Christ Central Data Privacy Statement

Christ Central is committed to protecting your privacy. This document explains what information we collect and process about you. It explains how and why we deal with your information and what your rights are. We use your information in ways you would expect – like managing serving teams and keeping you informed about events. For some specific things we’ll ask for your consent, which you can withdraw at any time.

You can also tell us if information we hold is not accurate or if you want us to delete the information we hold about you.  In compiling this statement, Christ Central has considered the General Data Protection Regulation and the Privacy and Electronic Communication Regulations.

Who are we and how can you contact us?

Christ Central is a registered charity in England under No. 1190597.

Our registered office address is 3 London Road, Redhill, Surrey RH1 1LY. You can get in touch with us by calling 01737 887581 or emailing

Any queries, complaints or subject access requests should be directed to the data protection lead:

For further information on data protection, you can contact the Information Commissioners Office on 0303 123 1113 or via email… or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

Your personal data – what is it?

Personal data is any information about an individual which allows them to be identified from that data (for example a name, photographs, videos, email address, or address). Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.

The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”).

The information we collect will vary depending on the reason for our interaction with you but may include your name, postal address, phone number, email address, date of birth, next of kin, bank details, your IP address (the location of your computer on the internet), pages accessed on our website, information about your interests and any other information that is reasonably necessary.

We collect and store information about you whenever you interact with us including for example when you register with us to receive updates about church activities, when you apply to work for or volunteer with us, when you make a donation to us or otherwise give us any other personal information.

How do we use your data?

We will use your data for three main purposes:

  • Contacting you to keep you informed of church activities and events.
  • The day-to-day administration of the church; e.g. pastoral care and oversight, preparation of ministry rotas, maintaining financial records of giving for audit and tax purposes.
  • Statistical analysis; gaining a better understanding of church demographics.

Christ Central complies with its obligations under the GDPR by

  • keeping personal data up to date;
  • storing and destroying it securely;
  • not collecting or retaining excessive amounts of data; protecting personal data from loss, misuse, unauthorised access and disclosure; and
  • ensuring that appropriate technical measures are in place to protect personal data.

What is our legal basis for processing your personal data?

Article 6 Para 1(a) of the GDPR gives us a lawful basis of processing data for specific purposes where you have consented to us doing so.

In other circumstances, under Article 6 Para 1(f) of the GDPR, we may process your data in ways you would reasonably expect where there is legitimate interest to do so. This may include instances where we process data for volunteering, small groups and events for example.

How we look after your personal data

We will treat all your personal information as private and confidential and will not disclose to any third party – internally it may be shared where necessary to facilitate the administration and day-to-day operations of Christ Central. All Christ Central staff and volunteers who have access to personal data are required to adhere to our policies.

There are four exceptional circumstances to the above permitted by law:
1.Where we are legally compelled to do so.
2.Where there is a duty to the public to disclose.
3.Where disclosure is required to protect your interest.
4.Where disclosure is made at your request or with your consent.

Our Database of Personal Information

We use third part service,, to facilitate much of our church management, including as a database to hold any personal information we collect from you.  ChurchSuite stores all data in the UK within data centres that meet strict industry security requirements.  Members of Christ Central will also receive a login to ChurchSuite where they can view and update the personal information we hold about them. ChurchSuite also use various cookies.  You can read their privacy policy here: Church Suite Privacy Policy.

Information contained in our database will not be used for any other purposes than set out in this policy, and access is strictly controlled and granted only as needed for relevant processing.

The database will not be accessed by any authorised users outside of the EU, in accordance with GDPR, unless prior consent has been obtained from the individual whose data is to be viewed.  All access and activity on the database is logged and can be viewed by the system administrations.  Information kept on our computer systems and technical devices are encrypted with passwords to prevent unauthorised access.

People who subscribe to our E-newsletter

We use a third party provider, Mailchimp, to deliver our monthly e-newsletters. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter. This newsletter can be unsubscribed from at any time – just look for the link at the bottom of the email. For more information, please see Mailchimp’s privacy policy.

