Third Parties
SUNI will never sell your data to anyone else, nor do we share your data with other organisations for their marketing purposes. We don’t share your data in ways you would not expect and we are transparent about who we plan to share your data with and why, but we may also have to share your data if there are legal reasons to do so e.g. with the police regarding suspected fraud or with social services in relation to child protection.
In outlining above what we do with each different type of person’s data we have highlighted some of the third party service providers we use. They are listed below. We have chosen them because they also treat your data with respect and their data policies align with ours. They will only use your data as instructed by us.
Most of our Third Parties store data within the European Economic Area, but where one of our third parties is based outside the EEA or needs to transfer data outside the EEA we will have carried out a risk assessment to ensure that adequate levels of privacy protection, in line with UK data protection law, are in place.
Third parties
SUNI will never sell your data to anyone else, nor do we share your data with other organisations for their marketing purposes. We don’t share your data in ways you would not expect and we are transparent about who we plan to share your data with and why, but we may also have to share your data if there are legal reasons to do so e.g. with the police regarding suspected fraud or with social services in relation to child protection.
In outlining above what we do with each different type of person’s data we have highlighted some of the third party service providers we use. They are listed below. We have chosen them because they also treat your data with respect and their data policies align with ours. They will only use your data as instructed by us.
Most of our Third Parties store data within the European Economic Area, but where one of our third parties is based outside the EEA or needs to transfer data outside the EEA we will have carried out a risk assessment to ensure that adequate levels of privacy protection, in line with UK data protection law, are in place. For further information on this please email data@suni.co.uk.
ACCESS NI
We use Access NI to carry out enhanced checks on volunteers, interns and staff who will be working with children. After registering with Access NI via their website you will apply for an Enhanced Check, and will enter your addresses for the last 5 years, your National Insurance number and your driving licence and passport numbers if you have these documents. This data will be used to check for any criminal records which may impact on your suitability to work with children. Access NI is a government body and therefore complies with the GDPR (UK) and expects registered bodies like SUNI to hold to strict data protection procedures in how we handle the information they share with us (you can find the Access NI sample policy statement on indirect.gov.uk). Further details of what information may be disclosed about you can be found here.
BLACKDOG MEDIA
Blackdog Media provide technical support and consultancy services to SUNI. For more information on this trustworthy local company please refer to their website blackdogmedia.co.uk.
COMPANIES HOUSE
To comply with our legal obligations, SUNI is registered with Companies House. This includes sending personal data on the Company Directors and the Company Secretary to Companies House. For more information please refer to the Companies House Personal Information Charter on the gov.uk website.
EVENTBRITE
We use a third party provider, Eventbrite, to process bookings for many SUNI events, e.g. the Making Your Mark weekend, Camps & Missions and volunteer training events. They hold the information which you give them in relation to the event you are booking. As an Organiser, we can then access that information in order to run the event. When the event and any follow up has been completed, we ask Eventbrite to delete the personal data relating to that event. Eventbrite is based in the US as well as the Netherlands, but we have carried out a risk assessment and are satisfied that Eventbrite’s Standard Contractual Clauses ensure that if personal data is transferred out of the EEA, it is adequately protected in line with the expectations of the GDPR (UK). For more information please see the eventbrite website (eventbrite.co.uk).
SUNI has a number of Facebook pages (our main page, @ScriptureUnionNI, as well as pages for our different E3 areas etc, plus some SUNI groups may use closed Facebook pages to communicate with team members). We do not give people’s personal information to Facebook, and all Facebook users set their own privacy settings. For more information please refer to the privacy notice on Facebook’s website (facebook.com).
FILEMAKER
We currently use a FileMaker database. FileMaker is a subsidiary of Apple Inc. We don’t share any personal information with Filemaker, all the data is held on our secure, encrypted server using FileMaker software. For more information on Filemaker and privacy see the Claris.com website.
