CBN UK Privacy Notice
Last Reviewed: December 25
1. Introduction
This Privacy Notice explains how Christian Broadcasting Network UK (“CBN UK”, “we”, “us”, or “our”) collects, uses, stores, and shares personal data.
It applies to individuals whose personal data we process, including:
- Donors and supporters
- Prayer request submitters and Hope Line callers
- Church and school contacts using Superbook Academy
- Volunteers and contractors
- Website visitors and event participants
This notice is provided in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and relevant guidance issued by the UK Information Commissioner’s Office (ICO).
We are committed to transparency and accountability in how we handle personal data.
2. Who We Are
Data Controller
Christian Broadcasting Network UK
Registered Charity Number: 1101659
PO Box 700, Hereford, HR1 9EW, United Kingdom
CBN UK operates a trading subsidiary, CBN Resources Ltd (Company No. 10853789), which may act as a data processor on our behalf.
Contact Details
Email: dataprotection@cbneurope.com
Telephone: +44 (0)1227 453300
CBN UK has appointed a Data Protection Officer (DPO). You may contact the DPO using the details above if you have any questions about how your personal data is processed.
3. Personal Data We Collect
We collect and process the following categories of personal data, depending on your interaction with us:
a) Personal Identification Data
Name, title, postal address, email address, telephone number.
b) Demographic & Engagement Data
Interests, preferences, engagement history, and interactions with CBN UK content or services.
c) Usage & Technical Data
IP address, browser type, device information, website usage data, cookies, and analytics data.
d) Transactional & Financial Data
Donation history, payment references, Gift Aid status, and fulfilment details (note: payment card details are processed securely by payment providers and are not stored by CBN UK).
e) Communication Data
Correspondence via email, phone, post, instant messaging, or social media.
f) Special Category Data
Information voluntarily provided relating to religious beliefs or pastoral needs (e.g. prayer requests). This data is processed with enhanced safeguards.
We may also collect information when you participate in surveys, competitions, events, or special campaigns.
4. Data Obtained from Third Parties
In some circumstances, we may receive personal data from third parties, including:
- Churches or schools registering for Superbook Academy
- Partner ministries or Christian organisations
- Social media platforms (when you interact with our content)
- Publicly available sources (e.g. charity registers)
Where personal data is not obtained directly from you, we will provide the information required by Article 14 UK GDPR within one month or at the point of first communication, whichever is sooner.
5. How We Collect Personal Data
We collect personal data through:
- Direct interactions: forms, donations, event registrations, prayer requests, phone calls, emails, instant messaging
- Automated technologies: cookies, analytics tools, tracking technologies
- Third-party sources: referrals, social media platforms, partner organisations
Details of cookies and similar technologies are provided in our Cookie Policy:
https://cbneurope.com/cookie-policy/
6. Lawful Bases for Processing
We process personal data under the following lawful bases:
a) Consent
For marketing communications, surveys, prayer support, and optional engagement activities. You may withdraw consent at any time.
b) Contract
Where processing is necessary to fulfil a contract or donation arrangement (e.g. processing donations, fulfilling resource orders).
c) Legal Obligation
To comply with legal and regulatory requirements, including charity, tax, and accounting obligations.
d) Legitimate Interests
We rely on legitimate interests where processing is necessary for our charitable operations, including:
- Engaging supporters and partners
- Improving services and content
- Preventing fraud and ensuring system security
- Managing internal administration and reporting
Where we rely on legitimate interests, we have carried out a Legitimate Interests Assessment (LIA) to ensure our interests do not override your rights and freedoms. You have the right to object at any time.
Special Category Data
Special category data (including religious belief data) is processed under Article 9(2)(d) UK GDPR for the legitimate activities of a not-for-profit religious organisation.
7. Third-Party Processors
We use trusted third-party service providers (“processors”) to support our operations. We maintain a record of all processors and ensure that appropriate Article 28 UK GDPR contracts are in place.
Key Third-Party Processors
CRM, Communications & Engagement
- Salesforce – CRM and supporter management
- Iterable – Email communications and engagement analytics
- Natterbox – Telephony and call handling
- WhatsApp (Meta) – Prayer communications
- Jotform – Online data capture forms
Web, Media & Analytics
- Wix / Pantheon / WordPress Hosting – Website hosting and management
- Google Analytics – Website analytics
- Google Ads – Advertising and campaign analytics
- Meta (Facebook / Instagram) – Social media engagement and advertising
- Media Valet – Digital asset and media management
- Metricool – Social media analytics and scheduling
Payments & Finance
- Stripe – Payment processing
- PayPal – Payment processing
- Findock – Financial reconciliation
- QuickBooks – Financial accounting
Operations & Administration
- Microsoft 365 – Email, documents, and internal collaboration
- Zoom – Online meetings and webinars
- Zapier – Secure workflow automation
- Waiver Electronic – Electronic waivers and consent forms
- Hireful – Recruitment and applicant management
Education Platforms
- Superbook Academy (Moodle-based LMS) – Church and school resource delivery
- We collect contact details for church and school staff only
- We do not directly collect children’s personal data
All processors are required to implement appropriate technical and organisational security measures.
8. International Data Transfers
Some of our processors store or process personal data outside the UK and EEA.
Where international transfers occur, we ensure appropriate safeguards are in place, including:
- UK Extension to the EU-US Data Privacy Framework (where applicable)
- UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses (SCCs)
- Additional technical and organisational safeguards where required
We conduct Transfer Impact Assessments (TIAs) for relevant transfers and review them periodically or where material changes occur.
You may request further information about international transfer safeguards by contacting us.
9. Data Retention & Security
Retention
We maintain a formal Data Retention Schedule. Key retention periods include:
- Financial and donor records: 6 years plus the current year
- Gift Aid records: 6 years after the calendar year of donation
- Prayer requests: up to 12 months (unless deleted earlier on request)
- Marketing data: until consent is withdrawn or there is no longer a lawful basis
- Website analytics: typically up to 26 months
Security
We protect personal data using appropriate technical and organisational measures, including:
- Role-based access controls
- Encryption in transit and at rest
- Secure authentication and password controls
- Regular security reviews and training
- Secure data disposal procedures
10. Your Data Protection Rights
You have the following rights under UK GDPR:
- Right of access
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to data portability
- Right to object
- Right to withdraw consent at any time
Requests can be made via dataprotection@cbneurope.com.
We may require reasonable proof of identity and will respond within one month.
You also have the right to complain to the Information Commissioner’s Office (ICO):
https://www.ico.org.uk
11. Automated Decision-Making
We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects.
Analytics and segmentation may be used to tailor communications but are subject to appropriate safeguards and human oversight.
12. Children’s Data
Our services are not directed at children under 13.
Superbook Academy is used by churches and schools. We do not directly collect children’s personal data. Any aggregated information (e.g. group sizes or age ranges) does not identify individuals.
13. Changes to This Notice
We regularly review this Privacy Notice to ensure it remains accurate and compliant.
The most recent version will always be available on our website.
