Aylsham Community Church Privacy Policy

1. SUMMARY

  • This Policy explains how and why we collect, process and store your personal data, and what your rights are. We use your personal data in ways you would expect – like managing serving teams and keeping you informed about events. For some specific things we’ll ask for your consent. For more information please read the Policy in full.
  • You can tell us if you’ve changed your mind about giving your consent. You can also tell us if information we hold is not accurate or if you want us to delete the information we hold about you. Details of how to do this are below.

2. WHO ARE WE? 

  • Aylsham Community Church (referred to as “ACC” “we”, “us” or “our” in this policy) is the data controller, and responsible for any personal data that you provide to us in the ways described in this Policy.
  • ACC is a Christian church that hosts and provides a variety of caring community-based activities as well as Christian church services. It is a charitable trust corporation, Charity no. 1105216, Company no. 5171646.
  • If you have any questions about this policy, including any requests to exercise your legal rights, please contact us using the following details:

Name of legal entity: Aylsham Community Church

Email address: [email protected]

Postal address: Aylsham Community Church, Jubilee Family Centre, Norwich Road, Aylsham, Norfolk, NR11 6JG

Telephone: 01263 733332

3. CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES 

  • We keep our privacy policy under regular review, and we reserve the right to change it from time to time. We would encourage you to check regularly for any changes that may have taken place.
  • It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. The best way to do this is by updating your own personal details on ChurchSuite if you are registered on it. If not, please contact the ACC office.

4. THE DATA WE COLLECT ABOUT YOU 

  • Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
  • Some examples of the kinds of data we collect are:
    • Identity Data – may include name, marital status, title, date of birth and gender.
    • Contact Data – includes postal address, email address and telephone numbers.
    • Financial Data – may include bank account and other financial details that you choose to provide to us (for example information needed to enable us to administer Gift Aid).
    • Technical Data – may include internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website or ChurchSuite.
    • Profile Data – may include any rotas/teams that you may serve on, your feedback and responses to questions and surveys etc.
    • Usage Data – may include information about how you use our website and ChurchSuite.
    • Communications Data – may include your preferences in receiving communications from us.
  • We may collect certain information about your religious beliefs and health, as specifically mentioned below.

5. OUR LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

  • Article 6 Para 1(a) of the General Data Protection Regulation (“GDPR”) gives us a lawful basis of processing data for specific purposes where you have consented to us doing so.
  • In other circumstances (under Article 6 paragraph 1(f) of the GDPR) we may process your data in ways you would reasonably expect where it is within our legitimate interests to do so and where your interests and fundamental rights do not override those interests. This would include instances where we process data for volunteering, small groups and events. 
  • Some types of information we may hold about you may be more sensitive, for example information in relation to health and marital status.
  • As a church, we have permissions under Article 9 Para 2(d) of the GDPR to process data relating to your religious beliefs; this includes an obligation on us not to disclose this data outside ACC without your consent.

6. HOW YOUR PERSONAL DATA IS COLLECTED 

  • We may collect personal data when you visit us, use our website, make an inquiry or communicate with us.
  • We will collect, use and store different kinds of personal data about you which you provide to us, as follows:
    • Information about your use of our online content and emails, such as how you came to our website, which pages you visit, how long you remain on a page or view a video, and whether you opened an email or clicked a link. To collect this data, we use cookies and other tracking technologies.
    • Information provided when you communicate with us by phone, email, webform or in person, including records of your contact, your email address or other contact information, and other information about the reasons for the communication.
    • Contact preferences, such as whether you have agreed to receive information or newsletters from us whether you have opted out, and the types of information or opportunities for serving and participation that may interest you.
  • We store information on our ChurchSuite database. If you are a member or regular attender of ACC you will be given a login to ChurchSuite, where you will be able to enter and maintain the most important items of your own personal data and specify how we use it and to what extent it is shared with other members/attendees of ACC. You can make changes to many of your preferences on ChurchSuite at any time.

