SGI-UK Privacy Policy 2022
SGI-UK is committed to protecting your privacy and security. This privacy policy explains how and why we use your personal data and is intended to help ensure that you remain informed and in control of your information.
1. About us
SGI-UK is a lay Buddhist organisation whose members practise Nichiren Buddhism as it is taught within Soka Gakkai International. We currently have around 15,000 members in the UK who practise in local districts. Most of our activities take place in our members’ homes, and when necessary we rent venues for larger meetings. We have four centres: our national headquarters at Taplow Court, near Maidenhead, and three centres in London: in Brixton, Acton, and King’s Cross. Our website is Home | SGI-UK.
SGI-UK is a registered charity (1104491) and a company limited by guarantee (5114516).
The official address of SGI-UK is Taplow Court, Cliveden Road, Taplow, Maidenhead SL6 0ER.
When we talk about “we” or “us” in this privacy policy we mean the Trustees of SGI-UK.
2. Your Personal Data
We collect “personal data”, which is information that identifies a living person, or which can be identified as relating to a living person.
When we talk about “you” or “your” in this policy we mean any living person whose personal data we collect.
When we talk about “Members” and “Membership” we are referring to members of SGI-UK who have chosen to join and practise Buddhism. We may also hold data for members’ children or their friends who participate in Future Division activities for 7-18 year olds.
We also collect data from people who have made enquiries about SGI-UK and our activities and centres.
3. Personal data we hold
We hold the following categories of personal data:
3.1. Personal data you provide
We collect the data you provide to us. This includes information you give when you communicate with us, apply for membership, subscribe to our monthly magazine, purchase items from our shop (whether online or in person), make a donation to our Kosen-rufu Fund, apply for employment, attend courses or events as a non-member (e.g. study course or peace symposium), are interested to know about SGI-UK events (e.g. open days, reception), volunteer or enter into a contract with us. For example we may hold:
• personal details (name, gender, date of birth, email, address, telephone etc.);
• financial information (such as credit/debit card or direct debit details, and whether your donations are gift-aided);
• details of the ways in which you wish to be contacted by us.
3.2. Personal data generated by your involvement with SGI-UK
Your activities and involvement with SGI-UK will result in personal data being generated. This could include:
• enquiries about Buddhist activities with SGI-UK in your local area;
• where you have asked us for information or written to us;
• your visits to our websites;
• images of you taken on our CCTV systems;
• your use of our public wi-fi;
• your purchasing history;
• how you’ve been involved in activities;
• how you’ve donated money to us;
• where you have applied for a job with us.
3.3. Personal data from third parties
We do not currently collect data about members from third parties.
3.4. Special category (‘sensitive’) personal data
Because we are a Buddhist organisation, it is reasonable to assume that members of SGI-UK are Buddhists.
Otherwise, we do not normally collect or store special categories of personal data. However there are some situations where we may need to do so. These may include, for example, for our courses or activities we may need to know about any access, medical or dietary requirements you may have.
Because our support network is based on members’ gender we gather statistics based on their gender and whether or not they are part of our youth division. If people identifies as non-binary we record this for our statistics.
3.5 Special activities that includes member and non-members
Time to time SGI-UK organises activities that includes recording of personal data and images, using a web form with restricted secure access of data, for creating a photo album, video or share members’ personal stories for online meetings or sharing at official website, publication, for official social media channels or sending to SGI HQ in Japan (refer to point 5). It is informed that by participating in these activities members and non-members gives consent that their images, video and stories can be used in SGI-UK, SGI organisations official publications, websites, official social media channels or able to send to SGI HQ in Japan.
In such case members and non-members are informed within communication about the purpose and usage of the information collected. All data is kept based on this privacy policy meaning used for the purpose defined at the time of activities. Data collected may be kept for a limited time or for the posterity which will be indicated at the start of the activity. Participants involved have right to withdraw the consent to remove the data by writing to dco@sgi-uk.org.
All the data on similar projects where children are involved please refer to SGI-UK safeguarding policy.
There is a separate policy for staff of SGI-UK.
4. How we use your personal data
4.1. General use
SGI-UK has a legitimate interest in keeping our members’ data in order to support your practice of Buddhism.
