Welcome to Alpha International's (AI) Privacy Notice.

AI respects your privacy and is committed to protecting your personal data. This privacy notice will inform you how we take care of your personal data (regardless of where you visit this privacy notice from) and inform you about your privacy rights and how the law protects you.

This privacy notice is provided in a layered format so that you can access the specific areas of interest to you below. Please also use the Glossary to understand the meaning of some of the terms used in this privacy notice.

IMPORTANT INFORMATION AND WHO WE ARE
THE DATA WE COLLECT ABOUT YOU
HOW IS YOUR PERSONAL DATA COLLECTED?
How we use your personal data
DISCLOSURE OF YOUR PERSONAL DATA
INTERNATIONAL TRANSFERS
Data Security
DATA RETENTION
YOUR LEGAL RIGHTS
GLOSSARY

1. Important Information and Who We Are

Purpose of this privacy notice

AI works in partnership with four other independent charities that share a common heritage and have emerged from Holy Trinity Brompton church. We refer to the charities collectively as the HTB Group (HTBG), but they do not form part of a group in a legal technical definition. The HTBG works cooperatively and collaboratively with many shared systems, processes, and policies. In light of the close association, shared offices, and infrastructure, the charities that constitute the HTBG have agreed to take a common approach to privacy and data protection. The individual charities have entered into a formal data-sharing agreement to regulate the extent to which data may be shared between the charities and the protection and procedures put in place to regulate this data sharing. Within this privacy notice we will inform you about the areas where the HTBG shares data and why.

‍

This privacy notice aims to provide you with information about how AI collects and processes your personal data, including any data you may provide through this website when you interact with us, register for an event, make a donation to a charity, apply for a volunteer or staff position, or subscribe to our newsletter.

‍

This website is not intended for children; however, we collect data related to children if they attend one of our events or participate in our activities.

‍

It is important that you read this privacy notice together with any other privacy notices or fair processing notices that we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

‍

Controller
The HTB Group (HTBG) is comprised of:

‍

Holy Trinity Brompton, a charity registered in England and Wales (charity number 1133793) with its registered office at Brompton Road, London, SW7 1JA (HTB).

‍

Alpha Internacional is a charity registered in England and Wales with number 1086179, in Scotland with number SC042906, and a private company limited by guarantee registered in England and Wales with number 4157379 (AI).

‍

St Paul's Theological Centre is a registered charity in England and Wales with number 1111609 and a private company limited by guarantee registered in England and Wales with number 5543940 (SPTC).

‍

Church Renewal Trust is a registered charity in England and Wales with number 1129661 and a private company limited by guarantee registered in England and Wales with number 6849860 (CRT1).

‍

Church Revitalization Trust is a charity registered in England and Wales with number 1174882 and a private company limited by guarantee registered in England and Wales with number 10754427 (CRT2).

‍

This privacy notice is issued on behalf of HTBG, so when we mention «HTBG,» «we,» «us,» or «our» in this privacy notice, we are referring to the relevant charity within HTBG responsible for processing your data. We will inform you which entity will be responsible for processing your data when you purchase a product or service from us. AI is the controller and responsible for this website.

‍

We have appointed a Data Protection Lead (DPL) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPL at GDPR@alpha.org, by calling 0207 052 0200, or by writing to the Data Protection Lead, Alpha International, Cromwell Road, London, SW7 2H.

‍

You have the right to lodge a complaint at any time with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection issues (ico.org.uk). However, we would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance.

Changes to the Privacy Notice and your duty to inform us of changes

It is important that the personal data we have about you is accurate and up-to-date. Please keep us informed if your personal data changes during your relationship with us.

