We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
Who we are
Majlis Atfalul Ahmadiyya (UK) (‘MAA UK’) collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
Information collected by us
In the course of our activities we collect the following personal information when you provide it to us:
your contact details (including postal address, telephone number, e-mail address and/or social media identity);
your date of birth;
your bank details where you provide these to make a donation;
if you volunteer for us or apply for a job with us, information necessary for us to process these applications and assess your suitability (which may include things like employment status, previous experience depending on the context, as well as any unspent criminal convictions or pending court cases you may have);
information about your activities on our website(s) and about the device you use to access these, for instance your IP address and geographical location;
information about events, activities and products which we consider to be of interest to you;
information relating to your health (for example if you are taking part in or attending an event for health and safety purposes;
information regarding next of kin (for example which you may have provided as an emergency contact during the course of an event);
information as to whether you are a taxpayer to enable us to claim Gift Aid;
age, nationality and ethnicity information for monitoring purposes; and
any other personal information you provide to us.
Certain types of personal information are in a special category under data protection laws, as they are considered to be more sensitive. Examples of this type of sensitive data would be information about health, race, religious beliefs, political views or biometric information.
We only collect this type of information about you to the extent that there is a clear reason for us to do so, for example asking for health information if you are taking part in a sporting event, or where we ask for information for the purpose of providing appropriate facilities or support. We will also collect this type of information if you make it public or volunteer it to us.
Wherever it is practical for us to do so, we will make why we are collecting this type of information clear and what it will be used for.
Information collected from other sources
We also obtain personal information from other sources as follows:
Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or Twitter, you might give us permission to access information from those services, for example when you publicly tag us in an event photo.
How we use your personal information
We will use your personal information to:
further our charitable objectives;
administer your donation or support your fundraising, including processing Gift Aid;
manage our events;
send you correspondence and communicate with you;
provide you with the services, products or information you asked for;
keep a record of your relationship with us;
respond to or fulfil any requests, complaints or queries you make to us;
understand how we can improve our services, products or information by conducting analysis and market research;
check for updated contact details against third party sources so that we can stay in touch if you move (see “Keeping your information up to date” below);
register, administer and personalise online accounts when you sign up to services we have developed;
process applications for funding and for administration of our role in the projects we fund;
administer our websites and to troubleshoot, perform data analysis, research, generate statistics and surveys related to our technical systems;
testing our technical systems to make sure they are working as expected;
display content to you in a way appropriate to the device you are using (for example if you are viewing content on a mobile device or a computer);
generate reports on our work, services and events;
safeguard our staff and volunteers;
conduct due diligence and ethical screening;
monitor website use to identify visitor location, guard against disruptive use, monitor website traffic and/or personalise information which is presented to you;
process your application for a job or volunteering position;
conduct training and quality control;
audit and administer our accounts;
meet our legal obligations, for instance to perform contracts between you and us, or our obligations to regulators, government and/or law enforcement bodies;
carry out fraud prevention and money laundering checks;
undertake credit risk reduction activities; and/or
establish, defend or enforce legal claims.
Who we share your personal information with
We may share your data with our associated charities and third parties. These third parties may include:
Ahmadiyya Muslim Association United Kingdom (‘AMA UK’)
Ahmadiyya Muslim Jamaat International (‘AMJ’)
Majlis Ansarullah UK
Lajna Imaillah UK
Other charity partners, suppliers and sub-contractors who may process information on our behalf;
Analytics and search engine providers;
IT service providers
Where we are under a legal or regulatory duty to do so, we may disclose your details to the police, regulatory bodies or legal advisors, and/or, where we consider this necessary, to protect the rights, property or safety of MAA UK, its staff, visitors, users, members or others.
We will not share your personal information with any other third party.
How long your personal information will be kept
MAA UK has specific criteria to determine how long we will retain your information for, which are determined by legal and operational considerations. For instance we are required to keep some personal information for tax or health and safety purposes, as well as keep a record of your interactions with us.
Reasons we can collect and use your personal information
We must have a “legal basis” for each use we make of personal information as per Data protection laws. The relevant legal bases are set out in the General Data Protection Regulation (EU Regulation 2016/679) and in current UK data protection legislation.
