1. Introduction
Crosslands is committed to treating your personal information with respect and with legal compliance wherever we work.
As a charity based in the UK, we adhere to the UK data protection regime which is set out in the Data Protection Act (DPA 2018) alongside the UK General Data Protection Regulations (UK GDPR) (which also forms part of the UK law). We have chosen to apply UK GDPR to all information we process, regardless of origin.
In line with these regulations, we want to let you know:
- What information we may collect about you;
- What we use your personal information for;
- How we store your personal information;
- Who (if anyone) we pass your information on to and for what purpose; and
- How you can raise any concerns about the accuracy, processing or use of your personal information.
We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.
Personal data is any information about a particular living individual. This might be anyone, including a customer, employee, partner, supporter, business contact, public official or member of the public.
When “you” or “your” are used in this statement, we are referring to the relevant individual who is the subject of the personal data. Crosslands processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
2. Information processing activities
2.1. Business contacts
Collection of personal data
Crosslands processes personal data about contacts including the following: past and potential students and individuals associated with them, learning sites and study groups leaders and participants, legal and business advisors and other third parties that Crosslands interacts with in the course of its activities. Crosslands may collect the contact details directly or indirectly from partner organisations and business contacts and/ or from publicly available sources. Crosslands may collect details including name, contact details and other information such as job title, employer, affiliation with other organisations and academic history.
In addition to the above, Crosslands may collect data from the Crosslands email system and phone calls concerning interactions between Crosslands personnel and contacts or third parties.
Use of personal data
We may process personal data in order to:
- Support the administration, management and development of our business and services
- Provide information about us and the products that we offer
Lawful basis: Legitimate interests
Data retention
Personal data will be retained about our business contacts for as long as it is necessary for the purposes set out above (e.g. for as long as we have, or need to keep a record of, a relationship with a contact).
When and how we share personal data and locations of processing
Personal data of business contacts is held within G Suite. Further details about processors used by Crosslands and locations of processing can be found below. This information may be downloaded onto our staff’s devices as part of their work. In order to ensure continuity of service in the event of information being accidentally deleted, all data held on the Crosslands Google Drive is copied onto an external hard drive once a week. This is held for one year from the time that the copy is made before being deleted.
2.2. Students
Collection of personal data
We only collect personal data that is needed for our agreed purposes. Where we need to process personal data to provide services, we ask our students to provide the necessary information to other data subjects concerned, such as those listed as the students’ emergency contact, regarding its use.
Some or all of the information from the student’s application may be collected, along with:
- additional phone contact numbers;
- emergency contact name and details;
- declaration of relevant medical conditions, allergies or dietary requirements;
- study progress and grades; and
- various consents needed to manage the course.
In accordance with Article 9(2)d) of GDPR, personal data relating to racial or ethnic origin, citizenship, religious beliefs and physical or mental health is permitted to allow Crosslands to carry out its objectives.
Use of personal data
- We seek to provide high-quality training to all our students. This requires us to process personal data to provide appropriate training and feedback. Accurate student records are also necessary in order to be able to record and report academic credit correctly.
Lawful basis: Contractual obligation
We have a contractual obligation to process personal data received from individuals who agree to study with us.
- We may process personal data in order to carry out our activities. This includes managing our relationship with students and prospective students or partners, developing our courses, maintaining and using our systems, and hosting events.
Lawful basis: Legitimate interests
This processing is necessary for the purposes of the legitimate interests pursued by us to administer, manage and develop our business and services.
Data retention
Information about students will be held for the duration of their study and then a further year before deleting the majority of this information. After one year we will retain basic contact information and academic performance in order to verify and audit any credit gained or qualifications awarded as a result of their studies.
When and how we share personal data and locations of processing
Crosslands administrative, operations, faculty and tutoring staff may receive some or all of the information described above in order to fulfil our contractual obligations to the student well.
Personal information of those enrolled on our accredited Seminary Course will be shared with the BibleMesh Institute and South-eastern Baptist Theological Seminary in order to fulfil our contractual obligations to the student.
The academic progress of students will be shared with their named mentors periodically. Concerns about the performance of students may be discussed with their named mentor if deemed necessary by the academic registrar.
