our privacy policy

Privacy Statement

Our commitment to your privacy

This Privacy Statement describes how OneSpirit Interfaith Foundation (“OneSpirit”, “we”, “us”) collects and uses personal information, and the steps we take to protect it.

We process personal information in accordance with UK data protection law, including UK GDPR, the Data Protection Act 2018, PECR, and relevant amendments introduced by the Data (Use and Access) Act 2025 (DUAA).

Privacy principles

We use the following principles to guide how we handle personal information:

  • We communicate clearly about what personal information we collect and how we use it.

  • We respect your privacy and only collect and use personal information that we genuinely need.

  • We use personal information to deliver and improve our charitable services, and to communicate with you in ways you expect.

  • We protect personal information and keep it secure.

  • We never sell personal information.

  • We only share personal information when necessary and with trusted partners who help us deliver our work.

Who we are and how to contact us

OneSpirit Interfaith Foundation is the data controller for the personal information we hold.

If you have any questions about this Privacy Statement or how we use your information, please contact us:

What personal information do we collect?

The personal information we collect depends on how you engage with OneSpirit. For example, requesting information, applying for a programme, becoming a student or member, donating, or attending an event.

Information you share with us

  • Contact details such as name, email address, telephone number, and postal address

  • Programme applications and enrolment information

  • Payment information required to process fees or donations (processed securely via our payment providers)

  • Communication preferences

  • Messages you send us, such as enquiries or feedback

  • Information you choose to share about support needs or accessibility requirements

  • Where relevant and with appropriate safeguards, information you choose to share about your spiritual or religious background (this may be special category data)

Information from your online interactions

  • Information about how you use our website, such as pages viewed, links clicked, and technical identifiers including IP address

  • Cookie preferences and related information where cookies are used (see below)

Cookies

Cookies are small text files stored on your device when you use a website. We use cookies to make our website work, remember your preferences, and, where you agree, help us understand how our website is used so we can improve it.

Where required, we will ask for your consent before placing non-essential cookies or using similar technologies. Some cookies may be used without consent where an exemption applies, such as when a cookie is strictly necessary to provide a service you have requested and where permitted under PECR as amended.

You can manage cookies through your browser settings and, where available, our cookie settings tool.

Email communications

When we send emails, we may use standard industry technologies, such as tracking pixels, to understand whether an email has been opened and which links are clicked. This helps us improve our communications and keep them relevant.

Social media

If you engage with us on social media, the relevant platform will also process your personal information. Your relationship with those platforms is governed by their own privacy policies.

We may receive aggregated statistics from social media providers to help us understand engagement with our content.

How we use your personal information

We use personal information for the purposes below. In each case, we identify a lawful basis under UK GDPR:

  • To respond to enquiries and provide information you request (legitimate interests)

  • To manage applications, enrolment, and course delivery (contract)

  • To provide pastoral, accessibility, and learning support where requested (contract and or consent, with explicit consent where special category data is involved)

  • To process payments, donations, and maintain financial records (contract and legal obligation)

  • To send essential service communications (contract and or legitimate interests)

  • To send newsletters, updates, and fundraising communications (consent or, where permitted, the charity soft opt-in under PECR; you can opt out at any time)

  • To meet legal, regulatory, and safeguarding obligations (legal obligation and or legitimate interests)

  • To protect the security of our systems and prevent misuse (legitimate interests)

How can you change the way we contact you?

You can change your communication preferences at any time. Each marketing email includes an unsubscribe link, and you can also contact us at admin@interfaithfoundation.org.

If you ask us to stop marketing communications, we will do so. However, we may still send service messages necessary to deliver a programme you are enrolled on or to meet legal obligations.

What personal information do we share with third parties?

We may share personal information with trusted third parties where necessary to provide our services and run the organisation. This includes:

  • Service providers who help us deliver our work, such as IT hosting, email platforms, databases, and payment processors

  • Professional advisers, including accountants, insurers, and legal advisers

  • Regulators and authorities where we are legally required to do so

We do not sell personal information. Where we use service providers, we put appropriate contracts in place to protect your information.

International transfers

Some suppliers may process personal information outside the UK. When this happens, we ensure appropriate safeguards are in place, such as adequacy decisions or approved contractual safeguards.

How long do we keep your personal information?

We only keep personal information for as long as necessary for the purposes it was collected, including legal, accounting, regulatory, and safeguarding requirements.

We regularly review what we hold and delete or anonymise information when it is no longer needed.

Your controls and choices

You have rights in relation to your personal information, including:

  • The right to withdraw consent where we rely on consent

  • The right to object to processing, including an absolute right to object to direct marketing

  • The right to access your personal information (a Subject Access Request)

  • The right to correct inaccurate personal information

  • The right to request deletion of personal information in certain circumstances

  • The right to restrict processing in certain circumstances

  • The right to data portability in certain circumstances

  • The right not to be subject to certain types of automated decision-making

To exercise your rights, contact us using the details above. We may ask for identification or clarification where necessary. We normally respond within one month. If additional information is required, the response time may be paused until it is received.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner’s Office (ICO). We would appreciate the opportunity to address your concerns first.

How we protect your personal information

We take appropriate steps to protect personal information from loss, misuse, unauthorised access, disclosure, alteration, and destruction. These include access controls, staff training, and technical security measures.

Changes to this Privacy Statement

We may update this Privacy Statement from time to time. The latest version will always be published on our website and will show the date it was last updated.