way,
London
SE4 1XF

Email: dataprotection@crosslinks.org

Phone: +44 (0)20 8691 6111

How we collect personal information

Personal information is any data that may be used to identify you. We only collect the data we need to carry out our work. We collect this information in the following ways:

• Information you share with us directly: such as sending us an email or letter, making a donation online, visiting our website, subscribing to a mailing list or attending an event.
• Information you share with us indirectly: for example, when you donate using a service that Crosslinks is linked to (e.g. CAF, Stewardship).
• Information from publicly available sources such as The Charity Commission or Companies House.

Please note that you can opt out at any time, or change the details we hold for you, by contacting us using the details above.

The information we collect may include your:

• title and name
• postal address, email address, phone number
• date of birth or age to confirm you are over 18
• church name

If you make a donation or set up a Standing Order/Direct Debit, we will use your details to record and process these donations, to send a receipt, annual thank you letter and to request a Gift Aid Declaration. Information collected will include donation details and may include bank account details (including any debit or credit card details) and your Gift Aid status. See ‘How we keep your data safe’ below for information on how we store this information.

Our website’s use of cookies cannot be used to identify you, but we do use Google Analytics to help us understand how our website is being used. You can opt-out of this processing when you visit the website. Please see our Cookies policy for more details.

Special category data

There may be times when we need to ask you for further information, such as when you apply for a job or take part in a short-term deployment. Data protection law recognises this as Special Category Data and may include information concerning your health, ethnicity and religious beliefs.

We only collect sensitive personal information if there is a clear and legal reason for doing so. We will ask for your consent and take additional steps to safeguard this kind of data. We may need to share this information with our trusted partners overseas in order to ensure the safe running of your trip. We will let you know which information would be shared and gain your prior consent for doing so. We may also use a trusted external provider to assist us with your application, for example to undertake a medical or psychological evaluation.

How we use your information

We may use your information to:

• Process your donation and send you receipt letters.
• Send you news and updates about a particular mission partner who you request to hear from.
• Send you information about our work in general, such as resources, opportunities and events which may be of interest to you.
• Ask for financial support or to pray for our work.
• Conduct internal research to aid our understanding of and service to our supporters. From time to time we may ask you to complete a survey about your experience of Crosslinks, to help us improve our communications.
• Meet legal requirements or in an emergency to protect life (see ‘The legal bases for using your information’ below), or to notify you about significant changes to our privacy policy.
• Send you important information as part of being a Member or Friend of Crosslinks.

We keep a record of the correspondence you have with us, as well as keeping records of donations and your Gift Aid status.

We will seek the consent from a parent or guardian before holding data on children. We will not send any communications to your child unless you have given your specific consent for a particular purpose, such as information about their gap year placement.

Crosslinks membership

Members are an important part of Crosslinks as those who most keenly support our work in prayer, in regular giving and by being ambassadors for us in their local church. Members elect trustees, can stand for election to the board of trustees themselves and vote on any changes to Crosslinks at our Annual General Meeting.

When signing up to become a member, we will ask for demographic information to understand more about you, such as your date of birth. We also ask our members to sign our statement of faith. Our trustees are given this information to approve new members on a regular basis.

How we keep your data safe

We take appropriate physical, electronic and managerial measures to ensure that we keep your information secure, accurate and up to date, and that we only keep it as long as is reasonable and necessary.

Keeping your information safe is of utmost importance to us. We have a number of administrative and technological safeguards in place to ensure your data is stored securely, to prevent unauthorised access or disclosure. This includes the physical security measures in place at our offices and the security software on our computer system. Members of staff who have access to your information are fully conversant with our data protection policies and procedures. Furthermore, we limit the number of staff who have access to sensitive information.

To keep our records up-to-date and to thereby maintain effective gospel partnerships, we may share with mission workers the relevant contact details of those who are on their prayer letter distribution lists. Mission workers are fully conversant in Crosslinks’ data protection policies and will not share your details with anybody outside of Crosslinks.

We will never sell your personal information to any other organisation. Where we use trusted external companies, such as a mailing house (Yeomans) or email platform (Mailchimp), to send you our communications, we remain responsible for your information and use security measures, such as passwords, to ensure the safety of your data. See ‘Sharing your information’ below for more.

Donations given by credit or debit card are handled securely by our trusted payment processors, Lloyds Bank Cardnet. Both Crosslinks and Cardnet are compliant with the Payment Card Industry Data Security Standard. We do not store your credit or debit card details but may hold bank account details for the purpose of administering Direct Debits or standing orders.

