HOW WE USE YOUR PERSONAL INFORMATION

Our legal basis for using your information

The law only allows us to use your personal information in certain limited circumstances. We have listed these below and what information we are allowed to process.

1.) Where it is necessary for our legitimate interests

The GDPR specifically states that a church may use legitimate interests to process personal information relating to its members to administer membership of the church. We consider that this is the most appropriate condition for us to administer your membership of our church as you would reasonable expect. Moreover, we may process your personal data to keep you informed about news, events activities and services of the church.

Examples of how we may use your information for administration purposes:

• · to set up your church account
• · so that we can keep a record of your attendance at church, bible classes and at other events and meetings
• · to provide you with pastoral care and other support that you have requested, and we believe would be helpful to you
• · to organise volunteers and put together rotas

We may also use legitimate interests to send out our publicity/promotional materials but only where such materials relate directly to the church and you have not told us not to send you such information.

We have put safeguards in place to ensure that your personal information is protected and that your fundamental rights and freedoms are not overridden.

2.) Where you have consented to us using your personal information

Examples of how we may use your information with consent

• · We may ask for your consent to send publicity/promotional communications out to you, including information about our events and other publicity materials
• · We may also ask for consent where you have given us information as part of our pastoral care and asked us to use it for a certain purpose.

3.) Where we need to perform the contract we have entered into with you

Examples of how we may use your information in order to comply with a contract that we have entered into with you:

• · to buy tickets for events
• · to administer the Services (such as troubleshooting, data analysis, research)
• · to tell you about changes to our website, software or Services that will affect your use of our church website
• · to help us (or the software developers) improve the Services

4.) Where we need to comply with a legal obligation

Examples of how we may use your information to fulfil a legal obligation

• · keeping records for gift aid purposes
• · to prevent and detect fraud
• · to protect children and vulnerable adults
• · to get your feedback on our Services

HOW WE USE SENSITIVE PERSONAL INFORMATION

“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:

• 1. In limited circumstances, with your explicit consent recorded in writing (e.g. where you tell us information in order to obtain support and pastoral care from us – for example this could relate to physical or mental health).
• 2. Where we need to carry out our legal obligations (e.g. ensure DBS checking is done where appropriate)
• 3. Where it is needed in the public interest and in line with our data protection policy.
• 4. Where It Is needed In connection with our children and vulnerable adults protection policy

Less commonly, we may process this type of information where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

What this means in practice

We may use your sensitive personal information in the following ways:

• · your mental / physical health or criminal record in order to provide you with support and pastoral care. We may also use this information to help you access support and benefits, if appropriate and requested by you
• · your religious beliefs in order to administer your membership of our church
• · your DBS check (which may contain information relating to criminal offences or presence on a register) to decide your suitability for roles in the church
In all cases where we require consent, we will seek your written consent or record you consent in writing to allow us to process certain sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

Information about Children

Whilst information relating to children is not considered to be special category information, it is information that is given specific protection. Where the child is under the age of 13 we will always ask for the consent of parents before allowing the child to set up an account on church website and ensure that the parents are able to access and administer the account.

Where a child is 13 or over we will permit the child to have their own church account, but we may (if we deem it appropriate in the circumstances) inform the parents. We will tell the child at the time of signing up that we may inform their parents and we will only do this where it is appropriate and lawful to do so.

SHARING YOUR PERSONAL INFORMATION

Other third parties

We may share your information with certain third parties including:

• · Other members of our church so that they can provide you with support and pray for you
• · Other churches – if you request us to pass on your information either to them or from them (if you move)
• · Support services and benefits providers (e.g. local authorities, your doctor)
• · Our suppliers for the performance of any contract we enter into with them or you
• · Our software providers who need to see your information in order to keep our website up and running
• · Analytics and search engine providers who analyse information about your use of our website and help us to tailor the services we offer to you and other users

We work with the following organisations:

• · www.secureserver.net
• · Pulsant
• · SendGrid (for sending emails)
• · HMRC (for claiming of Gift Aid)
• · WorldPay (for processing of Card Donations)
• · Text Marketer (sending of text messages)
• · MailChimp
• · Godaddy.com
• · HostPapa.co.uk

Legal Requirements and Law Enforcement

We may also disclose your personal information to third parties:

• · If we are required by law, or in order to enforce or apply our terms of use. This includes exchanging information with other organizations such as law enforcement agencies.

Third Party Privacy Policies

Our website may contain links to websites owned by other organizations. If you follow a link to another website, the website will have its own privacy policies. We suggest that you check the policies of any other websites before giving them your personal information as we cannot accept responsibility for any other website.

KEEPING YOUR PERSONAL INFORMATION

How we store your personal information

The security of your personal information is important to us.

We use appropriate technical and organizational measures to safeguard personal information and encryption technology where appropriate to enhance privacy and help prevent information security breaches.

Any personal information that you provide to us will be held within the EEA.

All third parties who provide services to us or our software provider are required to sign a contract requiring them to have appropriate technical, administrative and physical procedures in place to ensure that your information is protected against loss or misuse.

All information you provide to us is stored on our secure servers or on secure servers operated by a third party. Information on our third-party providers can be found above.

Retention of information

We only hold your personal information for as long as necessary for the purposes for which we collected your information.

We have a retention policy which lays down timescales for the retention of information. The retention policy can be found here www.dclmuk.org

We have set these timescales in accordance with any applicable legislation and where none exists then we will keep your information for the duration of any contract that you have entered into with us and then for a period of 6 years after which time it will be deleted.

Emails

If you chose to send us information via email, we cannot guarantee the security of this information until it is delivered to us and on the condition that what we received is a true reflection of the original unedited information sent.

---

« Page 1 Page 2 Page 3 Page 4 »