General Privacy Policy

Last updated May 2024

The Findhorn Foundation (FF) is a spiritual and educational charity registered in the UK. We are committed to the transformation of consciousness and rely on thousands of visitors to participate in our programme offerings as well as supporters to help us achieve our mission of creating new positive possibilities for the world.

We are committed to protecting and respecting your privacy and the security of your personal data. This Privacy Policy describes how we collect and use personal information about you in accordance with the UK General Data Protection Regulation (UK GDPR).

The personal data we collect will typically include: your name, your email and postal address, phone number, date of birth, and bank details (Personal Data) and this privacy policy relates to our use of any Personal Data you provide to us either directly or indirectly.

If you have any comments, questions or concerns regarding this Privacy Policy please contact us at compliance.systems@findhorn.org or call +44 (0) 1309 678066 or write to us on Findhorn Foundation, The Park, Findhorn, Forres IV36 3TZ, UK.

In this context, the FF will be the “controller,” which means that we are responsible for deciding how we hold and use personal information about you.

Who does this Privacy Policy apply to?

This Privacy Policy applies to employees, job applicants, volunteers, guests, workers, contractors, programme participants, individuals who visit our websites, give us donations, make enquiries about our work or our workshops, subscribe to our newsletters and other communications.

How will we process your personal data?

When processing the Personal Data, we hold about you, we will abide by the following Data Protection Principles and ensure that it is:

1. Used lawfully, fairly, and in a transparent way.
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
3. Relevant to the purposes we have told you about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purposes we have told you about.
6. Kept securely.

What information does The FF collect about me and how/when does FF collect this data?

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are certain types of more sensitive personal data which require a higher level of protection, such as information about a person’s health (this is referred to as “sensitive personal data” or “special category data”).

Personal Data is collected directly from you when you interact with FF. For example:

  • Signing up to one or more of our newsletters

  • Making an enquiry

  • Booking and registering on one or more of our programmes

  • Making a donation

  • Placing an order on the FF site

  • When you report a problem

  • Through participating in one of our programmes

  • Volunteering

Information may be collected in person, over the phone, through post or paper, online via our website (www.findhorn.org) and its subdomains and third party sites linked to our events, programmes or fundraising.

The information we collect will typically include:

  • Your name

  • Postal and email address

  • Your phone number

  • Bank or payment card details (if booking a programme, making a donation, or other financial transaction)

Please note that we will not store your bank account or payment card details. If you are making a payment via our website, all payments are processed via systems and providers whose services comply with regulatory compliance standards.

When booking or registering on a programme we may also ask for:

  • Your date of birth and gender identity

  • Your nationality and passport number (if non-UK)

  • Proof of address

  • Your car registration during conferences and events

  • Medical information which would be helpful for us to know about in case of an emergency during the programme you are attending

  • Special dietary needs and food allergies

  • Contact details for someone we can get in touch with in the event of an emergency.

  • Details of any specific needs relating to a disability or health condition

  • Previous workshop and course experience you have attended with the Findhorn Foundation or Findhorn College

  • Additional information or a personal statement to assist us in assessing our duty of care responsibilities and to enable us to perform our contractual obligations in relation to your attendance to some workshops.

  • Proof of address and other Covid related information to comply with Covid regulation where you are attending an onsite programme.

From some of our more closely connected donors and supporters we may collect the following additional information:

  • The organisation you work for or are affiliated with

  • Soft credit relationships

  • Other relevant personal or work relationships

  • Your history of contacting us and of your experience with us and the FF community

How will FF use my Personal Data?

FF will only use personal data for the purposes outlined to you and when the law allows us to. Most commonly we will use your personal information in the following circumstances:

  • Where we need to perform an agreement or contract you have entered into with us.

  • Where we need to comply with a legal obligation.

  • Where it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests.

We may also use your personal information in the following situations, which are likely to be rare:

  • where we need to protect your or someone else’s interests or

  • where it is needed in the public interest or for official purposes.

Some of the data referred to above is regarded as special category data to which we will attribute a higher level of protection. Our lawful, legitimate justification for processing this type of information is:

  • To ensure the health and safety of all those visiting and working at the FF

  • To provide, where justified and appropriate and necessary information and guidance pertaining to legal requirements regarding self-isolation and obtaining COVID-19 tests etc and where it is necessary to comply with a legal obligation and for our legitimate interests

  • To provide medical assistance should you become ill or suffer an allergic reaction for example

  • To satisfy the Home office if asked that our guests and visitors have entered the UK legally and hold the correct visa to attend our recreational courses in accordance with our legal obligations as an A rated sponsor.

