PRIVACY POLICY

At University Jewish Chaplaincy we’re committed to protecting and respecting your privacy.

This Policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy.

Any questions regarding this Policy and our privacy practices should be sent by email to info@mychaplaincy.co.uk or by writing to 305 Ballards Lane, London, N12 8GB. Alternatively, you can telephone 0208 343 5678.

Who are we?

University Jewish Chaplaincy exists to provide Jewish provision to students on campuses across the country. This is done by hiring Chaplaincy Couples who live on site at various university campuses across the country.

How do we collect information from you?

We obtain information about you when you use our website, for example, when you complete the contact form, when you complete the site registration form, make a donation, purchase a product / event ticket from our store or engage with other forms within our site.

Controller

University Jewish Chaplaincy (also referred to as “Chaplaincy”, or “UJC”) is the controller and responsible for your personal data (collectively referred to as "we", "us" or "our" in this privacy policy).

Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

What type of information is collected from you?

Depending on the type of communication or transaction, we may collect, use, transfer, store and process the following personal data which we have grouped together as follows:

Identity Data includes first name, last name, title, date of birth and gender.
Contact Data includes billing address, home address and postcode, email address and telephone numbers.
Financial Data includes bank account details.
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
Usage Data includes information about how you use our website, products and services.
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

Sensitive Personal Data
Save for as set out below we do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

We only collect "sensitive personal data" about our stakeholders, e.g. health status, where there is a clear and specific reason for doing so and an exemption applies permitting us to do so under applicable data protection laws. If you are part of our team in either a paid or voluntary role, we collect this data where we need it to ensure that we provide appropriate facilities or support to enable you to participate in the event or carry out your role. Clear notices will be provided on application forms so that it is clear what information we need and why we need it. In certain circumstances, such as when we recruit volunteers, we need to obtain information about criminal convictions (where these are unspent) in order to check that it is appropriate for you to undertake the role.

If you apply for a role with us, we may collect this data for equality monitoring. In the event you are applying for a role, we will notify you about our intentions to collect and process such data.

Rarely, we may collect this data for the prevention of crime or dishonesty, to safeguard those with whom we work, or for another reason which is in the public interest. Where we do this, we will do it carefully and in accordance with applicable laws.

Should you disclose information to us about your health or your family, this may also be recorded, so that we can communicate with you in a considerate and appropriate manner.

All sensitive personal data is stored on a secure database, to which only a limited number of relevant staff have access. It is deleted when no longer relevant, is never shared with third parties, and is available to you at any point should you wish to see it.

16 or Under

We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.

In the event we learn that we collected personal information from anyone under the age of 18, and do not have a parent or guardian's consent, we will delete that information as quickly as possible.

If you believe that we might have any unconsented information from or about anyone under the age of 18, or if you wish to remove or request and obtain removal of content and information, please contact us at info@mychaplaincy.co.uk

WHEN WE COLLECT INFORMATION ABOUT YOU:
University Jewish Chaplaincy may collect your personal data in the following circumstances:

When you give it to us:
You may give us your personal data directly when you make a donation, sign up for one of our events, take part in a campaigning action, request marketing to be sent to you, or volunteer your time with us. If you participate in market research, we may ask you questions regarding UJC services used, or other survey questions relating to your experience of our services.

When you access University Jewish Chaplaincy’s Social Media:
We might also obtain your personal data through your use of social media such as Facebook, Instagram, WhatsApp, X (Twitter), LinkedIn or TikTok, depending on your settings or the privacy policies of these social media and messaging services. To change your settings on these services, please refer to their privacy notices, which will tell you how to do this.

When we use cookies:
As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns and collect this data by using cookies and other similar technologies. Cookies are a useful way for us to understand how supporters use our website. When you visit our website we will collect data from your computer or other device such as a smartphone or tablet through the use of "cookies". Cookies are created by your web browser when you visit our website. Every time you go back to the UJC website, your browser will send the cookie file back to the website's server. They improve your experience of using our website, for example, by remembering your preference settings so that you are presented with information likely to be most relevant to you, and by measuring your use of the website to enable us to continuously improve our website to ensure that it meets your needs. Cookies can also be used to show you relevant All Aboard content on social media services such as Facebook - these are known as "retargeting'" or "advertising" cookies.

If you visit our website as an anonymous visitor (e.g. you switch off cookies), UJC may still collect certain information from your browser, such as the IP address (an IP address is a number that can uniquely identify a computer or other internet device).

Main Cookies used on our site

Google Analytics

These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site.

The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

For more information on Google Analytics’ privacy policy visit here – http://www.google.com/analytics/learn/privacy.html

Google Maps

These are Google Maps third party cookies, which are unique identifiers to allow traffic analysis to Google Maps.

CCTV images:
If you visit our offices, or attend an event in the home of one of our Chaplains, we may capture you on CCTV or other digital image recording technology such as video doorbells. If you participate in an event we may (with your permission) take your photograph or video, or interview you.