We only ever use your personal data where it is necessary. In any event, we will only use your personal data for the purpose or purposes for which it was obtained.
4.2. Informing and Keeping in Touch
We use your personal data to communicate with you in order to promote SGI-UK’s activities, to provide support in Buddhist study and faith and inform about events. This includes keeping you up to date with our activities both locally and nationally, and to send general information for members of SGI-UK.
4.3. Administration
We use your personal data for administrative purposes including:
• processing enquiries and requests for information;
• processing membership applications;
• maintaining databases of our Members and other interested people;
• receiving donations (e.g. direct debits or gift-aid instructions);
• managing feedback, comments and complaints we receive;
• carrying out due diligence to meet our compliance duties (for example, before making agreements for the supply of goods and services);
• fulfilling orders for goods in our shops (whether placed online, over the phone or in person);
• recruitment and staff management including pay, tax and pensions administration;
• management of suppliers of goods and services;
• managing activities with SGI-UK (e.g. health and safety; security, lost property and incident management);
4.4. Internal research
SGI-UK keeps statistics of members and guests attending our meetings, but this information does not contain personal data which could identify a person. The purpose of these statistics is to measure the growth of SGI-UK over time and to better support our membership.
These statistics are shared with our sister organisations in the EU and parent organisation in Japan (but as numbers only, not as personal data).
5. Disclosing and sharing your personal data
We will never sell your personal data.
Distribution of the ‘Art of Living’ magazine is organised by the printers who receive the data securely from us and we have a data processing agreement to ensure all subscribers’ details are processed under GDPR. Other than this, we do not share members’ data with external contractors or suppliers.
Data transfer to EU and Japan
Occasionally, we share information about SGI-UK activities with other countries in Europe. We share information about Area and National leaders with the appointments board of SGI Europe.
We inform SGI in Japan of national appointments, members visiting the centres or attending training courses. We will only share information when necessary. Information is transferred to data processors securely, and we retain full responsibility for your personal data as the data controller.
An agreement between Soka Gakkai in Japan and SGI-UK is under process. As an interim measure until this agreement is in place, SGI-UK will ensure that before data is transferred to Japan, the relevant members’ consent for the transfer will be obtained. In addition, SGI will confirm to SGI-UK and record the purpose of the use of the personal data on the basis of the subject’s consent. We will inform the data subject about the ultimate data recipient (SGI) and the purpose of the data transfer so that the individual can make an informed decision as to whether or not to consent.
We may share your personal data where required to do so for the prevention of crime or for taxation purposes (for example, with the police, HMRC) or where otherwise required to do so by other regulators or by law (e.g. the Charity Commission, Companies House).
6. Communications
6.1. Legitimate interest
SGI-UK exists to support its members in the practice of Nichiren Buddhism. There is an expectation that you wish to be sent information and materials which will support your practice, which include news of recent and forthcoming activities. We do not conduct marketing for external organisations.
6.2. e-bulletin and the ‘Art of Living’ magazine
All members are entitled to receive the fortnightly e-bulletin which contains news and information about recent and forthcoming activities.
Subscribers receive the monthly ‘Art of Living’ magazine.
6.3 Centre for Applied Buddhism and affiliated organisations
The Centre for Applied Buddhism (CfAB) is a department of SGI-UK which has two main functions: to hold seminars and events for the wider public on broadly Buddhist themes, and to manage the library of oriental philosophy at Taplow Court. CfAB will share information about forthcoming events with people who have expressed an interest in its activities.
7. Children and young people
7.1. Information for parents and guardians
We take great care to protect and respect the rights of individuals in relation to their personal data, especially in the case of those aged 18 or younger.
We will not use the personal data of children or young people for marketing purposes and we will not profile it.
Personal data about children and young people is only accessible by our staff on a strictly need to know basis. It is only recorded and held with prior written consent from the parent or guardians.
7.2. Future Division activities
Children aged between 7 and 18 can participate in SGI-UK’s ‘Future Division’ activities. Nationally there are summer events, and locally events take place more frequently.
