This version was last updated on 23/04/2019.
An MPD privacy notice can be found at http://www.agape.org.uk/About/Privacy/MPD.
Agapé Ministries Ltd (or simply Agapé) is dependent on our supporters, whether financial, prayer, or volunteering, to fulfil our vision, namely addressing the spiritual needs of the UK.
Agapé is committed to protecting your privacy. We want you to know that the information you share with us will be treated with care. We also want to be honest and clear about your privacy and personal information at all times. We are publishing this Privacy Notice to let you know how we collect, process, use, and share your personal information. It also tells you how you can exercise your rights.
By using our websites, social media, ministries, or providing your information to us, you agree that Agapé will collect and use your information in the way(s) set out in this privacy notice. If you do not agree with this policy, please do not use our sites, social media pages, services or provide us with your personal information.
We may, from time-to-time, update this Privacy Notice, so we encourage you to review it periodically. If you have any questions about this policy or don’t agree with it, please contact Agapé at firstname.lastname@example.org
We are registered with the Fundraising Regulator and follow their best practice code: Code of Fundraising Practice. Agapé also use the working names Student Life, Family Life, Global Aid Network (GAIN), Christian Embassy, and Work Life.
Please click on the section headings to display more information.
It's important that you read our policy in full but to help guide you if you don't have time right now, here is a quick summary:
- Agapé is a registered charity.
- Where we use the terms “we,” “us,” or “our,” we refer to Agapé and our affiliated ministries which are administered by Agapé.
- We collect information that can be personal data, sensitive personal data or non-personal data.
- We collect information about the people who engage with our ministries, our supporters, funders, volunteers, and others.
- We collect information to provide services or goods, to provide information, to fundraise for our work, for administration, for research, profiling and analysis to better understand our supporters and for the prevention or detection of crime.
- We only collect the information that we need or that helps us to provide the best possible service and fulfil our charitable aims and objectives.
- We do our utmost to keep personal information secure, including SSL technology (secure server software) on all our websites and storing data on a secure database.
- We never share your data with another company or charity for their marketing or commercial purposes.
- We only share data where we are required by law or with carefully selected suppliers and trusted partners who do work for us, for example, a mailing house to send out our magazine. All our partners are required by their contract with us to treat your data as carefully as we do, to only use it as instructed and to allow us to check they do this.
2. Who we are
Agapé is a registered charity no. 258421 (England and Wales) and SC042332 (Scotland). Agapé is a company limited by guarantee under registration number 00949989. Our registered address is 167 Newhall Street, Birmingham, B3 1SW.
Where we use the terms “we” “us” or “our,” we refer to Agapé and affiliated ministries – including but not exclusively Agapé Family Life, Agapé Student Life, Agapé Work Life, Agapé Community Life, GAiN – which are administered by Agapé. All entities are wholly owned and controlled by Agapé Ministries Ltd. and its staff. Staff includes those employed full-time, part-time, Associate, Emeritus, interns, and volunteers acting on behalf of Agapé.
Agapé is registered with the Information Commissioner’s Office (ICO) as a data controller, registration number ZA161402.
- By Post: 167 Newhall Street, Birmingham, B3 1SW.
- By Email: email@example.com
- By phone: 0121 765 4404
3. What is personal data?
Personal data is information that can be used to identify a living individual, such as name, address, phone number, or email address. Some categories of data are more sensitive, which is known as personal sensitive data, including religious information. Non-personal data is data that can't identify you personally but can provide us with information to improve our services.
In line with the principles defined in the GDPR, Agapé will ensure that personal data is:
- Obtained fairly and lawfully and shall not be processed unless certain conditions are met.
- Obtained for a specific and lawful purpose.
- Adequate, relevant, but not excessive.
- Accurate and be kept up to date to the best of our ability.
- Not held longer than necessary. The necessity will be defined by its viability in help the charity achieve its aim.
- Processed in accordance with the rights of the data subjects (those about whom information is stored).
- Subject to appropriate and effective security measures.
- Not transferred outside the European Economic Area (EEA) unless explicitly stated.
4. How do we collect personal data?
We will only ever collect the information we need - including data to help improve our services – or which you agree we can collect.
