YOUR PRIVACY MATTERS TO US
We have outlined how we use your information, how we access it and how you can change this below ...
We are Summer Madness…
Based in Northern Ireland, Summer Madness exists to enthuse, equip and engage the youth and young adults of Ireland in the Christian faith so that they may be real change makers in their churches and communities across the island.. We are registered with The Charity Commission Northern Ireland (NIC104975), registered as a company in Northern Ireland (NI055719) and with the ICO (Information Commissioner’s Office), registration number ZA295891
Your privacy matters. We will only ask you for the information we need, and we will only use it for as long as we need to. We don’t pass on your personal information to other organisations for marketing purposes. We commit ourselves to treating your data with care.
Whoever you are and whatever role you play in Summer Madness, we want to be clear about the information we collect from you and what we do with it.
We collect information from different people who engage with Summer Madness (volunteers, prayer warriors, supporters, donors, committee members, campers, etc)
We only collect and use information which we need and which you have agreed that we can use.
We endeavour to make it as easy as possible for you to update your information, withdraw your consent, and access your information.We are careful with your information and work hard to make sure it is held securely (for more information see our security section).
We never sell your data and we don’t share it with other organisations for their own purposes but only if there is a legal requirement to do so.Where we use other organisations to provide a service (such as Mailchimp to contact people by email), they have been selected carefully to ensure they also treat your data securely, and they will only use your data as instructed by us (for more information see our Third Parties section).
We only keep your information for as long as we consider it necessary and reasonable. Our data retention policy takes into account our legal obligations, insurance recommendations, and accounting and tax consideration.
You can update your information or ask us to stop contacting you at any time by contacting us. And finally, if you would like to know more, please don’t hesitate to get in touch with us. You can email (email@example.com) phone (028 90673379) or write to us (Summer Madness, Cyril Johnston Centre, Ballynahinch Rd, BT88DJ).
Volunteer / Staffing
When you sign up with us you will have given us your name, address, email, relevant medical information, phone number, emergency contacts and references and an acknowledgement that you are in full agreement with the Aims, Beliefs and Working Principles of Summer Madness. If you are a volunteer with us, you will also have been checked by Access NI and will have given us your Access NI number.
Why do you need this information?
We need this information to keep in touch with you about events, training and Summer Madness in general, and we may put you in touch with relevant staff. We also need this information to ensure the suitability of our volunteers and leaders as they represent us as a Christian organisation and for safeguarding purposes. We also need contacts and medical details in case of any emergency.
Who do you share my information with and how do you keep it secure?
Your web application form when you register with us can only be accessed by passworded staff. They are securely stored on our volunteer website server. Where relevant, you will also submit information to Access NI for an enhanced check. As the Registered Body, we will check that information against the ID which you show us. In line with new guidelines from Access NI, we must now keep a copy of the ID you show us for ID checking for at least 90 days after your certificate is issued. We will keep these in a locked filing cabinet and then they will be securely destroyed. Once your application has been accepted, your contact details will be held securely on the Google Drive database on our secure, encrypted server and it will only be accessed by relevant, passworded staff as necessary (e.g. to send you relevant mailings or get in touch with you about events and training in your area). We use MailChimp to send out regular mailings: your name and email address are uploaded via their website each time we send out a mailing. (For more information on our volunteer website, Access NI, Filemaker and Mailchimp see our Third Parties section)
For how long to you retain my information?
Your information will be on Google Drive until you indicate that you are no longer involved with Summer Madness. Web application forms are archived to our secure server on a regular basis where they can only be accessed by passworded staff: we hold this information for as little time as possible which is usually 3 years, but unless there is a legal reason to do so this information will not be accessed again.
Special Category Data
All personal information is private, but some types of information are more sensitive than others e.g medical information, religious beliefs or information about special needs, and this is recognised in law. Since we only collect the information we need, you can rest assured that we will only ask for personal information about you if there is a good reason for doing so – e.g. to ensure that children’s needs are appropriately catered for at a camp or mission; to make sure that our volunteers meet the high standards we require of them; to ensure safeguarding at camps, missions or events. We will have identified sound legal bases for processing any special category data and we will treat it with extra care.
Summer Madness will never sell your data to anyone else, nor do we share your data with other organisations for their marketing purposes. We don’t share your data in ways you would not expect and we are transparent about who we plan to share your data with and why, but we may also have to share your data if there are legal reasons to do so e.g. with the police regarding suspected fraud or with social services in relation to child protection.
In outlining above what we do with each different type of person’s data we have highlighted some of the third party service providers we use. They are listed below. We have chosen them because they also treat your data with respect and their data policies align with ours. They will only use your data as instructed by us.
We generally store data within the European Economic Area, but if one of our third parties needs to transfer it outside the EEA we will have checked that adequate levels of privacy protection, in line with UK data protection law, are in place e.g. by choosing an organisation in the US which has been certified under the EU-US Privacy Shield Framework.
We use a third party provider, MailChimp, to send out mailings to supporters and volunteers (e.g monthly Prayer Focus, E3 workers’ termly news, Camps and Missions leaders mailings). We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our mailings. MailChimp is based in the US, but has certified its compliance with the EU-US Privacy Shield Framework. For more information please see MailChimp’s privacy notice.
