Donate Now

Luton Islamic Centre Privacy Policy - Updated 4th July 2025

 

1. Who We Are

The Luton Islamic Centre is a registered charity based at 116 Bury Park Road, Luton, Bedfordshire, LU1 1HE. We are committed to protecting your personal data and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. How the Law Protects Your Data

Data protection law allows us to process your personal data only when we have a valid lawful basis to do so. These lawful bases are set out in the UK GDPR and include:

  • Performance of a Contract: When processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract (e.g., to provide services you have booked).
  • Legal Obligation: When processing is necessary for us to comply with a legal obligation (e.g., for tax purposes, financial reporting, or employment law).
  • Legitimate Interests: When processing is necessary for our legitimate interests as a charity (e.g., for internal administration, improving services, or preventing fraud), provided these interests do not override your fundamental rights and freedoms. We will conduct a Legitimate Interests Assessment (LIA) to ensure this balance.
  • Consent: When you have given us clear, explicit consent for us to process your personal data for a specific purpose. You have the right to withdraw your consent at any time.

3. What Personal Data We Collect

We collect various types of personal data to provide our services and operate as a charity. This may include:

  • Identity Data: Your name, title.
  • Contact Data: Postal address, email address, phone numbers.
  • Transactional Data: Details about donations you make, services you book (e.g., Nikah ceremony, camping trips, accommodation, Darul Quran bookings), and payment information.
  • Employment & Volunteering Data: Information related to your employment or volunteering duties, including application details, references, and relevant employment history.
  • Communication Data: Records of your queries and correspondence when you contact us.
  • Preference Data: Such as marriage preferences (for marriage services).

Special Category Data: Given the nature of our services as a religious organisation, we may also collect and process special categories of personal data, which are afforded higher protection under UK GDPR. This may include:

  • Religious or Philosophical Beliefs: For instance, in relation to Nikah ceremonies or participation in religious services.
  • Health Data: If provided for specific purposes, such as dietary requirements or accessibility needs for accommodation during conferences, or health conditions relevant to a hardship fund application.
  • Information related to financial hardship/vulnerability: Which may indirectly indicate other sensitive personal circumstances.

Our lawful bases for processing these special categories of data include:

  • Explicit Consent: Where you have given us explicit consent for a specific purpose (e.g., providing health information for a specific event).
  • Processing by a Not-for-Profit Body: Where processing is carried out by us as a not-for-profit body with a religious aim, relating solely to our members, former members, or those who have regular contact with us in connection with our purposes, and where the personal data is not disclosed outside the organisation without your consent.
  • Substantial Public Interest: Where necessary for reasons of substantial public interest, such as for safeguarding purposes, in accordance with the Data Protection Act 2018.
  • Legal Claims: Where necessary for the establishment, exercise, or defence of legal claims.

4. How We Collect Your Data

We receive information about you when you:

  • Use our website.
  • Complete forms, whether online or in paper.
  • Contact us by phone, email, or other methods in respect of any of our services or products.
  • Make an application to join us as an employee or volunteer.
  • Inform us of any other matter.

Third-Party Data: If you provide us with personal data about a third party (e.g., an emergency contact for a trip, or details for a reference), we expect you to have informed that third party that you are providing their details to us. We will process such data only where it is necessary for a specific, legitimate purpose (e.g., for safety reasons, or to provide a requested service) and we will ensure we have our own lawful basis for doing so.

5. How We Use Your Data and Our Lawful Bases

We use your personal data for the following purposes, based on the specified lawful bases:

Purpose of Processing

Lawful Basis (UK GDPR Article 6)

Special Category Data Condition (UK GDPR Article 9, if applicable)

To process monetary donations & Gift Aid declarations

Performance of a Contract (for donation transaction) & Legal Obligation (for HMRC, financial records, AML if applicable)

(N/A unless the donation itself reveals special category data, e.g., donation to a specific religious activity implying belief – covered by Not-for-Profit Body condition)

To process bookings for Nikah ceremonies, marriage services/counselling, camping trips, accommodation during conferences, Darul Quran bookings.

