Privacy & Cookies

Africa Inland Mission (AIM) a company limited by guarantee (04598557), a registered charity in England and Wales (1096364) and a charity registered in Scotland (SC037594) is the Data Controller for the personal data of staff, missionaries, supporters, volunteers, event attendees, job applicants and communications subscribers.

We do not trade personal data for commercial purposes and will only disclose it if required by law, as part of our legitimate interests, in compliance with the conditions set out in our EU Model Clauses, or with your consent.

To contact AIM with a data protection query regarding the processing of your personal data then please use the contact form.

Our privacy policy is broken down into different sections dependent on how we interact with you, acknowledging that you may interact with us in more than one way, and so your personal data be processed in numerous different ways. Please select the appropriate section to see how we process your personal data.

Like many websites, Africa Inland Mission may use cookies in order to provide you with a more personalised web service.

A cookie is a text-only string of information that we pass to your computer’s hard disk through your web-browser so that the website can remember who you are. Cookies cannot be used by themselves to identify you.

A cookie will typically contain the name of the domain from which the cookie has come, the “lifetime” of the cookie, and a value, usually a randomly generated unique number.

For more information about cookies, please see www.allaboutcookies.org

We do not trade personal data for commercial purposes and will only disclose it if required by law, as part of our legitimate interests, or with your consent.

To contact AIM with a data protection query regarding the processing of your personal data then please use the contact us form.

Our privacy policy is broken down into different sections dependent on how we interact with you. Please select the appropriate section to see how we process your personal data.

For the processing of personal data relating to postal marketing, we have previously used consent as our legal basis for processing. However, as of December 2018 we will cease using consent as our legal basis and our processing of your personal data will be justified on the basis of our legitimate interests of mobilising individuals to mission in Africa, engaging our supporters, and encouraging partnership with the organisation. A copy of our legitimate interest assessment is available upon request.

When you request to receive postal marketing from us we will need the following information from you, which will also be stored on our database:

Name

Address

When sending some postal communications to you volunteers are invited to our Nottingham offices to assist in the mailing process. They will have access to your name and address information as part of this, however each volunteer who serves with us is required to have signed AIM’s Confidentiality and Data Protection Commitment statement before they access any of your personal information.

Regarding the processing of email marketing we use consent as set out in the EU’s PECR legislation.

When you request to receive email marketing from us we will need the following information from you:

Name

Email address.

To send our email publications to you we previously used the marketing automation platform and email marketing service MailChimp. When we say MailChimp we are referring to The Rocket Science Group LLC d/b/a MailChimp limited liability Company, who are registered in the United States.

MailChimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield Framework. Their privacy policy can be found at https://mailchimp.com/legal/privacy/

To better comply with the new GDPR legislation we have ceased using MailChimp, and are instead using Mailjet, an EU based, “ISO 27001 certified and GDPR compliant” email service provider. Their privacy policy can be found here; https://www.mailjet.com/privacy-policy/. We have also obtained a Data Processing Agreement from Mailjet, stating how they will process your personal information. All MailChimp accounts our office holds have been closed, and the personal data in them deleted.

Whilst we have deleted your personal data from our MailChimp accounts, this does not mean that MailChimp will cease processing it, or using it for their own purposes as set out in their privacy policy. To request that MailChimp action any of the rights available to EU residents under the GDPR (listed at the bottom of this privacy policy) then email personaldatarequests@mailchimp.com

You can ask us to stop sending you postal marketing at any time by contacting the Communications Manager on 0115 983 8120 or at communications.eu@aimint.org.

To withdraw your consent for email marketing then please use the unsubscribe link located at the bottom of the email you’d like to no longer receive. You will then be directed to your web browser, where you will be asked to confirm your request. Should you withdraw your consent to receiving email marketing we will still hold your personal data on our database in order that your withdrawal of consent can be recorded. Your personal data will still be used for any other previously advised processing.

We will seek to re-establish your consent for our email publications every five years. We will store your personal data in line with our legitimate interests as described above, and will continue to store it on our database until you advise us as to otherwise.

