United Synagogue – Privacy Summary
Last updated: February 2026
The United Synagogue (“US”) is committed to protecting your personal data and being transparent about how we use it. We comply with UK GDPR, the Data Protection Act 2018, the Data Use and Access Act 2025 (DUAA), and the Privacy and Electronic Communications Regulations (PECR).
This summary explains, in simple terms, what data we collect, why we use it, how we keep it safe, and the rights you have.
1. Who We Are
Data Controller:
The United Synagogue (Charity No. 242552)
Registered office: 305 Ballards Lane, North Finchley, London N12 8GB
Data Protection Officer (DPO):
Bindesh Majithia
Email: [email protected]
Address: DPO, The United Synagogue, 305 Ballards Lane, London N12 8GB
2. What This Policy Covers
This summary applies when you:
- Use our websites or digital platforms
- Apply for or hold membership
- Take part in events, programmes, youth or education activities
- Donate or claim Gift Aid
- Volunteer or work with us
- Visit our sites or appear on CCTV
- Otherwise engage with the United Synagogue
3. The Data We Collect
Depending on how you engage with us, we may collect:
- Identity and contact information (e.g., name, address, email, phone number)
- Household and membership information
- Lifecycle details for religious services
- Youth and education data, including parent/guardian details and essential medical/dietary information
- Event bookings and payment details
- Donations and Gift Aid information
- Volunteer, DBS and safeguarding information
- CCTV and visitor logs
- Technical data (e.g., cookies, analytics)
- Correspondence, enquiries, surveys, or complaints
We may also receive information from third-party service providers (e.g., DBS checks), public sources, or platforms you use to engage with us.
4. How We Use Your Data & Legal Bases
We only use your data when we have a lawful reason to do so. Examples include:
Core purposes
- Membership administration and community support
Legal basis: Contract; Legitimate interests; Art. 9(2)(d) for religious data - Lifecycle and religious services
Legal basis: Contract; Legal obligation; Legitimate interests - Education and youth programmes
Legal basis: Contract; Legitimate interests; Vital interests (emergencies); Consent (for optional medical/dietary data) - Events & ticketing
Legal basis: Contract - Donor relations & Gift Aid
Legal basis: Legitimate interests; Legal obligation (HMRC) - Volunteer management & safeguarding
Legal basis: Legitimate interests; Legal obligation; Safeguarding provisions
Communications
- Service communications (e.g., updates about bookings): Contract / Legitimate interests
- Newsletters & fundraising: Consent or (where allowed) Legitimate interests, with clear opt‑out under PECR
Legitimate Interests
We use legitimate interests for activities necessary to run a safe, effective charity—always balancing your rights and freedoms.
5. Special Category Data
Some of the data we process is sensitive, such as information about:
- Religious beliefs
- Health
- Safeguarding information
We only process this data where permitted under Article 9 UK GDPR (e.g., religious community purposes, vital interests, safeguarding, or legal claims) and maintain an Appropriate Policy Document where required.
6. Sharing Your Data
We only share data when necessary, such as with:
- IT, hosting and cloud providers
- Payment processors and banks
- Email/SMS and print‑mail providers
- Insurers, auditors and professional advisers
- Regulators and public authorities
- Partner communal bodies involved in programmes you take part in
- Police, courts, or local authorities where legally required
All partners are required to protect your data.
7. International Data Transfers
If your data is processed outside the UK, we ensure appropriate safeguards, such as:
- UK adequacy regulations (including UK‑US “data bridge”)
- International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs
- Transfer Risk Assessments, following ICO 2026 guidance
8. How Long We Keep Your Data
We keep personal data only for as long as needed for each purpose and follow a documented retention schedule, including:
- Membership, donations, Gift Aid: per Data Retention Policy
- CCTV: usually up to 30 days
- Safeguarding: as required by law
- Event bookings: per retention schedule
Data is securely deleted or anonymised when no longer needed.
9. Your Data Rights
You have the right to:
- Access your data
- Correct inaccurate information
- Request deletion (“right to be forgotten”)
- Restrict or object to processing (including legitimate interests)
- Data portability (where applicable)
- Withdraw consent at any time
- Opt out of direct marketing
To exercise your rights, contact: [email protected]
We may need proof of identity to protect your privacy.
10. Providing Your Data
We will tell you when providing data is:
- Legally required
- Necessary for a contract (e.g., membership, events)
If required information is not provided, we may not be able to deliver the service.
11. Cookies
We use:
- Essential cookies (required for the site to function)
- Non‑essential cookies (e.g., analytics) — used only with your consent unless a DUAA‑permitted exemption applies
You can change your cookie preferences at any time.
12. Children’s Data
We take extra care when handling children’s information, including:
- Clear explanations suitable for children
- Appropriate parental/guardian consents
- Strong safeguards for health and safeguarding data
13. Security
We use appropriate technical and organisational measures to protect your data, including:
- Access controls and staff training
- Encryption where appropriate
- Due diligence on suppliers
- Incident response procedures
14. External Links
Our website may link to other sites. We’re not responsible for their privacy practices. Please check their notices.
15. Refund Policy (bookshop)
You can find our Bookshop Refunds Policy on our Policies page.
16. Updates to This Policy
We review the policy regularly and update it when laws or our practices change. Major updates may be communicated by email or via our websites.