Union Hall Evangelical Church complies with its obligations under the General Data Protection Regulation (GDPR) by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
- Your personal data – what is it?
Personal data relates to any data or information from which an individual can be identified. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
- Who are we?
In this policy ‘We’ relates to Union Hall Evangelical Church. Union Hall Evangelical Church is also the data controller. This means it decides how your personal data is processed and for what purposes.
- What information do we collect?
We collect and hold information about different people. This may come directly from you when you complete a form relating to church business or activities, such as attending events, giving financially or applying to join the Church as a member. It may also come from other sources such as a previous employer, church or the Disclosure Barring Service.
The personal details can include information such as, but not limited to, names, addresses, phone numbers, email addresses, medical conditions (if applicable) or monies given to the church (amounts, payment methods, Gift Aid and preferences relating to distribution of monies given). Where working with children or vulnerable adults we will also collect information through the Disclosure & Barring Service, but will not hold information relating to proceedings or offences or allegations of offences unless there is an overarching safeguarding risk.
Details of your visits to our website (including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own purposes or otherwise) and the resources that you access.
In some cases, we hold types of information that are called “special categories” of data in the GDPR. This can include information about a person’s: racial or ethnic origin; religious or similar (e.g. philosophical) beliefs; and health related information (including physical and mental health, and the provision of health care services).
- How do we process your personal data?
- To administer membership applications and records
- To provide pastoral care, support, teaching and challenge for you in accordance with the teaching of the Bible
- To manage our employees and volunteers
- To enable us to maintain appropriate safeguarding arrangements for our children, young people and vulnerable adults
- To maintain our own financial accounts and records (including the processing of gift aid applications) in accordance with HMRC guidelines
- To inform you of news, events and other activities at Union Hall Evangelical Church,
- To hold a register of attendees at activities for those under the age of 18
- To contact you regarding your use of the church building and any required information
- What is the legal basis for processing your personal data?
We have different reasons for using your information:
Explicit Consent – to keep you informed about news, events and activities and to process your gift aid donations where you have given us consent to do so.
Legitimate interest – where you are a member of the church we will use legitimate interest to keep you informed and communicate with you matters relating to the business of the Church and it’s activities.
Legal obligation – sometimes we need to store your information as there is a legal reason to do so, for example, if you have gift aided donations to us, HMRC require us to keep the information for up to 7 years
Contract – we may process your personal data when we need to do this to fulfil a contract with you, e.g. if you are an employee or volunteer of the church
- How will we store your personal information?
Your information will be stored securely at all times via:
- Secure, password protected files are used to store registration and membership details (including applications related to working with children) which may be collected via paper or google forms
- Any paper forms relating to membership, registration, pastoral meetings, interest in events or finance are held securely
- Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out the business of the church. It may be held securely on third party databased such as DropBox, OneDrive, Google or MailChimp. We will only share your data with third parties with your consent or due to vital interests, I.e., in the circumstances of requiring medical attention or pertaining to information contained in your application for membership or to work with children.
- How long do we keep your personal data?
We hold your data for varying lengths of time depending on the type of information in question but in doing so we always comply with Data Protection legislation. For example, Financial information and gift aid declarations (including associated paperwork) will be held for up to 7 years following the last claim relating an individual, in accordance HMRC guidelines.
- Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –
Right to be informed means we will be clear and transparent about how we plan to use your personal data.
Right of access means you can request a copy of the personal data we hold about you and we will provide it within one month.
Right to rectification means you can ask us to update or amend the data we hold about you, if it is incorrect.
Right to restrict processing means you can ask us to change, restrict or stop the way we are using your data.
Right to erasure means you can ask us to remove your personal data from our records.
Right to object means you can object to us using your data for marketing purposes.
Right to data portability means you can obtain and reuse your personal data for your own purposes.
Right to lodge a complaint with the Information Commissioner’s Office (ICO), if you are not satisfied with our response to your request, or you feel we are not using your information correctly.
- Further processing
If we wish to use your personal data for a new purpose, not covered by this policy, then we will update this policy and advise you of the relevant purposes and processing conditions. Where and whenever necessary, we will request your prior consent to the new policy processing.
- Contact Details
To exercise all relevant rights, queries or complaints please in the first instance contact the Church Secretary via firstname.lastname@example.org or the church office on 0161 226 4329.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.