Performance of a Contract

Religious Beliefs: Processing carried out by a not-for-profit body with a religious aim. Health Data: Explicit Consent or Substantial Public Interest (e.g., safeguarding).

To provide references on your behalf

Consent or Legitimate Interests (if clearly requested by you or a third party with your knowledge)

(If the reference contains special category data, Explicit Consent or Substantial Public Interest)

To manage employment & volunteering duties (including applications)

Performance of a Contract (employment contract) & Legal Obligation (employment law, safeguarding)

Employment (where authorised by law), or Substantial Public Interest (e.g., safeguarding), or Explicit Consent.

To provide customer services & respond to your requests

Performance of a Contract or Legitimate Interests (to manage our relationship with you and improve service)

(Only if your query/request reveals special category data, then relies on initial condition for relevant data)

To administer accounts, process payments, billing & payments

Performance of a Contract & Legal Obligation (financial regulations)

N/A

To detect and prevent fraud

Legitimate Interests (to protect our charity from financial harm)

(Only if special category data is directly relevant to fraud prevention and processing is authorised by law in public interest)

To review and improve our website and services

Legitimate Interests (to enhance user experience and service quality)

N/A (unless data is aggregated/anonymised)

For internal marketing and statistical analysis (non-direct marketing communications)

Legitimate Interests (to understand our donor/user base and improve fundraising strategies)

N/A (unless data is aggregated/anonymised)

To notify you about changes to our services or prices

Legitimate Interests or Performance of a Contract (if related to an ongoing service)

N/A

To provide requested information on our products or services

Performance of a Contract or Legitimate Interests

N/A

6. Form of Data

We collect and store your data in both document (paper) and electronic formats (including emails, voice mails, telephone conversations, and computer programs).

7. Retention Periods

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Our general retention periods are:

  • For active customers/service users/employees/volunteers: We will keep your personal data for the duration of our relationship with you.
  • Following cessation of services/employment/volunteering: We may keep your data for up to 10 years after you have ceased to be a customer, employee, or volunteer with us.
  • For financial records (e.g., donations, Gift Aid): We retain this data for a minimum of 7 years following the financial year to comply with HMRC and charity accounting regulations.
  • For specific service bookings (e.g., Nikah ceremony details):  We keep a permanent record for nikkah ceremonies and shahadah certificates.
  • For job applications (unsuccessful): Typically retained for up to 6 months unless you have provided consent for longer retention for future opportunities.

Please note that we may be unable to delete certain data before these times due to our legal and/or statutory obligations. We assure you that your personal data shall only be used for the purposes stated herein and in compliance with this policy.

8. Access to Your Personal Data and Sharing with Third Parties

We will never sell your personal data to third parties for marketing or advertising purposes.

We work closely with a number of trusted third parties who provide services on our behalf (e.g., payment processors, IT service providers, vetting agencies for employment/volunteering, previous employers/personal referees for references, statutory agencies). We may share your personal data with them only where it is necessary to provide the service or facilitate a job application.

  • Data Processor Agreements: Where third parties process data on our behalf (as ‘data processors’), we have robust contracts in place (Data Processing Agreements) to ensure they comply with data protection laws, keep your data secure, and do not use it for any marketing purposes.
  • Third-Party Controllers: In some instances, third parties may be acting as independent data controllers (e.g., statutory agencies to whom we have a legal obligation to report). In such cases, they will have their own privacy policies, which we advise you to read.

We may also share your personal data if we are under a legal duty to disclose data (e.g., to comply with a court order or other legal obligation, or to protect the rights, property, or safety of The Luton Islamic Centre, our employees, our customers, or others). This includes, but is not limited to, exchanging information with other companies and organisations for the purposes of fraud protection, credit risk reduction, and dispute resolution. In all such cases, we will take steps to ensure your privacy rights continue to be protected.

9. International Transfers of Your Personal Data

All information you provide to us is primarily stored on secure servers located within the UK or the European Economic Area (EEA).

From time to time, your information may be transferred to, and stored at, a destination outside the UK/EEA if this is necessary for the provision of our services or for our operational needs (e.g., if a service provider uses servers in a non-UK/EEA country).

