Privacy Policy
1. Data Protection Principles
Women Arise Ministries Global is committed to processing data in accordance with its responsibilities under the GDPR.
Article 5 of the GDPR requires that personal data shall be:
a. Processed lawfully, fairly and in a transparent manner in relation to individuals.
b. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
c. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
d. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data, which is inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
e. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
f. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
2. General Provisions
a. This policy applies to all personal data processed by Women Arise Ministries Global.
b. The Responsible Person(s) shall take responsibility for the Charity’s ongoing compliance with this policy.
c. This policy shall be reviewed annually.
d. Women Arise Ministries Global shall register with the Information Commissioner’s Office as an organisation that processes personal data.
3. Lawful, Fair and Transparent Processing
a. To ensure its processing of data is lawful, fair and transparent, Women Arise Ministries Global shall maintain a Register of Systems.
b. The Register of Systems shall be reviewed at least annually.
c. Individuals have the right to access their personal data and any such requests made to Women Arise Ministries Global shall be dealt with in a timely manner.
4. Lawful Purposes
a. All data processed by Women Arise Ministries Global will be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests (see ICO guidance for more information).
b. Women Arise Ministries Global shall note the appropriate lawful basis in the Register of Systems.
c. Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
d. Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent will be clearly available and systems are in place to ensure such revocation is reflected accurately in Women Arise Ministries Global systems.
e. Where we have a legal requirement – We will always share data where we have a legal requirement to do so. Examples of this include providing audit information to HMRC for our Gift Aid claims or if we are required to do so by law enforcement officials.
5. Data Minimisation
a. Women Arise Ministries Global shall ensure that personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
b. Where possible, Women Arise Ministries Global must apply anonymisation to Personal Data to reduce the risks to the Data Subjects concerned.
6. Accuracy
a. Women Arise Ministries Global shall take reasonable steps to ensure personal data is accurate and, where necessary, kept up to date; reasonable steps must be taken to ensure that Personal Data, which is inaccurate, having regard to the purposes for which they are processed, are erased or rectified in a timely manner.
7. Archiving / Removal
a. To ensure that personal data is kept for no longer than necessary, Women Arise Ministries shall put in place an archiving policy for each area in which personal data is processed and review this process annually.
b. The archiving policy shall consider what data should/must be retained, for how long, and why.
c. In general, we will keep records of financial donors for at least seven years, to meet our requirements for any Gift Aid audit from HMRC. If we have asked for sensitive personal data specific to an event, we will dispose of this data within a month after the event.
d. You have a right to be removed from our records, which means that you can ask us to delete your personal details before the end of the time limits, we’ve listed. There are some circumstances where we may need to keep your details, for example, in order to comply with a legal obligation. If this situation occurs, then we will explain and discuss these circumstances with you.
Applicants
• When you apply to work or volunteer at WAM Global we will ask for information about you and your work history to understand how your skills and past experience match the requirements of a role.
• There are two circumstances where we might disclose details outside of WAM Global as we process your application:
1. We will ask for details of referees, and we will contact them to verify the information that you have given us – when we contact them, we will share your name and the role that you have applied for. We contact referees on the basis of our legitimate interests as an organisation to understand applicants and their suitability for the roles they apply for.
2. Some roles also require us to obtain a disclosure from the Disclosure & Barring Service. This will be clearly marked in the advertisement, and so we will not give you further notice before we apply for this disclosure.
• All candidates applying to work or to volunteer at WAM Global will automatically have their application details saved and retained on our secure systems for 2 months.
• If you would like for us to remove your personal details from our system at any time before that, please email info@wam-global.org to let us know.
Employees
• If you begin employment with us, we will put together a staff file, which will contain your information. We keep this information in this file secure and will only use it for matters that apply directly to your employment with WAM Global.
• We provide all of our employees with an internal privacy notice, which explains exactly how we process their data as an employee, including how we use their personal data in case of emergency, and how long we retain all this information for.
Changes to this policy
From time to time, we may make changes to this policy, and you will always be able to see here when it was last updated. If we make significant changes, such as in how or why we process your personal data, we will also publicise these changes on our website or may contact you directly with more information.
8. Security
a. Women Arise Ministries Global shall ensure that personal data is stored securely using modern software that is kept up to date.
b. Access to personal data shall be limited to personnel who need access and appropriate security will be in place to avoid unauthorised sharing of information.
c. When personal data is deleted, this will be done safely such that the data is irrecoverable.
d. Appropriate back-up and disaster recovery solutions shall be in place.
e. Integrity and Confidentiality – Appropriate technical or organisational measures must be adopted to ensure security of Personal Data, including protection against accidental or unlawful destruction, loss, alteration, unauthorised access, or disclosure.
f. Accountability Data Managers must be responsible for and be able to demonstrate compliance with the principles outlined above. All Staff shall adhere to these principles when Processing Personal Data.
g. WAM Global recognises that children need particular protection when collecting and Processing their Personal Data. WAM Global shall ensure that the principle of fairness is central to all processing of children’s Personal Data.
If Personal Data is collected from children, clear privacy notices must be specifically tailored for children, so that they and their responsible adults are able to understand what will happen to their Personal Data, and what rights they have.
If we are sent a child’s data through our WAM Global website, eg if they sign up for a community fundraising event, we’ll ask for their date of birth. If they’re 12 or under, we’ll ask their parent or guardian to sign up on their behalf.
Please note: Resources on our WAM Global website are written primarily for adults and some of the content, such as information regarding domestic violence, may not be suitable for younger children. Therefore, we do not intentionally collect or maintain data about anyone under the age of 16 through our subscription lists or otherwise.
Transparent Processing
Privacy Notices
Either before or at the time of collection of any Personal Data, WAM Global is required to:
a. inform Data Subjects about what kind of Personal Data WAM Global collects.
b. the reason for collecting the Personal Data.
c. the purposes of the Processing.
d. the legal basis which is being relied upon.
e. the Data Subjects’ rights in relation to Personal Data.
f. security measures taken in relation to the Personal Data.
g. whether WAM Global transfers Personal Data to third parties.
h. the retention period and any potential transfers of Personal Data outside of Europe.
WAM Global will provide this information to Data Subjects in privacy notices.
Preferences
If you want to change what we send you, or how we contact you, just let us know – eg you can ask us to contact you by email rather than post.
Call us on: 020 8715 6560 or email us at: info@wam-global.org.uk
Write to us at:
Women Arise Ministries Global – Vestry Hall, 336 – 338, London Road, Mitcham CR4 3UD
9. Reporting a Breach
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, Women Arise Ministries Global shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website) as required for GDPR.
Where the Personal data breach results in a high risk to the data subject, he/she also has to be notified unless subsequent steps have been taken to ensure that the risk is unlikely to materialise, security measures were applied to render the personal data unintelligible (e.g. encryption) or it would amount to disproportionate effort to inform the data subject directly. In the latter circumstances, public communication must be made, or an equally effective alternative measure must be adopted to inform data subjects, so that they themselves can take any remedial action.
If it is suspected that a personal data breach has occurred, the data protection manager should be advised immediately and follow the data breach procedure. All evidence must be retained, relating to personal data breaches in particular to enable WAM Global to maintain a record of such breaches, as required by the GDPR.
This Policy is mandatory for all Staff and volunteers, and all Staff and volunteers must read and comply with this Policy and any related procedures and guidance.
Last updates to this policy: August 2025
Policy to be Reviewed – August 2026
END OF POLICY
Charity
Women Arise Ministries Global, Registered Charity Number 1130494
GDPR
General Data Protection Regulation & Privacy
Responsible Person
Jannett Kelly and Theo Nelson-Williams – Trustees
Register of Systems
Means a register of all systems or contexts in which personal data is processed by the Charity.