Data Security Policy


Introduction


Light of Truth Ministry (henceforth ‘L.O.T,’ ‘we,’ or ‘us’), an apostolate of the Dominican Sisters of St Joseph, abides by the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 when handling the personal data of any individual with whom we are in contact.

GDPR and the UK Data Protection Act is legislation which aims to ensure that all organisations have  appropriate legal grounds for processing personal data, and that this data is utilised only for  specific and explicitly-stated purposes. GDPR defines organisations as either ‘processors’ or ‘controllers’ of data. A controller is an organisation which collects personal data and determines how and for what purpose it is to be used. A processor is an organisation which provides services to the controller to help manage and  organise the data which the controller has collected. According to GDPR, L.O.T. are a controller of data. On a practical level, this means that we, rather than any third-party services we use for the processing of personal data, take full legal responsibility for ensuring that data is secure and that individuals with whom we come into contact  can exercise their rights pertaining to the retention of data.

Website (www.lightoftruth.uk)


We use Google Analytics to analyse the use of our website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google’s privacy policy is available here
Information collected from Google Analytics is used solely for the administration of our website and is not shared with any third parties. The website contains links to other websites, for whose privacy policies or practices we are not responsible.


Newsletters


The mailing lists for our newsletters are managed on Mailchimp, whose privacy policy can be viewed here. While Mailchimp is a US-based data processor, it abides by the Privacy Shield agreement which ensures data stored in the US is safeguarded according to GDPR standards. Individuals may contact us to access, correct, update or delete the information about themselves which we store (their email address, first name, and last name.) The data we store in our mailing list is not passed on to any third party. Mailchimp also has software which can review the content of email campaigns to ensure compliance with their Terms of Use. Therefore, any personal information about individuals mentioned in our newsletter is viewable by Mailchimp in certain tightly-defined circumstances.

Email Contact Form


The email addresses and contact forms listed on our website are for all the mailboxes associated with the website. The personal data we receive from messages sent through these addresses (first name, last name, and email address) will not be passed on to any third party. Once we have responded to your message (if it requires a response), your message is deleted. These mailboxes are accessed by several sisters of the Dominican Sisters of St Joseph. Personal information within email correspondence may be disclosed to other sisters within the community who do not have direct access to these mailboxes.

Cookies


A cookie consists of information which is sent by a web server to a web browser and subsequently stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser. The cookies we use enable key functions on our website such as security, network management, and accessibility. You can disable these by changing your browser settings, but this may affect your ability to view and use our website.

Instructions on how to manage and remove cookies in internet explorer can be found here, chrome here, safari here and firefox here and here.

Donations


The Sisters solicit and receive donations from the Light of Truth website: www.lightoftruth.uk. These donations are used exclusively to provide for the Dominican Sisters' livelihood and work. Personal information provided for the sake of sending donations to the Dominican Sisters is used only for the following purposes:
-     To record donations
-     To send acknowledgement and thanks
-     To collect payments
-     To deal with enquiries and complaints
The only personal information we hold for our records and purposes are names, email addresses, amount shared and, when disclosed, physical addresses.

When an individual makes a monetary donation for a Light of Truth course, their transaction is managed by PayPal as a third-party data processor which may collect, retain, process, share and transfer Personal Data when its services are used. PayPal abides by the GDPR and their privacy policy can be viewed here.

We do not provide third parties with any personal information about donors or transactions unless it is to assist competent authorities during a legal investigation.

Zoom


L.O.T online courses make use of Zoom as a third-party data processor. Zoom abides by the GDPR and its data policy can be found here. Participants are required to register for courses beforehand and will also be required to have their full name (first name and surname) visible before they are permitted to enter the meeting.  This information is used only to identify participants during the Zoom and to send them email reminders of upcoming sessions as well as follow-up emails with the course material they have signed up for.

Zoom meetings can be recorded, but recordings will not normally be put in the public domain. If a recording is put in the public domain, it will be with the consent of the participants whose images and names will be visible on-screen.

Data Security


We take the appropriate measures to ensure that your personal data is not lost, used/accessed inappropriately, altered, or disclosed. We also limit access to your personal data to those within the Dominican Sisters of St Joseph, or in some circumstances third parties, who have a legitimate need to know such data. These third parties will only process your personal data on our instructions and are subject to a duty of confidentiality. We have an agreed procedure to deal with suspected data breaches and will notify you and any applicable regulator of a breach where we are legally required to do so.

Your Legal Rights


Under data protection law, there are certain circumstances in which you can exercise rights pertaining to the personal data stored by a data controller. These include the right to request access to, correction of, or erasure of your personal data. You can also withdraw consent to the processing of your personal data or request restriction of that processing. If you have had data processed by us and wish to exercise these rights, please email us.

You will not have to pay a fee to exercise these rights unless your request is clearly unfounded, repetitive or excessive, in which case we are permitted to charge a reasonable fee. We may also refuse to comply with your request in these circumstances.

If you contact us to exercise your data rights, we may need to request specific information from you to confirm your identity and ascertain that your request is valid. This is a security measure designed to ensure that your personal data is not disclosed to a person who has no right to access it. We may also contact you to ask you for further information in relation to your request to speed up our response. We aim to respond to all legitimate requests within 30 days, but your request may take us longer than a month to process if it is complex or one of several requests you have made. In this case, we will inform you and keep you updated.

Policy Reviewal


This data security policy is reviewed and updated as necessary. If you have any questions about this policy or our treatment of your personal information, please contact us.


Last updated January 2022