Privacy Policy

Being With provides resources and materials, tools and training to enable churches and other organisations to deliver courses, locally in their context, opportunities for discovery and formation, in all aspects the Christian life including Being With courses.

At Being With we are committed to protecting and respecting your privacy. The processing of personal data is governed by the Data Protection Act 2018, the ‘UK GDPR’ which is the retained EU law version of the General Data Protection Regulations (EU) 2016/679, and other legislation relating to personal data and rights such as the Human Rights Act 1998.

This Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us when you use our website https://being-with.org . Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By using our website, you are indicating acceptance of these terms and providing your explicit consent, where appropriate, to our use of your personal data, for the processing purposes set out in this Policy.

 

What is personal data?

Personal data is any information relating to a living person who can be directly or indirectly identified by that data such as a name, telephone numbers, addresses email address, photograph, video etc. Identification can be by the information alone or in conjunction with any other information.

For the purpose of the DPA, the data controller is Being With, 1 St Johns Road, Bungay NR35 1DH (ICO registration number ZC123075).
The terms data controller, personal data and processing all bear their legal meanings under the DPA.

 

What data do we process? Some or all of the following where necessary to perform our tasks:

  • User information including name, email, church organisation, website, position/role, denomination, location, geolocation and time-zone
  • Names and email addresses of hosts paid and invited to join a training course by another user.
  • Host training survey and reflective survey results. These may include personal data depending on what users input within the survey.
  • Reflective survey email addresses are stored in an encrypted format, in order to allow Being With to send survey requests and reminders.
    Founder and donor information including name, address, subscription details and email address.

The data we process is likely to constitute sensitive personal data because, as a faith based charity, the fact that we process your data at all may be suggestive of your religious beliefs. Where you provide this information, we may also process other categories of sensitive personal data. (Sensitive personal data is information about your health, race, ethnic origin, sexual orientation, sex life, politics and religion.)

With regard to each of your visits to our website we may automatically collect the following information: a unique online identifier, such as the GA client ID; session identifiers; landing page and first visit identifier; traffic source identifier; information about how a user interacts with the website, such as pages viewed, navigation paths, session duration, engagement data, downloads and visit timings; technical information about the user’s browser and device; and approximate location data inferred from IP signals, rather than precise address details in the cookie itself. We also store a cookie consent cookie which stores the user’s cookie preference.

 

How do we process your personal data?

We use your personal data for some or all of the following purposes:

  • To enable us to meet all legal and statutory obligations;
  • To administer membership records including attendance at training courses;
  • To fundraise and promote the interests of the charity;
  • To maintain our accounts and records;
  • To process a donation or payment you have made that you have made (including Gift Aid information);
  • To seek your views in a survey which we use for research and evaluation purposes;
  • To send you communications which you have requested as a subscriber to our mailing list;
  • To process a grant or application for a role;
  • To provide information about a training course or other service and any changes
  • To respond to any complaint from you about our services
  • To carry out safeguarding procedures
  • To help us to further develop our website and to ensure that content on our website is presented in the most effective manner for you and for your computer
  • To administer our website and for internal operations, including troubleshooting and testing.
  • To ensure that our website is safe and secure

 

What is the lawful basis for processing your data?

In order to process your personal data, we are required to have a reason (lawful basis) for doing so according to Article 6 of the GDPR. This may include:

  1. Legal obligation, where we are required by law to share or process your data (for example tax legislation, to maintain our own accounts and records)
  2. Contract, where you have an agreement with us (for example when you sign up for a training course or we are taking steps to enter into a contract)
  3. Legitimate interests, where we aim to engage with and inform our members and supporters on topical matters in relation to Being With courses or to promote services which we believe you may have an interest in, to seek your views or comments, to conduct research to better understand your needs and improve our services, handling any comments or complaints in line with our policy or the legitimate interests of a third party.
  4. Consent, where you have agreed for us to use your data in a specific way for example to send you our monthly update email; become a member with us and included details of the church or faith organisation you attend
  5. Vital interests, where there is an immediate risk to your health;

Our lawful basis for processing special category data (usually in relation to religion) according to Article 6 of the GDPR is outlined above. The conditions we use for processing special category data, as per article 9 of the GDPR are:

  • As Being With is a not-for-profit body with a religious aim, it is permitted to process special category data in the course of its legitimate activities with appropriate safeguards on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with its purposes in connection with its purposes and the personal data are not disclosed outside that body without the consent of the data subjects; or
  • Explicit consent

 

Use of cookies

We have outlined below the cookies which are used on this site and provided details on how to manage them. You can find out more about cookies and how they work from Gov.uk. The list below explains the cookies we use and why:

System cookies (First party)

PHPSESSID
This cookie is set by our server upon arrival to our website. It is not used by us for any purpose but is needed for the website to function. This cookie is deleted when a user closes their browser.

Cookie Consent (First party)
tessellate_necessary_consent
These cookies are necessary and are set by our cookie consent system to remember your consent preference.
These cookies are stored for 6 months.

Analytics (First party)
_ga
_ga_TMPQB8RQZ8
pys_first_visit
pys_landing_page
pys_session_limit
pysTrafficSource
pys_start_session
last_pys_landing_page
last_pysTrafficSource
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where vistors have come to the site from and the pages they visited. You can also read an overview of privacy at Google.

YouTube (Third-party)
YSC
VISITOR_INFO1_LIVE
VISITOR_PRIVACY_METADATA
__Secure-ROLLOUT_TOKEN
__Secure-YNID
We use embedded YouTube videos on some pages. These may allow YouTube or Google to collect technical information, usage information and may set cookies or similar technologies in connection with video playback, user preferences, security and measurement.

