Home > Privacy Policy

SGI-UK Privacy Policy 2023

SGI-UK is committed to protecting your privacy and security. Please read this Privacy Policy (‘Policy’) carefully as it contains important information on who we are and how and why we collect, store, use and share your personal information as well as your rights.

Please note that as we provide a range of services in support of our members and others who interact with us, we have separate fair processing notices for our different types of activities, so if we provide one to you, you may need to review more than one notice. This Privacy Policy supplements – but doesn’t override – them.
 

1. About us

SGI-UK is a lay Buddhist organisation whose members practise Nichiren Buddhism as it is taught within Soka Gakkai International. We currently have around 15,000 members in the UK who practise in local districts. Most of our activities take place in our members’ homes, and when necessary we rent venues for larger meetings. We have four centres: our national headquarters at Taplow Court, near Maidenhead, and three centres in London: in Brixton, Acton, and King’s Cross. Our website is Home | SGI-UK.

SGIUK is a registered charity (1104491) and a company limited by guarantee (5114516). The official address of SGI-UK is Taplow Court, Cliveden Road, Taplow, Maidenhead SL6 0ER. When we talk about “we” or “us” in this privacy policy we mean the Trustees of SGI-UK and our parent and sister organisations in Japan and Europe respectively.
 

2. Your Personal Data

We collect “personal data” (see ‘Personal data we hold’), which is information that identifies a living person, or which can be identified as relating to a living person. When we talk about “you” or “your” in this policy we mean any living person whose personal data we collect. When we talk about “Members”, “Guests” and “Membership” we are referring to members or prospective members of SGI-UK who have chosen to learn more about, join and/or practise Buddhism. We may, subject to appropriate permissions, also hold data for individuals’ children or their friends who participate in Future Division activities for 7-18 year olds. We also collect data from people who have made enquiries about SGI-UK and our activities and centres and who are interested in attending, or have attended our meetings and events.
 

3. Personal data we hold

We hold the following categories of personal data:

3.1  Personal data you provide

We collect the data you provide to us. Because we are a Buddhist organisation, it is reasonable to assume that members of SGI-UK are Buddhists, and that guests attending our meetings are interested in finding out more about Buddhism. This includes information you give when you communicate with us, apply for membership, subscribe to our publications, purchase items from our shop (whether online or in person), make a donation to our Kosen-rufu Fund, attend courses or events as a non-member (e.g. study course or peace symposium), are interested to know about SGI-UK events (e.g. open days, reception), volunteer, apply for employment, or enter into a contract with us. For example, we may hold:

• personal details (name, gender, date of birth, email, address, telephone etc.);
• financial information (such as credit/debit card or direct debit details, and whether your donations are eligible for gift-aid);
• details of the ways in which you wish to be contacted by us.

3.2  Personal data generated by your involvement with SGI-UK

Your activities and involvement with SGI-UK will result in personal data being generated. This could include:

• enquiries about Buddhist activities with SGI-UK in your local area;
• where you have asked us for information or written to us;
• your visits to our websites;
• images of you taken during our meetings or events (see Photography below);
• images of you taken on our CCTV systems;
• your use of our public wi-fi;
• your purchasing history;
• how you have been involved in activities;
• how you have donated money to us;
• where you have applied for a job with us.

3.3  Special category (‘sensitive’) personal data

While we do not generally collect such data, on occasion it is necessary to hold such information on our records. This may include, for example, for our courses or activities, when we may need to know about any access, medical or dietary requirements you may have.

Because our support network is based on differing members’ needs, we may gather statistics based on gender and whether or not you are part of our youth division. If people identify as non-binary we also record this for our statistics. We do this in order to understand our membership and so we can conduct planning to provide appropriate support and allocate resources accordingly.

3.4   Photography

At our events, we often take photographs and video images of our activities so that we have a record of events we have organised. These images are used for various purposes, including to develop our archive (see Archiving below), to report on our activities in our publications and on our websites. Where we do so we notify this to you at the relevant event, alongside any image rights clearances that may be required.

