Privacy Notice
1. Scope
The scope of the Privacy Notice concerns all data subjects whose personal data is processed, in line with the requirements of the General Data Protection Regulations (GDPR).
2. Responsibilities
2.1 The Janki Foundation (JF) as Data Controller is responsible for ensuring that this Privacy Notice is made available to data subjects prior to the JF collecting and processing their personal data or special category data.
2.2 All volunteers of the JF who interact with data subjects are responsible for ensuring that this Notice is drawn to the data subject’s attention and their consent to the processing (including recording) of their data is secured. https://www.jankifoundation.org/privacy-policy/
3. Privacy Notice
3.1 Who we are?
The JF promotes the integration of spirituality into healthcare. It supports healthcare professionals through values-based dialogue and training, and contributes to general wellbeing through inspirational books, CDs and lectures.
The Foundation also gives regular financial support to a hospital in Rajasthan, India, that has pioneered a healthcare model combining modern medical technology with spirituality and complementary medicine.
The JF is registered as Data Controller with the Information Commissioner’s Office under registration reference: Z8958393
The JF GDPR Team can be contacted directly by emailing to: info@jankifoundation.org
The personal data we would like to collect and process:
* Personal information – obtained directly from the data subject / or from affiliate organisations
* Special category data – See below.
The personal data we collect will be used for one or more of the following purposes:
* To organise events such as: lectures / seminars / workshops / retreats.
* To keep data subjects up to date with information about events (this can be via newsletters / E-flyers).
* To comply with legal obligations of the Data Controller such as: health and safety regulations / financial regulations / child protection laws / requirements regarding voluntary donations / for insurance purposes.
* For general marketing purposes.
* To manage Volunteers.
Our legal basis for processing personal data, is at least one of the following:
* Processing is necessary to comply with legal obligations of the Data Controller
* Data subject gives consent for one or more specific purposes
* Processing is necessary to protect the vital interests of the data subject
* Special protection is in place for personal data related to children and vulnerable adults
The special categories of personal data are:
* Health (to host / accommodate guests / participants with special needs, diet requirements
or other health information processed in the vital interest of the data subject).
* DBS (Disclosure and Barring Service) checks (for Volunteers).
3.2 Consent
By consenting to this Privacy Notice you are giving us permission to process your personal data and special category data specifically for the purposes as identified above.
Consent is required for the JF to process both types of personal data, but it must be explicitly given. Where we are asking you for special category data, we will always tell you why and how the information will be used.
You may withdraw consent at any time by notifying the GDPR Team via email (info@jankifoundation.org) in line with the withdrawal of consent procedures.
3.3 Disclosure
The JF will only pass on your personal data to third parties with your consent or to comply with the legal requirements under GDPR.
The following third parties may receive your personal data as part of the processing activities:
HM Revenue & Customs, Disclosure and Barring Service (DBS), First Aid Training Providers
Professional Bodies (Auditors, Solicitors, Banks etc.)
3.4 Retention period
The JF will process personal data for as long as strictly needed as per the GDPR requirements and will store the personal data in line with the JF Retention of Records Policy.
Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
* Right of access – you have the right to request a copy of the information that we hold
about you.
* Right of rectification – you have a right to request us to correct data that we hold about you that is inaccurate or incomplete.
* Right to be forgotten – in certain circumstances you can ask for the data we hold about
you to be erased from our records.
* Right to restriction of processing – where certain conditions apply, you have the right to request us to restrict the processing.
* Right of portability – you have the right to request the data we hold about you transferred
to another organisation.
* Right to object – you have the right to object to certain types of processing such as direct
marketing.
* Right to object to automated processing, including profiling – you also have the right to
object to automated processing or profiling.
All of the above requests will be forwarded on should there be a third party involved (as stated in clause 3.3) in the processing of your personal data.
3.5 Security measures – Safeguards in place to protect your personal data:
* Locked offices and locked filing cabinets.
