Fire and Rain International -Privacy Policy

Fire and Rain International Privacy Policy

Our commitment to protecting your personal information in service of Christ

Preamble - In Christ's Service

As we serve Christ in our global mission we recognise that the personal information entrusted to us represents real people, loved children of God whom we are called to serve with integrity compassion and the highest standards of care.

This Privacy Policy reflects our commitment to biblical stewardship and legal compliance as we operate across Australia, Singapore, Finland, the United Kingdom and the United States.

We pray that our data practices:

  • Honour God in our global mission
  • Protect those we serve with integrity and compassion
  • Enable us to fulfil our mission of sharing Christ's love with the world

We commit to handling all personal information with the same care and respect we would want for our own families, recognising that transparency and accountability are fundamental to Christian witness.

Introduction and Scope

Our Identity

This Privacy Policy governs the collection, processing and protection of personal information by Fire and Rain International, a global Christian charitable organisation operating in Australia, Singapore, Finland, the United Kingdom and the United States.

Our primary mission is to serve Christ through charitable works, evangelism and pastoral care.

Legal Framework

This Policy ensures compliance with applicable data protection laws across our operational jurisdictions:

  • Australia: Privacy Act 1988 and Australian Privacy Principles
  • Singapore: Personal Data Protection Act 2012
  • Finland: General Data Protection Regulation (GDPR) 2016/679
  • United Kingdom: UK GDPR and Data Protection Act 2018
  • United States: California Consumer Privacy Act, state privacy laws and federal requirements

Application

This Policy applies to all personal information processed by our organisation, including data collected through our websites, donation platforms, volunteer programmes, pastoral care services, events and prayer ministries.

Data Collection Purposes and Legal Basis

Categories of Personal Information

We collect and process the following categories of personal information in service of our mission:

Contact and Identification Information

  • Names, addresses, phone numbers, email addresses
  • Date of birth
  • Emergency contact information

Financial Information

  • Donation history and payment information
  • Banking details for direct debit donations
  • Gift aid and tax relief information

Volunteer and Ministry Information

  • Skills, experience and availability
  • Background check information where required
  • Training records and certifications
  • Ministry involvement and leadership roles

Pastoral Care Records

  • Counselling notes and prayer requests
  • Spiritual guidance documentation
  • Confidential communications with ordained ministers

Event and Programme Participation

  • Registration information for events and programmes
  • Attendance records and participation details
  • Feedback and evaluation responses

Special Categories of Data

  • Religious beliefs and practices
  • Health information relevant to care provision

Legal Basis for Processing

Under GDPR (Finland, UK)

  • Consent: Explicit consent for marketing communications and special category data
  • Legitimate Interests: Operational activities necessary for charitable purposes
  • Legal Obligation: Compliance with charity law and tax requirements
  • Vital Interests: Emergency situations requiring immediate action
  • Public Task: Activities carried out in the public interest

Under Other Jurisdictions

  • Australia: Collection reasonably necessary for charitable functions
  • Singapore: Consent for collection, use and disclosure
  • USA: Legitimate business purposes with appropriate notice

Religious Organisation Exemptions

Where applicable, we rely on religious organisation exemptions under:

  • GDPR Article 9(2)(d) - Processing by religious organisations for legitimate activities
  • UK GDPR Schedule 1 - Not-for-profit organisation conditions
  • USA State Laws - Religious exemptions for pastoral care and ministry activities

Data Collection Methods

Direct Collection

We collect information directly from individuals through:

  • Donation forms and online giving platforms
  • Volunteer applications and registration forms
  • Event registration and participation
  • Prayer request submissions
  • Pastoral care interactions
  • Website contact forms and newsletter subscriptions

Indirect Collection

We may receive information from:

  • Partner churches and mission organisations
  • Public directories and databases
  • Government agencies for compliance purposes
  • Third-party service providers acting on our behalf

Automated Collection

Our websites may collect information through:

  • Cookies and similar tracking technologies
  • Website analytics and performance monitoring
  • Social media integration and sharing tools

Data Use and Sharing

Internal Use

We use personal information for:

  • Charitable Operations: Managing donations, grants and programme delivery
  • Volunteer Coordination: Recruiting, training and managing volunteers
  • Pastoral Care: Providing spiritual guidance and counselling
  • Communications: Newsletters, prayer updates and ministry reports
  • Events and Programmes: Organising and conducting Christian events
  • Administrative Functions: Financial management and regulatory compliance