Information that you give us directly
We collect this information in connection with specific activities, for example, when you:
- Enquire about our activities.
- Make a donation.
- Engage in an activity with us.
- Register through one of our sites or at an event.
- Request information or purchase resources.
- Choose to share your story with us.
- Take part in surveys or questionnaires.
- Volunteer with us or apply to work with us.
- Sign up to our e-newsletter.
- Contact us or become involved with us in any other way not listed above. This includes when you phone us, visit our website, or get in touch through the post, or in person.
- If you meet with us for discipleship or spiritual advice, we may take confidential notes for spiritual guidance and support. If you prefer that we do not take notes, please let us know. The information you disclose is entirely at your discretion.
Information that we collect from your use of our websites, cookies, and other automated technologies:
When you visit our websites, we collect general information which might include which pages you visit most often, and which services, events or information is of most interest to you. We may also track which pages you visit when you click on links in emails from us. We also use ‘cookies’ to help our site run effectively. There are more details below – see 'Cookies and other online technology’. We use this information to personalise the way our website is presented when you visit to make improvements and to ensure we provide the best service and experience for you. Wherever possible we use anonymous information which does not identify individual visitors to our website.
We may receive information about you from third parties if you have given them permission to share this information and indicated that you wish to support Agapé, for example, if you set up a fundraising page for us with JustGiving, sign up to a challenge or enter an independently organised event like the London Marathon.
Depending on your settings or the privacy policies for social media and messaging services, we may access information from those accounts or services.
If you have been named as the Executor on a Will, we may receive your details in order to administer a Gift left to us in that Will.
- Publicly available sources:
In order to provide you with timely and relevant communications and use our resources effectively, we may use profiling techniques to collect information about you from publicly available sources, which may include geographic, demographic or other information relating to you to better understand your interests and preferences. This information is compiled by our employees using publicly available data or information that you have already provided to us. Publicly available information may include information found in places such as Companies House, the Charity Commission, LinkedIn, listed Directorships, typical earnings in a given area or published in the media. By doing this it allows us to understand the background of the people who support us and helps us to make the right requests. Importantly, it helps us to raise more funds, sooner, and more cost-effectively, than we otherwise would.
- Partners or suppliers (Processors) working on our behalf:
This could be if you access a specific tool or service which is delivered through a trusted organisation working on our behalf and always under our instruction.
5. What types of personal data do we collect?
We collect three kinds of information:
1. Non-personal information / anonymised data
This helps us to understand how many people use our websites, how many people visit on a regular basis and how popular/useful our web pages are. These can be obtained, for example, from pages that you may have accessed and from files that you may have downloaded. This information doesn't tell us anything about who you are or where you live.
2. Personal information
We will ask you for information in order to provide you with the services requested, for example to send you information or process a donation. This could include:
- Application data including employment history, qualifications and references, if applicable;
- Contact details including email address, postal address, email, telephone number and instant messaging details;
- Demographics including information that allows us to better understand who you are and the services in which you are most interested;
- Financial data including bank account and payment bank details;
- Financial transaction data including details about payments and donations from you and details of products and services you have purchased from us and activities you have participated in;
- Historical transaction data including communication history, your past donations, purchases, applications and interactions with us;
- Identity data including name, date of birth, gender, marital status;
- Location data that is information about your physical location, including ip address, and latitude/longitude coordinates and country of origin (where applicable);
- Marketing and communication data including your preferences in receiving marketing from us and communication preferences;
- Requests and preferences including communication preferences, your interests and prayer requests;
- Security credentials including username and password;
- System data including information about how you use our digital tools;
- Tax status
- Travel information including your travel details, delegate information, dietary requirements, and room preferences.
3. Sensitive personal information
We may ask you for information about your religion, beliefs, circumstances, or health for example, so that we can provide you with relevant information and support or in order to support your safe participation in an event. You may also choose to disclose about your personal circumstances.