‍

Third-party links

This website may include links to third-party websites, plugins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

‍

‍

2. The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store, and transfer different types of personal data about you that we have grouped as follows:

• Identity data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, and sex.
• Contact details include billing address, shipping address, email address, and phone numbers.
• Financial data includes bank account and payment card details.
• Transaction data includes details about payments to and from you and other details about events, products, or services you have purchased from us or gifts you have donated to us.
• Technical data includes Internet Protocol (IP) address, your login details, browser type and version, time zone settings and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
• Profile data includes your username and password, purchases or orders made by you, your interests, preferences, comments, and survey responses.
• Usage data includes information about how you use our website, events, products, and services. Marketing and communications data includes your preferences when receiving marketing from us and our third parties, and your communication preferences.
  We also collect, use and share aggregated data, such as statistical or demographic data, for any purpose. Aggregated data may be derived from your personal data, but is not considered personal data by law because the data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or link Aggregated Data with your personal data so that it can identify you directly or indirectly, we treat the combined data as personal data to be used in accordance with this privacy notice.

As a religious charity, we collect data on the courses, training sessions, and events you attend. This information likely falls under the definition of Special Categories of Personal Data. Special Categories of Personal Data include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information, and genetic and biometric data. We will always make it clear to you when we collect this information and why. For some of our events and services, we may also collect information about criminal convictions and offenses.

If you do not provide personal data

When we need to collect your personal data to perform the contract we have with you and you do not provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel your tickets for an event or service that you have with us, but we will notify you if this is the case at that time.

‍

3. How is your personal data collected?

We use different methods to collect data from and about you, including:

Direct interactions

You may provide us with your identity, contact, and financial information by completing forms or by connecting with us by postal mail, telephone, email, or otherwise. This includes personal data you provide when:

• donate online, by text message, or by completing a donation envelope;
• are photographed or filmed during one of our events or courses;
• Create an account on our website;
  register for an event or course;
  subscribe to our service or publications;
• request to be sent marketing;
  participate in a contest, promotion, or survey; or
  Give us some comments.
  ‍

Automated technologies or interactions

As you interact with our website, we may automatically collect technical data about your equipment, actions, and browsing patterns. We collect this personal data by using cookies, server logs, and other similar technologies. Please see our cookie policy for more details.

You can set your browser to reject all or some browser cookies, or to notify you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our cookies page here.

4. How we use your personal data

We will only use your personal data when the law allows us to. The most common circumstances in which we will use your personal data are:

When we need to execute the contract that we are about to enter into or have entered into with you.
When necessary for our legitimate interests (or those of HTBG) and their fundamental interests and rights do not override those interests. We generally do not rely on consent as a legal basis for processing your personal data, except where we collect Special Categories of Data or in relation to sending direct marketing communications by email or text message. You have the right to withdraw your consent to marketing at any time by clicking an unsubscribe link in one of our emails or by emailing GDPR@alpha.org. .
‍
Purposes for which we will use your personal data

Here is a description of the ways we plan to use your personal data. We collect and process information so that we can:

• manage, administer, and promote the charity;
• manage financial transactions and donations;
• request financial support and non-financial support such as volunteering or prayer
• manage our fundraising activities and donor communications at HTBG and our partner National Alpha offices located internationally;
• manage our courses or events;
• connect with their local National Alpha Office to receive them at the Leadership Conference;
• respond to Alpha queries related to their region;
• manage our global course database;
• manage our websites and social media accounts;
• manage our human resources function;
• prevent and detect crimes; and
• when we need to comply with a legal or regulatory obligation.
  Please note that we may process your personal data for more than one legal reason, depending on the specific purpose for which we use your data. Please email GDPR@alpha.org.org if you require details about the specific legal basis on which we are relying to process your personal data.

Fundraising

When we believe we have a legitimate interest in doing so, particularly if you have donated to AI, we may undertake wealth profiling and analytics to gather information using publicly available data about you or information you have already provided to us. Once we have identified that you may have the capacity or affinity to support AI at a higher level, we may use the information we hold about you to identify connections between you and our existing circle of key supporters. We may review other information about you that is publicly available through internet searches, social media, such as LinkedIn, subscription services, news archives, or public databases (e.g. Companies House, electoral, political and property registers), such as information on corporate directorships, shareholdings, published biographical information, employment and income, philanthropic interests and networks, charitable giving history and motivations, and relevant media coverage. This information helps us engage with you in a more personalized way.

We may also obtain personal data about individuals who may be interested in making significant donations to charities or organizations like AI. AI will not retain publicly available data relating to major donors without informing them and providing them with an opportunity to object to our processing of their personal data, which will be done as soon as practicable. Where we decide not to make contact, we will delete all personal data obtained which is not basic contact data and will apply a suppression flag to ensure we do not make contact in the future.

We can utilize third-party agencies as a cost-effective way to conduct an asset assessment on our behalf and share your information with them as needed. You will always have the right to object to the processing of your information in this manner.

‍

Marketing

We strive to provide you with choices regarding certain uses of your personal data, particularly in relation to marketing and advertising. You will receive our marketing communications if you have inquired about our products or purchased products from us, attended an event or course with us, and in each case, you have not opted out of receiving such marketing. You can ask us or third parties to stop sending you marketing messages by emailing GDPR@alpha.org at any time. When you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product purchase, event registration, or other financial transaction.

‍

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you would like an explanation as to how the processing for the new purpose is compatible with the original purpose, please email GDPR@alpha.org. .

If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in accordance with the above rules, when required or permitted by law.

Disclosure of your personal data

We will share some of your personal data with the parties listed below for the purposes described in paragraph 4 above.

• Internal third parties as established in the Glossary.
• Fundraising partners as established in the Glossary.
• National Office Alpha as established in the Glossary.
• Third Parties as defined in the Glossary.
• Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire or merge with other charities. If any of these changes occur, your personal data will be used in the same way as set out in this privacy notice. 

We require all third parties to respect the security of your personal data and treat it in accordance with the law. We do not allow our external service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

‍

International transfers

Some of our third-party external processors, external NAOs, and fundraising partners are based outside the European Economic Area (EEA), so the processing of their personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data outside the EEA, we ensure that it is given a similar degree of protection by ensuring that at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that the European Commission considers to provide an adequate level of personal data protection. For more details, please refer to the European Commission: Adequacy of the protection of personal data in non-EU countries.
• When using certain service providers, we may utilize specific contracts approved by the European Commission that provide personal data with the same level of protection as in Europe. For more details, see European Commission: Model contracts for the transfer of personal data to third countries.
• When using US-based vendors, we can transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection for personal data shared between Europe and the US. For more details, please see European Commission: EU-US Privacy Shield.

Email GDPR@alpha.org if you would like more information on the specific mechanism we use when transferring your personal data outside the EEA.

‍

7. Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed without authorization, altered, or disclosed. Furthermore, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.

We have implemented procedures to address any suspected personal data breaches and will notify you and any applicable regulators of a breach when legally required to do so.

‍

8. Data Retention

How long will you use my personal data?
We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and applicable legal requirements.

Details of the retention periods for different aspects of your personal data are available in our retention policy, which you can request by emailing us at GDPR@alpha.org. .

‍

9. Your legal rights

In certain circumstances, you have rights under data protection laws in relation to your personal data. Click on the links below to learn more about these rights:

• Request access to your personal data
• Request correction of your personal data
• Request the deletion of your personal data
• Object to the processing of your personal data
• Request the restriction of processing of your personal data
• Request the transfer of your personal data
• Right to withdraw consent

If you wish to exercise any of the rights set forth above, please send an email to GDPR@alpha.org. .

‍

Generally, no fee is required

You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

‍

What we may need from you

We may need to ask you for specific information to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to anyone who is not entitled to receive it. We may also contact you to request further information in relation to your request in order to speed up our response.

‍

Response deadline

We aim to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or if you have made multiple requests. In this case, we will notify you and keep you informed.

10. Glossary

Legal basis
Legitimate interest means the interest of our charities in conducting and managing our charitable activities to enable us to provide you with the best church community, events, products and services and the best and safest experience. We ensure we consider and balance any potential impact of these activities on you (both positive and negative) and on your rights before processing your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or where there is a requirement or permitted by law). You can find out more about how we balance our legitimate interests against any potential impact on you with respect to specific activities by emailing GDPR@alpha.org. .

