Christ Central Data Privacy Statement
Christ Central is committed to protecting your privacy. This document explains what information we collect and process about you. It explains how and why we deal with your information and what your rights are. We use your information in ways you would expect – like managing serving teams and keeping you informed about events. For some specific things we’ll ask for your consent, which you can withdraw at any time.
You can also tell us if information we hold is not accurate or if you want us to delete the information we hold about you. In compiling this statement, Christ Central has considered the General Data Protection Regulation and the Privacy and Electronic Communication Regulations.
Who are we and how can you contact us?
Christ Central is Reigate and Redhill Community Church T/A Christ Central, a registered charity in England under No. 1027890.
Our registered office address is 3 London Road, Redhill, Surrey RH1 1LY. You can get in touch with us by calling 01737 887581 or emailing firstname.lastname@example.org.
Any queries, complaints or subject access requests should be directed to the data protection lead: email@example.com
For further information on data protection, you can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/cont… or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
Your personal data – what is it?
Personal data is any information about an individual which allows them to be identified from that data (for example a name, photographs, videos, email address, or address). Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.
The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”).
The information we collect will vary depending on the reason for our interaction with you but may include your name, postal address, phone number, email address, date of birth, next of kin, bank details, your IP address (the location of your computer on the internet), pages accessed on our website, information about your interests and any other information that is reasonably necessary.
We collect and store information about you whenever you interact with us including for example when you register with us to receive updates about church activities, when you apply to work for or volunteer with us, when you make a donation to us or otherwise give us any other personal information.
How do we use your data?
We will use your data for three main purposes:
- Contacting you to keep you informed of church activities and events.
- The day-to-day administration of the church; e.g. pastoral care and oversight, preparation of ministry rotas, maintaining financial records of giving for audit and tax purposes.
- Statistical analysis; gaining a better understanding of church demographics.
Christ Central complies with its obligations under the GDPR by
- keeping personal data up to date;
- storing and destroying it securely;
- not collecting or retaining excessive amounts of data; protecting personal data from loss, misuse, unauthorised access and disclosure; and
- ensuring that appropriate technical measures are in place to protect personal data.
What is our legal basis for processing your personal data?
Article 6 Para 1(a) of the GDPR gives us a lawful basis of processing data for specific purposes where you have consented to us doing so.
In other circumstances, under Article 6 Para 1(f) of the GDPR, we may process your data in ways you would reasonably expect where there is legitimate interest to do so. This may include instances where we process data for volunteering, small groups and events for example.
How we look after your personal data
We will treat all your personal information as private and confidential and will not disclose to any third party – internally it may be shared where necessary to facilitate the administration and day-to-day operations of Christ Central. All Christ Central staff and volunteers who have access to personal data are required to adhere to our policies.
There are four exceptional circumstances to the above permitted by law:
1.Where we are legally compelled to do so.
2.Where there is a duty to the public to disclose.
3.Where disclosure is required to protect your interest.
4.Where disclosure is made at your request or with your consent.
Our Database of Personal Information
Information contained in our database will not be used for any other purposes than set out in this policy, and access is strictly controlled and granted only as needed for relevant processing.
The database will not be accessed by any authorised users outside of the EU, in accordance with GDPR, unless prior consent has been obtained from the individual whose data is to be viewed. All access and activity on the database is logged and can be viewed by the system administrations. Information kept on our computer systems and technical devices are encrypted with passwords to prevent unauthorised access.
People who subscribe to our E-newsletter
People who sign up for events run by Christ Central
For events we run which require guests to sign up/purchase tickets, this will usually be done using ChurchSuite. If you are already a supporter of Christ Central then this event sign up will be logged against your profile in ChurchSuite. New contacts will be saved in ChurchSuite but kept separate from our general contact book. Any payments will be handled by a third party provider (usually Stripe, but potentially also PayPal), Christ Central does not store or process any payment details.
People who fill in a Connect Card on a Sunday
The paper card is held securely until it can be transferred to our digital system (ChurchSuite), usually the next day, the paper copy is then shredded. We will use the information you have provided to contact you and connect you in with relevant/appropriate activities in Christ Central.
People who register their children for Christ Central Kids Work
(including Sunday kids work, Thursday night youth group)
The data is stored securely by ChurchSuite and only accessed by staff and approved volunteers. We will only hold on to your data for eight weeks from your last visit to Christ Central – unless you choose to be added to the address book.
Visitors: As a visitor your data is kept separate from our address book and will be used only for the purposes of the check in system (this may include follow up contact). We ask for: date of birth so they can be placed in the correct group; a mobile phone number so that, if needed, we can contact you ASAP during the meeting; medical info so that snacks, drinks etc are appropriate; and any additional needs to help us better look after your child.
Members: For members of Christ Central there is the option to add your children’s details into our Children’s address book in ChurchSuite. This gives you more control over your children’s data (including the ability to edit it) and allows us to more easily contact you in relation to children’s work activities.
Processing financial payments
If you use a debit or credit card to donate to us, we will pass your debit or credit card details securely to our payment processing partner, Stripe, as part of the payment process, but the details are not stored by us. Where you have provided us with bank details directly so that we may process a regular donation from you by direct debit or standing order we will keep that information securely. We will store records of your transaction in order to comply with financial regulations.
How long do we keep your personal data?
We keep your data for no longer than reasonably necessary. We will process your data as long as you are a member of the church or are in regular contact with the church. E.g. Sunday services, volunteering and/or small groups.
If you resign from membership or are no longer in regular contact with us, we will retain your data for as long as legally necessary in line with our retention policy.
Rights to Access Information
Current legislation gives you the right to see all the personal information we hold on you, the right to have it amended and the right to stop us causing you damage or distress.
If you want to see the information Christ Central holds on you then you can send a request in writing to firstname.lastname@example.org. We may need to confirm your identity before progressing the request and will aim to achieve this within 30 days of confirmation. This right to access your data is subject to certain exemptions: Personal Information may be withheld if the information relates to another individual.
Christ Central reserves the right to charge a fee for each subject access request.
Job applications and volunteering opportunities
If you apply for a job or volunteering opportunity with us we will collect information to assess your suitability for the role. We will only use the information you give us to process your application and to monitor recruitment statistics and undertake relevant checks.
Christ Central will put together a file about your employment or volunteering role which will be kept secure, used only for matters that apply directly to your role with us and kept after your role with us has ended in accordance with our record retention policy.
Cookies are used to help improve your experience of our website.
The following explains which cookies you will find on our site.
How to control and delete cookies
If you want to restrict or block the cookies we set, you can do this through your browser settings. The ‘help’ function within your browser should tell you how.
Alternatively, you could visit www.aboutcookies.org, which contains comprehensive information on cookies on a wide variety of browsers. You’ll also find details on how to delete cookies from your computer. To learn about controlling cookies on the browser of your mobile device please refer to your handset manual.
Last updated May 2019