We may also receive information about you from other sources, as explained below.

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, where we have an alternative legal basis (such as our legitimate interest and/or to process a contract between you and us or where this is required or permitted by law) applies and in compliance with the above rules.

Please note that in supplying any personal information, you will not be subjected to discrimination or unfavourable treatment.

Are you collecting other data from my IP?

We collect statistics about visits to the Site based on your IP address (an IP address is a number that uniquely identifies a specific computer or network device on the internet). This data is used to help us understand browsing preferences so that we can improve our website. We do not use this data to identify you as an individual and you will remain anonymous.

FF uses measurement and analysis tools to gather information regarding visitors to our website using cookies, log file data, and code which is embedded on the Site. This type of information is used to help us provide you with a better user experience on our Site. One example of FF’s cookie use is to customise the daily angel cards.

What are cookies?

Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology. For further information, visit allaboutcookies.org

FF uses cookies in a range of ways to improve your experience on our website, including:

  • keeping you signed in and understanding how you use our website;

  • for customising the daily angel cards,

  • for tracking bookings of multiple programmes in one booking (i.e. ”shopping cart”),

  • for tracking site statistics (Google Analytics).

What types of cookies do we use?

There are a number of different types of cookies, however, our website uses:

  • Functionality – these cookies are used to recognise you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in.

  • Advertising – these cookies are used to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address

How to manage cookies?

You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

When will you contact me?

We collect information in order to process your requests and to keep in touch with you about the FF’s work. Examples include:

  • To provide you with the services, products or information you have requested or enquired about like our newsletter, programme details or event information.

  • To express our gratitude and let you know how your donation is helping our work.

  • To process donations.

  • To process programmes and other payments.

  • To reclaim Gift Aid, where authorised to do so by you.

  • To send you programme or fundraising campaign information.

  • To record any contact we have with you to help us ensure we provide you with the most appropriate communications.

  • To notify you of changes to our policies or services.

  • To check on your preferences to ensure they are up to date. From time to time we may use external data sources (including for example social media sites, Companies House) to increase or enhance the information we hold about you. Further details can be found in the ‘How do we work with third parties in processing my Personal Data?’ section below.

We will ask for your consent to send you marketing emails, but we may also rely on the legitimate interest of the charity to raise much needed funds to get in touch via post and/or emails. You can always choose not to receive marketing communications from FF and, if you are already receiving such communications, you can ask us to stop at any time.

Note: When using the unsubscribe button in the footer of our emails you only unsubscribe from the e-list the mail was sent from. You will always have the option to click ‘unsubscribe’ from one or all of our e-lists, using the unsubscribe button found at the footer of each of the email/s you receive from the different FF e-lists.

How do you work with third parties in processing my Personal Data?

Certain third party organisations collect data on our behalf as well as for their own use. We may receive your personal details from third party organisations where you have agreed for this information to be shared.

Third party organisations we currently receive data from include (but are not limited to) JustGiving, CAF, Triodos Bank, Bank of Scotland, Stripe, Opayo, Facebook, Zoom, Bookinglayer Eventbrite, Ticket Tailor, Mailchimp, Google Analytics and Google Ads.

We also use other companies to provide services and to process your Personal Data on our behalf, including delivering postal mail, sending emails, and carrying out research. Some of these third parties may be based outside the UK where data protection laws may provide less protection than other UK laws.

However, we will only provide those companies with the information they need to deliver the specific service and we require them to ensure that your data is treated with an appropriate level of security in accordance with The Data Protection Act 2018 (DPA 2018).

Our website may, from time to time, contain links to and from the websites of its partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that the FF does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

How will my data be used?

FF will disclose or use personal information if required to do so by law, and may use external data for the purposes of fraud prevention, for example to comply with money laundering regulations as well as Covid regulations such as NHS track and trace. More details can be found at www.good fundraising.scott.

Programme participant’s information is used to make our programmes as relevant and effective as they can be, to safeguard all participants and to be able to analyse the appropriateness of the selection and follow through processes and so that long term studies of the effectiveness of them can be measured through academic research.

