Privacy Policy

PRIVACY POLICY

OIA, OGF, OCT, OCP, OCN, and Oasis Hubs

Welcome to the privacy notice for Oasis International Association, Oasis Charitable Trust, Oasis International Foundation, Oasis Community Partnerships and Oasis Community Hubs (referred to in the rest of the document collectively as ‘Oasis Charities’).

This sets out how the Oasis charities deal with people’s data.  It’s quite long we’re afraid – but we’ve broken it down into bite size sections so that you can home in on the most relevant areas for you.

  1. Introduction and Structure of Oasis
    1. The structure of Oasis
    2. Oasis outside the UK
    3. Oasis Community Hubs within the UK
       
  1. The data we collect and why we collect it
     
  1. The lawful basis for collecting and storing data
     
  1. Data sharing
     
  1. Marketing and fundraising
    1. General practise and consent
    2. Legitimate interest in marketing and fundraising
    3. Withdrawing consent and data deletion
    4. Sharing data with third parties for marketing purposes
    5. Using data to profile
       
  1. Data storage
     
  1. Data protection rights
     

1. Introduction and Structure of Oasis

At Oasis, we believe in open, honest and healthy relationships.  It is this belief, along with compliance to the law, which shapes the way we communicate with people and manage personal data.

We are committed to protecting the privacy of the individuals whose data we process and to processing all data in a lawful, open and transparent way. We aim to ensure that any information you give us is held securely and safely.

  1. The structure of Oasis

Oasis in the UK is a family of charities:

Each of these charities share the same aim – to transform communities.  But often we operate quite distinctly, and relate differently to different groups of people.  As such, we think it makes sense to have separate privacy notices for some of the different Oasis charities.  Please click on the hyper link of each charity to read their privacy notice. 

This notice covers the work of Oasis International Association, The Oasis International Foundation, Oasis Charitable Trust and Oasis Community Partnerships.  Primarily, you will come across these parts of Oasis if you give money to us, buy products from us or use our community services in the UK.

This privacy notice also covers the four websites which The Oasis International Foundation is responsible for managing –oasisInternational.org, oasisuk.org, oasis.foundation and openchurch.network.

  1. Oasis outside the UK

If you have given your data to Oasis in a country outside the UK, we can’t access it.  Similarly if you’ve given it to us, we can’t pass it on to them.  We are separate legal organisations.  If you’ve given data to us and to another Oasis country, you have a separate relationship with Oasis in the UK and Oasis in the respective country.

Therefore, if you have given data to Oasis in more than one country and would like the information to be deleted or have a question about it, you would need to contact each country individually. 

  1. Oasis Community Hubs within the UK

Oasis Community Partnerships is part of the Oasis family of charities in the UK and operates a number of sub-charities - or ‘wholly owned subsidiaries’ - located around the country; we call them Oasis Community Hubs.  They are our local community transformation charities and are listed below.

The community Hubs support the efficient local delivery of our community work and their activities are also covered by this privacy notice.

Oasis Community Hubs

  • Oasis Community Hub: Ashburton Park
  • Oasis Community Hub: Foundry and Boulton
  • Oasis Community Hub: Hadley
  • Oasis Community Hub: Henderson Avenue
  • Oasis Community Hub: Hobmoor
  • Oasis Community Hub: Immingham
  • Oasis COmmunity Hub: Lister Park
  • Oasis Lord’s Hill
  • Oasis Community Hub: Mayfield
  • Oasis Community Hub: MediaCityUK
  • Mulberry Bush (Coulsdon) Ltd
  • Oasis Community Hub: North Bristol
  • Oasis Community Hub: Oldham
  • Oasis Community Hub: South Bristol
  • Oasis UK Trading Ltd
  • Oasis Community Hub: Waterloo
  • Oasis Community Hub: Wintringham

2. The data we collect and why we collect it

We will always endeavor to be clear, honest and transparent with you whenever we collect and use your personal data.  It’s a commitment that reflects who we are and we hold ourselves to high standards. 

Below, we’ve sketched out the different reasons why we may collect and use your data.  We’re not saying that we’ll use ALL your personal information for all of these purposes – it will totally depend on the nature of your relationship with us, and how you interact with the Oasis charities and Oasis Community Hubs.

  1. Fundraising, campaigning and marketing: There’s a whole other section on this.  Make sure you check it out if you’re a donor or supporter.
     
  1. Provision of charitable community activities to service users: The core projects that we deliver around the UK will often mean we have to record details of our users contact details, their eligibility for our charitable services, records of financial transactions and communications.

