1. Introduction

Crosslands is committed to treating your personal information with respect and operating legally and compliantly wherever we work.

As a charity based in the UK we adhere to the UK data protection regime which is set out in the DPA 2018 alongside General Data Protection Regulations (GDPR) (which also forms part of the UK law). We have chosen to apply GDPR to all information we process, regardless of origin.

In line with these regulations, we want to let you know:

  • What information we may collect about you;
  • What we use your personal information for;
  • How we store your personal information;
  • Who (if anyone) we pass your information on to and for what purpose; and
  • How you can raise any concerns about the accuracy, processing or use of your personal information.

We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.

Personal data is any information relating to an identified or identifiable living person. When “you” or “your” are used in this statement, we are referring to the relevant individual who is the subject of the personal data. Crosslands processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.

2. Information processing activities

2.1. Business contacts

Collection of personal data

Crosslands processes personal data about contacts including the following: past and potential students and individuals associated with them, learning sites and study groups leaders and participants, legal and business advisors and other third parties that Crosslands interacts with in the course of its activities.

Crosslands may collect the contacts details directly or indirectly from partner organisations and business contacts and/ or from publicly available sources. Crosslands may collect details including name, contact details and other information such as job title, employer, affiliation with other organisations and academic history.

In addition to the above, Crosslands may collect data from the Crosslands email system and phone calls concerning interactions between Crosslands personnel and contacts or third parties.

Use of personal data

We may process personal data in order to:

  • Support the administration, management and development of our business and services
  • Provide information about us and the products that we offer

Lawful basis: Legitimate interests

Data retention

Personal data will be retained about our business contacts for as long as it is necessary for the purposes set out above (e.g. for as long as we have, or need to keep a record of, a relationship with a contact).

When and how we share personal data and locations of processing

Personal data of business contacts is held within G Suite. Further details about processors used by Crosslands and locations of processing can be found below. This information may be downloaded onto our staff’s devices as part of their work. In order to ensure continuity of service in the event of information being accidently deleted, all data held on the Crosslands Google Drive is copied onto an external hard drive once a week. This is held for one year from the time that the copy is made before being deleted.

2.2. Students

Collection of personal data

We only collect personal data that is needed for our agreed purposes. Where we need to process personal data to provide services, we ask our student to provide the necessary information to other data subjects concerned, such as those listed as the students emergency contact, regarding its use.

Some or all of the information from the student’s application may be collected, along with:

  • additional phone contact numbers;
  • emergency contact name and details;
  • declaration of relevant medical conditions, allergies or dietary requirements;
  • study progress and grades; and
  • various consents needed to manage the course.

In accordance with Article 9(2)d) of GDPR, personal data relating to racial or ethnic origin, citizenship, religious beliefs and physical or mental health is permitted to allow Crosslands to carry out its objectives.

Use of personal data

  • We seek to provide high quality training to all our students. This requires us to process personal data to provide appropriate training and feedback.
    Lawful basis: Contract
    We have a contractual obligation to process personal data received from individuals who agree to study with us.
  • We may process personal data in order to carry out our activities. This includes managing our relationship with students and prospective students or partners, developing our courses, maintaining and using our systems, and hosting events.
    Lawful basis: Legitimate interests
    This processing is necessary for the purposes of the legitimate interests pursued by us to administer, manage and develop our business and services.

Data retention

Information about students will be held for the duration of their study and then a further year before all except basic contact information and academic performance in order to verify and audit any credit gained or qualifications awarded as a result of their studies.

When and how we share personal data and locations of processing

Crosslands administrative, operations, faculty and tutoring staff may receive some or all of the information described above in order to fulfil our contractual obligations to the student well.

Personal information of those enrolled on our accredited Seminary Course will be shared with the BibleMesh Institute and South-eastern Baptist Theological Seminary in order to fulfil our contractual obligations to the student.

The academic progress of students will be shared with their named mentor periodically. Concerns about performance of students may be discussed with their named mentor if deemed necessary by the academic registrar.

Personal data of students is held within G Suite. Further details about processors used by Crosslands and locations of processing can be found below. Some information may be downloaded onto Crosslands’ staff or tutors’ devices as part of their work. In order to ensure continuity of service in the event of information being accidently deleted, all data held on the Crosslands Google Drive is copied onto an external hard drive once a year. This is held for one year from the time that the copy is made before being deleted.