We use Access NI to carry out enhanced checks on volunteers, interns and staff who will be working with children. After registering with Access NI via their website you will apply for an Enhanced Check, and will enter your addresses for the last 5 years, your National Insurance number and your driving licence and passport numbers if you have these documents. This data will be used to check for any criminal records which may impact on your suitability to work with children. Access NI is a government body and therefore complies with the GDPR and expects registered bodies like Summer Madness to hold to strict data protection procedures in how we handle the information they share with us (you can find their privacy notice here). Further details of what information may be disclosed about you can be found here.
To comply with our legal obligations, Summer Madness must send information to HM Revenue and Customs for tax purposes.
To comply with our legal obligations, Summer Madness is registered with Companies House. This includes sending personal data on the Company Directors and the Company Secretary to Companies House. For more information please refer to the Companies House Personal Information Charter.
The Charity Commission for NI
To comply with our legal obligations, Summer Madness is registered with The Charity Commission for Northern Ireland. This includes sending personal data on the Company Directors and the Company Secretary to the Charity Commission. Further data protection information from The Charity Commission for Northern Ireland can be found here and here
We use the Ulster Bank to make and receive payments. The Ulster Bank Ireland DAC is registered in the Republic of Ireland, and therefore comes under the GDPR. For more information on how the Ulster Bank protects its customers, please refer to ‘How we protect you’.
File Sharing Websites
File sharing websites offer a more secure alternative to attaching files, so we recommend their use when personal information needs to be transferred. Dropbox is based in the US but has achieved EU-US privacy shield certification. The Dropbox website gives more information on privacy, compliance and security . WeTransfer is located in the E.U. Their website has more information on the security of their platform, and GDPR compliance.
Our website is hosted by WordPress.com, which is run by Automattic Inc. We don’t collect cookies, but we use a standard WordPress service to collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. For more information about how WordPress processes data, please see Automattic’s privacy notice. Our website has links to other social media and to websites belonging to third parties, and we may include content from websites such as these on our website. However, please be aware when you leave our website that we have no control over the privacy practices of other websites.
Policies and Procedures
Our Data Protection Policy is reviewed and updated annually.
Out of office hours the main office building is securely locked and alarmed. During office hours, visitors not allowed unsupervised access to office areas.
There are robust practices to ensure the security of paper records: they are stored in locked filing cabinets, and shredded once they are no longer needed, in line with our data retention policy.
References for all staff are obtained prior to employment and we place a high value on trustworthiness, integrity and confidentiality. Staff receive regular training (at appropriate levels) on data protection.
As an almost entirely Mac-based organisation, our cyber security issues are significantly reduced. All staff laptops are encrypted and all staff computers are passworded. Only the staff member and the PA know the password to each computer. Staff are encouraged to use passwords for files containing personal data, and to consider using file sharing websites rather than attachments when personal data needs to be transferred for some reason. Data on our secure server is encrypted, and it is backed up regularly. Care and consideration are taken regarding SPAM mail, up to date antivirus protection and appropriate firewalls, as well as installing updates.
You have the following rights with regard to good information handling, which we affirm and will endeavour to uphold:
The right to be informed
The right of access
You can ask us for the data we hold about you (this is a data subject access request). We are happy to give you all the information which we can. This is a straightforward procedure for this, which will include verifying your identity. It doesn’t cost anything. You can ask for the form by emailing (firstname.lastname@example.org) phoning (028 90673379) or writing to us (Summer Madness, Cyril Johnston Centre, Ballynahinch Rd, BT88DJ).
The right to rectification
If you think the information we hold about you is not correct, let us know – we will find and update it. We endeavour to do this as soon as you let us know, but always within 30 days.
The rights to erasure and to restrict processing
You can ask to be forgotten. If we can, we will then delete or destroy the information we hold about you. There may be a compelling reason why this is not possible (e.g. a legal obligation for us to continue to hold your data) but we will always take your request seriously. If we can’t completely delete your data for some reason, it is likely that we could store it without actively continuing to process it (restrict processing).
The right to data portability
If you want it, we will give you the information we hold about you in an appropriate transferable form.
The right to object
If you don’t like how we have processed your data based on legitimate interest or for marketing purposes, you have the right to say so, and we will stop processing your information in that way. You can always opt out of any mailings we send and we make sure that it is easy for you to do so.
You also have rights relating to automated processing and profiling
We don’t use automated processing and we don’t profile people.
Let us know how we can improve
We have thought carefully about protecting your data – about what information we gather, how we use it and store it, and for how long, and how we delete or destroy it when it is no longer needed.
However, all policies and procedures are implemented by imperfect human beings. So if you think we have made a mistake in any way, please let us know and we will work hard to make things right. You can email (email@example.com) phone (028 90673379) or write to us (Summer Madness, Cyril Johnston Centre, Ballynahinch Rd, BT88DJ).
If you are concerned with how we are handling your information we would like to be able to address those concerns and put things right. However, if you wish to raise any concerns with a supervisory body, you can contact the ICO (Information Commissioner’s Office). You will find information on how to do this on the ICO website (www.ico.org.uk) or by phoning the ICO on 0303 123 1113 or writing to The Information Commissioner’s office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. There is also a regional office (write to ICO, 3rd Floor, 14 Cromac Place, Belfast,BT7 2JB, phone 028 9027 8757 or email firstname.lastname@example.org)