The categories of service user information that we collect, process, hold and share include:

  • Personal information of both users and parents/carers/next of kin (such as name, address, email address)
  • Special characteristics (such as ethnicity, language, nationality)
  • Health information (such as allergies, health and safety information)
  • Safeguarding information
  • Specific detailed information for targeted services (such as financial information as part of our debt advice centre)
  • Records of progress as a result of service use (such as impact data, information on progress/achievements, specific service notes)
  • Attendance information (such as number of sessions attended)
  • Bahavioural information (such as incident records)

We use this data to:

  • Ensure effective and quality community services can be offered
  • Ensure appropriate eligibility for a particular services
  • Monitor and report on user and/or service progress
  • Provide appropriate pastoral care to users
  • Safeguard individuals from harm
  • Communicate with parents/carers/next of kin in the case of an incident or emergency
  • Communicate with service users around access to and use of a particular service
  • Comply with the law
     
  1. Management of volunteers: When it comes to our highly valued volunteers, we will need to use personal information to manage volunteering activities, deliver training, involve and update them on our projects and campaigns (we will ask for your explicit consent in the case of marketing) and to ensure safety.

The categories of volunteer information that we collect, process, hold and share include:

  • Personal information (such as name, address, email address)
  • Special characteristics (such as gender, age, ethnic group)
  • Volunteer agreement information (such as start dates, hours worked, post, role)
  • Qualifications (where relevant)
  • Additional personal information (such as next of kin)

We use volunteer data to:

  • Inform our volunteer recruitment policies
  • Inform the development of our volunteer training
  • Enable the effective protection of the health, safety and wellbeing of individuals
  • Comply with the law (where relevant)
  • Communicate with the volunteer around the detail of the volunteering opportunity
     
  1. Staff administration: We employ a number of staff in the UK, who are crucial to both delivering our community programmes as well as providing a range of professional and technical support services. We process the personal information of our employees for recruitment, staff administration, remuneration, pensions and performance management purposes.

The categories of employee information that we collect, process, hold and share include:

  • Personal information (such as name, address, email address)
  • Special characteristics (such as gender, age, ethnic group)
  • Contract information (such as start dates, hours worked, post, role, salary information)
  • Work absence information (such as number of absences and reasons)
  • Qualifications
  • Additional personal information (such as next of kin)
  • Information relating to evaluation of work performance
  • Payroll details including bank account information

We use employee data to:

  • Enable the development of a comprehensive picture of the workforce and how it is deployed
  • Inform our volunteer recruitment and retention policies
  • Inform the development of our Continuing Professional Development programmes
  • Enable individuals to be paid
  • Meet statutory reporting obligations including to HMRC
  • Enable the effective protection of the health, safety and wellbeing of individuals
  • Conduct planning, budgeting and related activities
  • Comply with the law (where relevant)

3. The lawful basis for sharing data

Okay, here comes the legal bit.  Don’t worry – it’s pretty straightforward.

We collect and use personal data under General Data Protection Regulation (GDPR). We must have a lawful basis to collect and use your personal data. The law allows six legal purposes which organisations can rely on to process people’s personal data. Four of them are particularly relevant to our organisation:

  • Consent – Article 6 – 1 (a): the data subject has given consent to the processing of their personal data for one or more specific purposes.  They’ll be much more about this in our fundraising and marketing section.
  • Contractual relationship – Article 6 – 1 (b): processing necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  • Legal obligation – Article 6 – 1 (c): processing is necessary for compliance with a legal obligation to which the controller is subject
  • Legitimate interest – Article 6 – 1 (f): processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.  Again, we’ll take a bit more about legitimate interest in the fundraising and marketing section.

4. Sharing your data

Oasis charities will never sell your data or swap it with other charities or organisations for the purposes of their own marketing. 

We do however, routinely share user information with:

  • Within Oasis Community Partnerships and our Oasis Community Hubs
  • Oasis Community Learning (our sister Multi-Academy Trust)
  • Oasis Charitable Trust (our parent trust) – this largely relates to staff HR details and financial information processed by the OCT HR and finance teams
  • Specific local charity/community partners – where we are delivering a service in partnership with others
  • Specific local statutory agencies e.g. Police, NHS a Local Authority  – where we are delivering a service in partnership with these particular agencies or we need to make a referral to comply with the law

See the supplementary section at the end of this document for specific detail around data sharing in this particular Oasis Community Hub. It will detail the third parties that we share data with in this Hub.

