We do not sell or share personal data to third parties for the purposes of marketing.

We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers, or subcontractors as far as reasonably necessary to perform or maintain our services. They will only use the data in accordance with this Privacy Policy and wider GDPR laws. They do not use any of this data for their own interests.

For instance, when you give consent to receive our e-communications, we use MailChimp to send email newsletters. We occasionally use other service providers to send surveys (e.g.: SurveyMonkey) or invitations (e.g.: Eventbrite). These agents store your data to the extent that it is necessary to perform these functions, in using their service you agree to their T&Cs.

Our website host RaisingIT will have access to your data only for the reasons of administering our website and support. They do not use this information in any other way.

As per Data Protection law, Glass Door is required to ensure that all information held on you is accurate. Therefore, we undertake a yearly data cleanse/check of our donations database using the third-party provider BRG Direct Ltd (www.brgdirect.co.uk). They are instructed to handle any data in accordance with Glass Door’s Data Protection policy and remove all supporter data from their systems once the cleanse is complete.

All our website financial transactions are handled through our payment services provider, Stripe. You can review the provider's privacy policy at https://stripe.com/gb/privacy. Direct Debits are handled through GoCardless. You can review the provider's privacy policy at https://gocardless.com/legal/privacy/. We will share information with our payment services provider only to the extent necessary for the purposes of processing payments you make via our website, refunding such payments and dealing with complaints and queries relating to such payments and refunds.

If you would like to see a full list of Glass Door subcontractors please contact our Data Manager, Abbas Bandali (see ‘contact’ section). We have ensured that all our partner organisations who store data on our behalf agree to a Data Processing Addendum, and we have verified their data security complies with our own. Therefore, they cannot give, sell, or rent your information to others for any marketing purposes, and they are required to protect your information to the same degree that we do.

We have performed a balancing test on all subcontractors we use and have firm data-sharing contracts in place with. We have identified all organisations from low and moderate risk. All organisations have proved a high standard in availability and performance, and security is their top priority. We review these organisations at least annually and contracts between the parties are reviewed and updated upon contract termination. When data is transferred outside of the UK, appropriate safeguards are in place to ensure adequate levels of security are in place and are in accordance with data protection laws.

We may disclose some information to our partners (drop-in centres or volunteer coordinators at our partner churches) as far as it is reasonably necessary for the running of our services and the purposes set out in this policy.

We may share anonymised data on volunteers and guests of our services with organisations who are supportive of our aims, for example, funders, partners, volunteers, and supporters. No individual can be identified from this data. 

We may disclose data where it is necessary to protect the vital interests of an individual.

Police or Social Services: there are exemptions within data protection regulations that mean we are under legal obligations to share limited data. This includes the prevention and detection of crime or to prevent benefit fraud.