Privacy Notice

Who we are

We are The Principle Foundation, the benevolent organisation administering the International Fund for Christian Science Nursing (“IFCSN”, referred to in this document as “we,” “us” and “our”)

Our registered office address is:

10670 Barkley St
Overland Park, KS 66212
USA

Introduction

This Privacy Notice sets out how we use the personal information collected through this website (ifcsn.org), as part of sharing information via IFCSN and or processing your information as part of a grant application or payment related to a grant, whatever method is used to correspond with us.

Throughout this document, where we refer to Data Protection Legislation, we mean the Data Protection Act 2018 (DPA2018), United Kingdom General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the aforementioned legislation. When you are based in the EU, it also includes the EU General Data Protection Regulation (EU GDPR). This includes any replacement legislation coming into effect from time to time.

We are committed to meeting the requirements of the Data Protection Legislation and we have developed this Privacy Notice to ensure that you are aware of:

  • The personal data we collect about you
  • What we do with your information
  • What we do to keep your information secure, and
  • The rights and choices you have over your personal information

We will only use your information as set out in this Privacy Notice. If we need to use your personal information for any other purpose, we will take steps to tell you and we will update this Privacy Notice.

The personal data we collect

We only collect personal information that we genuinely need and in accordance with the Data Protection Legislation.

Data we collect from Requesters

The type of personal information that we will collect directly from you and we store in our database when progressing through the grant process will include your:

  • Name
  • Telephone Number
  • Email Address
  • Home Address
  • Information disclosed as part of your grant application
  • Information needed to make payments to Providers on grants
  • Your engagement of qualified Christian Science Care providers
  • Your banking information if you request a reimbursement for cost already paid

We will collect information that will help us determine your eligibility for financial assistance and information about those who are providing you with Christian Science care.

Bank information is collected in our database to set up payment to you for any reimbursements you might have requested based on the terms of your grant. The bank that processes your payment (Convera, formerly Western Union) stores your bank and contact information in a secure database in Frankfurt (AWS). Once IFCSN receives confirmation that a payment was successfully made, any payment information will be deleted from the IFCSN database. Only Convera will retain this information for as long as payments will be processed.

Data we collect from Care Providers

The personal information that we will collect about you from grant Requesters’ applications and we store in our database when we award a grant that involves the services you provide is:

  • Name
  • Telephone Number
  • Email Address
  • Home Address
  • Invoice information
  • Bank information
  • Status as a Christian Science Care provider (Journal-listed or not)

Bank information is collected in our database to set up payment to you for the services you provided based on the terms of the grant to the Requester. The bank that processes your payment (Convera, formerly Western Union) stores your bank and contact information in a secure database in Frankfurt (AWS). Once IFCSN receives confirmation that a payment was successfully made, any payment information will be deleted from the IFCSN database. Only Convera will retain this information for as long as payments will be processed.

Lawful basis for processing your personal data

We will only ever process your personal data if we have a lawful basis to do so. The lawful bases we rely on are:

  • Contract – This is where we process your information to fulfil a contractual arrangement we have made with you to provide a grant
  • Consent – This is where we have asked you to provide permission to process your data for a particular purpose. Please note, if we are relying on your Consent you can withdraw your Consent at any time by contacting us;
  • Legitimate Interests – This is where we rely on our interests as a reason for processing; generally, this is to provide you with the best service in the most secure and appropriate way
  • Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime
  • Opt Out – opt out from receiving updates and information (not related to our granting process) from us by using the opt out link in any emails that we send to you from our secure email communication platform

Third-party applications we use

  • Amazon Web Services (AWS)
  • GSuite Workspace
  • Google Fonts
  • Font Awesome
  • WordPress
  • Elementor
  • WPML
  • Duplicator
  • Joget
  • Mailchimp
  • Nebo
  • Kinsta
  • PDFFiller

Visitors to our website

People who contact us through our website

When someone contacts us on our site, we collect their name and e-mail address. This information is collected in order to be able to communicate with the visitor in regard to the reason for their visit. This information is stored in MailChimp, our email communication platform.

People who request emails from IFCSN

We use a third-party provider, MailChimp, to send emails to people interested in our foundation and our granting activities. To make this possible, we collect subscriber’s e-mail address, and we keep it stored for as long as the user remains subscribed. Every email sent from this platform will also contain unsubscribe instructions by default.

Information about our use of cookies

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive.

Cookies can be used by websites to make a user’s experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this/our site. For all other types of cookies, we need your permission. This site doesn’t request permission because it only uses cookies that are strictly necessary.

These are the cookies we use:

Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website and to subscribe to IFCSN information emails.

Functionality cookies. These are used to recognise you when you return to our website and to enable you to sign in to your IFCSN secure portal.

If you require further information, please contact us by using the contact details provided in this Privacy Notice.

Your Rights

You have a number of Rights under the Data Protection Legislation. If you would like to exercise any of these rights you can contact us using the contact details in the “Contact Us” section.

Your rights under the Legislation are:

Right to be informed about our collection and use of personal data

You have the right to be informed about the collection and use of your personal data. This Privacy Notice gives you this information.

Right to access your personal information

You have the right to access the personal information that we hold about you. This is sometimes termed ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 1 month from the point that we are able to confirm your identity. We will ask for proof of identity and sufficient information about your interactions with us so that we can locate your personal information.

Right to the correction of your personal information

If any of the personal information we hold about you is inaccurate, incomplete, or out of date, you can ask us to correct it.

