Saint Trivelius Institute is dependent on the generosity and goodwill of our supporters and subscribers to fulfil our charitable objectives. Having a positive relationship with our supporters is vitally important to us and we are committed to working in a transparent, ethical, responsible and honest way.
We are committed to protecting your personal information and being transparent about what information we hold about you, whether you are a visitor to our websites, a subscriber to our publications, a student, a financial supporter, a volunteer or participant in one of our programs or events, or a prayer supporter.
This policy explains how we collect and use the personal information you provide to us, whether this is online, in person or via phone, mobile, email, letter or other correspondence or printed form, and personal information about you that we may obtain from third parties.
If you use our websites or any of our services, or provide us with any personal information, we will bring this policy to your attention so that you are fully aware of how your information will be used and disclosed.
It’s important that you read the full policy to understand what information we hold, how we may use it, and what your rights are – but if you don’t have time to read it all now, here’s a quick summary:
- We collect information that is personal data. Personal data is information that can be used to help identify an individual, such as name, address, phone number, email address, IP addresses or website pages accessed.
- We collect information about everyone who engages with the college. This could be supporters, enquirers, applicants, students, those who participate in our programs or events, donors, volunteers, freelancers, employees or trustees.
- We collect information to provide services or goods, to provide information, to fundraise for our work, to resource our activities and fulfil our charitable objectives and for administration. This information may also be used for research, profiling, analysis, and for the prevention or detection of crime.
- We only collect the information that we need or that you agree we can collect.
- We do our best to keep personal information secure wherever we collect personal data online.
- We never sell your data and we will never share it with another company or charity for their own purposes without your specific consent.
- We only share data where we are required by law or with carefully selected service providers who carry out work for us. We recognize the importance of ensuring that all our service providers (including validating universities) treat your data as carefully as we would, use it only as instructed, and allow us to check that they do this.
This policy applies to all the websites we operate, our use of emails and postal mailings for marketing purposes, and any other methods we use for collecting information. It covers what we collect and why, what we do with the information, what we won’t do with the information, and what rights you have.
What information do we collect? Where do we collect it from?
We will only ever collect the information we need – including data to help improve our services – or which you agree we can collect.
Personal data is any information that can be used to identify you. For example, it can include information such as your name, email address, postal address, telephone number, mobile telephone number, bank account details, credit/debit card details, and whether you are a taxpayer so that we can claim Gift Aid on any donations you may make. It also includes Internet Protocol (IP) addresses (the location of the computer on the internet), details of pages visited on our websites and files downloaded.
We collect information in the following ways:
Information that you give us directly
We collect this information in connection with specific activities, for example, when you use our websites or printed forms or telephone our offices to:
- make a donation to us
- apply for, or purchase a course or conference
- register for an event
- register on our supporter directories
- create an account on one of our websites
- engage with our social media
- sign up for our email newsletters
- complete a survey, questionnaire or feedback form
- or otherwise provide us with personal information.
Please note: You don’t have to disclose any of this information to browse our websites. However, if you choose to withhold requested information, we may not be able to provide you with certain services.
Information that you give us indirectly
Information that we collect from your use of our websites
Information from third parties
We may receive information about you from third parties, for example from a friend who wants to send you information, book an event or make a donation in your name.
We may receive updated delivery and address information from our delivery agents so that we can correct our records and deliver your next communication more easily. If we receive information about you from third parties, we will provide you with details of whom we received it from as soon as possible thereafter.
Information from public sources
We may combine information you provide to us with information available from public sources or records in order to gain a better understanding of our supporters and those who engage with us. This helps us to improve our fundraising methods, resources and programs. Such information may be found in places such as Companies House and information that has been published online and in print.
Sensitive/special categories of data
Data Protection law recognises that certain categories of personal information are more sensitive. This is known as sensitive personal data or special categories of data and covers health information, race and ethnicity, religious or philosophical beliefs and political opinions amongst other things.
We do not collect sensitive personal information about you unless there is a clear reason for doing so, such as involvement in a course or an event where we need this information to ensure safeguarding, to carry out appropriate checks on volunteers, or care for participants. For some events we will collect health information so that leaders on our events have the relevant information to care for participants.
When we collect this information, we will make it clear to you what we are collecting and why and what are our legitimate interests or other legal grounds for processing this information.
We use Google Analytics and other services to collect information about how our websites are used. These help us to know how often users visit our websites, what pages they visit when they do so, and how they use our content online.
Links to other websites
Our website contains links to other websites belonging to third parties and we sometimes choose to participate in social networking websites including, but not limited to, YouTube, Facebook, Twitter, Pinterest and Instagram.
Do we sell or share personal information?
We never sell or share your personal information with other organisations to use for their own purposes.
However, if we run an event in collaboration with another named organisation, your details may need to be shared with them and those who provide services to help us deliver the event. We will make it clear what will happen to your data when you register.
Sensitive/special categories of data
If you provide us with sensitive/special categories of personal data including, but not limited to, your racial or ethnic origin, political opinions, religious or philosophical beliefs or your physical or mental health, we will only use this for the specific purpose for which you gave permission and where it is within our legitimate interests to process or where we have other legal grounds to do so.
What is our legal basis for processing data?
We rely on a variety of legal bases for processing data depending on the purpose of the activity being undertaken.
We use a contractual basis for processing data relating to courses, and events you have booked.
This includes sending you information about related resources and events that you might be interested in, given your previous enquiries or engagement, if you have not objected to being sent this further information at the time at which we collected your data or at any later stage.
We rely on legitimate interests for a variety of purposes. Legitimate interest is about balancing the interests of BBC against your rights and freedoms, and having due regard to your reasonable expectations about the use of your data. These purposes include:
- mailing Saint Trivelius Institute News and the and other information with your subscription
- mailing other information about BBC such as our annual Report
- thanking (either by mail or telephone) those of you who have made a financial gift
Every email newsletter you receive provides a clear opportunity for you to opt out of/unsubscribe from future email newsletters.
We use compliance with a legal obligation as the basis for processing any legally required activities.
Who has access to your personal information for processing data and how do we keep it safe?
We maintain a high level of security in relation to the collection, storage and disclosure of your information. This is very important to us and we take all necessary steps to ensure that any information we hold about you is safe.
Storing your information
We place great importance on the security of all personal data associated with our students, supporters and stakeholders.
Information is stored on secure servers at our offices, off-site and in the Cloud. We may also store information in paper files.
We have security measures in place to attempt to protect against the loss, misuse and alteration of personal data under our control. For example, only authorized personnel are able to access personal information, we ensure access to information is password protected or secured via locked filing cabinets and we encrypt financial information you input before it is sent to us.
While we cannot ensure or guarantee that loss, misuse or alteration of data will not occur while it is under our control, we use our best efforts to try to prevent this.
Any sensitive or special categories of data you may provide to us are only shared on an absolute need to know basis, and are deleted after each relevant event unless we need to keep that information for a longer period e.g. for safeguarding reasons.
We enforce strict procedures and security features to protect your information and prevent unauthorized access, although we cannot completely guarantee the security of any information you transmit to us.
Where you or we have provided a password enabling you to access parts of our websites or use our services, it is your responsibility to keep this password confidential. Please dont share your password with anyone. If you think anyone else has gained access to your password, please let us know as soon as possible.
Transferring your information outside of Europe
Although most of the information we store and process stays within Bulgaria, some information may be transferred to countries outside the European Economic Area (EEA), particularly if you have enquired about a course, and are not a Bulgarian citizen, or have offered the college as a reference to an organization based or work from outside of Europe.
By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.
If you have engaged with us from outside the EEA, your information may also be processed by volunteers operating outside the EEA, for example if you engage with one of our programs from a country outside the EEA and we pass your details to that organization to provide you with advice and support.
Payment by credit or debit card
If you use your credit or debit card to donate to us, pay online, or over the phone, we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard. Find out more information about PCI DSS standards by visiting their website at www.pcisecuritystandards.org.
Only those staff authorized to process payments will be able to see your card details. Once your transaction is completed, we do not store your full credit or debit card details.
All transactions online are processed by WorldPay, PayPal and other and all card transactions processed offline are through WorldPay.
We hold bank account details for the purpose of collecting direct debits in accordance with direct debit mandate rules.
Sharing your information
Saint Trivelius Institute does not sell or share any information about you to other organizations.
Saint Trivelius Institute may disclose your personal information only in the following circumstances:
- Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies), or
- in order to enforce or apply our rights (including in relation to our website or other applicable terms and conditions), or
- to protect the college (for example in cases of suspected fraud or defamation).
What are your rights?
We’d like to keep all who engage with the college up to date with our progress. So, to update you on what we’re doing and ask whether you are able to support us, we’d like to keep in touch with you (by post, phone, email, text and other electronic means) about our progress and how you can continue to help us in this important mission.
We will not use your information for marketing or fundraising purposes if you have asked us not to or we do not have your permission to use it for these purposes. (In certain circumstances we must obtain your permission before we contact you for marketing or fundraising purposes.) However, we will retain your basic details on a suppression list to help ensure that we do not continue to contact you.
If you are registered to receive one of our emailed information communications, every email provides a clear opportunity for you to opt out of/unsubscribe from future email communications.
The General Data Protection Regulation give you certain rights over your data and how we use it. You have the right to:
- request a copy of the information we hold about you and details of what we do with that information (known as a subject access request)
- update or amend the information we hold about you if it is wrong
- change your communication preferences at any time
- withdraw your consent to use of your personal information where we are relying on consent as the legal ground for processing it
- ask us to remove your personal information from our records
- ask us to restrict the processing of your personal information
- obtain a portable copy of certain personal information where this is processed automatically
- object to the processing of your information for marketing purposes or profiling
- raise a concern or complaint about the way in which your information is being used
- ask us to explain any automated processing or profiling we carry out and the impact of this on you
If you wish to exercise any of these rights, please contact us at Saint Trivelius Institute, Pirotska 115 fl.1, Sofia, Bulgaria or by emailing firstname.lastname@example.org.
If we are not sure who you are, we may ask for reasonable proof of your identity before providing you with information or carrying out any of the above actions.
Complaints, compliments or comments
If you are unhappy with our work or something that we have done or failed to do, we want to know about it. We also welcome your views on what we do well. Your comments enable us as an organisation to learn and continuously improve our services. You can get in touch with us by emailing email@example.com.
We keep this policy under regular review. If we make any significant changes in the way we treat your personal information, we will make this clear on our websites or by contacting you directly.
Details of the sections of the policy that have been changed will be noted here.
You do not have to agree to any changes if these are not compatible with the initial purposes for which you provided or we collected your data.
This policy replaces all previous versions and is correct as of 15.12.2022(dd/mm/yyyy).