From time to time, as part of an activity, a project may include recording personal data and images, so as to create an album or video or webinar which may be shared on official websites, or in publications including social media. These recordings may also be sent to SGI organisations in other countries including the Soka Gakkai headquarters in Japan. (see Transferring your personal information out of the UK and EEA)

3.5 Data Sourced from Third Parties

Sometimes we need to collect data that is provided to us by third parties to help us meet your needs, for example:

• Verifying Contact Data, e.g. where you have moved address, changed your telephone number or started using a new email address. We only use this to ensure that we have up to date records on our systems and do not use it for marketing.
• Financial crime detection agencies, databases and sanctions lists;
• Our regulators who govern how we operate, including the Charity Commission and Information Commissioner’s Office (ICO));
• Our actuaries, auditors, legal advisers and other professional service firms and sanctions-checking service providers;
• Third parties in connection with any acquisition or disposal of assets by us;
• Cookies and Tracking Data, for example mobile device number, device type, operating system, browser, MAC address, IP address, location and account activity obtained through our use of cookies. You can find more about our use of cookies in our Cookies Policy.

3.6 Archiving

SGI-UK gathers information and data which we can draw on in order to tell the history of the development of our organisation and make it available for future generations. Privacy legislation recognises the importance of archiving and makes special provisions for it under the concept of ‘archiving purposes in the public interest’, subject to certain safeguards. Where we process such data, we archive for the following purposes in the public interest:

• collection, preservation and management, including dissemination, activities required to ensure that data is permanently preserved in a usable state (archiving purposes in the public interest);
• use of the data by our organisation, the public or others, which may or may not take place for many years, such as for scientific or historical research purposes or for freedom of expression and information (journalistic, academic, artistic and literary expression) purposes; and
• historical research (any research done in an archive repository will be ‘historical’ in its widest sense).

Where we process for archiving purposes, we will consider the relevance of such processing, the nature and content of the records held, as well as the purposes for which any archive records are accessed and used. As your rights may be limited by this, e.g. the right to erasure, we are mindful of the need for proportionality and therefore, we are working towards developing systems to process data in accordance with the principles and relevant guidance issued by the National Archives.
 

4. How and why we use your personal information

4.1  Personal Data

We can only use your personal information if we have a reason. By law, we must have a justification, to process your data known as a ‘lawful basis’. The table below explains what we use your personal information for and why.
 