Children under 16
If a child under the age of 16 attempts to register with one of our Digital Tools, purchase products, or materials, or participate in an activity requiring the submittal of personally identifiable information, a parent or guardian must give permission and consent for that child to provide information and register. The only personal information we collect from a child is information that is necessary for the child to participate in activities, such as an address for making a purchase. Parents have the right to request at any time that the information collected about their child is removed from our database. We do not collect personal information from children under the age of 13 beyond what is necessary for them to participate in our online or other activities, such as registering for a conference or downloading materials. If we discover that we have accidentally collected personal information from a child below the age of 13, we will delete it from our records as soon as reasonably possible.
6. How do we use your personal data and what are our legal bases for processing?
We want to make sure you receive the communications that are most relevant to you, be it through visiting our website or receiving emails, post or phone calls; we want to make sure you receive the best attention when you book on an event, make a donation, or purchase resources.
There are a number of lawful reasons for us to process your personal information and one of those is called 'legitimate interests'. This means that the reason that we are processing information is because there is a legitimate interest for Agapé to process your information to help us give more people the opportunity to encounter God’s unconditional love and enter into a personal relationship with Him. We will generally only collect and use your personal information when it is necessary to achieve our legitimate interests of fostering spiritual growth, which includes providing guidance, counselling, events, church meetings, and Digital Tools. However, you always have an option to opt-out of receiving marketing communications by post. You can update your choices or stop us sending you these communications at any time by contacting us using the information provided in Section 2: "Who we are." Some examples of where we have a legitimate interest to process your personal information are where we contact you about our work via post (for example to send you MOVE magazine, which includes updates on our work, as well as information about fundraising, campaigning, events and resources), use your personal information for data analytics, conducting research to better understand who our supporters are, improving our services, for our legal purposes (for example, dealing with complaints and claims), or for complying with guidance from the Charity Commission.
Whenever we process your personal information under the 'legitimate interest' lawful basis we make sure that we consider your rights and interests and will not process your personal information if we feel that there is an imbalance.
We may also use your personal information when it is needed to provide you with goods or services (for example, because you have placed an order on our website), or to process donations or to comply with our legal obligations.
We set out below a table where we describe each of the ways in which we use your Personal Information, the types of Personal Information that we use and the legal basis that applies to that use. Where the legal basis is “legitimate interest” we also set out some further details.
|How we use your personal information||The types of personal information involved ||Legal basis ||Legitimate interest (if applicable) |
|To allow you to register and attend an event and to follow up with you after the event ||Identity data; contact details; marketing/communication data; travel information; requests and preferences ||Contract || |
|For electronic marketing communication. ||Identity data; contact details (email, SMS etc); marketing/communication data, open and click rates ||Consent || |
|For physical communication ||Identity data; contact details; marketing/communication data ||Legitimate Interests ||To keep you informed of our ministry; to send you ministry information and resources which we believe you will be interested in |
|To keep a record of your relationship with us. ||Identity data; contact details; marketing/communication data; requests and preferences; demographics ||Legitimate Interests ||To manage participation in our ministry and contact management across the ministry, including how you've supported us or have been supported by us in the past. |
|To improve your experience of our Digital Tools ||Identity data; contact details; system data; historical transaction data; requests and preferences; demographics ||Legitimate Interests ||To improve the operations of our Digital Tools and to show information that is more interesting to you |
|To allow you to login and to access our Digital Tools ||Identity data and security credentials ||Contract and Legitimate Interests ||To ensure that your accounts on our Digital Tools are kept safe and private |
|To apply for, or participate in, short or long-term mission opportunities with us; to apply or participate as a volunteer ||Identity data; contact details; application data ||Contract || |
|For spiritual guidance and support ||Identity data; contact details; information about your beliefs and circumstances; requests and preferences ||Legitimate Interests ||To provide spiritual guidance and support; to allow us to pray for you; to provide you with resources and activities that will help you grow spiritually |
|To provide forums and digital communities ||Identity data; contact details; your posts in discussion threads ||Legitimate interests ||To provide a place for you to discuss spiritual and mission-based topics |
|To keep you up-to-date with the impact of your support and to ask for financial and non-financial support. ||Identity data; financial data; financial transaction data; contact details; information about your beliefs and circumstances; requests and preferences ||Legitimate Interest ||To provide opportunities for you to partner with us through financial giving, communication or prayer |