Personal data of students is held within G Suite. Further details about processors used by Crosslands and locations of processing can be found below. Some information may be downloaded onto Crosslands’ staff or tutors’ devices as part of their work. In order to ensure continuity of service in the event of information being accidentally deleted, all data held on the Crosslands Google Drive is copied onto an external hard drive once a year. This is held for one year from the time that the copy is made before being deleted.
2.3. Student applications
Collection of personal data
We only collect personal data that is needed for our agreed purposes. Where we need to process personal data to provide services, we ask the applicant to provide the necessary information to other data subjects concerned, such as those listed as a supporter or referee, regarding its use.
Some or all of the following information may be collected: full name, email address, postal address, phone number, birthday, gender, ethnicity, citizenship, marital status, course choice, educational qualifications and institutions, special educational needs, level of English language, current employment, self-assessment of character and theology, church attended and role and denomination, name and contact details of a supporter. Mentors will also be asked to describe the applicant’s character and potential to receive theological training.
In accordance with Article 9(2)d) of GDPR, personal data relating to racial or ethnic origin, religious beliefs and physical or mental health is permitted to allow Crosslands to carry out its objectives.
Use of personal data
Crosslands is required to process personal data received from individuals to enable us to process applications.
Lawful basis: Legitimate interests
Data retention
Information from study applications that are rejected or withdrawn is held for 1 year in case the individual chooses to re-apply.
Information from study applications is held for the duration of an individual’s study with Crosslands and then a further 1 year to allow us to effectively deliver the theological education or resources you have applied for. Refer to section 2.2 ‘Students’ for further information
When and how we share personal data and locations of processing
Crosslands administrative staff will receive the initial enquiry and may pass some or all of the information described above to relevant staff members in order for us to respond effectively. Student information is passed to the BibleMesh Institute. The information of those taking the accredited Seminary Course will also be shared with Southeastern Baptist Theological Seminary.
Further details about the processors (such as IT service providers) used by Crosslands and locations of processing are listed below. This information may be downloaded onto our staff’s devices as part of their work. In order to ensure continuity of service in the event of information being accidentally deleted, all data held on the Crosslands Google Drive is copied onto an external hard drive once a year. This is held for one year from the time that the copy is made before being deleted.
2.4. Individuals who use our material
We provide external users access to various courses managed by us via online platforms. Such platforms will contain their own privacy statements explaining why and how personal data is collected and processed by those applications. We encourage individuals using our material via such platforms to refer to the privacy statements available on those platforms.
Links to privacy statement for Crosslands partner platforms:
2.5. Others who get in touch with us
Collection of personal data
When an individual gets in touch with us with a question, comment or complaint we will collect personal data including name, contact details and the contents of the communication. In these cases, the individual is in control of the personal data shared with. This information is ordinarily collected via web form, email or via a phone call. In some instances, we will collect personal data from individuals at conferences who want to receive further information from us.
Use of personal data
We may process this personal data to efficiently deal with your enquiry and ensure we provide excellent training and resources in accordance with our mission statement. We will only use the data for the purpose of responding to the communication.
Lawful basis: Legitimate interests
Data retention
Information from enquiries is held for 1 year in case you submit further enquiries in that time.
When and how we share personal data and locations of processing
Crosslands operations staff will receive the initial enquiry and may pass some or all of the information described above to relevant staff members in order for us to respond effectively.
Further details about the processors (such as IT service providers) used by Crosslands and locations of processing are listed below. This information may be downloaded onto our staff’s devices as part of their work. In order to ensure continuity of service in the event of information being accidentally deleted, all data held on the Crosslands Google Drive is copied onto an external hard drive at regular intervals. This is held for one year from the time that the copy is made before being deleted.
2.6. E-newsletter
Collection of personal data
When an individual requests to sign up for a regular e-newsletter we will collect personal data such as their name and email address. Statistics around email opening and engagement will be collected.
Use of personal data
- Signing up to our e-newsletter and confirming your agreement with our privacy policy is taken as consent.
Lawful basis: Consent - We collect information such as email opening so that we can monitor and improve our e-newsletter.
