Privacy Policy

Who we are

Christian Rural and Environmental Studies (CRES) is run by The John Ray Initiative (JRI) and A Rocha UK, and is administered by JRI, a registered UK charity. The JRI website address is: https://jri.org.uk. The CRES course has its own website https://cres.org.uk

The John Ray Initiative is a registered UK company, created for any publications which JRI may directly publish. Although all recent JRI publications have been as free to download files the Limited company still exists and has been registered with the Information Commissioners Office as a data holder.

What personal data we collect and why we collect it

The JRI Contacts Database

JRI maintains a contacts database for individuals who

have signed up to receive our news and updates mailings
are Members and Associates of the John Ray Initiative
attend JRI and CRES events
are current and former students and tutors of the CRES course

This information is used to keep individuals informed as per their requests – it is organised to show geographical location preferences and the preferred methods for contact (email, post, telephone). Information is only obtained from the individuals themselves. For organisations, contact information may be obtained from public sources (e.g. an organisation’s website). JRI does not share this information with any third party, and it is only used in accordance with the charitable purposes of the charity.

Specific to the CRES Course

CRES students’ registration documents are stored securely in the JRI office. Study records are held by the CRES Administrator, the student’s personal tutor and senior tutor, and the CRES Course Director. Password protection and limits to access are agreed and maintained by CRES Course administrators and seniors tutors. The CRES course is run in collaboration with A Rocha UK, with all administration carried out by The John Ray Initiative. The Privacy Policy for A Rocha UK can be viewed at http://www.arocha.org/en/get-involved/privacy-policy/

Website Visitors

The IP address and location of site visitors are recorded for the purpose of analysing site usage. No personal data is stored or discovered by JRI from this process.

Comments and Website Interaction

At present no comments to posts are permitted on the JRI website.

The CRES website has a private ‘Member Zone’ containing posts, pages, resources and a discussion forum. Access to these parts of the CRES website is restricted to registered users of the site. Registration is available to current CRES students, tutors, course administrators and individuals permitted access by the CRES Course Director. Registration requires a declaration of the status of the site user, and agreement to the Terms and Conditions for use of the site. All applications to access the Member Zone are checked with the database of current CRES course participants, with access denied to those who do not meet the criteria. The site is moderated and inappropriate comments are taken down, with users registrations being revoked if necessary. CRES site users set up their own profiles and manage their own passwords; this data is held only within the website. CRES passwords are not stored outside the WordPress CMS, and are not accessible to any other user, including administrators.

Media

Visitors to the website can download and extract any location data from images on the website. Many images are subject to copyright restrictions and we request that these are respected.

Contact forms

The website includes the option to contact JRI via a contact form. This form requests email and name details only. The email which is generated from this form is held within the email system only and nothing is added to any database unless the contact form specifically requests this action.

Cookies

The site uses cookies to monitor site visits. Cookies are also used to enable administrators with logins to the site to store their details.

Website Security

The JRI and CRES websites use software provided by the webhost and third party security to maintain site security, including protection for the contact forms on the sites. No payments are taken through either website, instead direction is given to external payment provision (e.g. Paypal) and information on how payments and donations can be made. WordPress CMS and plugins are updated frequently.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

In general it is JRI practice to only provide links to external material rather than embed content.

Who we share your data with

Data is not shared with any third party. A request to JRI for a contact with a person known to be connected to JRI is passed to the person for their own response, it is not actioned by JRI staff.

Data is not received from any third party.

Data is not used with any automated decision making or profiling process.

How long we retain your data

Data is held until it is no longer useful for the purposes for which it was recorded. The charity maintains a historical record of who attended conferences and events, and who contacted JRI and for what purpose. Personal contact details are maintained for those who are current mailing recipients, members and associates. JRI strives to keep this information up to date.

What rights you have over your data

You can request to receive a copy of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we hold your data & how it is protected

The data is held online in a secure server at a UK location. Some data is held on laptop hard drives used by JRI staff. The security and use of these devices has been audited and use is secured by means of

passwords and encryption to the devices
passwords and encryption to files and folders
protocols to govern how data is accessed and used
regular security maintenance procedures to ensure that the most up-to-date software is being used

Data breach procedures

If JRI considers that a data breach has occurred then all individuals who may have been affected by the breach will be notified immediately, stating the nature of the breach, the data which may have been compromised, the actions being undertaken by JRI to secure the data held, the review process, and any action which may be required by the individual.

If individuals cannot be directly contacted then posts will be made on the website and via social media (Facebook and Twitter) to advise of the situation.

Additional information

The mailing database is processed using MailChimp. The mailing list has been set up using GDPR protocols provided by Mailchimp which include

options within every email sent to update details or to unsubscribe from the list
a privacy policy statement
links to Mailchimp’s own Privacy Policy including how and where data is securely held