What we use your personal information for	Why
Providing information and/or services to you e.g. if you decide to become a member.	To take steps at your request before entering into membership Legitimate interests to comply with our legal and regulatory obligations
Providing information and/or services if you purchase something via our website.	To perform our contract with you or to take steps at your request before entering into a contract with us Legitimate interests to comply with our legal and regulatory obligations
Administration: e.g. processing enquiries and requests for information; processing membership applications; maintaining databases of our members and other interested people; fulfilling orders for goods in our shops (whether placed online, over the phone or in person).	Performance of a Contract  to comply with our legal and regulatory obligations Legitimate interests
Conducting checks to identify our members and verify their identity	Legitimate interests to comply with our legal and regulatory obligations
Other activities necessary to comply with professional, legal and regulatory obligations that apply to our organisation, e.g. under health and safety law or rules issued by our regulator	Legitimate interests to comply with our legal and regulatory obligations
To identify and/or, record details of and assist members and/or guests requiring additional support	to comply with our legal and regulatory obligations  Legitimate interests
To enforce legal rights or defend or undertake legal proceedings	to comply with our legal and regulatory obligations in other cases, for our legitimate interests, i.e. to protect our organisation, interests and rights
Preventing and detecting fraud against you or us etc.	Performance of a Contract to comply with our legal and regulatory obligations Legitimate interests
Meeting our legal or regulatory obligations (e.g. health and safety; security, lost property and incident management).	Compliance with a legal obligation
Working with third parties e.g. IT providers, printers, administrative support providers etc, such as carrying out due diligence to meet our compliance duties (for example, before making agreements for the supply of goods and services);	Performance of a contract Legitimate interests Compliance with a legal obligation
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies	To comply with our legal and regulatory obligations
Ensuring policies are adhered to, e.g. policies covering security, Health and Safety, safeguarding and internet use	For our legitimate interests, i.e. to make sure we are following our own internal procedures
Operational reasons, such as improving efficiency, training and quality control, accounts, financial analysis, internal audit	For our legitimate interests Compliance with a legal obligation
Ensuring the confidentiality of commercially sensitive information	Legitimate Interests, i.e. to protect commercially valuable information; to comply with our legal and regulatory obligations
Statistical analysis and archiving to help us manage our organisation and plan for its future needs,	Legitimate Interests i.e. to be as efficient so that we can best support the members in their faith and practice Under the ‘archiving purposes in the public interest’ exemption (see ‘Archiving’)
Preventing unauthorised access and modifications to systems	Legitimate Interests i.e. to prevent and detect criminal activity that could be damaging for you and/or us; to comply with our legal and regulatory obligations
Protecting the security of systems and data used to provide our products and services	To comply with our legal and regulatory obligations Legitimate Interests
Updating and enhancing members and/or guests records	to comply with our legal and regulatory obligations; Legitimate interests e.g. making sure that we can keep in touch with our members and/or guests about existing contact details and any orders, donations or purchases you have made and to be able to support them.
Administrative communications with you and others including complaints handling, proof of purchase, order history etc	Performance of a contract to comply with our legal and regulatory obligations Legitimate interests
Faith and organisational based communications with you e.g. events, publications etc:Faith and organisational based communications with you e.g. events, publications etc: to keep people informed about SGIUK’s activities and events, and to provide support to our members in Buddhist faith, practice and study. This includes keeping people up to date with our activities both locally and nationally, and to send general information for members of SGI-UK. SGI-UK Bulletin and the ‘Art of Living’ magazine All members are entitled to receive the Bulletin which contains news and information about recent and forthcoming activities. Subscribers receive the monthly ‘Art of Living’ magazine. Centre for Applied Buddhism (‘CfAB’) will share information about forthcoming events with people who have expressed an interest in its activities.	Legitimate Interests If you do not wish to receive such communications,you can Contact Us (below).
External audits e.g. the audit of our accounts, any IT compliance audit	Legitimate interests, i.e. to maintain our accreditations so we can demonstrate we operate at the highest standards; to comply with our legal and regulatory obligations
Facilitating Payments e.g. (e.g. receiving donations, direct debits, or gift-aid instructions);	Performance of a contract to comply with our legal and regulatory obligations Legitimate interests
Where we need to claim against our own insurance	Legal claims
Buying, selling, transferring or disposing of assets	Legal claims Explicit consent

Where we rely on legitimate interests as our lawful basis, we are required to carry out a balancing test to ensure that our interests, or those of a third party, do not override the rights and freedoms that you have as an individual. The outcome of this balancing test has helped us to determine whether we can use your personal information for the purposes described in this Policy. You can contact us for further information about this (see Contact Us below).

The Table below sets out some of our common use cases and the legal basis on which we rely:
 

What we use your sensitive personal information for	Why
Communications and complaints handling	Legal claims Necessary for safeguarding economic well-being of certain individuals
Equality of Opportunity and/or Treatment	Substantial Public Interest Equality of opportunity or treatment
Safeguarding	Substantial Public Interest  Safeguarding of children and individuals at risk
Disability Inclusion	Substantial Public Interest Support for individuals with a particular disability or medical condition
Protecting Vulnerable Persons	Substantial Public Interest Safeguarding of economic well-being of certain individuals Safeguarding of children and individuals at risk
Identifying and meeting the needs of members and/or guests requiring additional support e.g. support for individuals with a particular disability, vulnerability or medical condition	Substantial Public Interest Necessary for safeguarding economic well-being of certain individuals Safeguarding of children and individuals at risk Necessary for the equality of opportunity or treatment Explicit consent
Investigations and identification of financial or other crime and fraud	Clearly or obviously made public by you Prevent or detect crime Prevent fraud Legal claims Substantial Public Interest Regulatory requirement relating to unlawful acts or dishonesty Necessary for safeguarding economic well-being of certain individuals
Meeting our legal or regulatory obligations	Regulatory requirements relating to unlawful acts or dishonesty Legal claims
Exercising, establishing, enforcing or defending legal rights (of ourselves or others)	Legal claims Regulatory requirements relating to unlawful acts or dishonesty
Quality assurance, training and security	Legal claims Explicit consent
Managing our day to day operations, e.g. accounts, financial analysis, internal audit	Legal claims Explicit consent Prevent or detect crime Substantial Public Interest Prevent fraud Regulatory requirement relating to unlawful acts or dishonesty
Data analytics, statistical analysis, research and archiving- SGI-UK keeps statistics of members and guests attending our meetings, but this information does not contain personal data which could identify a person. The purpose of these statistics is to measure the growth of SGI-UK over time and to better support our membership. These statistics are shared with our sister organisations in Europe and parent organisation in Japan.	Exemptions necessary for archiving, research or statistical analysis (see ‘Archiving’) Substantial Public Interest Equality of opportunity or treatment
Where we need to claim against our own insurance	Legal claims
Buying, selling, transferring or disposing of assets	Legal claims Explicit consent

