YOUR PRIVACY IS IMPORTANT TO US
YOUR PERSONAL DATA – WHAT IS IT?
WHO ARE WE?
Rugeley Community Church Limited is a registered charity no. 1152303, and a company limited by guarantee, registered in England no. 08341226. Registered office address: Rugeley Community Centre, Burnthill Lane, Rugeley, Staffordshire, England, WS15 2HX
For the purposes of the UK General Data Protection Regulations and any other applicable data protection and privacy laws and regulations, Rugeley Community Church Limited is the ‘data controller’. This means that we decide how your personal data is processed and for what purposes. We are registered with the Information Commissioner’s Office as a controller under registration number ZA421465
HOW DO WE PROCESS YOUR PERSONAL DATA?
Rugeley Community Church Limited complies with its obligations under the UK GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes: –
- To administer membership records.
- To fundraise and promote the interests of Rugeley Community Church.
- To manage our employees and volunteers.
- To maintain our own accounts and records (including the processing of gift aid applications).
- To inform you of news, events, activities and services relating to Rugeley Community Church.
- To enable us to provide a voluntary service for the benefit of the public including activities undertaken as Rugeley Community Church, Rugeley Community Centre, Rugeley Foodbank and Active-ate Rugeley as well as other initiatives organised by the church
WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA?
Personal information is processed with explicit consent from you, the data subject, where appropriate so that we can keep you informed about news, events, activities, and services relating to Rugeley Community Church and Centre.
The UK GDPR allows for something called ‘legitimate interest’. This allows us to keep records on people who have an association with the church either because they come to church, are members, attend our events or courses or have asked to be kept in touch.
Legitimate interest means that it is in yours and our interest in conducting and managing our organisation to enable us to give you the best service we can.
We also process your data to comply with legal or regulatory obligations we are subject to.
UNDER 16s AND VULNERABLE PEOPLE
Where ‘Consent’ is the Legal Basis for Processing
Rugeley Community Church recognises anyone of or over the age of 16 as being able to provide informed consent to have their data processed.
For individuals aged 13 to 15 inclusive, we recognise their ability to give informed consent, however, those with parental responsibility for these individuals may overrule that consent. Where we find it necessary to process data for individuals in this age bracket, extra care will be taken to make sure they understand what they are consenting to, and that their consent is given freely.
For individuals under the age of 13, consent for their data to be processed must be given by someone with parental responsibility.
For vulnerable individuals who are unable to give informed consent, consent must come from their caregiver.
Where ‘Legitimate Interest’ is the Legal Basis for Processing
When relying upon ‘legitimate interest’ as the legal basis for processing the data of under 16s or vulnerable people, we will take extra care to identify the risks and consequences of this processing and make sure that appropriate safeguards are put in place.
Where we have your consent, we may also use your personal data for marketing purposes, which may include contacting you by phone, email, text message or post with information and news of services you may be interested in. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection legislation and the Privacy and Electronic Communications Regulations 2003 (PECR), and you will always have the opportunity to opt out.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
SHARING YOUR PERSONAL DATA
Your personal data will be treated as strictly confidential, we will only share your data with third parties outside of the organisation with your consent.
The exception to this is where it is in the public interest and is necessary for the purposes of:
- Protecting an individual from neglect or physical, mental or emotional harm; or
- Protecting the physical, mental or emotional well-being of an individual where that individual is a child or is an adult at risk.
We do use third party processors to assist with our data processing. These include but are not limited to:
- ChurchSuite – the company that provides our cloud-based church management system
- Thirtyone:eight – an independent Christian safeguarding charity, who conduct Disclosure and Barring Service (DBS) checks, as well as offering other safeguarding support services
- Google Workspace – a cloud-based platform that provides cloud storage and hosts our emails (formerly GSuite)
- MailChimp – email marketing platform that is used to build and send our email newsletters
- TextLocal – bulk SMS platform used for SMS reminders and marketing
Wherever data is used on a third-party processor system Rugeley Community Church is still the Data Controller of that data, and the data is not used for purposes unrelated to Rugeley Community Church nor may it be re-used or transferred by the third-party processor. We will not transfer your personal information to countries outside the United Kingdom, except where we use the services of a third party who host data outside the UK. We will only use third parties who ensure that data hosted outside the UK is held in accordance with UK GDPR. Where data transfer is required outside these third parties, separate consent will be sought.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees or volunteers who have a business need to know. We have put in place procedures to deal with any suspected personal data breach and will notify you and any regulator of a breach where we are legally required to do so.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting and reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
YOUR DATA PROTECTION RIGHTS
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification –You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. However, we may charge a reasonable fee if your request is repetitive or excessive. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
If we wish to use your personal data for a new purpose, not covered by this Privacy Statement, then we will provide you with a new Statement explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
CHANGES TO THIS PRIVACY NOTICE
We may change this Privacy Statement from time to time to reflect changes in best practice, security and control and to ensure compliance with any changes or amendments to the law or other applicable legislation in the United Kingdom. Any amended version will be available on this webpage. We suggest you visit regularly to keep up to date with any changes.
To exercise all relevant rights, queries or complaints please, in the first instance, contact us at [email protected] or by post,
F.A.O Data Protection Lead, Rugeley Community Church Ltd., Rugeley Community Centre, Burnthill Lane, Rugeley, Staffs, WS15 2HX
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at
The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF