HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting and reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.


DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees or volunteers who have a business need to know. We have put in place procedures to deal with any suspected personal data breach and will notify you and any regulator of a breach where we are legally required to do so.


SHARING YOUR PERSONAL DATA

Your personal data will be treated as strictly confidential, we will only share your data with third parties outside of the organisation with your consent.

The exception to this is where it is in the public interest and is necessary for the purposes of:

  • Protecting an individual from neglect or physical, mental or emotional harm; or
  • Protecting the physical, mental or emotional well-being of an individual where that individual is a child or is an adult at risk.

We do use third party processors to assist with our data processing. These include but are not limited to:

  • ChurchSuite – the company that provides our cloud-based church management system
  • Thirtyone:eight – an independent Christian safeguarding charity, who conduct Disclosure and Barring Service (DBS) checks, as well as offering other safeguarding support services
  • Google Workspace – a cloud-based platform that provides cloud storage and hosts our emails (formerly GSuite)
  • MailChimp – email marketing platform that is used to build and send our email newsletters
  • TextLocal – bulk SMS platform used for SMS reminders and marketing

Wherever data is used on a third-party processor system Rugeley Community Church is still the Data Controller of that data, and the data is not used for purposes unrelated to Rugeley Community Church nor may it be re-used or transferred by the third-party processor. We will not transfer your personal information to countries outside the United Kingdom, except where we use the services of a third party who host data outside the UK. We will only use third parties who ensure that data hosted outside the UK is held in accordance with UK GDPR. Where data transfer is required outside these third parties, separate consent will be sought.


COOKIES

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

Our website uses cookies for session management to maintain a continuous user session and for analytics through Google Analytics. A unique ID is assigned that is not linked to you or your machine individually. Your IP address is anonymised as soon as technically possible and no identifiable data by way of IP address is disclosed to Google.

Cookies allow websites to respond to you as an individual and let us tailor our website to your needs, likes and dislikes by gathering and remembering information about you. We use cookies to help us to provide you with a better website. If you would like to know more about cookies, or would like to disable cookies in your browser settings (i.e. refuse cookies), please visit www.allaboutcookies.org.


MARKETING PURPOSES

Where we have your consent, we may also use your personal data for marketing purposes, which may include contacting you by phone, email, text message or post with information and news of services you may be interested in. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection legislation and the Privacy and Electronic Communications Regulations 2003 (PECR), and you will always have the opportunity to opt out.


UNDER 16s AND VULNERABLE PEOPLE

Where ‘Consent’ is the Legal Basis for Processing

Rugeley Community Church recognises anyone of or over the age of 16 as being able to provide informed consent to have their data processed.

For individuals aged 13 to 15 inclusive, we recognise their ability to give informed consent, however, those with parental responsibility for these individuals may overrule that consent. Where we find it necessary to process data for individuals in this age bracket, extra care will be taken to make sure they understand what they are consenting to, and that their consent is given freely.

For individuals under the age of 13, consent for their data to be processed must be given by someone with parental responsibility.

For vulnerable individuals who are unable to give informed consent, consent must come from their caregiver.

Where ‘Legitimate Interest’ is the Legal Basis for Processing

When relying upon ‘legitimate interest’ as the legal basis for processing the data of under 16s or vulnerable people, we will take extra care to identify the risks and consequences of this processing and make sure that appropriate safeguards are put in place.


WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA?

Personal information is processed with explicit consent from you, the data subject, where appropriate so that we can keep you informed about news, events, activities, and services relating to Rugeley Community Church and Centre.

The UK GDPR allows for something called ‘legitimate interest’.  This allows us to keep records on people who have an association with the church either because they come to church, are members, attend our events or courses or have asked to be kept in touch.

Legitimate interest means that it is in yours and our interest in conducting and managing our organisation to enable us to give you the best service we can.

We also process your data to comply with legal or regulatory obligations we are subject to.


HOW DO WE PROCESS YOUR PERSONAL DATA?

Rugeley Community Church Limited complies with its obligations under the UK GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data for the following purposes: –

  • To administer membership records.
  • To fundraise and promote the interests of Rugeley Community Church.
  • To manage our employees and volunteers.
  • To maintain our own accounts and records (including the processing of gift aid applications).
  • To inform you of news, events, activities and services relating to Rugeley Community Church.
  • To enable us to provide a voluntary service for the benefit of the public including activities undertaken as Rugeley Community Church, Rugeley Community Centre, Rugeley Foodbank and Active-ate Rugeley as well as other initiatives organised by the church

WHO ARE WE?

Rugeley Community Church Limited is a registered charity no. 1152303, and a company limited by guarantee, registered in England no. 08341226. Registered office address: Rugeley Community Centre, Burnthill Lane, Rugeley, Staffordshire, England, WS15 2HX

For the purposes of the UK General Data Protection Regulations and any other applicable data protection and privacy laws and regulations, Rugeley Community Church Limited is the ‘data controller’. This means that we decide how your personal data is processed and for what purposes. We are registered with the Information Commissioner’s Office as a controller under registration number ZA421465


YOUR PERSONAL DATA – WHAT IS IT?

In this Privacy Policy, ‘Personal Data’ means data that relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR)