Privacy Policy | Sri Sathya Sai Organisation United Kingdome CIO

PRIVACY NOTICE

Introduction

Sri Sathya Sai Organisation United Kingdom CIO (“SSSO” or "we" or "our" or “Organisation”) is
committed to respecting the privacy of individuals, including its members.

This Privacy Notice ("Notice"), together with any other documents referred to in it, sets out the basis
on which we process personal data, why we collect, store, use and share personal data, your rights
in relation to your personal data.

For the purposes of applicable data protection law Retained Regulation (EU) 2016/679 (“UK GDPR”)
and the Data Protection Act 2018 (“DPA 2018”), SSSO is the "Data Controller" of your personal data.

Personal Data We Collect
We may collect and process the following personal data:
· Information you give us:
Depending on your interactions with SSSO, we may collect the following personal data for:
– Member/Devotee: Name; Email Address; Telephone Number; Centre Name/Group;
Region
– Worker/Office Bearer/Teacher: Name; Email Address; Telephone Number; Centre
Name/Group; Region; Date of Birth/Age; Skills, information required for a Disclosure and
Barring Service Check (or similar); Position
– Student Parent/guardian: Name; Student Name; Email Address; Telephone Number;
Centre Name/Group; Region; and
– If you complete a form on our website; complete a survey; correspond with us by phone,
e-mail, or in writing; report a problem; sign up to receive our communications; create an
account with us; enter into a contract with us to receive or provide us with products
and/or services; visit one of our centres: name, telephone number; email address; role.

· Information we collect about you

With regard to each of your visits to our website we may automatically collect the following
information:
– Cookies. Please refer to our Cookie Policy – https://srisathyasai.org.uk/cookie-policy
– technical information, including the internet protocol (IP) address used to connect your
computer to the Internet, login information, browser type and version, time zone
setting, browser plug-in types and versions, operating system and platform; and
– information about your visit to our website such as the services (such as membership)
you searched for and view, page response times, download errors, length of visits to
certain pages, page interaction information (such as scrolling, clicks, and mouse-overs),
and methods used to browse away from the page.

· Information we receive from other sources:
We may also receive information about you if you use any of the other websites we operate or
the other services we provide.
We may also receive information about you when others register with us. The information we
receive may include: Name, Address, Email Address and Telephone Number.
As students, your parents/guardians may provide us with: Name; Email Address; Telephone
Number; Centre Name/Group; Region; Date of Birth/Age; Parent/Guardian Name;
Parent/Guardian Telephone Number; Parent/Guardian Email; Emergency Contact Name;
Emergency Contact Relation; Emergency Contact Telephone Number; Emergency Contact Email;
At present we do not undertake any automated decision-making processes which could result in
a negative consequence.

· Information about other people
If you provide information to us about any person other than yourself (such as your
parents/guardians etc.) you must ensure that they understand how their information will be
used, and that you have the appropriate authority to disclose it to us and for you to allow us,
and our outsourced service providers, to use it.

· Special Category Personal Data:
In certain limited cases, we may collect certain special category personal data from you (that is,
information about your racial or ethnic origin, political opinions, religious beliefs, trade union
activities, physical or mental health, sexual life, or details of criminal offences, or genetic or
biometric data). However, we will only do so on the basis of your explicit consent.

How We Use Personal Data?
When we ask you to supply us with personal data, we will make it clear whether the personal data
we are asking for must be supplied so that we can provide services to you, or whether the supply of
any personal data we ask for is optional.

Consent:
– where we need your consent to transfer your personal data to our affiliated Sri Sathya Sai
Organisations overseas; and
– where you have given your express consent to receive marketing communications, be added to
mailing lists or communications groups, we may use your personal data to:
o send you newsletters, surveys, information about our awards and local and
international events related services which may be of interest to you; and
o developing and improving and services offered by us.
We only process your sensitive personal data when we have obtained your explicit consent to do so.

You have the right to withdraw your consent at any time by either contacting us using the contact
information provided below.

Legitimate interests: where this is necessary for purposes which are in our, your, or third parties,
legitimate interests. These interests include managing our Organisation; providing you with
newsletters, surveys, information about our awards and events related to products and services
offered by SSSO which may be of interest to you; communicating with you in relation to any issues,
complaints, or disputes; improving the quality of experience when you interact with services.
You have the right to object to the processing of your personal data on the basis of legitimate
interests as set out below, under the heading Your rights.
Where required by law: we may also process your personal data if required by law, including
responding to requests by government or law enforcement authorities, or for the prevention of
crime or fraud.

With Whom Do We Share Personal Data?
We may share your personal data with members/devotees for the purposes of running our services
and inviting you to join groups.
We take all reasonable steps to ensure that our Office Bearers protect your personal data and are
aware of their information security obligations. We limit access to your personal data to those who
have a genuine organisational need to know it.

We may also share your personal data with trusted third parties including:
– legal and other professional advisers, consultants, and professional experts;
– service providers contracted to us in connection with provision of the products and services
including providers of IT services, customer relationship management services, or similar
parties;
– for services we use such as YouTube, Facebook, Twitter and Instagram;
– analytics and search engine providers that assist us in the improvement and optimisation of
our website; and/or
– if the running of our organisation is transferred to third party, in which case personal data
held by it about Officer bearers, members, parents and students will be one of the
transferred assets.
We will ensure there is a contract in place with the categories of recipients listed above which
include obligations in relation to the confidentiality, security, and lawful processing of any personal
data shared with them.

We, or trusted third parties on our behalf, may contact you by email or post with information about
activities that might be of interest to you. Where necessary, at the time that you provide your
personal data to us, you will be given the opportunity to indicate whether or not you are happy for
us to use your personal data in order to tell you about such activities.
You can unsubscribe from this at any time by clicking on the link provided in the relevant email, or by
emailing us using the contact details provided below.
Where a third-party recipient is located outside the UK, we will ensure that the transfer of personal
data will be protected by appropriate safeguards, namely the use of standard data protection

clauses adopted or approved by the Information Commissioner’s Office where the data protection
authority does not believe that the third country has adequate data protection laws.
We will share personal data if we are under a duty to disclose or share your personal data in order to
comply with any legal obligation, or in order to enforce or apply our terms and other agreements; or
if we reasonably consider this necessary; or to protect the rights, property of others.
We will share personal data with law enforcement or other authorities if required by applicable law,
for example for the purposes of crime prevention and fraud protection.

How Long Will We Keep Personal Data?
We will retain your personal data for as long as we believe it necessary or desirable to fulfil our
organisation’s purposes or to comply with applicable law, audit requirements, regulatory requests or
orders from competent courts.

Generally, we retain your personal data for 24 months from when you stop attending one of our
centres/groups or from your last interaction with us. Where there is a contract between us, we will
retain your personal data for the duration of the contract, and for a period of 6 years following its
termination or expiry, to ensure we are able to comply with any contractual, legal, audit and other
regulatory requirements, or any orders from competent courts or authorities.
Where you have consented to marketing communications, you may change your preferences or
unsubscribe from marketing communications at any time by responding and confirming you wish to
unsubscribe.

Where possible we will anonymise or pseudonymise your personal data. Your personal information
may be converted into statistical or aggregated data which cannot be used to re-identify you. It will
then be used to produce statistical research and reports. This aggregated data may be shared and
used in all the ways described in this privacy notice though it may also be used in other ways not
described here.

We may archive and retain and use photographs/videos and other pieces of information (including
to show the development of the organisation) in presentations, literature and other media from
time to time.

Where Do We Store Personal Data and How Is It Protected?
We take reasonable steps to protect your personal data from loss or destruction.
We also have procedures in place to deal with any suspected data security breach. We will notify
you and any applicable regulator of a suspected data security breach where we are legally required
to do so.

Unfortunately, the transmission of information via the internet is not completely secure. Although
we will do our best to protect your personal data, we cannot guarantee the security of your personal
data transmitted to our site; any transmission is at your own risk. Once we have received your
personal data, we will use strict procedures and security features to try to prevent unauthorised
access.

Your Rights
Under the GDPR, you have various rights with respect to our use of your personal data:

Right to Access
You have the right to request a copy of the personal data that we hold about you by contacting us at
the email given below. Please include with your request information that will enable us to verify
your identity. We will respond with 30 days of request. Please note that there are exceptions to this
right. We may be unable to make all information available to you if, for example, making the
information available to you would reveal personal data about another person, if we are legally
prevented from disclosing such information or if your request is manifestly unfounded or excessive.

Right to rectification
We aim to keep your personal data accurate and complete. We encourage you to contact us using
the contact details provided below to let us know if any of your personal data is not accurate or
changes, so that we can keep your personal data up-to-date.

Right to erasure
You have the right to request the deletion of your personal data where, for example, the personal
data are no longer necessary for the purposes for which they were collected, where you withdraw
your consent to processing, where there is no overriding legitimate interest for us to continue to
process your personal data, or your personal data has been unlawfully processed. If you would like
to request that your personal data is erased, please contact us using the contact details provided
below.

Right to object
In certain circumstances, you have the right to object to the processing of your personal data where,
for example, your personal data is being processed on the basis of legitimate interests and there is
no overriding legitimate interest for us to continue to process your personal data, or if your data is
being processed for direct marketing purposes. If you would like to object to the pressing of your
personal data, please contact us using the contact details provided below.

Right to restrict processing
In certain circumstances, you have the right to request that we restrict the further processing of
your personal data. This right arises where, for example, you have contested the accuracy of the
personal data we hold about you and we are verifying the information, you have objected to
processing based on legitimate interests and we are considering whether there are any overriding
legitimate interests, or the processing is unlawful and you elect that processing is restricted rather
than deleted. Please contact us using the contact details provided below.

Right to data portability
In certain circumstances, you have the right to request that some of your personal data is provided
to you, or to another data controller, in a commonly used, machine-readable format. This right
arises where you have provided your personal data to us, the processing is based on consent or the
performance of a contract, and processing is carried out by automated means. If you would like to
request that your personal data is ported to you, please contact us using the contact details
provided below.

Please note that there are exceptions to these rights, if, for example, we are under a legal obligation
to continue to process your personal data. If we are unable to comply with your request due to an
exception, we will explain this to you in our response.

Contact
If you would like to contact us about this Notice, our use of your personal data, or about exercising
any of your rights, please contact us by email at privacy@srisathyasai.org.uk

Complaints
If you believe that your data protection rights may have been breached, and we have been unable to
resolve your concern, you may lodge a complaint the applicable supervisory authority or to seek a
remedy through the courts. Please visit https://ico.org.uk/concerns/ for more information on how
to report a concern to the UK Information Commissioner’s Office.

Changes to our Notice
Any changes we may make to our Notice in the future will be posted on this page and, where
appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes
to our Notice.