In all instances, we have agreements with third-party agencies and suppliers to ensure that your personal data is protected and is only used for the specific purposes that we direct. Our Community Hubs and Oasis charities only make use of selected third-party services to process data on our behalf in accordance with our policies.

We may share user information with other third parties if we are legally obligated to, if we have specific consent to do so or where we need to in order to fulfil the service we are providing to you (we’ll make it really clear when we are sharing information in this way). 

  1. Marketing and fundraising
  1. General practise and consent

Like all major charities, we have a range of fundraising and marketing activities that help us raise income or promote the aims and objectives of the charity. We use a range of marketing activities and channels such as direct marketing and face-to-face activity, advertising (print, broadcast and digital) and public relations for marketing, fundraising, and income generation. This may include talking to you about specific appeals, promoting ongoing campaigns in which you can play an active role, competitions, commercial trading activities, sponsorships, events or volunteering opportunities. We may also ask if you are able and prepared to Gift Aid any of your donations.

There are three main ways in which you might give us your personal data and at the same time may also wish to hear from us about our fundraising, campaigning and other marketing activities:

  • By signing up to one of our mailing lists
  • Giving us money
  • Buying a product, signing up to a course or using one of our community services

Let’s unpack these three in more detail.

Signing up to one of our mailing lists

This is pretty straightforward.  If you opt to sign up to one of our mailing lists, we’ll ask for your contact detail and then ask you to take a ‘positive action’ to show that you consent to us contacting you.  Usually this will be through ticking a box, although we can take verbal consent so long as we’re really sure you want to hear from us.  We’ll assume that you’re happy for us to contact you using the details you give us.

At that point you’ll be added to the relevant mailing list and will receive updates, newsletters, appeals and information on campaigns around the relevant topic.  In all these communications they’ll be opt out and unsubscribe options.  However, if we haven’t engaged with us in any way after five years we’ll ask you if you still want to hear from us and if we don’t hear anything, we’ll take you off the mailing lists.

Giving us money

As a charity dependent on generous donations we can’t express how grateful we are to the people that give us money.  We endeavour to be hugely respectful and careful with any data you give us in this process.

If you donate money to us, we figure you may want to hear news from us.  So when you donate online, we’ll give you the chance to sign up to one of our mailing lists – but you don’t have to take it.

If you don’t sign up to a mailing list we will only contact you around matters relating to your donation.  We will keep your details recorded for six years.  We have to do this in order to satisfy legal requirements.  After this time has expired we’ll delete your details unless we have your consent to keep them.

Buying a product, signing up to a course or using one of our community services

When you buy a product, sign up to a course or use one of our community services, we may give you the chance to sign up to one of our mailing lists (or of course, you may already have signed up to one).  But you don’t have to do so.

If you are not signed up to one of our mailing lists, we will only use your information to contact you for something transactional about that product (i.e. delivery status), course (i.e. instructions on how to get to the venue) or community services (i.e. details on how to get involved).

  1. Legitimate interest in marketing and fundraising

There will be people that we at Oasis feel we have legitimate interest to store the personal information of and make direct contact with.  These people will usually fall into one or more of the following people:

  • People who in their professional of voluntary role would expect to hear from Oasis (examples: CSR managers, church mission coordinators, trust managers)
  • People who have a role in public life in life where we feel that there is a societal interest in Oasis making contact (examples: MPs, Police Commissioners, Bishops)
  • People who have given to Oasis in recent years and we feel would be interested in receiving news about other appeals.  However, we will only do this by post and there will be an opt out option.

Before we contact anyone under the basis of legitimate interest we will conduct an internal assessment to be sure we are within our rights to do so.

  1. Withdrawing consent and data deletion

If you get in touch with us to say you want to withdraw your consent for us to hold and process your data for marketing purposes, we’ll immediately remove you from all the mailing lists you’re currently subscribed to.

We’ll then do an internal trawl to find out exactly what data we hold on you across the organsiations listed in the introduction of this privacy notice.

As a general rule, we’ll delete all that information. The only exceptions are if we have another legal basis to retain your or some of your data. For example, if you have made a donation in the past 6 years we will need to retain your information to satisfy the requirements of HMRC and our auditors. 

  1. Sharing data with third parties for marketing purposes

There are a few people that we may HAVE to share your data with.  For example, if you’ve given money to us and claimed gift aid (again, thank you) than we have to share that info with HMRC.  Similarly your donation may have been processed through PayPal and we use various other financial management systems where we would enter some of your data. 

There’s also some third party suppliers we may need to give your personal data to if we’re going to be communicating with you.  For example, if we’re going to post you our Christmas newsletter we’ll need to give your name and address to our printers.  We have really good agreements in place with third party suppliers to ensure your data is protected. Just let us know if you want details.