If we cannot justify our processing under one of the above grounds we will rely on consent. Please note that in most instances of our processing consent is not required and would not be valid as it may not be freely given by you. If you want to know more about how and why we process your sensitive personal information, you can contact us (see Contact Us below).

5. Disclosing and sharing your personal data

We occasionally share personal information of national and area leaders with our parent organisation in Japan or when attending training courses in Japan or large events or any publication request from Japan. Reports of our activities may be shared with the parent organisation in Japan and sister organisations globally. (see ‘Transferring your personal information out of the UK and EEA’)

We also share information with :

• third parties we use to help deliver our products to you, e.g. shop via mail order, payment service providers, magazine and publication printers, warehouses and delivery companies;
• other third parties we use to help us run our organisation activities e.g. IT support, website hosting, administrative service providers, card payment processors, claims managers, research agencies or website hosts;
• third parties e.g. social media sites;

We or the third parties mentioned above occasionally also share personal information with:

• our and their external auditors, e.g. in relation to the audit of our or their accounts, in which case the recipient of the information will be bound by confidentiality obligations;
• Legal advisers, accountants, auditors, financial institutions and professional service firms who act on our or your behalf;
• law enforcement agencies, courts, tribunals, government bodies (e.g. Charity Commission, Police, HMRC) and regulatory bodies to comply with our legal and regulatory obligations;
• other parties that have or may acquire control of our organisation (and our or their professional advisers) in connection with a corporate transaction or restructuring—usually, information will be anonymised but this may not always be possible. The recipient of any of your personal information will be bound by confidentiality obligations.

 

6. Transferring your personal information out of the UK and EEA

It is sometimes necessary for us to transfer your personal information to countries outside the UK and European Economic Area (EEA). In those cases, we will comply with applicable UK and EEA laws designed to ensure the privacy of your personal information. Under data protection laws, we will only transfer your personal information to a country outside the UK/EEA where:

• the UK government has decided the particular country ensures an adequate level of protection of personal information (known as an ‘adequacy regulation’), for example when we share data with our parent organisation in Japan
• in the case of transfers subject to EEA data protection laws, the European Commission has decided that the particular country ensures an adequate level of protection of personal information (known as an ‘adequacy decision’)
• there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you; or
• a specific exception applies under relevant data protection law.

7. Children and young people

7.1. Information for parents and guardians

We take great care to protect and respect the rights of individuals in relation to their personal data, especially in the case of those aged 17 or younger. We do not use contact data relating to persons under 18 to contact them directly, however we do need to hold such records for safety and safeguarding reasons. Personal data about children and young people is only accessible by our staff on a strictly need to know basis. SGI-UK makes every effort to ensure that we do not use images of children on official social media channels. (See our Online Safety and Social Media Policy)

7.2. Future Division activities

Children aged between 7 and 18 can participate in SGI-UK’s ‘Future Division’ activities. Nationally there are summer events, and locally events take place more frequently. The data we hold about children may include: name, details of parents or guardians, parents’ and guardians’ address and contact details, age, SGI-UK local organisation they belong to, any dietary requirements or special needs.