Connect Junior is a quarterly postal mailing for children between the ages of eight and fourteen, showing them how they can be praying for Africa’s people. In order to receive it, the consent of a parent or guardian must be provided. The child’s personal data (name, address and age) will only be used for the purposes of sending Connect Junior to them, and consent can be withdrawn at any time. Should you wish to withdraw your consent please contact the Communications Manager on either 0115 983 8120 or at communications.eu@aimint.org.

Should the parent or guardian withdraw their consent for the child to receive Connect Junior, then this will be recorded on our database whilst the contact record would be marked as ‘Requests no literature’. The child’s name and address will be retained as well as the communication advising that consent has been withdrawn. This is to ensure that Connect Junior is not sent to them again. We will retain this information indefinitely to comply with consent being withdrawn.

Should consent not be withdrawn, once the child reaches the age of fourteen they will receive a letter inviting them to receive our Connect Lite publication via email and post. The legal basis will continue to be consent.

You have rights concerning how your personal data is processed, to see what these are please click on the ‘Your Rights’ section at the bottom of this policy.

We believe that our processing relating to our events is justified on the basis of our legitimate interests in seeing the good news of the Lord Jesus shared, promoting the organisation, encouraging gospel partnership, inter-church networking, raising AIM’s profile as a valued and worthwhile mission partner, beginning relationships with church leaders and their churches and mobilising church members into mission with AIM.

Our legitimate interest assessment is available upon request. This does not apply to the basis of processing religious information which we carry out under article 9(2)(d): “processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects;”

If we believe one of our events will be of interest to your church then, we will do the following:

Establish which churches are in reasonable proximity to the event – this ensures that should we write to you about the event it is within a reasonable distance of your church location.
View those church’s website for the church leader’s name and contact postal/email address – this allows us to make sure that we write to the right person, using the right contact method.
Ensure that any changes (where church leader/church contact details are already stored on our website) are reflected on our database – this ensures that our records are up to date for any future correspondence.
Should we hold the name of a church leader, and their church address in our database, but no email address, and an email address is not listed on the church’s website then we will do the following:

Send event information details to the personal email address of an individual connected to the church (e.g. the treasurer), which is defined as business to business marketing. Material would be sent to this individual as a representative of the church, rather than the communication being specifically addressed to them.
If we believe one of our events will be of interest to you as an individual, then we will do the following:

Send details through the post to you, we do this on the basis of the legitimate interests at the beginning of this section of our privacy policy.
Send details to you via email. This will only be undertaken provided we have obtained your prior consent.
When you attend an AIM event we will need your name, the name of the church you represent, the church’s address and your email address. Our lawful basis for processing your religious information under the GDPR is article 9.2(d) “processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects;”

We will use this information to administer the event, ensure our records are up to date, update our records where new information has been provided, update marketing preferences (where you have advised us of a change you would like to make) and for the purposes of encouraging inter-church networking.

For some of our events, to encourage inter-church networking, as part of your attendance at our event we would like to share your name, the name of your church, church address and your email address with other event attendees to encourage and facilitate a culture of partnership and relationship building, however this sharing of data will not be done without your consent. Please be aware that when your data is shared, it will continue to be processed by the recipient. If you have any privacy concerns, please directly contact the recipients for whom you have given consent for your data to be shared with.

You can withdraw your consent to the sharing of your data up to three working days before the event and it will be removed from our guest packs. After this time guest packs will have been produced and we will be unable to remove any information from them. Should you decide less than three days before the event, or at any point after the event that you would no longer like your personal information to be shared with other attendees then please contact us directly. We will then make attendees aware that you have requested your information not to be shared and that they must no longer process it.

AIM uses software provided by the Access Group to process event attendee personal data. The Access Group has offices based within the EU and therefore is subject to the same GDPR legislation that AIM is under. Your personal information will not be sent outside of the EU by AIM at any point.

