SUNI will never sell your data to anyone else, nor do we share your data with other organisations for their marketing purposes. We don’t share your data in ways you would not expect and we are transparent about who we plan to share your data with and why, but we may also have to share your data if there are legal reasons to do so e.g. with the police regarding suspected fraud or with social services in relation to child protection.
In outlining above what we do with each different type of person’s data we have highlighted some of the third party service providers we use. They are listed below. We have chosen them because they also treat your data with respect and their data policies align with ours. They will only use your data as instructed by us.
We generally store data within the European Economic Area, but if one of our third parties needs to transfer it outside the EEA we will have checked that adequate levels of privacy protection, in line with UK data protection law, are in place e.g. by choosing an organisation in the US which has been certified under the EU-US Privacy Shield Framework.
We use a third party provider, MailChimp, to send out mailings to supporters and volunteers (e.g monthly Prayer Focus, E3 workers’ termly news, Camps and Missions leaders mailings). We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our mailings. MailChimp is based in the US, but has certified its compliance with the EU-US Privacy Shield Framework. For more information please see MailChimp’s privacy notice.
MORGAN DOCUMENT SECURITY
We use a third party provider, Morgan Document Security, to archive documents long term (generally for legal purposes) and to securely destroy personal information which we no longer need. They are a well-respected local firm with excellent security standards, accredited with ISO 9001 (quality standard) and ISO 27001 (Information Security Management Standard). For more information on their processes and their secure archiving and secure shredding services, please refer to their website.
We use a third party provider, Eventbrite, to process bookings for many SUNI events, e.g. the Making Your Mark weekend and Camps and Missions training events. They hold the information which you give them in relation to the event you are booking. As an Organiser, we can then access that information in order to run the event. When the event and any follow up has been completed, we ask Eventbrite to delete the personal data relating to that event. Eventbrite have never had a data breach to date (see Eventbrite’s Security and Safety Guide). Eventbrite is based in the US, but has certified its compliance with the EU-US Privacy Shield Framework. For more information please see Eventbrite’s privacy notice
We use Access NI to carry out enhanced checks on volunteers, interns and staff who will be working with children. After registering with Access NI via their website you will apply for an Enhanced Check, and will enter your addresses for the last 5 years, your National Insurance number and your driving licence and passport numbers if you have these documents. This data will be used to check for any criminal records which may impact on your suitability to work with children. Access NI is a government body and therefore complies with the GDPR and expects registered bodies like SUNI to hold to strict data protection procedures in how we handle the information they share with us (you can find their sample policy statement here). Further details of what information may be disclosed about you can be found here.
We use a third party provider, NowDonate, to facilitate easy online giving to SUNI. NowDonate is registered in the UK. For more information please see NowDonate’s privacy notice.
To comply with our legal obligations, SUNI must send information to HM Revenue and Customs for tax purposes.
To comply with our legal obligations, SUNI is registered with Companies House. This includes sending personal data on the Company Directors and the Company Secretary to Companies House. For more information please refer to the Companies House Personal Information Charter.
THE CHARITY COMMISSION FOR NI
To comply with our legal obligations, SUNI is registered with The Charity Commission for Northern Ireland. This includes sending personal data on the Company Directors and the Company Secretary to the Charity Commission. Further data protection information from The Charity Commission for Northern Ireland can be found here and here
We use the Ulster Bank to make and receive payments. The Ulster Bank Ireland DAC is registered in the Republic of Ireland, and therefore comes under the GDPR. For more information on how the Ulster Bank protects its customers, please refer to ‘How we protect you‘.
We use the postal services of a third party, PostalSort, which is registered in Northern Ireland. You can find more information on their terms and conditions on their website. For large mailings we sometimes send names and addresses to PostalSort. They have a secure FTP site to which we can upload this information and they treat personal data carefully in line with EU regulations.
Blackdog Media provide technical support and consultancy services to SUNI. For more information on this trustworthy local company please refer to their website
FILE SHARING WEBSITES
File sharing websites offer a more secure alternative to attaching files, so we recommend their use when personal information needs to be transferred. Dropbox is based in the US but has achieved EU-US privacy shield certification. The Dropbox website gives more information on privacy, compliance and security . WeTransfer is located in the E.U. Their website has more information on the security of their platform, and GDPR compliance.
We work with our trusted partners, Crown Jesus Ministries, Logos Ministries International and Scripture Union England & Wales to run SHINE and SHINE KIDS. The Shine website (www.shineinschools.com) is hosted by Big Wet Fish (BWF Hostings Limited), registered in Northern Ireland. The servers are located in a fully ISO27001 certified facility in England. For more information on BWF Hostings Limited please see their website.
Our volunteer website (which is where you would register as a schools volunteer or a camps and mission volunteer) is a bespoke website hosted on a 1&1 server. For more information about this company, registered in the EU, please see their website.
Our website is hosted by WordPress.com, which is run by Automattic Inc. We don’t collect cookies, but we use a standard WordPress service to collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. For more information about how WordPress processes data, please see Automattic’s privacy notice. Our website has links to other social media and to websites belonging to third parties, and we may include content from websites such as these on our website. However, please be aware when you leave our website that we have no control over the privacy practices of other websites.