Data Protection Policy


Dar Ul Uloom Islamia Rizwia (Bralawai)  (the Charity) offers a broad range of services either directly managed or in partnership with other agencies.  

The Charity was established to promote the faith of Ahle Sunnah Wa Jama’ah, commonly known as Sunni Islam, following the Sunni Hanafi school of Jurisprudence, in particular the teachings of Ala-Hazrat Ahmed Raza Khan (rahmatullah alaih), which is more commonly known as the ‘Bralawai’ movement.

In particular the charity was established under the guidance and support of Ala Hazrat Khawaja Qibla Syed Zinda Peer Sahib (rahmatullah alaih), known as Zinda Pir Sahib(rahmatullah alaih), of Darbar e Aaliya Ghamkol Sharif. The charity continues to have strong working relationships with, and many of its beneficiaries follow the spiritual order of Ghamkol Sharif.

To achieve this core purpose the Charity offers services that cover a range of religious requirements such as education, advice, guidance, marriages, prayer facilities, functions, lectures amongst other religious needs for the community.  In addition to this core service the Charity also offers a variety of community, social and economic services  from time to time, either directly or in partnership with other agencies.  

  1. General Statement
  1. This Data Protection Policy sets out how the Charity (also known as Central Jamia Mosque Ghamkol Sharif and Ghamkol Sharif Mosque), uses and protects any information collected concerning you and should be read in conjunction with the Privacy Policy.
  1. The Privacy and Data Protection Policies are available electronically on the Charity’s website,, or can be requested by e-mailing the Charity at,, or a copy can be obtained from the Charity’s office.
  1. The Charity is committed to ensuring that your privacy is protected.  Any information by which you can be identified by, when you are contacting us or using any of our services, that we hold will only be used in accordance with the Privacy Policy.
  1. The Data Controller is the Charity, who determines the purpose and the means of processing personal data and is registered with Information Commissioner’s Office (ICO).
  2. Processing means taking any action with someone’s personal data, including recording, storing and using.
  1. This Policy document sets out the obligations of the Charity, concerning data protection and the rights of, those whom we collect data on as specified in our Privacy Policy, such as:
  • a member of our congregation
  • a beneficiary
  • a volunteer
  • a student
  • a child (including parents and carers) who is, or has, or is likely to benefit from our Out Of School Services provision
  • a member of the public who wishes to receive information, marketing or promotional material about the work of the Charity
  • a visitor to the Charity
  1. In this policy document the above categories are known as (Data Subjects) in accordance with the General Data Protection Regulation (GDPR)
  1. The GDPR defines ‘Personal Data’ as any information relating to an identified or identifiable natural person a data subject.  An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier that we keep, such as a name, date of birth, address, photograph, etc.
  1. This Policy sets the Charity’s obligations regarding the collection, processing, transfer, storage, and disposal of personal data.  The procedures and principles set out herein are followed at all times by the Charity, its employees, volunteers, agents, contractors, or other parties working on behalf of the Charity, concerning Data Subjects.
  1. The Charity is committed not only to the letter of the law, but also to the spirit of the law and we place a high importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals who come into contact with the Charity.

2) The Seven Principles of Data Protection:

Charity is committed to the implementation of these seven principles:

  1. Lawfulness, fairness, and transparency

We will keep informed and seek consent, where appropriate from a Data Subject, any changes to the processing of personal data, to ensure there is effective and efficient scope to develop, deliver and introduces products and services for the legitimate interests of the Charity, including contractual obligations, where applicable.

  1. Purpose limitation

The use of personal data is only for the purposes specified in the Charity’s Privacy Policy.

  1. Data minimisation

We only keep personal data to fulfil our contractual obligations and / or legitimate interests to ensure the services of the Charity are delivered professionally to you.

  1. Accuracy

We always endeavour to ensure the personal data we keep is accurate and kept up to date. If an error or omission has been identified we will change it as soon as practically possible and legitimately destroy any inaccurate information.

  1. Storage limitation

We only keep personal data for as long as we need it.  When personal data is no longer required we ensure it is destroyed properly.  For paper documentation we use a cross shredder and for digital data we delete it including from any back-up storage and with the use of secure deletion software.

  1. Integrity and confidentiality (security)

We use secured lockable storage furniture, including secured rooms, intruder alarms, unique strong passwords, firewalls and anti-virus software and CCTV in key areas.  Stored personal data access is restricted to key personnel only.

g) Accountability

The Charity takes this responsibility seriously and ensures its employees, volunteers, agents, contractors, or other parties working on its behalf who have access to personal data are made aware the Privacy and Data Protection Policies.  

