Last Updated: May 2018
This site is one of a family of websites, mobile apps, and other digital tools (Digital Tools) operated by various ministries related to Campus Crusade for Christ (Cru) and governed by this Privacy Statement. Where we use the terms “we” “us” or “our,” we refer to Campus Crusade for Christ International and affiliated ministries (our Organization).
We are committed to protecting and appropriately handling private and personal information and take your privacy very seriously. We are publishing this Privacy Statement to let you know how we collect, process, use and share your personal information.
The definition of “personal information” will differ depending upon applicable law. In the European Economic Area (EEA) it will include all information that directly or indirectly relates to you, and includes “personal data” as defined by the General Data Protection Regulation (GDPR). Where GDPR or other EU privacy laws apply to you, this Privacy Statement details how you can exercise your rights.
We may, from time-to-time, update this Privacy Statement, so we encourage you to review it periodically. We will notify you (by email or prominent notice on this site) about changes in the way we treat your personal information and how those changes are likely to impact you.
1. Using our Digital Tools.
2. How we use your personal information.
We will generally only collect and use your personal information when it is necessary to achieve our legitimate interests of fostering spiritual growth, which includes providing spiritual guidance, coaching, events, meetings, and Digital Tools. We may also use your personal information when it is needed to provide you with goods or services, or to process donations or to comply with our legal obligations.
We set out below a table where we describe each of the ways in which we use your Personal Information, the types of Personal Information that we use and the legal basis that applies to that use. Where the legal basis is “legitimate interest” we also set out some further details.
The legal basis and details of the legitimate interests detailed in the table below only apply where we are subject to the GDPR or other EU privacy laws.
|How we use your Personal Information||The types of Personal Information involved||Legal Basis||Legitimate Interest|
|To allow you to register and attend an event and to follow up with you after the event||Identity data; contact details; marketing/communication data; travel information; requests and preferences||Contract|
|For electronic marketing communication||Identity data; contact details (email, sms etc); marketing/communication data||Consent or Legitimate Interest where it follows something you have bought, given or attended||When you engage with us (for example, financially), the law permits our Organization to send you relevant email marketing|
|For physical communication and non-marketing electronic communication||Identity data; contact details; marketing/communication data||Legitimate Interests||To keep you informed of our ministry; To send you ministry information and resources which we believe you will be interested in|
|For contact management||Identity data; contact details; marketing/communication data; requests and preferences; demographics||Legitimate Interests||To manage participation in our ministry and contact management across the ministry|
|To improve your experience of our Digital Tools||Identity data; contact details; system data; Historical transaction data; requests and preferences; demographics||Legitimate Interests||To improve the operations of our Digital Tools and to show information that is more interesting to you|
|To allow you to login and to access our Digital Tools||Identity data and security credentials||Contract and Legitimate Interests||To ensure that your accounts on our Digital Tools are kept safe and private|
|To apply for, or participate in, short or long term mission opportunities with us; to apply or participate as a volunteer||Identity data; contact details; application data||Contract|
|For spiritual guidance and support||Identity data; contact details; Information about your beliefs & circumstances; requests and preferences||Legitimate Interests||To provide spiritual guidance and support; to allow us to pray for you; to provide you with resources and activities that will help you grow spiritually|
|To provide forums and digital communities||Identity data; contact details; Your posts in discussion threads||Legitimate Interests||To provide a place for you to discuss spiritual and mission based topics|
|For fund development||Identity data; Financial data; financial transaction data; contact details; contact details; information about your beliefs & circumstances; requests and preferences||Legitimate Interests||To provide opportunities for you to partner with us through financial giving, communication or prayer|
|To process donations||Identity data; Financial data; financial transaction data; contact details; and tax status||Contract and Legitimate interests||To securely receive your donation toward our charitable aims|
|For statutory reporting||Identity data; contact details; tax status||Legal Obligations and Legitimate Interests||We may have obligations to report to the authorities in other countries|
|To deliver goods and services||Financial data; financial transaction data; contact details||Contract|
|To allow us to improve our tools; to maintain an audit trail of access to data; troubleshooting; data analysis; system maintenance;||Historical transaction data; system data; audit logs; and location data||Legitimate Interests||To manage and protect our Digital Tools; to ensure that our services run effectively and to track who is accessing your data|
|To respond to complaints and requests||Identity data; contact details; historical transaction data; application data||Legal obligation and Legitimate Interests||To ensure that your concerns are addressed|
3. How we collect personal information.
We obtain personal information about you via:
direct interactions: when you enquire about our activities, engage in an activity with us, make a donation, register through one of our sites or at an event, or otherwise give us your personal information. If you meet with us for discipleship or spiritual advice, we may take confidential notes for spiritual guidance and support. If you prefer that we do not take notes, please let us know. The information you disclose is entirely at your discretion.
third parties [or other publicly available sources]: we may from time to time obtain personal information about you from third parties [and public sources] (e.g. US Census Data). We will only collect personal information from third parties if they have obtained that information in a legal and proper way.
Referral of information by individuals. Your name and contact details may have been passed to us by someone you know, who indicated that you might be interested in hearing about our ministry, according to the chart in section 2.
4. Types of personal information that we collect.
We collect the following types of personal information:
application data including employment history, qualifications and references, if applicable;
contact details including email address, postal address, email, telephone number and instant messaging details;
demographics including information that allows us to better understand who you are and the services in which you are most interested;
financial data including bank account and payment bank details;
financial transaction data including details about payments and donations from you and details of products and services you have purchased from us and activities you have participated in;
historical transaction data including communication history, your past donations, purchases, applications and interactions with us;
identity data including name, date of birth, gender, marital status;
information about beliefs and circumstances including religious information; information you disclose about your personal circumstances;
location data that is information about your physical location, including IP address, and lat/long coordinates and country of origin (where applicable);
marketing and communication data including your preferences in receiving marketing from us and communication preferences;
requests and preferences including communication preferences, your interests and prayer requests;
security credentials including username and password;
system data including information about how you use our Digital Tools;
tax status; and
travel information including your travel details, delegate information, dietary requirements, and room preferences.
5. How/when we disclose personal information.
Generally, we will not disclose or share your personal information (including your e-mail address) with anyone outside our organization without your permission. However we may need to use or share your information with our partners and agents who provide goods and services to you on our behalf. Your information may be disclosed:
to other parts of our Organization;
to public or regulatory authorities;
to third party service providers, including:
- cloud service providers for the hosting of apps and sites;
- direct and email marketing service providers (e.g. MailChimp); and
- companies that assist us in processing your donations.
We take steps to safeguard your information and we have contractual provisions requiring all third party service providers to respect the security of your personal data and to treat it in accordance with our data protection policies and all applicable laws. We will not allow third party service providers to use your personal information for their own purposes and they will only be allowed to process your personal information in accordance with our instructions.
6. Your Rights.
The following rights under the GDPR are available to you if you are located in the EEA. If you wish to exercise any of these rights, please email firstname.lastname@example.org. We will respond to your request within 30 days of accepting it. Before accepting your request we may need to ask for some identity documentation from you, to make sure we don’t inadvertently provide your personal information to someone else.
If you are not in the EU, you can still apply for one of these rights, and we will comply where the request is reasonable in our discretion.
a. Editing and updating personal information
If you find that your personal information needs to be edited or updated, you can change your personal information directly on the site. Our Digital Tools offer different options for you to access, change, and modify the information you previously provided, such as your donor or customer record (for registered users only), email address, postal address, or to stop a duplicate email.
If one of our Digital Tools does not give you the option to edit personal information yourself or you wish to update the personal information we otherwise hold about you, you can ask us to update it by contacting us at email@example.com. Please make sure to provide us with all the information we need to be able to address your request, including both the old and new information.
b. Accessing personal information.
You can request details of your personal information we hold. We will confirm whether we are processing your personal information and provide additional details including what kind of information we have about you, where we collected it, how we use it (including the legal basis for our processing), how long we expect to keep it, details of any automated decision making or profiling and the safeguards regarding data transfers to non-EEA countries, subject to the limitations set out in applicable laws and regulations.
If you ask us, we will provide you with a copy of your personal information free of charge. We may charge you a fee to cover our administrative costs if you request multiple copies of the same information or if the requests are manifestly unfounded or excessive.
c. Deletion of personal information.
At your request, we will delete your personal information if:
- it’s no longer necessary to retain your personal information;
- you withdraw the consent which formed the basis of your personal information processing;
- you have successfully objected to the processing of your personal information (see below);
- your personal information was processed unlawfully; or
- we are required to delete your personal information to comply with our legal obligations.
We will review requests on a case by case basis and we might not be able to comply with your request if we need to process your personal information:
- for exercising the right of freedom of expression and information;
- to comply with our legal obligations;
- to establish, exercise or defend a legal claim; or
- to perform a task in the public interest.
If this is the case, we will notify you of the reasons why your request was rejected.
d. Restriction of processing of personal information.
You have the right to request us to limit the processing of your personal information if:
- you dispute the accuracy of your personal information;
- your personal information was processed unlawfully and you request a limitation on processing, rather than a deletion of your personal information;
- we no longer need to process your personal information, but you need your personal information in connection with a legal claim; or
- you object to the processing of your personal information based on our legitimate interests pending verification as to whether we have an overriding legitimate ground for such processing.
To the extent needed, we may still keep some of your data to ensure we comply with your request to limit processing, or for other legal purposes.
e. Objecting to certain types of processing including automated decision making.
Where we process your personal information based upon our legitimate interests, you have the right to object to this processing on grounds relating to your particular situation if you feel it impacts on your fundamental rights and freedoms.
Where we process your personal information based upon our legitimate interests and where decisions are made by automated processing which has a legal or other significant effect on you, you may also object to such automated decision making.
f. Portability of personal information.
You can request us to send you your personal information in a structured, commonly used, machine-readable format so that it can easily be transferred and used by a third party if:
- you provided us with the personal information;
- the processing of your personal information is based on your consent or required for the performance of a contract; or
- the processing is carried out by automated means.
g. Withdrawing consent.
We primarily rely on legitimate business interests to process your data, but to the extent we use consent to process your data, you have the right to withdraw any consent you may have given us at any time. We will comply with your request promptly.
If you withdraw your consent, we might not be able to provide some of our products and services to you. At any point, you have the right to object to processing of your personal information for direct marketing purposes and we will promptly comply with your request.
h. Filing a complaint with a data protection authority.
We will try to resolve any problems that you have but you are always able to contact your local data protection authority for assistance or to make a complaint.
7. International transfer of your personal information.
We are an international organisation and we might need to transfer your personal information to other countries. If you are in the European Economic Area (EEA), please be aware that we may need to transfer your data to countries outside the EEA to process it. We will only transfer your personal information outside the EEA with adequate safeguards in place and in full compliance with applicable laws. For example, we will only transfer your personal information to countries that have been deemed to provide an adequate level of protection. We have established standard contractual clauses with our service providers to ensure they protect your information and to enforce legal transfers of data internationally.
We have put in place appropriate security measures to protect your personal information from being accidentally lost, misused or accessed in an unauthorised way, altered or disclosed. These include technical, administrative and physical security measures to ensure that any information we collect is stored and processed securely.
For example, for Digital Tools that require personal or sensitive data to be collected or displayed, a Secured Socket Layer (SSL) connection is required, to ensure that the data is encrypted as it is transferred to the browser. All credit card payments are processed using PCI compliant technology, to ensure that your credit card number is securely passed to the merchant/service provider. We do not store your credit card details.
We have procedures to deal with any suspected personal data breach and we will promptly notify you and any applicable regulator of a breach in accordance with our legal obligations.
We cannot guarantee that the security measures we implement in connection with the operation of the site will absolutely prevent others from accessing or acquiring any information that you provide while using the site. You can help us protect your personal information by properly protecting your password and remembering to sign out of your account and close your browser window when you finish visiting our site, especially if you are on a shared or public computer.
9. Cookies and information collected by technology.
Click here for a list of the cookies used on our sites.
10. How long we keep your personal information.
We keep your information as long as it is needed to achieve our purposes listed above, as well as for the amount of time necessary to meet any legal, tax, or reporting requirements.
We do not keep your personal information for longer than necessary and up to 7 years after your last interaction with us (e.g. making a donation, registering for an event, or using one of our Digital Tools). We may keep your data for longer than 7 years for legal or technical reasons. We may also keep it for statistical purposes. However, if we do, we will ensure that your privacy continues to be protected and only use it for these purposes.
11. Third party sites and information.
12. Special rules for children.
We do not collect personal information from children under the age of 13 beyond what is necessary for them to participate in our online or other activities, such as registering for a conference or downloading materials. If we discover that we have accidentally collected personal information from a child below the age of 13, we will delete it from our records as soon as reasonably possible.
If a child, under the age of 16 in the EEA, or under the age of 13 elsewhere, attempts to register with one of our Digital Tools, purchase products or materials, or participate in an activity requiring the submittal of personally identifiable information, a parent or guardian must give permission and consent for that child to provide information and register. The only personal information we collect from a child is information that is necessary for the child to participate in activities, such as an address for making a purchase. Parents have the right to request at any time that the information collected about their child is removed from our database.
13. Your California privacy rights.
Under California’s “Shine the Light” law, California residents who provide personal information in obtaining products or services for personal, family or household use are entitled to request and obtain from us once a calendar year information about the customer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year (e.g. requests made in 2018 will receive information regarding 2017 sharing activities). Please be aware that not all information sharing is covered by the “Shine the Light” requirements.
If you have any questions about this policy or the way we use your personal information, you may contact:
Mailing Address: FamilyLife, 100 Lake Hart Dr, Orlando, FL 32832.