Lawful basis: Legitimate interest
Data retention
Personal data will be retained for as long as it is necessary for the purposes set out above All emails contain an explanation of why the recipient is on the list as well as a simple option to unsubscribe at the bottom of the message. Recipients may also unsubscribe by emailing info@crosslands.training or phoning our office. Information will be held until the contact unsubscribes. The marketing contact lists will be scrubbed twice yearly to remove information about contacts which is over a year old.
When and how we share personal data and locations of processing
Crosslands operations staff will receive an email notification when someone signs up to a regular e-newsletter. Access is via a strong password through a password-protected device for a limited set of Crosslands staff members. Further details about the processors (such as IT service providers) used by Crosslands and locations of processing are listed below.
2.7. Social media
We use social media to promote Crosslands and to keep the general public aware of important, interesting and helpful news, articles and offers from Crosslands.
When someone engages with us on social media, we use third-party services, Facebook, Instagram and Twitter, to engage with them directly or through broadcast means. Facebook, Instagram and Twitter gather statistics around engagement and clicks by using industry-standard technologies.
The information is stored on Facebook, Instagram and Twitter’s servers across the world and may be downloaded onto our staff’s devices as part of their work.
Facebook, Instagram and Twitter’s servers are encrypted and access is via a strong password through a password-protected device for a limited set of Crosslands staff members.
If someone sends us a private or direct message via social media, the message will be stored by Facebook and Twitter for their standard terms. Crosslands will treat information received via private or direct message in the same way as Others who get in touch with us. Refer to section 2.5 above. It will not be shared with any other organisations.
Crosslands is not responsible for any other information collected on you by Facebook, Instagram or Twitter
Further information regarding the privacy policy of the social media platforms that we use can be found here:
2.8. Personnel (staff, tutors, faculty)
Collection of personal data
Some or all of the following information may be collected: full name, email address, postal address, birthday, banking information, pension preferences and performance data.
Use of personal data
Signing your employment paperwork, secondment agreement or contractor agreement means you enter a contract with Crosslands for us to use your personal information as described in this policy.
Lawful Basis: Contractual obligation
Data retention
Information about employees will be held for 6 years after the termination of their employment contract in case of employment tribunal or other legal requirements.
When and how we share personal data and locations of processing
Crosslands administrative staff may receive some or all of the information described above in order to fulfil our contractual obligations to the employee well. Information will be shared with our external payroll and pension provider as well as with HMRC in order to fulfil our contractual obligations. Furthermore, some payroll information may require disclosure in our financial statements in order to fulfil our legal obligations.
Further details about processors used by Crosslands and locations of processing can be found below. This information may be downloaded onto our staff’s devices as part of their work. In order to ensure continuity of service in the event of information being accidentally deleted, all data held on the Crosslands Google Drive is copied onto an external hard drive once a year. This is held for one year from the time that the copy is made before being deleted.
2.9. Assessing job applications
Collection of personal data
Most of the personal information that we collect as part of a job application will be provided directly by you. This may include: full name, email address, postal address, phone number, birthday, gender, ethnicity, marital status, educational background, work history, extra-curricular activities, skills, and any other information you choose to share about yourself as part of your application or during an interview process.
We may obtain personal data from third party sources such as references from your named referees, verification of information provided during the recruitment process by contacting relevant third parties or using publicly available sources.
Use of personal data
Crosslands has a legitimate interest to process personal data received from individuals when they apply to work at Crosslands. Submitting a job application means you are happy for us to use your personal information as described in this policy.
Data retention
If your application is successful we will retain relevant personal data as part of your employment record (refer to section 2.8 Personnel)
If your application is unsuccessful, information from job applications will be held for 1 year in case you submit further enquiries in that time.
When and how we share personal data and locations of processing
Crosslands administrative and operations staff will receive the initial enquiry and may pass some or all of the information described above to relevant staff members in order for us to respond effectively.
Where we want to disclose information to a third-party, for example where we want to take up a reference or obtain a ‘disclosure’ from the UK Criminal Records Bureau or similar European agencies, we will not do so without informing them beforehand, unless the disclosure is required by law.