The data we hold about children are: name, details of parents or guardians, parents’ and guardians’ address and contact details, age, SGI-UK local organisation they belong to, any dietary requirements or special needs. We also keep records of parents’ and guardians’ consent to hold data for future SGI-UK children’s activities and, where obtained, permissions for children’s pictures to be used for SGI-UK publications and websites.
8. Data security
8.1. Protection
We employ a variety of physical and technical measures to protect and secure information we hold and to prevent unauthorised access to, or use or disclosure of your personal data.
Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Staff receive data protection training and we maintain a set of data protection procedures which our staff are required to follow when handling personal data.
8.2. Payment security
All electronic forms that ask you for your financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers.
If you use a payment card to donate, or to purchase something from us on-line, we will pass your payment card details securely to our payment provider. We comply with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council.
9. CCTV
SGI-UK premises are protected by CCTV and you may be recorded when you visit our centres. We use CCTV to help provide a safe and secure environment for members, for visitors, for our staff and to prevent or detect crime.
The system is managed in accordance with our standard operating procedures and with good practice guidance issued by the Information Commissioner’s Office. CCTV images will only be accessed by authorised security staff and are stored for up to 30 days, unless flagged for review.
10. Storing your personal data
10.1. Where we store data
We are wholly based in the UK and store data within the European Economic Area.
10.2. Retention of your personal data
We will only retain your personal data for as long as it is required for the purposes for which we collected it (e.g. we have a genuine and legitimate reason and we’re not harming any of your rights and interests). This will depend on our legal obligations and the nature and type of information and the reason for which we collected it. We continually review what information we hold and will delete personal data which is no longer required.
11. Control of your personal data
11.1. Your rights
We want to ensure you remain in control of your personal data and that you understand your legal rights, which are:
• the right to know whether we hold your personal data and, if we do so, to be sent a copy of the personal data that we hold about you (a “subject access request”) within one month;
• the right to have your personal data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason);
• the right to have inaccurate personal data rectified;
• the right to object to your personal data being used for marketing or profiling; and
• (where technically feasible) the right to be given a copy of personal data that you have provided to us (and which we process automatically on the basis of your consent or the performance of a contract) in a common electronic format for your re-use.
There are some exceptions to the rights above and, although we will always try to respond to any instructions you may give us about our handling of your personal information, there may be situations where we are unable to meet your requirements in full.
If you would like further information on your rights or wish to exercise them, please contact our Data Compliance Officer at the address below.
11.2 Should you wish to make a subject access request
SGI-UK members can request what data we hold for them. This can be obtained by written request to SGI-UK Admin (SGI-UK.Administration@sgi-uk.org). We will respond within a month of receiving the request.
SGI-UK members can request to remove their data by a written request to SGI-UK Admin (SGI-UK.Administration@sgi-uk.org). We will respond within the period of 1 months’ time.
11.2. Complaints
Should you have a complaint about how we have used (‘processed’) your personal data, you can complain to us directly by contacting our Data Compliance Officer in the first instance by writing to Data Compliance Officer (dco@sgi-uk.org).
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk.
12. Cookies
Our websites use local storage (such as cookies) in order to provide you with the best possible experience and to allow you to make use of certain functionality (such as being able to shop online). Our website is developed using a tool called Kentico, further information can be found about cookies and our cookies policy on our website (https://sgi-uk.org/Special-Pages/Cookies ).
13. Links to other sites
Our websites contain links to other external websites. We are not responsible for the content or functionality of any such websites. Please let us know if a link is not working by contacting us on https://sgi-uk.org/Home/Contact-us.
If a third party website requests personal data from you (e.g. in connection with an order for goods or services), the information you provide will not be covered by this privacy policy. We suggest you read the privacy notice of any other website before providing any personal information.
14. Changes to this privacy policy
We may amend this privacy policy from time to time to ensure it remains up-to-date and continues to reflect how and why we use your personal data. The current version of our privacy policy will always be posted on our website.
Any questions you may have in relation to this privacy policy or how we use your personal data should be sent to our Data Compliance Officer at SGI-UK, Taplow Court, Cliveden Road, Taplow, Maidenhead SL6 0ER or email dco@sgi-uk.org.
Updated on 4th Jul 2022