Privacy Notice

Sisters of the Sacred Hearts of Jesus and Mary 

Privacy Notice

This information is available to download in pdf format here.

 

This Privacy Notice explains the reasons how Sisters of the Sacred Hearts of Jesus and Mary (SSHJM) uses and protects any information that you may give SSHJM in whatever way in which you connect with us, during our mission.

Data controller: Sisters of the Sacred Hearts of Jesus and Mary, Chigwell Convent, 803 Chigwell Road, Woodford, Essex, IG8 8AU

Person responsible for data processing compliance: Bridget Cullen, (privacy@sacredheartsjm.org)

What information do we collect?

SSHJM collects and processes data from a variety of sources, such as when you visit our retreat and conference centres or have contact with Sisters fulfilling our mission, or you contact us by email, telephone, post or via our website, and is committed to being transparent about how it collects and uses that data to fulfil its obligations. It applies to personal data provided to us, both by individuals themselves or by others on behalf of individuals. We may use personal data provided to us for the purposes described in this privacy statement or as made clear in another form before collecting personal data.

Security

We take the security of all the data we hold seriously. Staff are trained on data protection, confidentiality and security, and we maintain a culture of confidentiality. We have a framework of policies and procedures which ensure that we keep the data we hold secure. All information you provide to us is stored on our locally hosted secure servers, security protected computers or in hard-copy files kept in secure cabinets, with access restricted to authorized personnel only.

What information do we gather?

 The categories of information that we process include

  • Personal information (such as name, date of birth, gender and address)
  • Financial information (such as bank details, debit/credit cards for financial transactions)
  • Information gathered when in contact with Sisters as they provide support and pastoral care (to be able to better support and care for you)
  • Information gathered during employment with us (to fulfil legal and statutory obligations)
  • Information gathered due to attendance our conference and residential facilities (to ensure bookings are administered efficiently, and to ensure we care for you effectively)

 

What do we do with the information we gather?

We require this information to provide support and services as part of our mission, and in particular for the following reasons:

  • Fulfilling our legal obligations for record keeping
  • To be able to provide conference and residential facilities
  • To ensure we understand your needs when visiting or being supported by us in the fulfilment of our mission
  • To provide appropriate pastoral care

 

 

Why does SSHJM process personal data?

Depending on the activity, we will use the following reasons to process your information:

• You have given us consent to do so;

• We are processing your information so that we can fulfil our promise or agreement in providing services to you;

• We need to comply with a legal obligation;

• We have a legitimate interest to do so.

We only use your information for the purposes detailed in this notice.  If there are any changes to the way we process your data we will contact you and ensure that any new processing is done in accordance with the GDPR.

How do we share information?

SSHJM will not share your information with any organisation for marketing purposes.

We will only share personal data with others when we are legally permitted to do so.  When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.

Personal data held by us may be transferred to:

  • Third parties who support us in providing our services and to help provide, run and manage our internal IT systems.  For example, providers of information technology, cloud based software as a service provider, identity management, website hosting and management, data analysis, data back-up, security and storage services.
  • Third party organizations that otherwise assist us in providing goods, services or information.
  • Auditors and other professional advisers.
  • Law enforcement or regulatory agencies or those required by law or regulations.

Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime or to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

Where do we process data?

Where possible, personal data resides within the UK territory but may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. We will take all reasonable steps to ensure that your data is treated securely, in accordance with this privacy statement.

How long is your data retained?

SSHJM will only keep your personal data for as long as necessary to provide you with our services or comply with legislation.

Your Personal Data Rights

You have a great deal of rights over your personal information and at SSHJM, we are committed to honouring them for you when processing your data. The next sections provide you with information on how you can request a variety of activities from us regarding your personal data, not just personal data obtained through this site, but also personal data processed across other areas of our business.

How can you rectify your data if it is not accurate?

If you wish to inform us of any changes to your personal data or preferences, then please contact us at privacy@sacredheartsjm.org

 If we are satisfied that the data is correct and accurate, we will inform you that this is the case and explain our decision. If we are satisfied that data is accurate, you still retain the right to complain to the UK Information Commissioners Office (ICO) and the ability to seek to enforce this right through a judicial remedy.

How can you gain access to your personal data?

If you require access to your personal data, you have the right to request this information from SSHJM which will be provided free of charge. If we are processing your personal information, you may request access to it by contacting the head of privacy (privacy@sacredheartsjm.org)

In order to correctly process your request and authenticate your identity we may request photographic identity and a proof of address. Some examples are passport or driving licence and a recent utility bill.