Sharing with Partner Organisations

We may share personal information with:

  • Partner Churches: For joint ministry activities and pastoral care
  • Mission Agencies: For coordinated outreach and support
  • Other Christian Organisations: For collaborative charitable work
  • Service Providers: For professional services (legal, accounting, IT)

All sharing occurs under:

  • Written data sharing agreements
  • Explicit consent where required
  • Legitimate interests for charitable purposes
  • Appropriate safeguards for data protection

Legal Disclosures

We may disclose information when:

  • Required by law or legal process
  • Necessary to protect safety or prevent harm
  • Authorised by charity commissioners or regulators
  • Requested by tax authorities for compliance purposes

Cross-Border Data Transfers

International Operations

As a global organisation, we transfer personal information between our offices and partners in Australia, Singapore, Finland, the UK and the USA.

Transfer Safeguards

All international transfers are protected by:

  • Adequacy Decisions: Transfers to countries with adequate protection
  • Standard Contractual Clauses: EU SCCs and UK IDTA agreements
  • Binding Corporate Rules: Internal policies ensuring consistent protection
  • Explicit Consent: Where other mechanisms are insufficient

Third-Country Transfers

For transfers to countries without adequacy decisions, we implement:

  • Transfer Impact Assessments
  • Additional contractual safeguards
  • Technical measures including encryption
  • Regular monitoring and review procedures

Data Security Measures

Technical Safeguards

We implement industry standard security measures including:

  • Encryption: All sensitive data encrypted in transit and at rest
  • Access Controls: Multi-factor authentication and role-based access
  • Network Security: Firewalls, intrusion detection and monitoring
  • Data Backup: Regular backups with secure storage and recovery procedures
  • Vulnerability Management: Regular security assessments and updates

Organisational Safeguards

Our organisational security measures include:

  • Staff Training: Regular data protection and security awareness training
  • Privacy Impact Assessments: For new projects and high-risk processing
  • Incident Response Plan: Documented procedures for security breaches
  • Vendor Management: Due diligence and contractual safeguards
  • Regular Audits: Internal and external security assessments

Special Protections for Sensitive Data

Religious information and pastoral care records receive enhanced protection through:

  • Additional encryption and access restrictions
  • Separate storage systems with limited access
  • Enhanced audit logging and monitoring
  • Longer retention of access logs
  • Specific training for handling sensitive data

Data Retention Periods

General Retention Principles

We retain personal information only as long as necessary for:

  • The purposes for which it was collected
  • Legal and regulatory requirements
  • Legitimate business interests
  • Pastoral care and ministry continuity

Specific Retention Periods

  • Donor Records: 7 years after last donation (tax compliance)
  • Volunteer Information: 7 years after engagement ends
  • Pastoral Care Records: 10 years or as long as pastorally necessary
  • Event Records: 3 years after event completion
  • Prayer Requests: 1 year unless ongoing pastoral need
  • Financial Records: 7 years (regulatory requirement)
  • Employment Records: 7 years after employment ends

Secure Disposal

When retention periods expire, we securely dispose of information through:

  • Cryptographic erasure for digital data
  • Physical destruction for paper records
  • Certified destruction services for sensitive materials
  • Documentation of disposal procedures

Individual Rights and Requests

Your Rights

Subject to applicable law and legitimate interests, you have the right to:

  • Access: Request copies of your personal information
  • Rectification: Correct inaccurate or incomplete information
  • Erasure: Request deletion of your personal information
  • Restriction: Limit how we process your information
  • Portability: Receive your data in a structured format
  • Object: Oppose processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for processing

Exercising Your Rights

To exercise your rights, contact our Data Protection Officer:

Email:andrew@fireandrain.international

Response Times:

  • 30 days: Australia, Singapore, GDPR jurisdictions
  • 45 days: USA (with possible extension)

Limitations on Rights

Some rights may be limited by:

  • Legal obligations to retain information
  • Legitimate interests in processing
  • Rights of other individuals
  • Pastoral care obligations
  • Charity law requirements

Cookies and Website Tracking

Cookie Usage

Our websites use cookies for:

  • Essential Functions: Site navigation and security
  • Analytics: Website performance and user behaviour
  • Marketing: Targeted advertising and social media integration
  • Personalisation: Customised content and user experience

Cookie Management

You can control cookies through:

  • Browser settings and preferences
  • Cookie consent management tools
  • Opt-out mechanisms for specific services
  • Third-party preference centres

Third-Party Services

We use third-party services including:

  • Google Analytics for website analytics
  • Social media platforms for sharing
  • Donation processing platforms
  • Email marketing services

Each service has its own privacy policy and cookie practices.