2.3. Student applications

Collection of personal data

We only collect personal data that is needed for our agreed purposes. Where we need to process personal data to provide services, we ask the applicant to provide the necessary information to other data subjects concerned, such as those listed as a supporter or referee, regarding its use.

Some or all of the following information may be collected: full name, email address, postal address, phone number, birthday, gender, ethnicity, citizenship, marital status, course choice, educational qualifications and institutions, special educational needs, level of English language, current employment, self-assessment of character and theology, church attended and role and denomination, name and contact details of a supporter. Mentors will also be asked to describe the applicant’s character and potential to receive theological training.

In accordance with Article 9(2)d) of GDPR, personal data relating to racial or ethnic origin, religious beliefs and physical or mental health is permitted to allow Crosslands to carry out its objectives.

Use of personal data

Crosslands is required to process personal data received from individuals to enable us to process applications.

Lawful basis: Legitimate interests

Data retention

Information from study applications that are rejected or withdrawn is held for 1 year in case the individual chooses to re-apply.

Information from study applications is held for the duration of an individual’s study with Crosslands and then a further 1 year to allow us to effectively deliver the theological education or resources you have applied for. Refer to section 2.2 ‘Students’ for further information

When and how we share personal data and locations of processing

Crosslands administrative staff will receive the initial enquiry and may pass some or all of the information described above to relevant staff members in order for us to respond effectively. Student information is passed to the BibleMesh Institute. The information of those taking the accredited Seminary Course will also be shared with Southeastern Baptist Theological Seminary.

Further details about the processors (such as IT service providers) used by Crosslands and locations of processing are listed below. This information may be downloaded onto our staff’s devices as part of their work. In order to ensure continuity of service in the event of information being accidently deleted, all data held on the Crosslands Google Drive is copied onto an external hard drive once a year. This is held for one year from the time that the copy is made before being deleted.

2.4. Individuals who use our material

We provide external users access to various courses managed by us via online platforms. Such platforms will contain their own privacy statements explaining why and how personal data is collected and processed by those applications. We encourage individuals using our material via such platforms to refer to the privacy statements available on those platforms.

Links to privacy statement for Crosslands partner platforms:

2.5. Others who get in touch with us

Collection of personal data

When an individual gets in touch with us with a question, comment or complaint we will collect personal data including name, contact details and the contents of the communication. In these cases, the individual is in control of the personal data shared with. This information is ordinarily collected via web form, email or via a phone call. In some instances, we will collect personal data from individuals at conferences who want to receive further information from us.

Use of personal data

We may process this personal data to efficiently deal with your enquiry and ensure we provide excellent training and resources in accordance with our mission statement. We will only use the data for the purpose of responding to the communication.

Lawful basis: Legitimate interests

Data retention

Information from enquiries is held for 1 year in case you submit further enquiries in that time.

When and how we share personal data and locations of processing

Crosslands operations staff will receive the initial enquiry and may pass some or all of the information described above to relevant staff members in order for us to respond effectively.

Further details about the processors (such as IT service providers) used by Crosslands and locations of processing are listed below. This information may be downloaded onto our staff’s devices as part of their work. In order to ensure continuity of service in the event of information being accidently deleted, all data held on the Crosslands Google Drive is copied onto an external hard drive at regular intervals. This is held for one year from the time that the copy is made before being deleted.

2.6. E-newsletter

Collection of personal data

When an individual requests to sign up a regular e-newsletter we will collect personal data such as their name and email address. Statistics around email-opening and will be collected.

Use of personal data

  • Signing up to our e-newsletter and confirming your agreement with our privacy policy is taken as consent.
    Lawful basis: Consent
  • We collect information such as email opening so that we can monitor and improve our e-newsletter.
    Lawful basis: Legitimate interest

Data retention

Personal data will be retained for as long as it is necessary for the purposes set out above All emails contain an explanation of why the recipient is on the list as well as a simple option to unsubscribe at the bottom the message. Recipients may also unsubscribe by emailing info@crosslands.training or phoning our office. Information will be held until the contact unsubscribes. The marketing contact lists will be scrubbed twice yearly to remove information about contacts which is over a year old.

