Family Church Data Privacy Notice
1. Your personal data
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”) which is the new data privacy law that was introduced in the UK from 25 May 2018 as part of the Data Protection Act 2018. We, and many other organisations which store personal data, are therefore providing more details about how we collect and use your personal information.
2. Who we are.
Family Church is the Data Controller.
This means it decides how your personal data is processed and for what purposes.
3. How we process your personal data.
Family Church complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
What information we process about you
We may collect the following information about you:
- your name and address
- you home phone number
- your mobile phone number
- your email address
- whether or not you are ordained
- your marital status
- your age and gender
- bank details
- National Insurance Number
- pension information
- contracts and details of communication to members of staff
- emergency contact information
- information about your family
- your education and employment
- your role(s) within the church (if appropriate)
- any membership or status as a representative for the church
- attendance at meetings, events and training
- to carry out a DBS check
- the result of a DBS check
- information we collect and record as part of pastoral care (this will include anything you tell us unless you tell us not to record it and we are able to do so without contravening any law)
- payment details when booking events
- donations to the church
- any information you provide to us
- any teams or groups you are involved with
- when you are unavailable for serving on rota
- dates and times that you are on a rota
Sensitive Personal Information
We may also collect, store and use the following “special categories” of sensitive personal information (if you give us this information): Information about your health, including any mental or physical conditions that you notify us about, your religious beliefs, your racial origin, your sexual orientation, any criminal record.
We use your personal data for the following purposes: -
To enable us to provide a voluntary service for the benefit of the public in the local area, across the county, and on occasion to other parts of the world as specified in our charity constitution and our company’s Articles of Association;
To provide pastoral care and support to our members and others attending our church;
To administer membership records;
To fundraise and promote the interests of the church and its charity;
To manage our employees and volunteers;
To maintain our own accounts and records (including the processing of gift aid applications);
To inform you of news, events, activities and services running at Family Church.
How we use sensitive personal information
“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may use your sensitive personal information in the following ways:
- Your mental or physical health, racial origin, sexual orientation or criminal record in order to provide you with support and pastoral care. We may also use this information to help you access support and benefits if appropriate and requested by you.
- Your religious beliefs in order to administer your membership of our church.
- Your DBS check (which may contain information relating to criminal offences or presence on a register) to decide your suitability for roles in the church.
In all cases where we require consent, we will seek your written consent or record you consent in writing to allow us to process certain sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.
Photos & digital media
As pictures and images are included in GDPR we are careful what we do with these images, whether moving or still.
When applicable, we will:-
- at the point of booking or at the beginning of a service or meeting, make attendees aware that photos/videos will be taken;
- where possible, we have signs reminding people that photos/videos may be taken
- where possible, we have some areas in which photography is not allowed
- we obtain consent before photographing or videoing any situation in which the subject could have a reasonable expectation of privacy
- we consider the special category data content of photos and videos before we display or stream them and get consent if we need it
- let attendees know who they should speak to if they have any concerns.
Identifiable information can be obtained from CCTV footage. This includes a car number plate. Family Church has on it’s premises CCTV for crime prevention purposes therefore we are registered with the ICO and follow the guidelines relating to this.
4. Our legal basis for processing your personal data.
Legitimate interest of the data subject (the individual) allows us to keep you informed about news, events, activities and services and process your gift aid donations;
Processing is necessary for carrying out obligations under employment, social security or social protection law;
Processing is carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided:
- the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and
- there is no disclosure to a third party without consent.
5. Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church. We will only share your data with third parties with your consent.
The church uses a limited number of third party data processors specifically, Mailchimp and Google Mail for processing church updates and newsletters, phone provider 02 for specific text messages, Google Analytics and Joomla for our website, Thirtyone:eight for our DBS Checks, Eventbrite for some of our event bookings, QuickBooks for accounting, Elpizo Accountancy for auditing, CP Accounting for processing payroll, B&CE Pension Provider, Wigan and Leigh Register Office and HMRC.
You can find out more about Google’s position on privacy as regards its analytics service at https://www.google.com/analytics/learn/privacy.html?hl=en-GB
Our websites runs the popular Joomla CMS and cookies are used to store basic data on your interactions with Joomla, and whether you have logged into Joomla. We use a session cookie to remember your log-in for you if you are a registered user and we deem these as being strictly necessary to the working of the website. If these are disabled then various functionality on the site will not work.
More information on session cookies and what they are used for at http://www.allaboutcookies.org/cookies/session-cookies-used-for.html
How to delete and control cookies
Most computers automatically accept cookies but you can change your settings so that you will not receive cookies and you can also delete existing cookies from your computer.
If you do change your settings, you may find that some parts of our website will not function properly. If you do not adjust your settings, you will accept cookies provided by this website.
To find out how to delete cookies or adjust their settings please visit http://www.allaboutcookies.org/.
6. How long we keep your personal data
As stated in the Family Church Data Protection Policy, at least every year, a review and refresh of personal data will be carried out by employees, trustees and the relevant volunteers. Any personal data that is inaccurate or no longer required will be amended or deleted as appropriate.
Membership data will be kept while it is still current; gift aid declarations while gift aided donations are being made and a period of 7 years after the last such donation. Financial records are kept for a period of 7 years after the year to which they relate. A register of marriages is kept permanently.
7. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -
- The right to request a copy of your personal data which the Family Church holds about you.
- The right to request that Family Church corrects any personal data if it is found to be inaccurate or out of date.
- The right to request your personal data is erased where it is no longer necessary for Family Church to retain such data.
- The right to withdraw your consent to the processing of personal data at any time.
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request that a restriction is placed on further processing.
- The right to object to the processing of personal data.
- The right to lodge a complaint with the Information Commissioners Office. Contact details for the ICO are shown below.
8. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9. Contact Details
If Family Church does not resolve the matter to your satisfaction you can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.