This Notice sets out why we collect personal information about individuals and how we use that information. It explains the legal basis for this and the rights you have over the way your information is used.
This Notice covers MAF International and its subsidiaries – MAF International, MAF PNG Holdings Ltd, MAF Papua New Guinea Ltd, Christian Radio Missionary Fellowship Inc. and Blue Sky Aviation Co. Ltd. in relation to the collection and use of the information you give us. We may change this Notice from time to time. If we make any significant changes we will advertise this on the website or contact you directly with the information. Please check this page occasionally to make sure you are happy with any changes.
If you have any questions about this Notice or concerning your personal information please contact our helpline at data.protection@mafintorg or by post to MAF International, Operations Centre, Henwood, Ashford, Kent, TN24 8DH, UK.
The type and amount of information we collect depends on why you are providing it, for example:
• The information we collect when you make an enquiry or support us may include your name, date of birth, email address, postal address and phone number.
• If you are making a booking on one of our flights, you are asked to provide name, address and confirm the identity of all the passengers (in the form of passport or other recognised forms of identification).
• If you are a job applicant, the information you are asked to provide is as set out in the application and necessary for us to process the application.
• If you require us to make a bank payment into your account, we collect your bank account details, name and address. .
We may collect information from you whenever you contact us or have any involvement with us for example when you:
• visit our website
• fly with us or access one of our other services
• work or volunteer with us
• enquire about our activities or services
• sign up to receive news about our activities
• post content onto our website/social media sites
• attend a meeting with us and provide us with information
• contact us in any way including online, email, phone, SMS, social media or post
We collect information:
(1) When you give it to us directly: You may provide your details when you ask us for information, book or make payment for a flight,attend our events or contact us for any other reason.
(2) When you give it to us indirectly: Your information may be shared with us by related organisations including other members of the MAF International partnership and MAF-US and MAF Canada, in accordance with their Privacy Notices which you should check when you give your details.
(3) When you have given other organisations permission to share it: Your information may be provided to us by other organisations if you have given them your permission. This might be a charity working with us or might be when you buy a product or service from a third party organisation. The information we receive from others depends on your settings or the option responses you have given them.
(4) When you use our website(s): See the information about the use of website(s) under that heading below.
(5) When it is available on social media: Depending on your settings or the privacy policies applying for social media and messaging services you use, like Facebook, Instagram or Twitter, you might give us permission to access information from those accounts or services.
We will use your personal information in a number of ways, which reflects the legal basis that applies to the processing of your data. These may include:
• providing you with the information or services you have requested
• confirming your identity in order to fly with us and/or your right to fly into another country
• sending you communications, with your consent, that may be of interest including information about our services and activities.
• carrying out your obligations under any contract between us
• seeking your views on the services or activities we perform so that we can make improvements
• maintaining our organisational records and ensuring we know how you prefer to be contacted
• processing job applications
The use of your information for the purposes set out above is lawful because one or more of the following applies:
• Where you have provided information to us for the purposes of requesting information or requesting that we carry out a service for you, we will proceed on the basis that you have given consent to us using the information for that purpose, based on the way that you provided the information to us. You may withdraw consent at any time by emailing us at firstname.lastname@example.org. This will not affect the lawfulness of processing of your information prior to your withdrawal of consent being received and actioned.
• It is necessary for us to hold and use your information to perform our obligations under a contract entered into with you or for mutually agreed due dilligence prior to entering into a contract.
• It is necessary to comply with our legal obligations.
• Where the purpose of our processing is the provision of information or services to you, we may also rely on the fact that it is necessary for your legitimate interests that we provide the information or service requested, and given that you have made the request, would presume that there is no prejudice to you in our fulfilling your request.
We understand the importance of keeping your personal information secure and take appropriate steps to safeguard it. For example, all emails sent from our organisation are encrypted and our servers have appropriate levels of security to make our best effort to prevent cyber-attacks.
We always ensure only authorised persons have access to your information, which means that everyone who has access is appropriately trained to manage your information.
No data transmission over the internet can however be guaranteed to be 100% secure. So while we strive to safeguard your information, we cannot guarantee the security of any information you provide online and you do this at your own risk.
• Third parties who provide services for us, for example insurance providers. We select our third party service providers with care. We provide these third parties with the information necessary to provide the service. We have agreements in place that require them to operate with the same care over data protection as we do.
• Third parties in connection with restructuring or reorganisation of our operations, for example if we merge with another charity. In such event we will take steps to ensure your privacy rights will be protected by the third party.
Owing to the diversity of our operations, the information you provide to us may be transferred to countries outside the European Economic Area (EEA), which are not subject to the same data protection regulations as apply in the UK. We meet our obligations under GDPR by ensuring that the information has equivalent protection as if it were being held within the EEA. We do this by ensuring that any third parties processing your data outside the EEA either benefits from an adequacy determination for GDPR purposes and/or, where appropriate, we have entered into a Data Sharing Agreement which contains model EU clauses.
We may also disclose your personal information if we are required to do so under any legal obligation and may use external data for the purposes of fraud prevention and credit risk reduction, or where doing so would not infringe your rights, but is necessary and in the public interest.
Other than this, we will not share your information with other organisations without your consent.
We really appreciate it if you let us know when your contact details change. You can do so by contacting us at email@example.com.
This notice, together with the terms and conditions posted on our website(s), see www.mafint.org set forth the general rules and policies governing your use of our website(s). Depending on your activities when visiting our website, you may be required to agree to additional terms and conditions.
Like most website operators, we collect non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Our purpose in collecting non-personally identifying information is to better understand how our visitors use its website.
Certain visitors to our websites choose to interact with us in ways that require us to gather personally-identifying information like Internet Protocol (IP) address. The amount and type of information we gather depends on the nature of the interaction. For example, we ask visitors who sign up for a blog to provide a username and email address.
Our Service may contain links to external sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the privacy notice and terms and conditions of every site you visit. We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites, products or services.
We may collect statistics about the behaviour of visitors to our website. We may display this information publicly or provide it to others but we do not disclose any personally-identifying information.
We appreciate that many families working with us have children. Where appropriate we will ask for consent from a parent or guardian to collect information about children (under 16 years old).
We will hold your personal information for as long as it is necessary for the relevant activity. By way of example, we hold records of donations you make for at least six years in the UK so we can fulfil our statutory obligations for tax purposes; in other countries it may be longer. Each department has established retention policies which comply with this document and are published in the appropriate manual.
You have the right to request details of the processing activities that we perform with your personal information through making a Subject Access Request. Such requests must be in writing. More details about how to make a request, and the procedure to be followed, can be found in our Data Protection Policy. To make a request contact us at firstname.lastname@example.org.
You also have the following rights:
• the right to request rectification of information that is inaccurate or out of date;
• the right to erasure of your information (known as the “right to be forgotten”);
• the right to restrict the way in which we are dealing with and using your information; and
• the right to request that your information be provided to you in a format that is secure and suitable for re-use (known as the “right to portability”);
• rights in relation to automated decision making and profiling including profiling for marketing purposes.
All of these rights are subject to certain safeguards and limits or exemptions, further details of which can be found in our Data Protection Policy. To exercise any of these rights, you should contact the data protection team at the above address.
If you are not happy with the way in which we have processed or dealt with your information, you can complain to the Information Commissioner’s Office.
This notice may be changed from time to time. If we make any significant changes we will advertise this on our website(s) or contact you directly with the information.
Please check this notice each time you consider giving your personal information to us.