7. HOW WE USE YOUR PERSONAL DATA 

  • We will only use your personal data when the law allows us to do so. 
  • We use your personal data for the following purposes:
    • For the pastoral team – to provide pastoral care to attendees of ACC.
    • For ACC staff to: 
    • manage our employees and volunteers;
    • administer your records if you are an ACC member or regular attendee.
    • To inform individuals of news, events, activities and services running at ACC.
    • If you volunteer at ACC, to enter your data onto ChurchSuite, to manage and send out rotas. 
    • If you join a small group or attend any other ACC group, to enter your data onto ChurchSuite and for details to be given to the group leaders. 
    • If your child/children attends any of the ACC children’s or youth groups, to enter data in ChurchSuite for news, emergency contact and safeguarding purposes. This may include health information relating to your child/children, for example food allergy information.
    • For events you have signed up for, to keep you updated of programmes, speakers and any practical aspects. 
    • To process donations and gift aid applications. 
    • Photographs: we will only publish photographs of you and/or your children, whether in internal publication (intended for members of the church “family”) or for external publications, and in either case in any medium, if we have your express consent in writing (which may include email or consent given on ChurchSuite) for the specific intended use.
  • ACC complies with its obligations under GDPR by: 
    • keeping personal data up to date (which may partially depend upon you keeping your own details updated in ChurchSuite); 
    • storing and destroying personal data securely; 
    • not collecting or retaining excessive amounts of data;
    • protecting personal data from loss, misuse, unauthorised access and disclosure; and 
    • ensuring that appropriate technical and security measures are in place to protect personal data.
  • We may use personal data to comply with the requirements of the law and as required in other exceptional circumstances, including complying with a legal obligation to provide personal data to law enforcement agencies and/or for safeguarding investigations. In some cases we may be legally required to do this without your knowledge or consent.

8. SHARING YOUR PERSONAL DATA

  • We will only share your data with other third parties outside of ACC with your consent, except that we may disclose your data externally without asking for consent when we believe in good faith that the disclosure is:
    • required by law;
    • to protect the safety of our employees, the public or ACC property;
    • required to comply with a judicial proceeding, court order or legal process; or
    • for the prevention or detection of crime (including fraud).
  • Your personal data will be treated as strictly confidential, and (other than as stated in the last bullet point) will be shared only with:
    • ACC employees and selected volunteers; and
    • other members or attenders of ACC where you have selected the relevant options in ChurchSuite – ChurchSuite places this under your control.
  • We use ChurchSuite, a third party cloud hosted, web-based church management system and online database, to hold and manage your personal data on its secure servers for certain purposes.
    • ChurchSuite is provided by ChurchApp Limited., a company registered in England and Wales with registered number 8532235 (“ChurchApp”).
    • ChurchApp is a third party data processor and is restricted in what it can do with your information by both the contract it has with ACC and its own obligations under GDPR.
    • ChurchApp uses third party sub-processors, including Amazon Web Services, which may host some data outside the United Kingdom. Details of Church App’s third party processors are at this link.
  • We use other third party services for secure, password protected and encrypted online storage and/or processing, which may involve personal data. These include Microsoft SharePoint, DropBox, QuickBooks, and MailChimp. These third party processors all have privacy policies and processes that take the requirements of GDPR into account. Further details can be provided upon request.  
  • We do not share any personal data outside the United Kingdom (but it is possible that the third party processors referred to above may store encrypted data on servers outside the UK and/or outside the European Economic Area).

9. HOW LONG WE KEEP YOUR PERSONAL DATA

  • We keep your personal data for no longer than reasonably necessary. We will process your data as long as you are a member of the church or are in regular contact with the church, e.g. Sunday services, volunteering and/or small groups.
  • If you resign from membership or are no longer in regular contact with us, we will retain your data for a maximum of 1 year after that unless you specifically request for your data to be deleted earlier, except where it is necessary for us to retain that information for other reasons (e.g. children’s work rotas for safeguarding purposes, or legal/regulatory reasons, including the retention of records relating to Gift Aid payments).
  • We may use automated processing to help inform our decision regarding this. 
  • If you are registered as a ChurchSuite user you may delete all or any part of your data in the “My Details” section of ChurchSuite at any time (in which case we may no longer be able to contact you or to fulfil any of the purposes for which we use personal data as set out in paragraph 4 above).

10. YOUR LEGAL RIGHTS 

  • Under certain circumstances, you have rights under data protection laws in relation to your personal data.
  • Request access to your personal data.
    • Request correction of your personal data.
    • Request erasure of your personal data.
    • Object to processing of your personal data.
    • Request restriction of processing your personal data.
    • Request transfer of your personal data.
    • Right to withdraw consent.
  • If you wish to exercise any of the rights set out above or to obtain more information, please contact the ACC office in writing.
  • We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
  • ·        You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.