We may use your personal data to make suggestions and recommendations to you and other users of the FF website about goods, services, programmes or activities that may interest you or them.

Occasionally our Communications and Philanthropy Departments may make use of profiling and screening methods to produce relevant communications and so provide a better experience for our supporters and use our Philanthropic resources effectively. As a charity we have a legitimate interest to do this as it helps us achieve our charitable purposes more effectively and in accordance with best practice.

Profiling means that we will look at your giving history to help us use our resources more effectively. It helps us build relationships that are appropriate to our supporters’ interests, donation levels and other ways of supporting.
Screening means we may use additional external sources of data to increase and enhance the information we hold about you.

This may include obtaining details of changes of address, date of birth, telephone numbers and other contact details, information about your capacity to participate or relevant relationships (personal or professional for example).

It may also include information from public registers and other available sources such as Companies House, social media, newspapers, and magazines.
If we were to merge with another charity, restructure, sell or buy any business or assets we may share your details with other entities involved in the merger/restructure for that purpose.

How secure is the information I give you?

We are serious about guarding the security of your Personal Data and the details of any transactions made. We take appropriate organisational and technical security measures to protect your data against unauthorised disclosure or processing.

Our server and backups used to store the data you give us are held in a secure environment behind firewalls and are password protected. However you should keep in mind that no internet transmission is ever completely secure or error-free. In particular, any email sent to or from our website may not be secure.
Third parties we work with will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

How long will you keep my information?

We will hold personal information on our system for as long as you have an active relationship with FF, or as long as we are legally obliged to do so based on the purposes described in this Privacy Policy.

The personal data you provide on the booking form is held indefinitely on our database to assist future bookings and to help the Foundation maintain a historical archive of its programmes and activities. Building a record of the courses you have attended helps us to carry out our contractual obligations and to fulfil our duty of care responsibilities to you.

Personal statements and other information are stored in Gmail for up to 7 years. Paper copies are routinely destroyed after 12 months. During that time they will be stored in a secure location. Occasionally we may need to hold some information for longer when there is a duty of care issue.

If you have given your consent for us to process your data, you can withdraw your consent at any time.

For processing activities, which are based on a statutory or contractual requirement, you may request your data not to be processed for that purpose. However, this is not an absolute right and may be over-ridden by our statutory obligations or in order to enforce or apply the FF’s ‘terms of use’ and ‘terms and conditions of supply’ and other agreements or to protect the rights, property, or safety of the FF, its customers, or others. In other cases, requesting that data should not be processed for a particular purpose may prevent us from executing a contract or delivering a service to you.

If you cease to have an active relationship with us or request to receive no further contact, we will retain some basic information in order to avoid sending you unwanted materials in the future, and to ensure that we don’t accidentally duplicate information.

How do I request an information access report?

We aim to keep the data we hold about you accurate and up-to-date. If, at any time, you wish to update or amend any data we hold about you, or if you become aware of any errors or inaccuracies, please do let us know by contacting compliance.systems@findhorn.org.

FF would like to make sure you are fully aware of all your data protection rights which apply by law, under certain circumstances:

  • Request access – you have the right to request access for copies of your personal data.

  • Request correction – you have the right to request that FF correct any information you believe is incorrect or incomplete.

  • Request erasure – you have the right to request that FF erase your personal data.

  • Object to processing – you have the right to object to FF processing your personal data.

  • Request the restriction of processing – you have the right to request that FF restrict the processing of your personal data.

  • Request the transfer of your information to another party – you have the right to request that FF transfer the data we have collected to another party, or directly to you.

Right to Access/Data Subject Access request:

You can request a copy of the Personal Data we hold about you. To do so please write to the Compliance and Systems Officer via compliance.systems@findhorn.org or Findhorn Foundation, The Park, Findhorn, Forres IV36 3TZ, UK.

If you make a request, we normally have one month to respond to your request, unless the request is complex. In such a case the time to respond is extended to 3 months. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information. This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

If you have had an experience or have a concern regarding the way in which our organisation has handled your data and would like to make a complaint then please contact complaints@findhorn.org and we will get back to you as soon as possible.

You have the right to complain to the Information Commissioner’s Office (ICO) and to seek compensation through the courts. The ICO can be contacted on 0303 123 1113 or visit https://ico.org.uk/concerns/

We reserve the right to update this privacy policy at any time. Please check this website from time to time for the latest version of this policy.

This policy was last updated May 2024