Sharing your information

In order to serve our supporters and fulfil our charitable objectives efficiently, we use trusted external suppliers and may need to share data with them on a limited basis. For example, we may use a mailing house or an email provider to send our publications to you. In order to receive a donation from you, we may need to share your information and bank details with a payment processor and to reclaim Gift Aid we will need to share relevant information with HMRC.

We only share information which is necessary and limited to fulfil that purpose. These external companies can only use your data for that reason and must delete your data when the purpose has been fulfilled.

In order for a mission worker to know about a donation you have given for their support, we may share your name, contact details and the value of gift you have given to their fund. If you do not wish for them to know about your gift(s), you can ask us to anonymise your record. This will mean that mission partners cannot see your name alongside the gift(s) you have made. You can do this by emailing us. Your details and donation history will still be accessible to office staff for legitimate purposes.

We will never share or sell your personal information to any other organisation for their marketing or other purposes.

How long we will keep your personal information

We will keep and delete your information according to our internal policies and will keep it no longer than reasonably necessary for the purposes for which we hold it, taking into account relevant legal and regulatory retention requirements (e.g. tax or health and safety requirements) and operational considerations.

Some retention periods are determined by legal requirements, others by best practice. Some of our retention periods are:

• 1 year after an unsuccessful application to work or volunteer.
• 3 years after our last engagement or communication with a supporter.
• 6 years after retirement or resignation as a member of staff or volunteer.
• 7 years after a supporter’s last donation or Gift Aid declaration.

Please get in touch using the details below if you have any questions about our data retention policy.

The legal bases for processing your information

Consent
If you would like to receive communications from us, such as prayer letters or Crosslinks literature, we will ask you for your consent. You can withdraw your consent at any time (see ‘Updating your information and preferences’ below) and we will provide opportunities for you to opt-out of communications and review your preferences. When using the website you will have the option to consent to our use of cookies (see ‘Website cookies’ below).

Legitimate interests
We will continue to communicate with our existing prayer and financial supporters who have requested these communications in the past. All our communications will give supporters the opportunity to opt-out at any time and you can change your preferences by contacting us using the details below.

We may use your information to provide you with information that we believe will be of interest to you, or to meet our charitable objectives. This may include sending you a donation receipt or pledge confirmation, contacting you about events, news or resources, or for a new Gift Aid declaration.

We complete Legitimate Interests Assessments to ensure that we do not use your information in ways that you would not reasonably expect us to and to make sure our processes will never override your rights.

Legal obligation
We may need to process your data to comply with a legal obligation or statutory requirement. For example, to comply with finance regulations.

Vital interest
In a critical situation, for example if your child takes part in a Crosslinks camp and requires emergency medical attention, we may need to share your information with the emergency services.

What other data protection rights do you have?

Under UK data protection law, you have certain rights over personal information that we hold about you. These rights are summarised below. Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances.

You can assert your rights, raise a concern, or make a complaint about how we process your personal data by contacting our Data Protection Officer.  It will assist us, if you explain your request or concern and describe the personal information you are referencing as specifically as possible. In order to action your request, we may need to request further information or request that you provide proof of identity.

Your rights in relation to our processing of your personal information, include:

Right to object to the processing of your data − you have the right to object to our processing of your personal data in certain circumstances.  If you object, please explain your objection and the reason for it. 

Right to have inaccurate or incomplete personal information corrected or completed − if you believe our records of your personal information are inaccurate or incomplete, you have the right to ask us to correct or complete those records.

Right to restrict processing – in certain circumstances, you have the right to ask us to stop making active use of the personal information that we retain in our records about you, if there is disagreement about its accuracy or legitimate usage.  

Right of erasure − in certain circumstances, you have the right to request that we delete your personal information from our records.

Right of access − you can write to us to ask for confirmation of what information we hold relating to you and to request a copy of that information. Provided we are satisfied that you are entitled to see the information requested and we have successfully confirmed your identity, we will provide you with your personal information subject to any exceptions that apply.

Right to receive your personal information in a portable format – in limited circumstances, where we are processing information you provided to us because you gave us your consent or because it is necessary for the performance of a contract and the processing is carried out by automated means, you may ask us to provide it to you in a portable format.

If you are not happy with how we have handled your request or complaint, you can contact the Office of the Information Commissioner, which oversees the protection of personal data in the UK.

Alternatively, you may choose to contact the Information Commissioner directly about your complaint, regardless of whether you have raised it with us first.

Notification of changes to Privacy Policy

This Privacy Policy may change from time to time.  Please visit this website section periodically in order to keep up to date with the changes in our Privacy Policy. We will notify you about significant changes by sending a notice to your primary email address, if you have agreed to receive email messages from us, or by placing a prominent notice on our website