Where we consider that, on balance, it is appropriate for us to do so, we will process CCTV footage for legitimate interests. This may include sharing footage with a university, the police or other law enforcement agencies, safeguarding partners, or our insurers where necessary in relation to a claim, as well as any other third parties in connection with legal proceedings or emergency situations.

WHY WE HOLD AND PROCESS PERSONAL DATA:
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal obligation.

Please refer to the glossary to find out more about the types of lawful basis that we will rely on to process your personal data.

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity
Type of data
Lawful basis for processing including basis of legitimate interest

To respond to a contact form enquiry:

(a) Identity
(b) Contact

To register you as a new donor, fundraiser, service user or volunteer:
(a) Identity
(b) Contact

To process a grant or job application:

(a) Identity

(b) Contact

Necessary for legal obligations

To process and deliver your event attendance order including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
(c) Identity
(d) Contact
(e) Financial
(f) Transaction
(g) Marketing and Communications
(h) Performance of a contract with you
Necessary for our legitimate interests (to recover debts due to us)

To manage our relationship with you which will include:
(a) Notifying you about changes to our terms or privacy policy
(b) Asking you to leave a review or take a survey or undertake market research
(c) Identity
(d) Contact
(e) Profile
(f) Marketing and Communications
(g) Performance of a contract with you
(h) Necessary to comply with a legal obligation
Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To enable you to partake in a competition, complete a survey, undertake market research or participate in a campaign/fundraising event
(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Performance of a contract with you
Necessary for our legitimate interests (to study how service users consume our products/services, to develop them and grow our reach)

To administer and protect our charity and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
(a) Identity
(b) Contact
(c) Technical
(d) Necessary for our legitimate interests (for running our charity, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Technical
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our charity and to inform our marketing strategy)

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
(a) Technical
(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our charity and to inform our marketing strategy)

To make suggestions and recommendations to you about goods, services, campaigns or appeals that may be of interest to you
(a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile
(f) Marketing and Communications
Necessary for our legitimate interests (to develop our products/services and grow our charity)

How long will University Jewish Chaplaincy keep your personal information?

We will hold your personal information on our systems for as long as is necessary for the relevant activity and to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. For example we will keep a record of donations subject to Gift Aid for at least seven years to comply with HMRC rules. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

If you request that we stop sending you marketing materials we will keep a record of your contact details and appropriate information to enable us to comply with your request not to be contacted by us.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Details of retention periods for different aspects of your personal data can be requested from us.

In some circumstances you can ask us to delete your data: see your legal rights below for further information.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

YOUR RIGHTS OVER YOUR PERSONAL DATA
You have a variety of rights in respect of your data. In particular you may have the right to:

Request access to your personal data.
Request correction of your personal data.
Request erasure of your personal data.
Object to processing of your personal data.
Request restriction of processing your personal data.
Request transfer of your personal data.
Right to withdraw consent.

Please see more information about these rights in the glossary. If you wish to exercise any of these rights, please contact info@mychaplaincy.co.uk

Subject Access Requests
You have the right to request a copy of the personal information we hold about you. We will provide this as soon as possible, and usually within a month unless there are specific reasons why this would not be possible. We will always let you know if this is likely to be the case.

No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Right to be Forgotten
Upon request we will delete your personal data from our systems, to the extent that we are permitted to by law or regulatory guidelines. For instance, under HMRC rules we are required to retain financial data for 7 years for audit purposes, and so will not be able to delete donation details until this time period has elapsed.

Who has access to your information?

We will not sell or rent your information to third parties.

We will not share your information with third parties for marketing purposes.

Third Party Service Providers working on our behalf: We may pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to process donations and send you mailings).

However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties beyond the company for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.

When you are using our secure store pages, your payments are processed by a third party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us.

We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, or if we’re under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our supporters and customers. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.

Your choices

You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about our exciting products and services, then you can select your choices by ticking the relevant boxes situated on the form on which we collect your information.

We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted.

You can change your marketing preferences at any time by contacting us by email: info@mychaplaincy.co.uk or telephone on 0208 343 5678.

How you can access and update your information

The accuracy of your information is important to us. You have the right to request a copy of the information we hold about you so that you can ensure its accuracy. You can do this by the following methods:

Send an email to the administrator here and request the information held about you.

Right to erasure

Visitors / users of the site should have the ability to have all records of their personal data held by a business where there is no legitimate reason for that business to maintain that reason. This includes where GDPR is superseded by other laws governing the details obtained.

To request erasure please send an email to office@mychaplaincy.co.ukor call the office on 0208 343 5678 and request that your information is erased. We will then send you an email confirming that this has been done.

Security precautions in place to protect the loss, misuse or alteration of your information

When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with the following software 128 Bit encryption on SSL. When you are on a secure page, a lock icon will appear in the website address bar and / or on the bottom of web browsers.

Non-sensitive details (your email address etc.) are transmitted normally over the internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Profiling

We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use your personal information to detect and reduce fraud and credit risk.

Links to other websites

Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website, so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you link to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

Transferring your information outside of Europe

As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.

If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.

****

Approved by: UJC Board of Directors
Approval date: 18th August 2025
Next review date: July 2026