 

Sharing your data

We will not rent or sell your personal data to any other organisation. Your personal data will be treated as strictly confidential. It will only be shared with third parties where it is necessary for the performance of our tasks or where you first give us your prior consent.

We may disclose your personal data to third parties if we’re legally obliged to or in order to enforce or apply our terms of use for this website or other agreements.

Where we use an external service provider to act on our behalf, we will disclose only the personal data necessary to deliver the service and will have a contract in place that requires the provider to comply with our data protection and information security requirements. For example, we may ask a commercial provider to send out newsletters on our behalf, or to maintain our database software;

We will share personal information with companies, organisations or individuals outside Being With when we have contracted them to provide services for you. Currently, these companies are: GoDaddy Mediatemple Inc d/b/a Sucuri; Google LLC (or its relevant affiliate) (Analytics, Workspace, YouTube); Krystal Hosting Ltd; Mailchimp; and Stripe which have their own privacy policies.

We will share personal information with companies, organisations or individuals outside Being With if we have a belief in good faith that access, use, preservation or disclosure of the information is reasonably necessary to:

  • meet any applicable law, regulation, legal process or enforceable governmental request.
  • enforce applicable Terms of Service, including investigation of potential violations.
  • detect, prevent or otherwise address fraud, security or technical issues.
  • protect against harm to the rights, property or safety of Being With, our users or the public, as required or permitted by law.
  • We do not carry out any automated decision-making or profiling.

 

Transfer of Data Abroad

Our main hosting environment is in the UK. Some personal data may be processed outside the UK by third-party providers that support website delivery, security, analytics, payments or embedded content.

 

Security

We use appropriate technical and organisational security measures to protect personal data and to help prevent unauthorised access, loss, misuse, alteration or disclosure. These measures include restricted access controls, strong password requirements, multi-factor authentication, secure hosting in a UK based data centre with encryption in transit via SSL, regular security patching, daily backups, malware scanning, firewall protection, monitoring and incident response procedures.

 

How long do we keep your personal data?

Personal data is processed in accordance with our retention policy and subject to statutory and legal responsibilities. We will only keep personal data as long as we need it.

We will keep some records permanently if we are legally required to do so. We may keep some other records for an extended period of time. For example, it is current best practice to keep financial records for a minimum period of 7 years to support HMRC audits.

For regular donations not subject to Gift Aid, your personal data will be kept for 6 years after
your last donation has been received. Where you have completed a Gift Aid Declaration Form, your personal data will be held for 6 years from the date of your last donation to Being With.

When you sign up for a Newsletter – we keep your data indefinitely or until you unsubscribe or ask us to delete your data. When you use our website we keep Analytics records for 5 years. When you make a purchase with us online, we keep customer purchase records for 10 years.

For users that register on our website, we store the personal information provided in their user profile. Users will need to contact us, using the Contact Details below, in order to edit or delete their personal information at any time.

 

Your rights and your personal data

When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.
You have the following rights with respect to your personal data:

1. The right to access information we hold on you (and how to access your data)
You have the right to ask us for copies of your personal data. There are some exemptions which means you may not always receive all the information we process. If we are unable to provide you with your personal data, we will always provide a reason for this.
Once we have received your request we will respond within one month. There are no fees or charges for the first request but additional requests for the same data may be subject to an administrative fee.

2. The right to correct and update the information we hold on you
You have the right to ask us to correct any information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

3. The right to have your information erased
You have the right to ask us to delete your personal information in certain circumstances.
When we receive your request we will confirm whether the data has been deleted or the reason why it cannot be deleted (for example because we need it for our legitimate interests, legal or regulatory purpose(s)).

4. The right to object to processing of your data
You have the right to request that we stop processing your data. Upon receiving the request we will contact you and let you know if we are able to comply or if we have legitimate grounds to continue to process your data. Even after you exercise your right to object, we may continue to hold your data to comply with your other rights or to bring or defend legal claims.
If you no longer wish to receive email communications from us (handled by Mailchimp), you can unsubscribe from these at any time using the unsubscribe link contained in each email we send and you will be taken off our distribution list. (Note that transactional emails are not covered by this, and emails relating to placed orders and enrolled courses will continue to be sent. These are not considered ‘marketing’.)

5. The right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or for the performance of a contract, or in talks about entering into, a contract and the processing is automated.

8. The right to lodge a complaint with the Information Commissioner’s Office.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO, so please contact us in the first instance. You can contact the Information Commissioners Office on 0303 123 1113 or via https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

 

Law and Jurisdiction

This agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the law of England and Wales.
Each party irrevocably agrees to submit to the exclusive jurisdiction of the courts of England and Wales over any claim or matter arising under or in connection with this agreement.

 

New uses of your personal data

From time to time, we may use collected information for new, unanticipated uses not previously disclosed in our privacy notice. If our information practices change, we will post the updates to our website and provide you with the ability to opt out of these new uses. We will only use data collected from the time of the policy changes for any new purposes.

Our website will always have the most up to date privacy notice on it. If you would prefer not to have your information used for these new purposes, please contact us using the details below.

 

Contact Details

Please contact us if you have any questions about this Privacy Notice or the information we hold about you or to exercise all relevant rights, queries or complaints. Please contact hello@being-with.org or Being With, 1 St Johns Road, Bungay NR35 1DH.

 

Adoption of this policy

The trustees of Being With formally accepted this policy at the trustees meeting held on 2 April 2026.