FILE SHARING WEBSITES
File sharing websites offer a more secure alternative to attaching files, so we recommend their use when personal information needs to be transferred. WeTransfer is located in the E.U. and their website (wetransfer.com) has more information on the security of their platform, and GDPR (UK) compliance.
HMRC
To comply with our legal obligations, SUNI must send information to HM Revenue and Customs for tax purposes. As a UK government department HMRC must comply with the GDPR(UK).
SUNI has several Instagram accounts. We do not give people’s personal information to Instragram, and all Instagram users set their own privacy settings. For more information please refer to the privacy notice on Instagram’s website (Instagram.com).
JOTFORM
Jotform is used in registering for some SUNI events (in person and online). They hold the information you enter. As the Data Controller, we can then access that information as needed. Jotform only process personal data in accordance with our instructions, and once the event and any follow up has been completed, we ask JotForm to delete the personal data relating to that event. Jotform is based in the US, but they affirm the importance of the GDPR(UK) and SUNI has signed a GDPR compliant data processing addendum with JotForm. For further information please see their website jotform.com.
MAILCHIMP
We use a third party provider, MailChimp, to send out mailings to supporters and volunteers (e.g monthly Prayer Focus, E3 workers’ termly news, Camps & Missions leaders’ mailings). We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our mailings. MailChimp is based in the US, but we have carried out a risk assessment and are satisfied that the Standard Contractual Clauses in Mailchimp’s Data Processing Addendum ensure that personal data is adequately protected in line with the expectations of the GDPR (UK). For more information please see the mailchimp website (mailchimp.com)
MORGAN DOCUMENT SECURITY
We use a third party provider, Morgan Document Security, to archive documents long term (generally for legal purposes) and to securely destroy personal information which we no longer need. They are a well–respected local firm with excellent security standards, accredited with ISO 9001 (quality standard) and ISO 27001 (Information Security Management Standard). For more information on their processes and their secure archiving and secure shredding services, please refer to their website, morgandocumentsecurity.com.
NEW HORIZON
Scripture Union Northern Ireland does not handle or process the data of children attending SU@NH. Registration is processed by our trusted partners, New Horizon (for more information please refer to their website newhorizon.org.uk).
NOWDONATE
We use a third party provider, NowDonate, to facilitate easy online giving to SUNI. NowDonate is registered in the UK. For more information please see the NowDonate website NowDonate.com.
PAY PAL
We use a third party, Pay Pal, to process some payments. Security is the backbone of Pay Pal’s business, and as a multinational corporation registered in Europe (Luxembourg) they comply with the GDPR. For more information see their website, paypal.com.
POSTAL SORT
We use the postal services of a third party, PostalSort (Mail Matters), which is registered in Northern Ireland. You can find more information on their website postalsort.co.uk. For large mailings we sometimes send names and addresses to PostalSort. They have a secure FTP site to which we can upload this information and they treat personal data carefully in line with the GDPR(UK) and in accordance with our instructions.
SAGE/SAGEPAY
We use Sage and SagePay software to keep our accounts, and to process staff salaries, tax and pensions. Sage and Sage Pay are registered in the UK. For more information on Sage’s compliance with the GDPR (UK) see the sage.com and sagepay.co.uk websites
SCOTTISH WIDOWS
SUNI uses Scottish Widows as the staff pension provider. In line with current legislation, staff are enrolled in a Scottish Widows pension scheme unless they choose to opt out. For more information see their website, scottishwidows.co.uk.
SHINE KIDS WEBSITE
We work with our trusted partners, Crown Jesus Ministries, to run SHINE Kids. The SHINE Kids website (shinekids.co.uk) is hosted by Wix. Wix.com Ltd is based in Israel, which is considered by the European Commission to be offering an adequate level of protection for the personal information of EU Member State residents i.e. this is equivalent to the GDPR(UK). (For more information on wix.com please see their website wix.com.