After the event your personal data will be held on our systems for the purposes outlined above for a period of five years. Please note that your personal data will continue to be used in line with our other legitimate interests, and/or in line with any further purposes for which you have indicated are permissible.

We believe that our processing relating to correspondence concerning AIM’s general ministry of the mission fund is justified on the basis of our legitimate interests in seeing Christians mobilised to mission in Africa, encouraging prayer for AIM’s work in Africa, raising financial support to allow us to continue our work for the Lord, raising awareness of our work in Africa and to encourage partnership with AIM. A copy of our legitimate interest assessment is available on request.

The GDPR provides rights to individuals whose personal data is processed by AIM; specifically the right to be informed, the right to access data we hold about you, the right to object to direct marketing, the right to object to processing carried out on the basis of legitimate interest, the right to erasure (in some circumstances), the right of data portability, the right to have your data rectified if it’s inaccurate and the right to have your data restricted or blocked from processing. For more information please see the ‘Your Rights’ section of this policy.

We use the platform GoCardless to collect direct debit giving. As a result, GoCardless will process the personal data that you provide to AIM in setting up your direct debit. In addition to everything listed in this section of our privacy policy, your direct debit is covered by the Direct Debit Guarantee at all times. A copy of this can be seen below. For information on how GoCardless uses your personal data then please visit their privacy policy. The extract in italics below is from the agreement we have in place with GoCardless:

Data Protection:

We (GoCardless) work to a high standard of data protection and privacy compliance, which meets or exceeds the requirements set out in the General Data Protection Regulation (also referred to as the GDPR). As the GDPR sets a high standard for the processing of personal data of EU citizens and this is where GoCardless’ main headquarters are based, we use the definitions and rules in the GDPR across our operations globally for consistency. However, we endeavour to meet applicable local privacy law requirements as well.

We (AIM & GoCardless) are each independent ‘data controllers’ for the data related to your payers, and so we each have our own separate responsibilities for ensuring that payer data is protected legally and technically.

As part of our agreement, both AIM & GoCardless will:

  1. ensure appropriate technical and organisational security measures are in place to protect personal data under its control;
  2. transfer personal data between jurisdictions only where it has taken appropriate measures to make such a transfer lawful under Data Protection Law;
  3. notify the other without undue delay in the event that a party receives a request, complaint or other communication from a data subject or a regulatory authority that is addressed to or intended for the other, and provide reasonable assistance where required unless prevented from doing so by law or regulation;
  4. notify each other without undue delay in the event that they are required to notify a data protection regulator or data subject under the Data Protection Law of any data breach of Personal Data processed under this Agreement; and
  5. provide such information as may reasonably be requested by the other party from time to time concerning the measures that party has taken to ensure compliance with its obligations under this Agreement and Data Protection Law.
  6. As you are entering into a contract facility (a direct debit) with AIM, we will also process your personal data. There are several legal bases that we will use to process your personal data:

Legal obligation – to comply with UK law, for Gift Aid purposes etc.

Contract – as you are agreeing to a direct debit facility you are entering into a contractual agreement with AIM. Whilst you’re able to cancel that contract at any point, we will require your personal data (name, postal and email address, bank details) to set up your direct debit, and ensure that it continues to function as you have requested.

Legitimate interest – as set out in the Office Communications Subscribers section of our privacy policy.

When you complete a regular giving form on our website then your name, address and email address are saved, however your financial information is not, and none of your financial information is saved to our website. This information will be retained until we have received confirmation from GoCardless that your direct debit has been set up successfully, which can take anything up to five working days. From the date we receive confirmation that your direct debit has been set up, we will delete your name, address and email address from our secure web location within 10 working days. This information will then be saved to our database and used as set out in this privacy policy, as well as for any other purposes outlined in our wider privacy policy.

The personal data you provide in relation to your direct debit is stored in a different location to our website. We have adequate security protocols in place to protect your information.

We will retain your direct debit information on our systems indefinitely, the reason for this is in line with the Direct Debit Guarantee scheme:

Bullet point three states that “If an error is made…you are entitled to a full and immediate refund of the amount paid from your bank or building society.” This describes an indemnity claim, and as there is no expiry for raising an indemnity claim, we would need to keep your direct debit instruction to evidence your entering into a contract with us.

For the purposes of recruitment for AIM posts our lawful basis for processing your personal data is our legitimate interests in administering the recruitment process, reviewing candidates’ suitability for a post and in seeing vacancies filled by letting individuals know of other AIM posts that may be of interest to them. A copy of our legitimate interest assessment is available upon request. Should you not wish to be contacted about future AIM vacancies that we believe may be of interest to you then please inform us by emailing applications.eu@aimint.org

The GDPR provides rights to individuals whose personal data is processed by AIM; specifically the right to be informed, the right to access data we hold about you, the right to object to direct marketing, the right to object to processing carried out on the basis of legitimate interest, the right to erasure (in some circumstances), the right of data portability, the right to have your data rectified if it’s inaccurate and the right to have your data restricted or blocked from processing. For more information please see the ‘Your Rights’ section of this policy.

Your personal data will only be accessible to individuals employed by AIM and will be held on our secure servers; it will not be transferred outside of the European Economic Area (EEA) at any time.

Any correspondence/application forms/cover letters/aptitude tests/interview notes/feedback or any other material (whether paper or electronic) relating to the position will be kept by AIM for a period of twelve months from the date the post is filled and then securely destroyed. . Information relating to the successful applicant will be moved to their personnel file and retained for a period of six years from the date their employment ceases.

AIM currently has two different types of volunteers, those who volunteer within our Nottingham office and those who are part of our AIM Advocates volunteer programme. 

What data we collect from all volunteers: 
Volunteers need to provide us with:   

Name 
Telephone number 
Email address   
Postal address 

How and why we use your data: 
We process your personal data for the following reasons:  

• Health & safety purposes – our basis for doing so is a legal obligation in ensuring that you are provided with a safe working environment. Where relevant, we will retain personal data as part of the recording and investigation of accidents for a period of four years from the date the event is recorded. 
• Reimbursement of expenses – our basis for doing so is our (and your) legitimate interest in making sure you receive the relevant funds. Our legitimate interest assessment for this is available upon request. We are also required to notify HMRC of such payments. This information will be retained for seven years from the end of the financial year the payment relates to. We may require your bank details in order to reimburse you but will only ask for these at the point an expense is incurred. 
• Contacting you to invite you to volunteer with AIM in the future – our basis for doing so is our legitimate interest in inviting you to volunteer with us in future. A copy of our legitimate interest assessment is available upon request. We will retain such data for a period of two years from the data you last volunteered with AIM. If within those two years you do not a) volunteer again, or b) interact with the communications we send to you inviting you to volunteer then your information will be securely destroyed at the end of the two year period. 

If at any point you no longer wish to volunteer with AIM, and no longer wish to be made aware of opportunities to volunteer then please contact either the staff member who engaged you or our Finance & Operations Administrator at  financeadmin.eu@aimint.org   

Should you wish to volunteer with AIM in our offices then you will be required to sign a copy of AIM’s Volunteer Confidentiality & Data Protection Commitment which advises all the obligations placed on those who have access to AIM related personal data. Your signed copy of this document will be retained indefinitely to evidence that we have made you aware of your obligations regarding handling AIM personal data. 
 
Those who volunteer as part of our AIM Advocate volunteer programme will not need to sign this document as they will have already signed the AIM Advocate Code of Conduct, as part of their application to join that programme. 

Disclosures of personal data: 
Your personal information will be stored on our secure servers and will not be transferred outside of the EEA. We do not trade personal data for commercial purposes and will only disclose it if required by law, as part of our legitimate interests, in compliance with the conditions set out in our EU Model Clauses, or with your consent. 

Your rights: 
The GDPR provides rights to individuals whose personal data is processed by AIM. These rights can be viewed in the ‘Your rights’ section of this privacy policy.