When and how we share personal data and locations of processing

Crosslands operations staff will receive an email notification when someone signs up to a regular e-newsletter. Access is via a strong password through a password-protected device for a limited set of Crosslands staff members. Further details about the processors (such as IT service providers) used by Crosslands and locations of processing are listed below.

2.7. Social media

We use social media to promote Crosslands and to keep the general public aware of important, interesting and helpful news, articles and offers from Crosslands.

When someone engages with us on social media, we use third-party services, Facebook, Instagram and Twitter, to engage with them directly or through broadcast means. Facebook, Instagram and Twitter gather statistics around engagement and clicks by using industry-standard technologies.

The information is stored on Facebook, Instagram and Twitter’s servers across the world and may be downloaded onto our staff’s devices as part of their work.

Facebook, Instagram and Twitter’s servers are encrypted and access is via a strong password through a password-protected device for a limited set of Crosslands staff members.

If someone sends us a private or direct message via social media, the message will be stored by Facebook and Twitter for their standard terms. Crosslands will treat information received via private or direct message in the same way as Others who get in touch with us. Refer to section 2.5 above. It will not be shared with any other organisations.

Crosslands is not responsible for any other information collected on you by Facebook, Instagram or Twitter

Further information regarding the privacy policy of the social media platforms that we use can be found here:

2.8. Personnel (staff, tutors, faculty)

Collection of personal data

Some or all of the following information may be collected: full name, email address, postal address, birthday, banking information, pension preferences and performance data.

Use of personal data

Signing your employment paperwork, secondment agreement or contractor agreement means you enter a contract with Crosslands for us to use your personal information as described in this policy.

Lawful Basis: Contract

Data retention

Information about employees will be held for 6 years after the termination of their employment contract in case of employment tribunal or other legal requirements.

When and how we share personal data and locations of processing

Crosslands administrative staff may receive some or all of the information described above in order to fulfil our contractual obligations to the employee well. Information will be shared with our external payroll and pension provider as well as with HMRC in order to fulfil our contractual obligations. Furthermore some payroll information may require disclosure in our financial statements in order to fulfil our legal obligations.

Further details about processors used by Crosslands and locations of processing can be found below. This information may be downloaded onto our staff’s devices as part of their work. In order to ensure continuity of service in the event of information being accidently deleted, all data held on the Crosslands Google Drive is copied onto an external hard drive once a year. This is held for one year from the time that the copy is made before being deleted.

2.9. Assessing job applications

Collection of personal data

Most of the personal information that we collect as part of a job application will be provided directly by you. This may include: full name, email address, postal address, phone number, birthday, gender, ethnicity, marital status, educational background, work history, extra-curricular activities, skills, and any other information you choose to share about yourself as part of your application or during an interview process.

We may obtain personal data from third party sources such as references from your named referees, verification of information provided during the recruitment process by contacting relevant third parties or using publicly available sources.

Use of personal data

Crosslands has a legitimate interest to process personal data received from individuals when they apply to work at Crosslands. Submitting a job application means you are happy for us to use your personal information as described in this policy.

Data retention

If your application is successful we will retain relevant personal data as part of your employment record (refer to section 2.8 Personnel)

If your application is unsuccessful, information from job applications held for 1 year in case you submit further enquiries in that time.

When and how we share personal data and locations of processing

Crosslands administrative and operations staff will receive the initial enquiry and may pass some or all of the information described above to relevant staff members in order for us to respond effectively.

Where we want to disclose information to a third-party, for example where we want to take up a reference or obtain a ‘disclosure’ from the UK Criminal Records Bureau or similar European agencies, we will not do so without informing them beforehand, unless the disclosure is required by law.

Further details about processors used by Crosslands and locations of processing can be found below. This information may be downloaded onto our staff’s devices as part of their work. In order to ensure continuity of service in the event of information being accidently deleted, all data held on the Crosslands Google Drive is copied onto an external hard drive once a year. This is held for one year from the time that the copy is made before being deleted.

2.10. Suppliers (including tutors and faculty on secondment or contractor arrangements, residential speakers, Learning Site and Study Group leaders)

Collection of personal data

We collect and process personal data about our suppliers in order to manage the relationship, contract, to receive services from our suppliers and to provide services to our clients. Some or all of the following information may be collected: full name, email address, postal address, birthday, banking information, employment history and academic and professional qualifications.