Where such transfers occur, we will ensure that appropriate safeguards are in place to guarantee that your data receives the same level of protection as it would within the UK/EEA. These safeguards may include:

  • Transfers to countries deemed to provide an adequate level of protection by the UK government (adequacy regulations).
  • The use of UK International Data Transfer Agreement (IDTA) or the International Data Transfer Addendum to the EU Standard Contractual Clauses (SCCs) with the recipient, which are legally binding agreements designed to protect your data.

By providing your data to us, you acknowledge this transfer and storage under these robust safeguards.

10. Security of Your Personal Data

We are committed to ensuring the security of your personal data. We follow accepted industry standards to store and protect the personal data we collect, including the use of encryption where appropriate (e.g., for payment details). All information you provide to us is stored on secure servers.

While we implement strict procedures and security features to try to prevent unauthorised access, the transmission of information via the internet is not completely secure. Therefore, we cannot guarantee the security of your data transmitted to our site, and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

11. Your Data Protection Rights

Under UK GDPR, you have the following rights concerning your personal data:

  • The Right to Be Informed: You have the right to be informed about how we collect and use your personal data. This Privacy Policy serves to do that.
  • The Right of Access: You have the right to request a copy of the personal data we hold about you (a Subject Access Request).
  • The Right to Rectification: You have the right to ask us to correct any inaccurate or incomplete personal data we hold about you. You must maintain the accuracy of your information by writing to The Luton Islamic Centre to ensure all your details (including name, address, phone number, e-mail address, and payment details) are kept up to date at all times.
  • The Right to Erasure (‘The Right to Be Forgotten’): You have the right to ask us to delete or remove your personal data where there is no compelling reason for us to continue processing it. Please note that there may be legal or accountancy reasons why we cannot immediately delete certain data.
  • The Right to Restrict Processing: You have the right to ask us to suspend the processing of your personal data in certain circumstances (e.g., if you contest its accuracy or object to its processing).
  • The Right to Data Portability: You have the right to request that we transfer your personal data to another organisation or to you, in a structured, commonly used, and machine-readable format, where technically feasible.
  • The Right to Object: You have the right to object to our use of your personal data where we are relying on legitimate interests as our lawful basis, or for direct marketing purposes.
  • Rights in relation to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. We do not currently use automated decision-making or profiling in this way.

Please be aware that exercising some of these rights may delay or prevent us from fulfilling our contractual obligations to you or processing your application for employment/services. It may also mean that we are unable to provide certain services or process the cancellation of your service effectively.

12. Donor Data Privacy and Security Policy

Luton Islamic Centre is committed to protecting the privacy and personal data of all donors who contribute through our website. Donations made via the WP Donations plugin on our WordPress site are processed within a secure environment, with robust technical measures in place. We do not store any payment card details on our servers. All sensitive information is securely encrypted and transmitted directly to the selected payment processor (Stripe, PayPal, Apple Pay, Google Pay) using secure, tokenized gateways. Our website does not use advertising or analytics cookies on the donation pages, ensuring that your activity remains private and untracked. Only essential, short-lived session cookies may be used to maintain security during the donation process.

We work exclusively with trusted third-party payment providers—Stripe, PayPal, Apple Pay, Google Pay—who are certified to PCI DSS Level 1, the highest level of security in the payment industry. These providers implement industry-leading safeguards including data encryption, multi-factor authentication, fraud detection, and continuous monitoring to protect donor data from unauthorized access or breaches. Any personal information collected during the donation process is handled in accordance with GDPR and other applicable data protection laws. Luton Islamic Centre does not share, sell, or disclose donor information to any third party outside of the transaction process and required legal compliance.

contact

  • Luton Islamic Centre, 116 Bury Park Rd, Luton LU1 1HE, United Kingdom
  • info@lutonislamiccentre.com

Quick Menu

Follow us

Facebook Twitter Youtube Instagram

© 2024 Luton Islamic Centre. All Rights Reserved.

Registered Charity: 1042630