SHINE WEBSITE
We work with our trusted partners, Crown Jesus Ministries, Logos Ministries International and Scripture Union England & Wales to run SHINE. The SHINE website (shineinschools.com) is hosted by Big Wet Fish (BWF Hostings Limited), registered in Northern Ireland. Their secure servers are located in a fully ISO27001 certified facility in England. For more information on BWF Hostings Limited please see their website (bigwetfish.hosting).
SUNI WEBSITE
Our website is hosted by Edditt which is owned and operated by our website designers, Thought Collective, a registered Northern Irish company. We don’t collect any personal information from website users, but we use cookies through Google Analytics to help us monitor general activity on the site, for example: to see the number of users viewing pages on the site; to monitor and report on the effectiveness of our website, and help us improve it. Our website has links to other social media and to websites belonging to third parties, and we may include content from websites such as these on our website. However, please be aware when you leave our website that we have no control over the privacy practices of other websites.
TEXTMAGIC
TextMagic is an American company, but is also registered in the UK (TextMagic Ltd) and is fully compliant with the GDPR (UK) as outlined on their website, textmagic.com.
THE CHARITY COMMISSION FOR NI
To comply with our legal obligations, SUNI is registered with The Charity Commission for Northern Ireland. This includes sending personal data on the Company Directors and the Company Secretary to the Charity Commission. Further data protection information from The Charity Commission for Northern Ireland can be found on the Charity Commission for Northern Ireland website, charitycommissionni.org.uk.
TICKET TAILOR
We sometimes use the well known ticketing site Ticket Tailor for our event booking. Ticket Tailor is the trading name of Zimma Ltd which is registered in the UK therefore comes under the GDPR (UK) and is fully compliant with the requirements of the GDPR. For more information on their data protection standrards and GDPR compliance please visit their website tickettailor.com
TRICORD
We use the postal services of a reputable local third party, Tricord which is registered in Northern Ireland and therefore comes under the GDPR. You can find more information on their data protection standards and GDPR (UK) compliance on their website tricord.com. For large mailings we sometimes send names and addresses to Tricord. They have a secure, encrypted file transfer system which ensures that your data remains protected at all times. They treat personal data carefully in line with the GDPR(UK) and in accordance with our instructions.
SUNI has a number of twitter accounts (our main account, @SUNIinfo, as well as various E3 accounts etc). We do not give people’s personal information to Twitter, and all Twitter users set their own privacy settings. For more information please refer to the privacy notice on Twitter’s website (twitter.com)
ULSTER BANK
We use the Ulster Bank to make and receive payments. The Ulster Bank Ireland DAC is registered in the Republic of Ireland, and therefore comes under the GDPR and complies with the GDPR(UK). For more information on how the Ulster Bank protects its customers, please refer to their website digital.ulsterbank.co.uk.
VOLUNTEER WEBSITE
Our volunteer website (which is where you would register as a schools volunteer or a camps and mission volunteer) is a bespoke website hosted on a 1&1 server. For more information about this company, registered in the UK, please see their website, ionos.co.uk.
Services to WhatsApp users living in the UK are provided by WhatsApp Ireland Ltd, which complies with the GDPR. If you choose to join a WhatsApp group linked to an SUNI camp, mission, committee or event, we do not send them your personal information – you are in control of your own privacy settings. WhatsApp does not store your personal data. For more information, please see their website, whatsapp.com.
WORLDPAY
We use a third party provider, World Pay, to facilitate credit card payments in the Resource Centre or over the phone. WorldPay (UK) is registered in the UK. FIS globally is registered in the US, but any personal information transfers outside the EEA are authorised by modal contracts in line with the GDPR(UK). For more information please see fisglobal.com.
ZOOM
Zoom is a renowned video conferencing platform which is used to host some SUNI events. Zoom only collects and processes personal data from the Zoom meeting host, not the participants. Zoom is registered in the US but acknowledges European Privacy Rights. For more information see the privacy statement on their website, zoom.us.