In accordance with Article 9(2)d) of GDPR, personal data relating to racial/ethnic origin and religious beliefs is permitted to allow Crosslands to carry out its mission.

Use of personal data

  • In order to receive services from suppliers we will at times be required to process personal data relating to those suppliers and in some instances some of their employees. This processing is necessary in order to allow us to receive services.
    Legal grounds: Legitimate interests
  • In some instances a supplier will help us to deliver training to our students/ other end users. When this happens we are required to process personal data about the individuals involved in providing the training in order to administer and manage our relationship with the supplier and the relevant individuals, to share information about our services with the wider world, and to provide the training for our end users.
    Legal grounds: Legitimate interests
  • Unless we are asked not to, we may use some of our suppliers contact details to provide information about us that we think will be of interest about us and our services in order to promote Crosslands the services we offer.
    Legal grounds: Legitimate interests
  • Crosslands has a contractual obligation to process personal data received from individuals who agree to study with us. Agreeing to the Seminary Course covenant, Foundation Course learning site leader covenant or Foundation Course study group leader covenant means you enter a contract with Crosslands for us to use your personal information as described in this policy, as does purchasing Course modules directly from us or through our partner BibleMesh Institute.
    Legal grounds: Contract

Data retention

Personal data will be retained about our contacts within our supplier organisations for as long as it is necessary for the purposes set out above (e.g. for as long as we have, or need to keep a record of, a relationship with a contact, which is for the duration of our relationship with a contact or their organisation) and then deleted in line with our deletion and retention policies.

When and how we share personal data and locations of processing

Further details about the processors (such as IT service providers) used by Crosslands and locations of processing are listed below. This information may be downloaded onto our staff’s devices as part of their work. In order to ensure continuity of service in the event of information being accidently deleted, all data held on the Crosslands Google Drive is copied onto an external hard drive once a year. This is held for one year from the time that the copy is made before being deleted.

2.11. Visitors to our website

Collection of personal data

Our website collects limited personal data automatically via the analytical tools that are integral to the websites including:

  • Information about your browser, network, and device
  • Web pages you visited prior to coming to this website
  • Your IP address

This information may also include details about your use of this website, including clicks; internal links; pages visited; scrolling; searches; and timestamps.

Visitors are also able to send an email to us through the website. Their messages will contain the user’s screen name and email address, as well as any additional information the user may wish to include in the message.

Use of personal data

  • We use the information that you have given us in order to find out things such as the number of visitors to the various parts of the site and to help us establish what content is popular. Where contact details have been provided through a web form we will use the data to communicate with you in order to distribute requested materials or ask for further information
    Lawful basis: Legitimate interest
  • We have a legitimate interest to process personal data received from individuals to enable us to respond to enquiries. Submitting an enquiry in whatever form means you are happy for us to use your personal information as described in this policy. We will only use the data for the purpose of responding to the communication.
    Lawful basis: Legitimate interests

Data retention

Personal data collected via our websites will be retained by us for as long as it is necessary (e.g. for as long as we have a relationship with the relevant individual).

When and how we share personal data and locations of processing

We share this information with our website provider, to learn about site traffic and activity. They need the data to run this website, and to protect and improve its platform and services. Further details about the processors (such as IT service providers) used by Crosslands and locations of processing are listed below.

If information is received via a form in relation to an application to study with Crosslands, the information is emailed to relevant members of the Crosslands admissions team to assess the application (See section 2.3 Student Applications).

Our website may link to third party sites that are not controlled by us. This means that this privacy policy will not apply. We recommend that you review each third party site’s privacy policy before disclosing any personally identifiable information.

3. Processors used by Crosslands

To help us deliver excellent theological training and resources for churches and church leaders in the UK, Europe and the 10:40 window, we share information and data with some external processors and third-party applications. The servers that allow these applications to operate are located in secure data centres around the world and personal data may be stored in any of them. Further details of the third party providers that we use are:

Name Role Address Privacy Policy
Jotform Online form software 111 Pine St. Suite 1815, San Francisco, CA 94111

