UNDER 16s AND VULNERABLE PEOPLE

Where ‘Consent’ is the Legal Basis for Processing

Rugeley Community Church recognises anyone of or over the age of 16 as being able to provide informed consent to have their data processed.

For individuals aged 13 to 15 inclusive, we recognise their ability to give informed consent, however, those with parental responsibility for these individuals may overrule that consent. Where we find it necessary to process data for individuals in this age bracket, extra care will be taken to make sure they understand what they are consenting to, and that their consent is given freely.

For individuals under the age of 13, consent for their data to be processed must be given by someone with parental responsibility.

For vulnerable individuals who are unable to give informed consent, consent must come from their caregiver.

Where ‘Legitimate Interest’ is the Legal Basis for Processing

When relying upon ‘legitimate interest’ as the legal basis for processing the data of under 16s or vulnerable people, we will take extra care to identify the risks and consequences of this processing and make sure that appropriate safeguards are put in place.


WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA?

Personal information is processed with explicit consent from you, the data subject, where appropriate so that we can keep you informed about news, events, activities, and services relating to Rugeley Community Church and Centre.

The UK GDPR allows for something called ‘legitimate interest’.  This allows us to keep records on people who have an association with the church either because they come to church, are members, attend our events or courses or have asked to be kept in touch.

Legitimate interest means that it is in yours and our interest in conducting and managing our organisation to enable us to give you the best service we can.

We also process your data to comply with legal or regulatory obligations we are subject to.


HOW DO WE PROCESS YOUR PERSONAL DATA?

Rugeley Community Church Limited complies with its obligations under the UK GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data for the following purposes: –

  • To administer membership records.
  • To fundraise and promote the interests of Rugeley Community Church.
  • To manage our employees and volunteers.
  • To maintain our own accounts and records (including the processing of gift aid applications).
  • To inform you of news, events, activities and services relating to Rugeley Community Church.
  • To enable us to provide a voluntary service for the benefit of the public including activities undertaken as Rugeley Community Church, Rugeley Community Centre, Rugeley Foodbank and Active-ate Rugeley as well as other initiatives organised by the church

WHO ARE WE?

Rugeley Community Church Limited is a registered charity no. 1152303, and a company limited by guarantee, registered in England no. 08341226. Registered office address: Rugeley Community Centre, Burnthill Lane, Rugeley, Staffordshire, England, WS15 2HX

For the purposes of the UK General Data Protection Regulations and any other applicable data protection and privacy laws and regulations, Rugeley Community Church Limited is the ‘data controller’. This means that we decide how your personal data is processed and for what purposes. We are registered with the Information Commissioner’s Office as a controller under registration number ZA421465


YOUR PERSONAL DATA – WHAT IS IT?

In this Privacy Policy, ‘Personal Data’ means data that relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR)