Privacy Policy

UCCF is a Christian mission organisation, that exists to support the witness of Christian Unions (CUs) in the universities and colleges of Great Britain.

We are a Registered Charity No. 306137 (England and Wales) and SC038499 (Scotland), and a company limited by guarantee registered in England and Wales No. 387932. Our Registered Office is Blue Boar House, 5 Blue Boar Street, Oxford, OX1 4EE.

For the purposes of this Policy, ‘us’, ‘we’ and ‘our’ refer to UCCF.

Data Protection Policy

UCCF is committed to a policy of protecting the rights and privacy of individuals in accordance with data protection legislation, as set out in the General Data Protection Regulation (GDPR). To ensure compliance with GDPR, UCCF has introduced a Data Protection Policy that reflects the requirements of the GDPR. All paid staff and volunteers who process data on behalf of UCCF are required to read the policy, and to strictly adhere to the principles and procedures of the policy.

UCCF’s data protection policy is supported by staff training, and operational and technical measures to ensure that staff are resourced to comply with GDPR.

Key Definitions

‘Processing’ refers to any action concerning personal data. This can be using the data to send communications, but storing, sharing, or destroying the data is also deemed to be processing.
‘Controller’ refers to any natural person who processes personal data, and determines what data is to be processed and the purposes for which it is to be processed.
‘Processor’ refers to any natural person who processes data on behalf of a controller. The key difference to a controller is that they only process the data on instruction from the controller, and do not determine the purposes for which the data is processed.
‘Data Subject’ refers to any individual who has personal data being processed by a controller, whether provided by the individual or taken from other sources.
‘Personal data’ is defined in the GDPR as: “Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

Who is responsible for Data Protection at UCCF?

All UCCF staff are responsible for ensuring that they comply with the GDPR. Overall responsibility for UCCF’s compliance with the GDPR rests with UCCF’s Company Secretary, and is administered through the Data Protection Officer (DPO). The DPO will recommend and undertake such measures that are deemed appropriate to ensure UCCF’s ongoing compliance with the GDPR.

How does UCCF collect data?

UCCF will collect personal data from a number of different sources, including:

Donation Forms
Requests for communications
Event Registrations
Job Application Forms
Application forms to the Relay programme
Use of the UCCF website
Other sources, including publicly available information

How does UCCF use data?

UCCF keeps a data register, which contains a record of all the personal data UCCF presently processes. The record including the legal basis on which the data is processed, and how UCCF is protecting the rights of data subjects, and fulfilling their own obligations as controller. The data register is managed by the DPO, and reviewed on a regular basis to ensure that all processing is legal, and that our information is up-to-date and accurate.

Where UCCF staff handle personal data, they are required to inform the DPO of any planned change in their processing of data; this includes either the intention to cease processing data, or to undertake completely new data processing.

UCCF uses personal data in a wide range of business functions. Further information will be made available soon. In the meantime, if you have questions about our use of your personal data, you can contact us using the details given below.

Data Security

Appropriate operational and technical measures are in place to ensure compliance with the GDPR, and reviewed by the DPO on a routine basis. These include:

IT security for electronic records, including encryption and access controls.
Physical security, including control of building access, and restricted access to sensitive data stored in physical records.
Training for UCCF staff to ensure that correct data handling procedure is followed at all times.

We will not transfer your contact details to other charities or to other companies for their marketing purposes. We will not, without your consent, supply your contact details or other personal data to any third party outside UCCF except:

Where we are required to do so by the law.

Or where such a transfer is a necessary part of the activities that we undertake. For example, we may:

transfer your name and address to a mailing house in order to send out mailings to you
transfer your name, address and the values of gifts that you have given us to HMRC in order to reclaim gift aid on your gifts
transfer your name and contact details to conference centres if you are attending a UCCF sponsored conference

What are my rights as a data subject?

Unless subject to an exemption under the GDPR (for example – where we have a legal requirement to process the data) you have the following rights with respect to your personal data. This Privacy Policy and the way we use your personal data have been designed to uphold these rights:

The right to know what data UCCF holds about you, and how it is used.
The right to access your personal data.
The right to ensure data UCCF holds about you is accurate.
The right to have your data erased and no longer processed.
The right to stop your data being processed.
The right to receive your data in a format that can be easily transmitted to another controller.
The right to request a legal justification for processing of your data.
The right to be informed about where automated decision making is taking place, and to object to the use of any such automation.

UCCF’s legal basis for processing data

Where UCCF collects and processes personal data, we have provided a legal basis for why we are processing the data.

The legal bases are:

You have provided consent for UCCF to process your data.
It is necessary to implement a contract between you and UCCF.
UCCF must process the data to comply with a legal obligation.
Processing the data is essential for protecting the vital interests of a person.
Processing the data is essential for carrying out a task in the public interest.
UCCF has a legitimate interest in processing the data, which is not outweighed by your rights and interests.

UCCF will communicate which on which basis we are processing your personal data through a privacy notice at the point of data collection. This legal basis is also recorded in our data register.

Contacting us regarding your personal data

As an individual, you have a right under data protection legislation to obtain information from us, including a description of the data that we hold on you. Should you have any queries concerning this, please contact us at the address below.

Our contact details for data protection matters

Universities and Colleges Christian Fellowship, Blue Boar House, 5 Blue Boar Street, Oxford, OX1 4EE
Email: dataprotection@uccf.org.uk
Telephone Number: 01865 253678

If you believe that UCCF has not complied with your data protection rights, you can complain to the Information Commissioner. For more information, visit www.ico.org.uk.

Changes to UCCF privacy policy

This Privacy Policy may be updated from time to time so you may wish to check it each time you submit personal information to UCCF. The date of the most recent revisions will appear on this page. If you do not agree to these changes, please do not continue to use the UCCF website to submit personal information to UCCF. If material changes are made to the Privacy Policy we will notify you by placing a prominent notice on the website.

This version – April 2018; Last review – July 2021.