People who sign up for events run by Christ Central

For events we run which require guests to sign up/purchase tickets, this will usually be done using ChurchSuite. If you are already a supporter of Christ Central then this event sign up will be logged against your profile in ChurchSuite. New contacts will be saved in ChurchSuite but kept separate from our general contact book. Any payments will be handled by a third party provider (usually Stripe, but potentially also PayPal), Christ Central does not store or process any payment details.

People who fill in a Connect Card on a Sunday

The paper card is held securely until it can be transferred to our digital system (ChurchSuite), usually the next day, the paper copy is then shredded. We will use the information you have provided to contact you and connect you in with relevant/appropriate activities in Christ Central.

People who register their children for Christ Central Kids Work

(including Sunday kids work, Thursday night youth group)

The data is stored securely by ChurchSuite and only accessed by staff and approved volunteers. We will only hold on to your data for eight weeks from your last visit to Christ Central – unless you choose to be added to the address book.

Visitors: As a visitor your data is kept separate from our address book and will be used only for the purposes of the check in system (this may include follow up contact). We ask for: date of birth so they can be placed in the correct group; a mobile phone number so that, if needed, we can contact you ASAP during the meeting; medical info so that snacks, drinks etc are appropriate; and any additional needs to help us better look after your child.

Members: For members of Christ Central there is the option to add your children’s details into our Children’s address book in ChurchSuite. This gives you more control over your children’s data (including the ability to edit it) and allows us to more easily contact you in relation to children’s work activities.

Processing financial payments

If you use a debit or credit card to donate to us, we will pass your debit or credit card details securely to our payment processing partner, Stripe, as part of the payment process, but the details are not stored by us. Where you have provided us with bank details directly so that we may process a regular donation from you by direct debit or standing order we will keep that information securely.  We will store records of your transaction in order to comply with financial regulations.

How long do we keep your personal data?

We keep your data for no longer than reasonably necessary. We will process your data as long as you are a member of the church or are in regular contact with the church. E.g. Sunday services, volunteering and/or small groups.

If you resign from membership or are no longer in regular contact with us, we will retain your data for as long as legally necessary in line with our retention policy.

Rights to Access Information

Current legislation gives you the right to see all the personal information we hold on you, the right to have it amended and the right to stop us causing you damage or distress.

If you want to see the information Christ Central holds on you then you can send a request in writing to We may need to confirm your identity before progressing the request and will aim to achieve this within 30 days of confirmation. This right to access your data is subject to certain exemptions: Personal Information may be withheld if the information relates to another individual.

Christ Central reserves the right to charge a fee for each subject access request.

Job applications and volunteering opportunities

If you apply for a job or volunteering opportunity with us we will collect information to assess your suitability for the role. We will only use the information you give us to process your application and to monitor recruitment statistics and undertake relevant checks.

Christ Central will put together a file about your employment or volunteering role which will be kept secure, used only for matters that apply directly to your role with us and kept after your role with us has ended in accordance with our record retention policy.

Use of Cookies

Cookies are used to help improve your experience of our website.

The information derived from our use of cookies will be aggregated to provide statistical information about the usage of our Site. However, we do not use any information derived from cookies, nor any IP addresses we collect, to identify any individual user of our site.

The following explains which cookies you will find on our site.

Google : We use Google fonts, maps and analytics, all of these services use cookies which stay on your computer for varying lengths of time.  View Google’s privacy policy.

Vimeo : We embed videos from our Vimeo account (and other Vimeo accounts)  on some pages. This cookie will only be downloaded if you visit a page which contains a Vimeo video.  View Vimeo’s privacy policy.

YouTube : Occasionally we may embed a YouTube video on our site. In these instances the YouTube cookies will only be downloaded if you visit the page with the embedded video.  View YouTube’s privacy policy.

How to control and delete cookies

If you want to restrict or block the cookies we set, you can do this through your browser settings. The ‘help’ function within your browser should tell you how.

Alternatively, you could visit, which contains comprehensive information on cookies on a wide variety of browsers. You’ll also find details on how to delete cookies from your computer. To learn about controlling cookies on the browser of your mobile device please refer to your handset manual.

From time to time we may change this privacy policy so please check back when you next visit the site.

Last updated May 2019