What we never do however is sell your data or swap it with other charities or organisations. 

Similarly, for electronic communications we may use a third party supplier such as MailChimp (you may want to read their privacy policy too).

  1. Using data to profile

In some limited circumstances we may combine personal information you have given us with information that is available in the public domain.  This is to create a profile of your interests and preferences that help us to get to know you better and engage better with you.  Anything like this would be in the public domain – published biographies, employment interests, media coverage, social media.  If you’re not happy about this, please do get in touch with us at enquiries@oasisuk.org.

  1. Data storage

We securely hold your data as outlined within the Oasis Data Retention Policy, Oasis Information Security Policy and Oasis Data Protection Policy.

The length of time each category of data will be retained will vary on how long we need to process it, the reason it is collected, and in line with any statutory requirements. After this point the data will either be deleted or rendered anonymous.

Please find below a list of some of our key data retention periods:

  • Hub Activity Referral Forms – for the duration of the project
  • Hub Activity registration forms – Date of Birth + 25 years or 10 years after last contact
  • Hub Activity Attendance registers – 10 years
  • Safeguarding information relating to children – Date of Birth + 25 years
  • Safeguarding information relating to vulnerable adults – 75 years
  • Volunteer Records – Date of Leaving + 6 years
  • Accident Books – 3 years
  • Financial Information – 6 years

For further information on Oasis Community Partnerships data retention (including the table for all our retention periods), please see the Oasis Data Retention Policy. Please use the contact information provided earlier in this document to obtain copies of this and other related policies.

  1. IP addresses and internet cookies

In terms of IP addresses, all of our websites do track and store these.  We need to for security reasons.  However, we make sure that our web hosting company regularly delete these.

Our websites do use Cookies.  It makes the browsing experience much better for you.  You need to agree to the policy before browsing the site.

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

We do not identify you through the use of cookies or information sent by your computer except where you have asked us to remember your details. We may attempt to track your usage of the site to enable us to review anonymous web statistics – that just gives us a sense of how good a job our site is doing in terms of interesting people in our story and content.

Most browsers allow you to refuse to accept cookies. For example:

  1. in Internet Explorer (version 9) you can block cookies using the cookie handling override settings available by clicking “Tools”, “Internet Options”, “Privacy” and then “Advanced”;
  2. in Firefox (version 16) you can block all cookies by clicking “Tools”, “Options”, “Privacy”, selecting “Use custom settings for history” from the drop-down menu, and unticking “Accept cookies from sites”; and
  3. in Chrome (version 23), you can block all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Content settings”, and then selecting “Block sites from setting any data” under the “Cookies” heading.

Blocking all cookies will, however, have a negative impact upon the usability of many websites. If you block cookies, you will not be able to use all the features on this website, including but not limited to making donations.

Deleting cookies

You can also delete cookies already stored on your computer. For example:

  1. in Internet Explorer (version 9), you must manually delete cookie files (you can find instructions for doing so at http://support.microsoft.com/kb/278835);
  2. in Firefox (version 16), you can delete cookies by clicking “Tools”, “Options”, “Privacy” and then “Show Cookies”, and then clicking “Remove All Cookies”;
  3. in Chrome (version 23), you can delete all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Clear browsing data”, and then selecting “Delete cookies and other site and plug-in data” before clicking “Clear browsing data”.

Again, doing this may have a negative impact on the usability of our website.

  1. Updates to this policy

From time to time, we will make changes to this privacy notice to keep it up to data and relevant. Please make sure you check regularly to see what’s changed. If you are signed up to one of our mailing lists and we ever we make significant changes to this policy we’ll update you on this proactively.

  1. Data protection rights

Where Oasis charities and Oasis Hubs are using your personal information on the basis of your consent, you have the right to withdraw that consent at any time. You also have the right to ask us to stop using your personal information for direct marketing purposes.

Under data protection legislation, anyone we hold information about has the right to request access to, and see information about, their data. To make a request for access to your personal information, contact your Oasis Community Hub or you can contact:

Kat Simmonds
National Data Protection Lead
Oasis Community Partnerships
1 Kennington Road
London
SE1 7QP
020 7921 4200
info@oasisuk.org

You also have the right to:

  • Object to processing of personal data that is likely to cause, or is causing, damage or distress
  • Prevent processing for the purposes of direct marketing
  • Object to decisions being taken by automated means
  • In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • Claim compensation for damages caused by a breach of the Data Protection regulations