Access is restricted to relevant personnel and all staff and volunteers are offered training and reminded routinely.  There are nominated administrative staff who ensure daily compliance with our policies.

A senior member of staff is designated as the Responsible Person, to oversee the Privacy and Data Protection Policies and reports to the Board of Trustees.

  1. Legitimate Interests
  1. The lawful basis the Charity collates personal data is known as, ‘Legitimate Interests’.  
  1. The processing of personal data is stipulated in the Privacy Policy, under paragraph 7.
  1. Personal data is used and processed in a manner that would be normally associated with a faith-based charity in the delivery of its services and what would be reasonably expected by the general public, who wish to be directly or indirectly associated with the work of the Charity, while having a minimal privacy impact.
  1. Our legitimate interests, include, commercial interests, individual interests and societal benefits.
  1. The Charity carries out a regular Legitimate Interest Assessment (LIA), to ensure it meets its obligations under GDPR.
  1. Right of Access – Subject Access Request (SAR)
  1. All individuals have the right to access and receive a copy of their personal data, and other supplementary information.
  1. If a person makes a request, there will be no charge, unless it is deemed as an unreasonable request, and in which case we will inform the person to why we believe a charge is necessary.
  1. We will endeavour to respond as quickly as possible, but no longer than 30 days from the date of receiving the SAR.  This may be extended by further 60 days, if we believe the request is complex or if we receive multiple request from the individual.  In either case we will inform the individual the reason(s), why we are extending the time to respond.
  1. In most cases, we will ask for proof of identity, before we respond with the release of personal data.
  1. Where an SAR, may disclose information about another data subject(s), we will not comply with the request except where the other individual consents to the disclosure or it is reasonable to comply with the request without that individual’s consent.  We will inform you accordingly, including if there is likely to be a delay in receiving a response from the other data subject(s).
  1. Ghamkol Sharif Education Centre (GSEC) – Out of School Setting (OOSS)

Additional Data Protection Information

  1. At GSEC we respect the privacy of the children attending the Madrasah and the privacy of their parents/carers, as well as the privacy of our staff.  Our aim is to ensure that all those using and working at GSEC can do so with confidence, and that their personal data is being kept secure.
  1. The lead person for data protection at GSEC, is the GSEC’s Administrator.   The lead person will ensure that GSEC meets the requirements of this policy, liaises with statutory bodies when necessary, and responds to any SARs, supported by the Responsible Person.
  1. Confidentiality
  1. Within GSEC we respect confidentiality in the following ways:
  1. We will only ever share information, about a child, with a parent/carer that is registered as the principal point of contact with the Charity
  2. Information given by parents/carers to Charity staff about their child will not be passed on to third parties without permission unless there is a safeguarding issue (as covered in our Child Protection Policy ).
  3. Concerns or evidence relating to a child’s safety, will be kept in a confidential file and will not be shared within the Charity, except with the designated personnel stated in the Child Protection Policy and agreed personnel to meet our obligations.
  4. Staff only discuss individual children for purposes of planning, administration and group management for the delivery of services.
  5. Staff are made aware of the importance of confidentiality during their induction process and regularly thereafter.
  6. Issues relating to the employment of staff, whether paid or voluntary, will remain confidential to those making personnel decisions.
  7. Students on work placements and volunteers are inducted on our Privacy and Data Protection Policies and are required to abide by them.
  1. Information that we keep

We hold only the information necessary to provide a OOSS for children. This may include child registration information, medical information, parent contact information, attendance records, incident and accident records and so forth.  Our lawful basis for processing this data is fulfilment of our contract with the child’s parents.  Our legal condition for processing any health-related information about a child, is so that we can provide appropriate care to the child, with the consent of the parent/carer.  Once a child leaves our care we retain only the data required by statutory legislation, insurance requirements and industry best practice, and for the prescribed periods of time. 

  1. Sharing information with third parties
  1. We will only share child information with outside agencies on a need-to-know basis and with consent from parents/carers, except in cases relating to safeguarding children, criminal activity, or if required by legally authorised bodies (such as the Police).  If we decide to share information without parental consent, we will record this in the child’s file, clearly stating our reason(s). 
  1. We will only share relevant information that is accurate and up to date. Our primary commitment is to the safety and well-being of the children in our care.  
  1. Where we share relevant information due to safeguarding concerns, we will do so in line with Government guidance ‘Information Sharing Advice for Safeguarding Practitioners’ (