At such events we may make use of photography and this is prominently notified to parents and guardians at events so that they can exercise their discretion as to how they wish for their child to engage with the event. Event organisers are available to discuss this with you and will approach such matters sensitively.

For information on how photographs may be used by SGI-UK, please refer to points 3.4 Photography and 3.6 Archiving, above.

8. Data security

8.1. Protection

We employ a variety of physical and technical measures to protect and secure information we hold and to prevent unauthorised access to, or use or disclosure of personal data. Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Staff receive data protection training and we maintain a set of data protection procedures which our staff are required to follow when handling personal data.

8.2. Payment security

All electronic forms that ask you for your financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers. If you use a payment card to donate, or to purchase something from us on-line, we will pass your payment card details securely to our payment provider. We comply with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council.
 

9. CCTV

SGI-UK premises are protected by CCTV and you may be recorded when you visit our centres. We use CCTV to help provide a safe and secure environment for members, for visitors, for our staff and to prevent or detect crime. The system is managed in accordance with our standard operating procedures and with good practice guidance issued by the Information Commissioner’s Office.

10. Storing your personal data

Personal information may be held at our offices and those of our group organisations, third party agencies, service providers, representatives and agents as described above (see above: ‘Who we share your personal information with’).Some of these third parties may be based outside the UK/ European Economic Area (EEA). For more information, including on how we safeguard your personal information when this happens, see below: ‘Transferring your personal information out of the UK and EEA.

11. Retention of your personal data

We will process your personal information for so long as it is necessary for the purposes explained in this Policy. Different retention periods apply for different types of personal information e.g. we may need to hold some types of data such as data related to legal, archiving, regulatory, tax or accounting needs for longer if required to be so by law. We may also need to retain data so that we can manage our relationship with you e.g. recording the information you give to us or where there is a complaint or issue that you may raise in the future. We also retain records if we consider that there is a risk of future litigation. If you would like more information about our data retention policy please contact us (see ‘Contact Us’ below).

12. Cookies

Our websites use local storage (such as cookies) in order to provide you with the best possible experience and to allow you to make use of certain functions such as being able to shop online. Further information can be found about cookies and our cookies policy on our website (https://sgi-uk.org/Special-Pages/Cookies ).  

13. Links to other sites

Our websites contain links to other external websites. We are not responsible for the content or functionality of any such websites. Please let us know if a link is not working by contacting us on https://sgi-uk.org/Home/Contact-us.

14. Your Rights

Your rights

• Access to your personal information: You may request access to a copy of your personal information.
• Right to withdraw consent: Where we rely on consent as our basis of processing you may withdraw your consent at any time.
• Rectification: You may ask us to rectify inaccurate Personal information held about you.
• Erasure: You may ask us to delete your personal information, specifying why you would like us to delete your personal information.
• Portability: You may ask us to provide you with the personal data that we hold about you in a structured, commonly used, machine readable form, or ask for us to send such personal information to another data controller.
• Right to object: You may object to our processing of your personal information pursuant to this Privacy Policy.
• Make a complaint: See below

For more information on each of those rights, including the circumstances in which they apply or to exercise them, as well as to raise a complaint please contact us our Data Compliance Officer in the first instance by writing to dco@sgi-uk.org or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights.
 

15. Changes to this privacy policy

We may amend this privacy policy from time to time to ensure it remains up-to-date and continues to reflect how and why we use your personal data. If there are material updates which affect your rights or substantively alter how we process your personal information we will notify you of these changes via our website.

Any questions you may have in relation to this privacy policy or how we use your personal data should be sent to our Data Compliance Officer at SGI-UK, Taplow Court, Cliveden Road, Taplow, Maidenhead SL6 0ER or email dco@sgi-uk.org.

The current version of our privacy policy will always be posted on our website. This version was published on 11^th April 2023.
 

16. How to contact us

If you have any questions relating to our Privacy Policy, please email us at SGI-UK.Administration@sgi-uk.org or use our enquiry form in the contact us section of the website.
 

17. Do you need extra help?

If you would like this notice in another format (for example audio, large print) please contact us (see ‘How to contact us’ above).

Date 11^th April 2023

Policy to be reviewed in 2024