|To process donations, including submitting your details to HMRC to claim Gift Aid if applicable. ||Identity data; financial data; financial transaction data; contact details; and tax status ||Contract and Legitimate interests ||To securely receive your donation toward our charitable aims |
|For statutory reporting ||Identity data; contact details; tax status ||Legal Obligations and Legitimate Interests ||We may have obligations to report to the authorities in other countries |
|To deliver goods and services ||Financial data; financial transaction data; contact details ||Contract || |
|To support and further our mission, for example if you have shared your story or given us consent to use your photo in marketing or promotional materials. ||Identity data; information about your beliefs and circumstances. ||Consent || |
|To allow us to improve our tools; to maintain an audit trail of access to data; trouble-shooting; data analysis; system maintenance; ||Historical transaction data; system data; audit logs; and location data ||Legitimate Interests ||To manage and protect our Digital Tools; to ensure that our services run effectively and to track who is accessing your data |
|To allow us to improve our services, events, products or information ||Identity data; contact details; marketing/communication data; requests and preferences; demographics ||Legitimate Interests ||To make sure that our services, events, products and information are the very best they can be. |
|To respond to complaints and requests. We may also collect and retain your information if you send us feedback or give us a compliment. ||Identity data; contact details; historical transaction data; application data ||Legal obligation and Legitimate Interests ||To ensure that your concerns are addressed, or your feedback is noted. |
7. How and when do we share your personal information?
Agapé is part of an international organisation and we work with organisations outside of the EU. Please be aware that we may need to transfer your data to countries outside the European Economic Area (EEA) to process it. We will only transfer your personal information outside the EEA with adequate safeguards in place and in full compliance with applicable laws. For example, we will only transfer your personal information to countries that have been deemed to provide an adequate level of protection. We have established standard contractual clauses with our service providers to ensure they protect your information and to enforce legal transfers of data internationally.
Generally, we will not disclose or share your personal information with anyone outside our organisation without your permission. However, we may need to use or share your information with trusted partners and agents who enable us to deliver our charitable objectives and provide goods and services to you on our behalf, or if required to by law, i.e. with the police or a regulatory body.
Your information may be disclosed:
- To other parts of Agapé (including Agapé and CCCI offices around the world, e.g., Cru, Agapé Europe, etc.);
- To public or regulatory authorities;
- To third party service providers, such as Cloud service providers for the hosting of apps and sites, direct and email marketing service providers (e.g. Mailchimp), and companies that assist us in processing your donations.
Being a prayer and/or a financial supporter means that your data will be stored in a system called MPDX. MPDX is owned and controlled by Cru, the US organisaion of Campus Crusade for Christ International, the global organisation of which Agape UK is a part. MPDX is hosted in the US.
Cru's MPDX privacy notice is here: https://mpdx.org/privacy/.
At all times we remain legally responsible for your data. We take steps to safeguard your information and we have contractual provisions requiring all third-party service providers to respect the security of your personal data and to treat it in accordance with our data protection policies and all applicable laws. We never share your data with any third parties for their own purposes. We will not allow any third party, including service providers and other charities, to use your personal information for their own marketing or commercial purposes and they will only be allowed to process your personal information in accordance with our instructions.
8. Third party sites and information
9. How long do we keep your information for?
We keep your information as long as it is needed to achieve our purposes listed above, as well as for the amount of time necessary to meet any legal, tax, or reporting requirements.
We do not keep your personal information for longer than necessary and up to 6 years after your last interaction with us (e.g. making a donation, registering for an event, or using one of our Digital Tools). We may keep your data for longer than 6 years if we cannot delete it for legal or technical reasons. We may also keep it for statistical purposes. However, if we do, we will ensure that your privacy continues to be protected and only use it for these purposes.
We take looking after your information very seriously. We have put in place appropriate security measures to protect your personal information from being accidentally lost, altered, disclosed or misused, or accessed in an unauthorised way. These include technical, administrative, and physical security measures to ensure that any information we collect is stored and processed securely.
For example, for Digital Tools that require personal or sensitive data to be collected or displayed, a Secured Socket Layer (SSL) connection is required, to ensure that the data is encrypted as it is transferred to the browser. All credit card payments are processed using Payment Card Industry (PCI) compliant technology to ensure that your credit card number is securely passed to the merchant/service provider. We do not store your credit card details.