Further details about processors used by Crosslands and locations of processing can be found below. This information may be downloaded onto our staff’s devices as part of their work. In order to ensure continuity of service in the event of information being accidentally deleted, all data held on the Crosslands Google Drive is copied onto an external hard drive once a year. This is held for one year from the time that the copy is made before being deleted.
2.10. Suppliers (including tutors and faculty on secondment or contractor arrangements, residential speakers, Foundation Group leaders)
Collection of personal data
We collect and process personal data about our suppliers in order to manage the relationship, contract, to receive services from our suppliers and to provide services to our clients. Some or all of the following information may be collected: full name, email address, postal address, birthday, banking information, employment history and academic and professional qualifications.
In accordance with Article 9(2)d) of GDPR, personal data relating to racial/ethnic origin and religious beliefs is permitted to allow Crosslands to carry out its mission.
Use of personal data
- In order to receive services from suppliers we will at times be required to process personal data relating to those suppliers and in some instances some of their employees. This processing is necessary in order to allow us to receive services.
Legal grounds: Legitimate interests - In some instances a supplier will help us to deliver training to our students/ other end users. When this happens we are required to process personal data about the individuals involved in providing the training in order to administer and manage our relationship with the supplier and the relevant individuals, to share information about our services with the wider world, and to provide the training for our end users.
Legal grounds: Legitimate interests - Unless we are asked not to, we may use some of our suppliers contact details to provide information about us that we think will be of interest about us and our services in order to promote Crosslands the services we offer.
Legal grounds: Legitimate interests - Crosslands has a contractual obligation to process personal data received from individuals who agree to study with us. Agreeing to the Seminary Course covenant, Foundation Course learning site leader covenant or Foundation Course study group leader covenant means you enter a contract with Crosslands for us to use your personal information as described in this policy, as does purchasing Course modules directly from us or through our partner BibleMesh Institute.
Legal grounds: Contractual obligation
Data retention
Personal data will be retained about our contacts within our supplier organisations for as long as it is necessary for the purposes set out above (e.g. for as long as we have, or need to keep a record of, a relationship with a contact, which is for the duration of our relationship with a contact or their organisation) and then deleted in line with our deletion and retention policies.
When and how we share personal data and locations of processing
Further details about the processors (such as IT service providers) used by Crosslands and locations of processing are listed below. This information may be downloaded onto our staff’s devices as part of their work. In order to ensure continuity of service in the event of information being accidentally deleted, all data held on the Crosslands Google Drive is copied onto an external hard drive once a year. This is held for one year from the time that the copy is made before being deleted.
2.11. Visitors to our website
Collection of personal data
Our website collects limited personal data automatically via the analytical tools that are integral to the websites including:
- Information about your browser, network, and device
- Web pages you visited prior to coming to this website
- Your IP address
This information may also include details about your use of this website, including clicks; internal links; pages visited; scrolling; searches; and timestamps.
Visitors are also able to send an email to us through the website. Their messages will contain the user’s screen name and email address, as well as any additional information the user may wish to include in the message.
Use of personal data
- We use the information that you have given us in order to find out things such as the number of visitors to the various parts of the site and to help us establish what content is popular. Where contact details have been provided through a web form we will use the data to communicate with you in order to distribute requested materials or ask for further information.
Lawful basis: Legitimate interest - We have a legitimate interest to process personal data received from individuals to enable us to respond to enquiries. Submitting an enquiry in whatever form means you are happy for us to use your personal information as described in this policy. We will only use the data for the purpose of responding to the communication.
Lawful basis: Legitimate interests
You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.
Data retention
Personal data collected via our websites will be retained by us for as long as it is necessary (e.g. for as long as we have a relationship with the relevant individual).
When and how we share personal data and locations of processing
We share this information with our website provider, to learn about site traffic and activity. They need the data to run this website, and to protect and improve its platform and services. Further details about the processors (such as IT service providers) used by Crosslands and locations of processing are listed below.
If information is received via a form in relation to an application to study with Crosslands, the information is emailed to relevant members of the Crosslands admissions team to assess the application (See section 2.3 Student Applications).