Right to restrict processing

You have the right to ask us to restrict the processing of your personal data. For example, this may be because you have issues with the accuracy of the data we hold or the way we have processed your data. The right is not absolute and only applies in certain circumstances. And, you understand that restricting the processing may result in our inability to process a grant request you have made.

Right to erasure

You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.

Personal data contained in backups will be deleted only after 30 days from last use of the data (based on IFCSN’s deletion cycle of backups).

Right to portability

The right to portability gives you the right to receive personal data you have provided to us in a structured, commonly used and machine-readable format. It also gives you the right to request that a controller transmits this data directly to another controller.

Right to object

You have the right to object to our processing of some or all the personal data that we hold about you. This is an absolute right when we use your data to communicate with you from Mailchimp, but may not apply in other circumstances where we have a compelling reason to do so, e.g., a legal obligation. And you understand that restricting the processing may result in our inability to process a grant request you have made.

For more information about your privacy rights

The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. The European Economic Area (EEA) lead supervisory authority regulates data protection and privacy matters in the EU. They make a lot of information accessible to consumers on their Website. You can access their resources here https://ico.org.uk/for-the-public (UK) or https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en (EU).

You can make a complaint to the ICO or the EEA supervisory authority at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your comfort is extremely important to us, and we will always do our very best to solve any concerns you may have..

How we use your personal data

We will use your personal information to:

Answer any questions that you have or to follow up with you on any enquiries

If you contact us through email, phone or through our website we will use your information to answer your questions and to correspond with you.

Process your grant application

We will use the information provided within your grant application to analyse your eligibility for a grant from our foundation.

Review your application

Upon receipt of your application, we will first interview you, then conduct an internal review which may include, based on your consent, interviews with third parties (such as your Christian Science Nurse) prior to making a decision.

Process payment of your grant

Following the approval of the grant, we will process your personal data in order to make payments according to the terms of your grant. This will include select banking, payment information, and US tax forms being available through a secure portal to the accounting department of our US offices.

To promote our services

If you give us your permission, we will use your information to send you general information about the International Fund for Christian Science Nursing that we believe will be relevant to you.

You can unsubscribe from these general information communications at any time using the unsubscribe link in our emails or by contacting us.

How long we retain your personal data

We retain a record of your personal information to provide you with a high quality and consistent service and to evidence the actions we have taken on your behalf.

In line with the Data Protection Legislation we only keep your personal information for the length of time we need it to:

  • Deliver our services to you
  • Meet our business needs
  • Meet our legal obligations

Some minimal personal information connected to the application documents and grants received is retained indefinitely for the following specific reasons:

  • Fraud prevention – to ensure only eligible requesters and providers receive payments from IFCSN
  • Future eligibility for IFCSN Granting Programme or other Principle Foundation grants
  • Dealing with situations governed by the Manual of The Mother Church regarding the practice of Christian Science and fulfilling the duties of a Christian Science care provider

Who we may share your personal data with

In some circumstances we may need to share your personal data with third parties in order to:

  • Provide you with the service that you have asked for
  • Meet our legal obligations
  • Run and manage our business

We may share your personal information with:

  • Law Enforcement or other public authorities that require us to release information
  • Payment services providers who process payments on our behalf
  • Christian Science care providers
  • Providers of ancillary business support services such as Information Technology services (as a processor on our behalf)
  • Marketing service providers (as processors on our behalf) including organisations that help us communicate with you

In all cases we:

  • Only provide the minimum personal information that each party requires to carry out their duties
  • Only disclose personal information to organisations with whom we have a contractual relationship or that have an overriding legal requirement to obtain the information.

International transfers of personal data

In some instances, your personal information may be processed outside the UK and the European Economic Area (EEA).

If and when this is the case, we take steps to ensure there is an appropriate level of security so your personal information is protected in the same way as if it was being used within the UK or the EEA.

Where we need to transfer your data outside the UK or EEA, we will use one of the following safeguards:

  • The use of standard contractual clauses in contracts and/or data protection agreements for the transfer of personal data to third countries or
  • Transfers to a non-EEA country with privacy laws that give the same protection as the EEA

How we protect your personal data

Data security is of great importance to us and to protect your data we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure any information that we control.

At a high level we have put in place the measures below:

  • Created a secure database, located in the EEA, to store and process all data
  • Implemented access controls to our information technology
  • Trained and contractually obligated all our employees, contractors, and agents who have access to or are involved in the processing of personal information to protect the confidentiality of personal information

Changes to this Notice

We may change this Privacy Notice from time to time (for example, if the law changes). If the changes are material, we will take steps to inform you.

How to contact us in regard to this Privacy Notice

If you would like to:

  • Exercise one of your rights as set out above
  • Have a question or a complaint about the information in this notice or
  • Have a question or complaint about the way your personal information is processed

first contact us by emailing info@ifcsn.org.

If contacting us does not satisfy your concern, you may contact our EU/UK representatives:

For EEA Residents: Please contact our EU Representative at eurep@ifcsn.org.
Alternatively, they can be reached by post:
(The DPO Centre, Alexandra House, 3 Ballsbridge Park, Dublin, D04C 7H2, Ireland)
or +353 1 631 9460.
dpocentre.com/contact-us

For UK Residents: Please contact our UK Representative at ukrep@ifcsn.org.
Alternatively, they can be reached by post:
(The DPO Centre Ltd, 50 Liverpool Street, London, EC2M 7PY, United Kingdom)
or +44 (0) 203 797 6340.
dpocentre.com/contact-us