Agapé holds its data on a secure database which is hosted in the UK. Access to this system is limited and there is restricted access to data based on a person's role in the organisation.
Our third-party suppliers store data in the EU, with the following exceptions:
- Our online supporter management software, MPDX, is hosted by Cru, who store data in USA.
- Agapé’s digital files are stored on a server hosted by Microsoft at a data centre. Access to this data centre is restricted.
All our current partners or suppliers adhere to the EU-US Privacy Shield – you can find out more https://www.privacyshield.gov/welcome.
All paper records are stored on premises at our offices. These offices are securely locked when no members of staff are present, and access is restricted and monitored during the working day.
Unfortunately, the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee that the security measures we implement in connection with the operation of the site will absolutely prevent others from accessing or acquiring any information that you provide while using the site. You can help us protect your personal information by properly protecting your password and remembering to sign out of your account and close your browser window when you finish visiting our site, especially if you are on a shared or public computer.
We have procedures to deal with any suspected personal data breach and we will promptly notify you and any applicable regulator of a breach in accordance with our legal obligations.
11. Cookies and information collected by technology
Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies, if you prefer. If you choose to decline cookies, you may not be able to fully experience certain interactive features of the site or access all the services provided through the site.
We use the categorisation set out by the International Chamber of Commerce (ICC) in their UK Cookie Guide. We use the following categories of cookies:
- Strictly necessary cookies are essential for you to move around our website and to use its features, like our shopping basket, and your account.
- Performance cookies collect anonymous information about how you use our site, like which pages are visited most.
- Functionality cookies collect anonymous information that remember choices you make to improve your experience, like your text size or location. They may also be used to provide services you have asked for such as watching a video or commenting on a blog.
- Targeting or advertising cookies collect information about your browsing habits to make advertising relevant to you and your interests. As such if you visit the Agapé website you may then be more likely to see adverts about Agapé’s work on other websites as your browsing suggests that this is an area of interest.
- Social media cookies are set by a range of social media services to enable you to share content with your friends and networks and are capable of building up a profile of your interests. If you don't allow these cookies you may not be able to use or see these sharing tools.
12. CCTV and premises surveillance
If you visit our national headquarters at 167 Newhall Street, Birmingham, B3 1SW, we may collect static or moving imagery via CCTV. Agapé collects imagery via CCTV cameras located in both public (street) and private (our business premises) locations. We collect imagery via CCTV for the purposes of crime prevention and public safety and may use it for a number of other purposes, including, but not limited to the following:
- To maintain the safety and security of our employees, colleagues, and other members of staff.
- To support the effective management and safety of our building and infrastructure, including our car park spaces.
- To provide evidence to any law enforcement or police investigations.
- In response to a subject access request.
The lawful justification for collecting and using CCTV imagery is that there are legitimate interests to do so. Agapé commits to the safe and secure collection and storage of any imagery on-site, which will only be viewed by the authorised and appropriate Agapé staff. Any sharing with law enforcement or police authorities will be shared under our legal obligation to comply with the law. No imagery will be shared with third parties, except when required to do so by law.
Agapé retains imagery for between 28 calendar days, after which point it will be deleted. Imagery required for an investigative or legal procedure may be retained beyond this timeframe for as long as necessary and will be deleted upon completion of the purpose for which it was retained.
If you would like a copy of any imagery, please write to the Agapé’s data protection team at 167 Newhall Street, Birmingham, B3 1SW, and include an email address or postal address so that we may get back in touch with you. Once we have received and validated your request, we will respond to it within 30 days.
13. How to change the way we contact you
Your personal preferences and keeping your data accurate is of utmost importance to us.
If at any stage you do not want to hear from us or want to update your details, you can:
- Email: firstname.lastname@example.org
- Call: 0121 765 4404
- Write: Agapé, 167 Newhall Street, Birmingham, B3 1SW
You can also now register your details with the Fundraising Preference Service if you want to tell us through them that you would prefer us not to contact you.