* Password protected devices with firewall and anti-virus software.
* Only authorised volunteers have access to personal data.
* A clear desk policy operates.
* CCTV outside and inside the building on all floors.
3.6 Complaints
In the event that you wish to make a complaint about how your personal data is being processed by the JF or third parties as described in clause 3.4, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and the JF GDPR Team.
Supervisory authority contact details | Data Controller (Janki Foundation) | |
Contact Name | Information Commissioner’s Office | JANKI FOUNDATION GDPR Team |
Address line 1: | Wycliffe House | |
Address line 2: | Water Lane | |
Address line 3: | ||
Address line 4: | Cheshire SK9 5AF | |
Email: | casework@ico.org.uk | info@jankifoundation.org |
Telephone: | ICO Helpline 0303 123 1113 | 020 459 1400 |
4. Online privacy statement
4.1 What is Personal data?
Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
4.2 How we use your information
This privacy notice tells you how we, the JF, will collect and use your personal data to invite you to events – lectures, seminars, workshops, retreats, to send news, to comply with legal requirements of the Data Controller, such as insurance purposes, health and safety regulations, financial regulations, child protection laws, etc.
4.3 Why does the JF need to collect and store personal data?
In order for us to provide you with information about events and news – lectures, seminars, workshops, retreats – or to host you as a guest, or in line with legal requirements and financial regulations we need to collect personal data. In any event, we are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.
In terms of being contacted for marketing purposes the JF will contact you for additional consent.
4.4 Will the JF share my personal data with anyone else?
We may pass your personal data on to third-party service providers contracted to the JF in the course of dealing with you. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to the purpose the data has been collected. When they no longer need your data to fulfil this service, they will dispose of the details in line with the GDPR. We may need to pass your special category data onto a third party but we will only do so once we have obtained your consent, unless we are legally required to do otherwise.
4.5 How will the JF use the personal data it collects about me?
The JF will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulations. We will endeavour to keep your information accurate and up to date, and not keep it for longer than strictly needed.
The JF is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific charity-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual charity needs.
4.6 Under what circumstances will the JF contact me?
Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
4.7 Can I find out the personal data that the JF holds about me?
The JF, at your request, can confirm which information we hold about you and how it is processed. If the JF does hold personal data about you, you can submit a request for access to personal data in line with the General Data Protection Regulations.
4.8 What forms of ID will I need to provide in order to access this?
When information on your personal data is requested, the JF requires one of the following or a combination of the following IDs (original or certified): any ID which has a valid and recent photograph / address details / passport, driving licence / birth certificate / recent utility bills.
5 Information relating to your method of payment
At the point of payment, you are transferred to a secure page on the website PayPal. or if paying by credit/debit card payment is taken via Stripe payment gateway. No payment details are kept on our website or servers. All payment data is fully secure and safe and processed through stripe who is fully PCI compliant.
6 Cookies
Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.
Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely.
Your web browser should allow you to delete any you choose. It also should allow you to prevent or limit their use.
Our website uses cookies. They are placed by software that operates on our servers, and by software operated by third parties whose services we use.
If you choose not to use cookies or you prevent their use through your browser settings, you will not be able to use all the functionality of our website.
We use cookies in the following ways:
* to track how you use our website
* to record whether you have seen specific messages we display on our website
* to record your answers to surveys and questionnaires on our site while you complete them
7 Personal identifiers from your browsing activity
Requests by your web browser to our servers for web pages and other content on our website are recorded.
We record information such as your geographical location, your Internet service provider and your IP address. We also record information about the software you are using to browse our website, such as the type of computer or device and the screen resolution.
We use this information in aggregate to assess the popularity of the webpages on our website and how we perform in providing content to you.
If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed in to our website.
We may update this privacy notice as and when necessary. The terms that apply to you are those posted here on our website on the day you use our website. We advise you to print a copy for your records.
If you have any question regarding our privacy policy, please contact us.