Server: Germany

Read the JotForm Privacy Policy.
Mailchimp Marketing platform The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA Read the MailChimp Privacy Policy.
G Suite by Google Business applications (email, calendar, cloud storage etc) Gordon House, Barrow Street, Dublin 4, Dublin, D04 E5W5 Read the Google Privacy Policy.
GiffGaff Mobile phone and Voicemail provider 260 Bath Road, Slough SL1 4DX Read the giffgaff privacy policy
Timetastic Staff holiday planner Suite 143 19 Lever Street, Manchester, England, M1 1AN Timetastic privacy policy
Expensify Expenses services 401 SW 5th Ave, Portland Expensify privacy policy
Peoples Pension Pension provider B&CE Benefit Schemes, Manor Royal, Crawley, West Sussex, RH10 9QP The People’s Pension privacy policy
Stewardship Payroll provider

Giving services

1 Lamb’s Passage, London EC1Y 8AB Stewardship privacy notice
Xero Accounting software Bank House ,171 Midsummer Boulevard, Milton Keynes, MK9 1EB Xero privacy notice
Stripe Payments Europe Ltd Financial services 1 Grand Canal Street Lower, Grand Canal Dock, Dublin Stripe privacy policy
Transferwise Financial services TransferWise Ltd, 6th Floor of The Tea Building, 56 Shoreditch High Street, London E1 6JJ Transferwise privacy policy
CAF Bank Financial services 25 Kings Hill Avenue, West Malling, Kent ME19 4TA CAF privacy notice
TeamWorks Project management tool Teamwork.com, Teamwork Campus 1, Park House, Blackpool Retail Park, Blackpool, Co. Cork, Ireland, T23 F902 TeamWorks Privacy policy
Squarespace Website provider Squarespace Ireland Limited, Le Pole House, Ship Street Great, Dublin 8, D08N12C, Ireland Squarespace Privacy Policy

4. Your rights

Where we rely on consent to use your personal data, you have the right to withdraw that consent at any time. If you are the data subject you also have the following rights:

Right to access

You can write to us to ask for confirmation of what personal information we hold on you and to request a copy of that personal information.

Right to rectification

You have the right to obtain the rectification of incomplete or inaccurate personal data

Right to be erasure

You have the right to obtain deletion of your personal data in each of the following situations:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;’
  • where our legal grounds for processing is consent, you withdraw your consent and where there is no other legal ground for the processing;
  • where the data is no longer necessary for the purposes of processing; (unless retention is required for legal reasons);
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

Right to restrict processing

You have the right to ask for processing of your personal information to be restricted if there is disagreement about its accuracy or legitimate use.

Right to object

As a data subject, you have the rights to object to the processing of your data where Crosslands is relying on its legitimate interests as the legal ground for processing or we are using your data for direct marketing.

Right to data portability:

Where we are processing personal data that you have provided to us either (i) by relying on your consent or (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering in a contract, and in either case we are processing your personal information using automated means, you may ask us to provide the personal data to you – or another service provider – in a machine-readable format.

Rights related to automated decision-making:

You have the right not to be subject to a decision based solely on automated processing of your personal data which produces legal effects on you, unless such a decision (i) is necessary for entering into/performing a contract between you and us/another organisation, (ii) is authorised by EU or Member State law to which Crosslands is subject (as long as that law offers you sufficient protection), or (iii) is based on your explicit consent.

5. Further information

5.1. Complaints or queries

Crosslands strives to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

Please send any complaints to the details below.

You also have the right to lodge a complaint with the data protection supervisory authority, The UK Information Commissioner’s Office (ICO) who can be contacted at:
https://ico.org.uk/concerns/handling

5.2. Access to personal information

Crosslands tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the GDPR. If we do hold information about you, within 30 days we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the information in an intelligible form.

To make a request to Crosslands for any personal information we may hold, you need to put the request in writing addressing it to our Administrators, including your full name, postal address, daytime telephone number, whether you seek general information or specific information and proof of your identity.

With your permission, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting our Administrators.

5.3. Disclosure of personal information

We do not and will never disclose personal data without prior consent, except where required by law.

5.4. Links to other websites

This privacy notice does not cover the links within our websites linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

5.5. Changes to this privacy notice

We review our privacy notice at least once per year. This privacy notice was last updated on 5th November 2020.

5.6. Data Controller and contact information

If you want to request information about our privacy policy you can contact us directly through our website, email info@crosslands.training, call +44 (0) 756 6848 882 or write to: Data Controller, Crosslands, 26 Rothbury Terrace, Newcastle upon Tyne,NE6 5XH