Any email we send you will contain information about how to unsubscribe from email marketing communications. During any phone conversation you have with us, please feel free to let us know how you prefer to be contacted.
14. Your rights
The GDPR gives you various rights in respect of the personal information we hold about you – these are set out in more detail below. If you wish to exercise any of these rights or make a complaint, you can do so by contacting using the information provided in Section 2: "Who we are."
We will respond to your request within 30 days of accepting it. Before accepting your request, we may need to ask for some identity documentation from you, to make sure we don’t inadvertently provide your personal information to someone else.
You have the right to:
Rectification (editing and updating personal information)
If your information needs to be edited or updated, you can change your personal information directly on our website. Our Digital Tools offer different options for you to access, change, and modify the information you previously provided, such as your donor or customer record (for registered users only), email address, postal address, or to stop a duplicate email.
Alternatively, you can ask us to update your information by contacting us using the information provided in Section 2: "Who we are." Please make sure to provide us with all the information we need to be able to address your request, including both the old and new information.
Access your personal information (Data Subject Access Request)
You can request details of your personal information we hold. We will confirm whether we are processing your personal information and provide additional details including what kind of information we have about you, where we collected it, how we use it (including the legal basis for our processing), how long we expect to keep it, details of any automated decision making or profiling and the safeguards regarding data transfers to non-EEA countries, subject to the limitations set out in applicable laws and regulations.
If you wish to exercise this right, you should apply, in writing, to the Operations Director at the address above. We will provide you with a copy of your personal information free of charge. Agapé will respond within one month, providing that the request includes appropriate contact details, proof of identity from the individual and that we can validate the request. We may charge you a fee to cover our administrative costs if you request multiple copies of the same information or if the requests are manifestly unfounded or excessive.
If you are unhappy at any time about the way we process your personal information, please contact the Operations Director using the information provided in Section 2: "Who we are," who will investigate your concerns.
Erasure (deletion of personal information)
At your request, we will delete your personal information if:
- It is no longer necessary to retain your personal information;
- You withdraw the consent which formed the basis of your personal information processing;
- you have successfully objected to the processing of your personal information (see below);
- Your personal information was processed unlawfully; or
- We are required to delete your personal information to comply with our legal obligations.
We will review requests on a case by case basis and we might not be able to comply with your request if we need to process your personal information:
- For exercising the right of freedom of expression and information;
- To comply with our legal obligations;
- To establish, exercise or defend a legal claim; or
- To perform a task in the public interest.
If this is the case, we will notify you of the reasons why your request was rejected.
Restriction of processing of personal information
You have the right to request us to limit the processing of your personal information if:
- You dispute the accuracy of your personal information;
- Your personal information was processed unlawfully, and you request a limitation on processing, rather than a deletion of your personal information;
- We no longer need to process your personal information, but you need your personal information in connection with a legal claim; or
- You object to the processing of your personal information based on our legitimate interests - pending verification as to whether we have an overriding legitimate ground for such processing.
- To the extent needed, we may still keep some of your data to ensure we comply with your request to limit processing, or for other legal purposes.
Objecting to certain types of processing including automated decision making
Where we process your personal information based upon our legitimate interests, you have the right to object to this processing on grounds relating to your particular situation if you feel it impacts on your fundamental rights and freedoms.
Where we process your personal information based upon our legitimate interests and where decisions are made by automated processing which has a legal or other significant effect on you, you may also object to such automated decision making.
Portability of personal information
You can request us to send you your personal information in a structured, commonly used, machine-readable format so that it can easily be transferred and used by a third party if:
- You provided us with the personal information;
- The processing of your personal information is based on your consent or required for the performance of a contract; or
- The processing is carried out by automated means.
We primarily rely on legitimate business interests to process your data, but to the extent we use consent to process your data, you have the right to withdraw any consent you may have given us at any time. We will comply with your request promptly.
If you withdraw your consent, we might not be able to provide some of our products and services to you. At any point, you have the right to object to processing of your personal information for direct marketing purposes and we will promptly comply with your request.
Filing a complaint with a data protection authority
We will try to resolve any problems that you have but you are always able to contact the local data protection supervisory authority for assistance or to make a complaint at https://ico.org.uk.