Our website may link to third-party sites that are not controlled by us. This means that this privacy policy will not apply. We recommend that you review each third-party site’s privacy policy before disclosing any personally identifiable information.
3. Processors used by Crosslands
To help us deliver excellent theological training and resources for churches and church leaders, we share information and data with some external processors and third-party applications. The servers that allow these applications to operate are located in secure data centres around the world and personal data may be stored in any of them. Further details of the third-party providers that we use are:
| Name | Role | Address | Privacy Policy |
| Jotform | Online form software |
111 Pine St. Suite 1815, San Francisco, CA 94111 Server: Germany |
Read the JotForm Privacy Policy. |
| Mailchimp | Marketing platform | The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA | Read the MailChimp Privacy Policy. |
| G Suite by Google | Business applications (email, calendar, cloud storage etc) | Gordon House, Barrow Street, Dublin 4, Dublin, D04 E5W5 | Read the Google Privacy Policy. |
| GiffGaff | Mobile phone and Voicemail provider | 260 Bath Road, Slough SL1 4DX | Read the giffgaff privacy policy |
| Timetastic | Staff holiday planner | Suite 143 19 Lever Street, Manchester, England, M1 1AN | Timetastic privacy policy |
| Peoples Pension | Pension provider | B&CE Benefit Schemes, Manor Royal, Crawley, West Sussex, RH10 9QP | The People’s Pension privacy policy |
| Stewardship |
Payroll provider, Giving services |
1 Lamb’s Passage, London EC1Y 8AB | Stewardship privacy notice |
| Xero | Accounting software | Bank House ,171 Midsummer Boulevard, Milton Keynes, MK9 1EB | Xero privacy notice |
| Stripe Payments Europe Ltd | Financial services | 1 Grand Canal Street Lower, Grand Canal Dock, Dublin | Stripe privacy policy |
| Wise | Financial services | TransferWise Ltd, 6th Floor of The Tea Building, 56 Shoreditch High Street, London E1 6JJ | Transferwise privacy policy |
| CAF Bank | Financial services | 25 Kings Hill Avenue, West Malling, Kent ME19 4TA | CAF privacy notice |
| WordPress | Website provider | Aut O’Mattic A8C Ireland Ltd, Grand Canal Dock, 25 Herbert Pl. Dublin, D02 AY86. Ireland | WordPress privacy policy |
4. Your rights
Where we rely on consent to use your personal data, you have the right to withdraw that consent at any time. If you are the data subject you also have the following rights:
Right to access
You can write to us to ask for confirmation of what personal information we hold on you and to request a copy of that personal information.
Right to rectification
You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Right to be erasure
You have the right to ask us to erase your personal information in certain circumstances.
Right to restrict processing
You have the right to ask for processing of your personal information to be restricted if there is disagreement about its accuracy or legitimate use.
Right to object
As a data subject, you have the right to object to the processing of your data where Crosslands is relying on its legitimate interests as the legal ground for processing or we are using your data for direct marketing.
Right to data portability:
You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
5. Further information
5.1. Complaints or queries
Crosslands strives to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
Please send any complaints to the details below.
You also have the right to lodge a complaint with the data protection supervisory authority, The UK Information Commissioner’s Office (ICO) who can be contacted at:
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
5.2. Access to personal information
Crosslands tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the GDPR. If we do hold information about you, within 30 days we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to; and
- let you have a copy of the information in an intelligible form.
To make a request to Crosslands for any personal information we may hold, you need to put the request in writing addressing it to our Administrators, including your full name, postal address, daytime telephone number, whether you seek general information or specific information and proof of your identity.
With your permission, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting our Administrators.
5.3. Disclosure of personal information
We do not and will never disclose personal data without prior consent, except where required by law.
5.4. Links to other websites
This privacy notice does not cover the links within our websites linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
5.5. Data Controller and contact information
If you want to request information about our privacy policy you can contact us directly through our website, email info@crosslands.training, call +44 (0)191 9169572 or write to: Data Controller, Crosslands, Floor 6, Hadrian House, Higham Place, Newcastle, NE1 8AF.