Complaint Procedures

Internal Complaints

If you have concerns about our data practices, please contact:

Data Protection Officer:andrew@fireandrain.international

We will investigate complaints promptly and provide written responses within 30 days.

Regulatory Complaints

You have the right to lodge complaints with data protection authorities:

  • Australia: Office of the Australian Information Commissioner (OAIC)
  • Singapore: Personal Data Protection Commission (PDPC)
  • Finland: Office of the Data Protection Ombudsman
  • UK: Information Commissioner's Office (ICO)
  • USA: State attorneys general and relevant agencies

Alternative Dispute Resolution

For cross-border complaints, we participate in:

  • Binding corporate rules dispute resolution
  • International arbitration mechanisms
  • Religious mediation services where appropriate

Special Considerations for Ministry Activities

Pastoral Care Confidentiality

Pastoral care communications are protected by:

  • Religious privilege under applicable law
  • Professional confidentiality standards
  • Enhanced security measures
  • Limited access to ordained ministers

Prayer Request Handling

Prayer requests are handled with special care:

  • Explicit consent for sharing beyond pastoral staff
  • Regular review and deletion of resolved requests
  • Confidential handling of sensitive prayer needs
  • Option for anonymous prayer requests

Ministry Partner Relationships

Our relationships with churches and mission agencies involve:

  • Formal data sharing agreements
  • Shared pastoral care responsibilities
  • Joint ministry activities and events
  • Coordinated outreach and support

Children's Privacy

Age Restrictions

We do not knowingly collect information from children under:

  • 13 years (USA)
  • 13 years (UK)
  • 15 years (Finland)
  • 18 years (Australia, Singapore) without parental consent

Parental Consent

For children's programmes, we obtain:

  • Written parental consent for participation
  • Emergency contact information
  • Health and safety information
  • Permission for photography and media

Special Protections

Children's information receives enhanced protection through:

  • Additional consent requirements
  • Shorter retention periods
  • Restricted access and use
  • Regular review and deletion

Changes to This Policy

Policy Updates

We may update this Policy to reflect:

  • Changes in applicable law
  • New ministry activities or services
  • Technological developments
  • Regulatory guidance

Notification Process

Material changes will be communicated through:

  • Email notification to supporters
  • Website announcements
  • Ministry newsletters
  • Direct communication for significant changes

AUGUST 2025

This Policy is effective from: AUGUST 2025 and supersedes all previous versions.

Contact Information

Data Protection Officer

Email:andrew@fireandrain.international

Regional Contacts

  • Australia: Email: andrew@fireandrain.international

Conclusion - A Prayer for Faithful Stewardship

As we conclude this Privacy Policy, we commit ourselves to faithful stewardship of the personal information entrusted to us.

We pray in the Name of Jesus Christ that our data practices would:

  • Honour God in all our operations
  • Protect and serve those who support our mission
  • Enable effective ministry and charitable work
  • Demonstrate Christian integrity and transparency
  • Build trust with supporters, beneficiaries and partners
  • Comply with all applicable laws and regulations

We ask for God's wisdom in implementing these policies, His protection over the data we handle, and His blessing on our ministry efforts.

May our commitment to privacy and data protection serve as a testimony to the love, care and integrity that characterise our faith. Amen

Version: 1.0
Effective Date:AUGUST 2025
Next Review Date: [1 Year]

This Privacy Policy has been prepared with reference to applicable data protection laws in Australia, Singapore, Finland, the United Kingdom, and the United States as of 2025. Legal counsel should be consulted for specific compliance questions.

OUR IMPACT

140 Evangelists trained. Resulting in 821 decisions for Christ.

Fire Camps 2024 — Japan, Singapore, Indonesia

14,000

decisions for Christ
in Indonesia

Data derived from the Annual Report 2024

Annual Report 2024
Annual Report 2023

Support A Student or worker today

Your generous monthly support can power the people behind the mission. Provide essential support to their families and ensure they receive education. Ultimately we want to see a world filled with Jesus Christ. Together we can.

Donate