Once your request is received and identity verified, we will communicate back to you in writing, where appropriate by electronic means, or if requested, the information may be provided orally.  The response will be within a calendar month, unless an extension is required, which in this case we will still communicate back to you within a calendar month, outlining our justification for the additional time required.

This information will be provided free of charge, unless it is manifestly unfounded or excessive, and responses will be without undue delay and within a calendar month. If we do not take action regarding your request, we will provide the reasons for not doing so.  You also have the right to complain to the UK Information Commissioners Office (ICO) and the ability to seek to enforce this right through a judicial remedy.

How can you request the erasure of your data from our systems?

If you believe your data should be erased by SSHJM, then you have the right to request this by contacting privacy@sacredheartsjm.org and providing us with full details of your request, along with the rationale behind your request.

In order to correctly process and ensure you are the data subject, we will need to verify your identity, which may include a request for photographic identity and a proof of address. Some examples are passport or driving licence and a recent utility bill.

We only retain data as long as necessary but will review your request accordingly and respond to you within a calendar month.

If we do not take action regarding your request to erasure, we will provide the reasons for not doing so.  You also have the right to complain to the UK Information Commissioners Office (ICO) and the ability to seek to enforce this right through a judicial remedy.

How can you make a request for Buzzacott to restrict processing of your data?

You have the right to request that Buzzacott (The HR Consultants used by SSHJM), process your data on a restricted basis in certain circumstances.

You can make a request to restrict processing of your personal data, by providing full details and reasons for your request to privacy@sacredheartsjm.org

In order to correctly process and ensure you are the data subject, we may need to verify your identity, which may include a request for photographic identity and a proof of address. Some examples are passport or driving licence and a recent utility bill.

We will automatically restrict processing whilst we consider the accuracy of the data or the legitimate grounds for processing it, in line with your rights.

If we do not take action regarding your request to restrict processing, you have the right to complain to the UK Information Commissioners Office (ICO) and to a judicial remedy.

How can you move, copy or transfer personal data to another provider?

You have the right to data portability which allows you to move, copy or transfer your personal data from one IT environment to another in a safe and secure way without any interruption to usability.  

You can make a request to move, copy or transfer your personal data by providing full details of your request to privacy@sacredheartsjm.org

To correctly process and ensure you are the data subject, we may need to verify your identity, which needs to be a photographic identity and a proof of address. Some examples are passport or driving licence and a recent utility bill.

This information will be provided free of charge, unless it is manifestly unfounded or excessive, and responses will be without undue delay and within a calendar month. If we do not take action regarding your request to data portability, you also have the right to complain to the UK Information Commissioners Office (ICO) and the ability to seek to enforce this right through a judicial remedy. 

How do you object to Buzzacott processing your data?

You have the right to object to the processing of your personal data in a range of specified circumstances.

Your objection must be based on your particular situation and unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or we are processing the data for the establishment, exercise or defence of legal claims, we will stop processing your personal data.

Where your personal data is processed for direct marketing purposes, this right is absolute, and we will cease processing on receipt of an objection without exception. You can make an objection to us processing your personal data by providing full details of your request to privacy@sacredheartsjm.org

In order to correctly process and ensure you are the data subject, we may need to verify your identity, which needs to be a photographic identity and a proof of address. Some examples are passport or driving licence and a recent utility bill.

This information will be provided free of charge with responses being made without undue delay and within a month.

How can you raise a concern or make a complaint?

 If you wish to provide us with any feedback, have a complaint or wish to exercise any of your rights listed above, please contact us at privacy@sacredheartsjm.org

If you prefer to write to us, rather than send an email, please do so at the address given above

 Alternatively, if you are not satisfied with our response, you can contact our supervisory authority, which is the United Kingdom, Information Commissioner’s Office (ICO) who can be contacted directly on 0303 123 1113 or by visiting:  https://ico.org.uk

Changes to our Privacy Policy

We may occasionally make alterations to this page which will reflect how we process and look after your data.  This is to ensure our commitment to you in protecting your information and upholding your rights. If important changes are made to the policy, we will draw your attention to them by making this clear on our website, through our services or by another means of communication, such as email.  This will allow you to assess the changes and make an up-to-date decision if you would like to continue using our services.