You can contact us at firstname.lastname@example.org and Maciej Zurawski for data protection matters.
The Catholic App (for Android and iOS) collects anonymized data about your location in order to offer your personalized and relevant information. Without this information it cannot function properly, but this data cannot be used to identify anyone. These is the functionality made available by collecting this information: navigating you to churches, helping you to find Mass and Confession, providing information, delivering news, collecting donations, and personalize content to comply with local laws and customs.
If you make a donation using the Catholic App (without the use of Gift Aid), our financial system will only pass on the card number for processing and store the post code, without storing any other personal details. This data, is stored for six year (since the last time a donation was done to the recipient charity). If you choose to make a donation using Gift Aid, only then we will store information about your name, address, and email. This information will be shared with relevant charity and HMRC and is used solely for Gift Aid processing purposes.
We can collect anonymized location data while you use the app. To use the App, we require location data sent from your devices. By downloading and using the App, you consent to us and our affiliates' and licensees' transmission, collection, retention, maintenance, processing and use of your location data and queries to provide and improve location-based and road traffic-based products and services. If you turn off this functionality at any time by turning off the location services settings for the App on the device, you may not be able to use the App or any of its features.
We collect the information from the Catholic App on Android and iOS. The data is only collected when you use the app. It is used to providing you with relevant information and for personalizing the app experience (this information is shared with Google and Apple). Any payment information is shared with our payment processor Stripe for the purpose of processing payments. Gift Aid data is saved for six years (since the last time a donation was done to the recipient charity) for the purpose of processing Gift Aid claims, so that the charity of your choice can benefit from the additional government contribution. You can see the charity name in the terms & conditions just before making the payment. When you have submitted a donation with Gift Aid you can no longer withdraw the permission to use the Gift Aid, since at that time it is a legal requirement for the Charity to keep it for a number of years. We keep the anonymized transaction linked to the Gift Aid so that it forms an audit trail: the Gift Aid data can be traced back to an actual payment. That is the lawful basis of its collection and processing.
We also receive information indirectly, from the following sources: Google, Apple, Stripe and we might share personal information with these providers in order to fulfill our contractual obligations to make the app work. For example, Stripe notifies us if a payment was not successful. The information shared with Stripe can also be used to conduct anti-money laundering checks and prevent fraud, and we have a legal obligation for this. Stripe also uses the data to comply with its regulatory obligations (such as Know Your Customer (“KYC”) and Anti Money Laundering (“AML”), and in this role Stripe is a data controller.
The information shared with Google and Apple is also used for analytics, which is both a contractual obligation with the app platform providers, and a legitimate interest since this is needed to improve our products. The payment data is stored in the US, but Stripe has certified to the EU-U.S. and Swiss-U.S. Privacy Shield.
We might use your information for the purpose of preventing and investigating crime & fraud, and we have a legitimate interest for this.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. For reason stated below you cannot withdraw your consent once you provided it
(b) We have a contractual obligation.
(c) We have a legal obligation.
See above. Stripe uses the payment information to decide if a payment is authorized or not, which is an automated decision procedure.
We store information in a secure cloud service, for as long as is needed for regulartory purposes or for 6 years since the last time a donation was done to the recipient charity.
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at email@example.com if you wish to make a request.
You can complain at firstname.lastname@example.org.
You can also complain to the ICO if you are unhappy with how we have used your data.
Our ICO registration number is ZA762928.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113