Consent is where we ask you if we can use your information in a certain way, and you agree to this (for example when we send you communication via post, phone, text or e-mail). Where we use your information for a purpose based on consent, you have the right to withdraw consent for any future use of your information for this purpose at any time.
We have a basis to use your personal information where we need to do so to comply with one of our legal or regulatory obligations. For example, in some cases we may need to share your information with our various regulators such as the Charity Commission, Fundraising Regulator, Information Commissioner, or to use information we collect about you for due diligence or ethical screening purposes.
Performance of a contract / take steps at your request to prepare for entry into a contract
We have a basis to use your personal information where we are entering into a contract with you or performing our obligations under that contract. Examples of this would be if you are buying something from us (for instance some branded merchandise or, in some cases, an event place), applying to work/volunteer with us.
We have a basis to use your personal information where it is necessary for us to protect life or health. For instance if there were to be an emergency impacting individuals at one of our events, or a safeguarding issue which required us to contact people unexpectedly or share their information with emergency services.
We have a basis to use your personal information if it is reasonably necessary for us (or others) to do so and in our/their “legitimate interests” (provided that what the information is used for is fair and does not unduly impact your rights).
We consider our legitimate interests to include all of the day-to-day activities MAA UK carries out with personal information. Some examples not mentioned under the other bases above where we are relying on legitimate interests are:
analysis and profiling of our supporters using personal information we already hold;
updating your address using third party sources if you have moved house (please see the “Keeping your information up to date” section below for more on this).
use of personal information when we are monitoring use of our website or apps for technical purposes;
use of personal information to administer, review and keep an internal record of the people we work with, including supporters, volunteers and researchers;
sharing of personal information between relevant departments, teams and committees within MAA UK and between AMJ, AMA UK, Majlis Ansarullah UK and Lajna Imaillah UK;
where you have signed up with us on a charity place for a third party event (for example a sponsored run not organised by MAA UK), sharing personal information with the third party event organiser so they can administer the event.
We only rely on legitimate interests where we consider that any potential impact on you (positive and negative), how intrusive it is from a privacy perspective and your rights under data protection laws do not override our (or others’) interests in us using your information in this way.
When we use sensitive personal information (please see the “What personal information we collect” section above), we may require an additional legal basis to do so under data protection laws, so will either do so on the basis of your explicit consent or another route available to us at law for using this type of information (for example if you have made the information manifestly public, we need to process it for employment, social security or social protection law purposes, your vital interests, or, in some cases, if it is in the public interest for us to do so).
Transfer of your information out of the EEA
In some circumstances, MAA UK or some of our suppliers may transfer your data outside the European Economic Area (EEA) – this may include a country which may not be subject to the same data protection laws as companies based in the UK. In these circumstances, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law, and appropriate safeguards are in place. These include imposing contractual obligations of adequacy or requiring the recipient to subscribe or to be certified with an international frame work of protection.
If you would like further information please contact us (see ‘How to contact us’ below). We will not otherwise transfer your personal data outside of the United Kingdom OR EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
fair processing of information and transparency over how we use your use personal information
access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
require us to correct any mistakes in your information which we hold
require the erasure of personal information concerning you in certain situations
receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
object at any time to processing of personal information concerning you for direct marketing
object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
object in certain other situations to our continued processing of your personal information
otherwise restrict our processing of your personal information in certain circumstances
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.If you would like to exercise any of those rights, please:
email, call or write to us
let us have enough information to identify you [e.g. name, address, AIMS ID ],
let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
let us know the information to which your request relates to
If you would like to unsubscribe from any email newsletter you can also click on the ‘unsubscribe’ button at the bottom of the email newsletter. It may take up to 30 days for this to take place.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: [0303 123 1113].
Changes to this privacy notice
This privacy notice was published on 15th May 2018 and last updated on 15th May 2018.
We may change this privacy notice from time to time, when we do we will update this on our website. We will also email you (if we hold a valid address for you).
How to contact us
Please contact us, if you have any questions about this privacy notice or the information we hold about you.
If you wish to contact us, please send an email to firstname.lastname@example.org or write to MKA UK, Data Protection Department, Sarai Khidmat, 31 Gressenhall Road, London, SW18 5QH.
Do you need extra help?
If you would like this notice in another format (for example: audio, large print) please contact us (see ‘How to contact us’ above)