Performance of a contract means processing your data when necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Complying with a legal or regulatory obligation means processing your personal data when it is necessary to comply with a legal or regulatory obligation to which we are subject.

‍

THIRD PARTIES

Internal Third Parties:

Other HTBG charities act as joint controllers or processors providing system and IT management services and carrying out leadership reporting.

‍

Fundraising partners:
If you are a major donor to AI or have been identified as a potential major donor and reside outside the UK, we can partner with our related charity in the country where you reside to coordinate our fundraising activities (i.e., the Alpha National Office in your region (see below). Both charities understand the need to identify and effectively manage donor interactions in these geographical areas to avoid overlapping giving requests. We coordinate our movements to determine which charity may be best placed to cultivate a relationship with you. We do not share any of your personal data except for this purpose.

‍

National Offices Alpha:
The National Alpha Office of third parties operating in the country or territory where you live, which may be outside the EU. You can find your NAO using this link.

‍

External Third Parties:

• Service providers acting as processors based in the UK and Canada providing system administration and IT services.
• Contractors providing business growth services to help Alpha expand into new regions.
• OneSixOne, a creative consulting firm that helps us produce Alpha campaigns.
• Event management systems including Eventsforce, Eventbrite, and Brushfire.
• Survey and email services like Mailchimp*, SurveyMonkey, and Mailerlite.
• We use Mailchimp for our daily Bible-in-a-year mailings. Please note that Mailchimp may use your personal data for its own commercial purposes as outlined in Section 3B of their privacy policy. Alpha is not responsible for Mailchimp's privacy practices, which may differ from those set forth in this privacy policy.
• CRMs like Salesforce and Raiser's Edge.
  Retail services including Windsor Print and Wisque.
• Professional advisors including lawyers, bankers, auditors, pension consultants and insurers based in the UK providing consultancy, banking, legal, insurance and accounting services.
• HM Revenue & Customs, UK-based regulators, and other authorities requiring reporting of processing activities in certain circumstances.
• Zoom, which provides an online video conferencing service that we use for meetings, courses, events, and training.
• Third-party privacy policies (online services only):
• Blackbaud Privacy Policy and Privacy Shield Notice. .
• Brushfire Privacy Policy and Privacy Shield Notice. .
• Eventbrite Privacy Policy and Privacy Shield Notice. .
• Eventsforce Privacy Policy. .
• Mailchimp Privacy Policy and Notice. .
• Mailerlite Privacy Policy .
• Privacy Policy and Salesforce Privacy Shield Notice .
• SurveyMonkey Privacy Policy and Privacy Shield Notice .
• Zoom Privacy Policy and Privacy Shield Notice .
  ‍

YOUR LEGAL RIGHTS

You have the right to:

Request access to your personal data (commonly known as a «data subject access request»). This allows you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data we have about you. This allows you to correct any incomplete or inaccurate data we have about you, although we may need to verify the accuracy of any new data you provide.

Request the erasure of your personal data. This allows you to ask us to delete or remove personal data where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local laws. However, please note that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to the processing of your personal data when we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may be able to demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request the restriction of processing of your personal data. This allows you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the accuracy of the data; (b) when our use of the data is unlawful but you do not want us to erase it; (c) when you need us to retain the data even if we no longer need it because you need it to establish, exercise, or defend legal claims; or (d) you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or a third party. We will provide you, or a third party you have chosen, your personal data in a structured, commonly used, and machine-readable format. Please note that this right only applies to automated information for which you initially gave us your consent to use or when we use the information to fulfill a contract with you.

Withdraw consent at any time if we rely on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide you with certain products or services. We will inform you if this is the case at the time you withdraw your consent.

Disclaimer

The content of this website is provided for your personal, private, non-commercial use only. You may not copy, reproduce, distribute, transmit, broadcast, display, sell, license, or otherwise exploit this or any other content for any other purpose without the prior written consent of Alpha International.