Grace Church Cambridge Data Privacy Notice

1. Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (GDPR).

 

2. Who are we?

Grace Church Cambridge is the data controller (contact details below).  This means it decides how your personal data is processed and for what purposes.

 

3. What type of information do we hold about you?

Grace Church Cambridge collects and process information about many different people. This includes data we receive straight from the person it is about, for example, where they complete forms or contact us. We may also receive information about people from other sources including, for example, previous employers and Stewardship Services (information on donors/donations).

The personal data we process can include information such as names and contact details, education or employment details, and visual images of people.

In some cases, we hold types of information that are called “special categories” of data in the GDPR. This personal data can only be processed under strict conditions. “Special categories” of data includes information about a person’s: racial or ethnic origin; political opinions; religious or similar (e.g. philosophical) beliefs; trade union membership; health (including physical and mental health, and the provision of health care services); genetic data; biometric data; sexual life and sexual orientation.

We will not hold information relating to criminal proceedings or offences or allegations of offences unless there is an overarching safeguarding requirement to process this data for the protection of children and adults who may be put at risk in our church.

Other data we collect may also be considered ‘sensitive’ such as financial or donation details, but will not be subject to the same legal protection as the types of data listed above.

 

4. How do we process your personal data?

Grace Church Cambridge complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use personal data for the following purposes:

  • to maintain our list of church members and regular attenders
  • to provide pastoral support to members and others connected with our church;
  • to provide services to the community including, but not limited to; Toddler Groups, Christians Against Poverty, Care Home services;
  • to safeguard children, young people and adults at risk;
  • to recruit support and manage staff and volunteers;
  • to maintain our accounts and records (including the processing of gifts and expense claims);
  • to respond effectively to enquirers and handle any complaints
  • to fulfill our purposes as a church;
  • to inform you of news, events, activities and services running at Grace Church Cambridge, or by other Christian groups to comply with the law regarding data sharing.

5. What is the legal basis for Grace Church processing your personal data?

  • As a church (a not-for-profit body with a political, philosophical, religious or trade union aim) we have legitimate grounds for processing your data, including special category data, provided: –
    • the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and
    • there is no disclosure to a third party without consent.
  • We also have a legal basis for processing data where it is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement; the safeguarding of children and vulnerable adults, or for other legal reasons.
  • However, we do request explicit consent from you in certain situations. One example is so that we can keep you informed about news, events, activities and services provided by Grace Church, or by other Christian groups. We also ask for your consent so that we can include you in our Church Directory. If at any time you no longer want to your personal data used in a way that you have previously consented to, you can email dataprotection@gracechurchcambridge.org

6. Sharing your personal data

Your personal data will be treated as strictly confidential and will only be shared with other attenders of the church in order to carry out a service for purposes connected with the church. We will only share your data with third parties outside of the church with your consent, unless the law requires us to do so.

7. How long do we keep your personal data?

We keep data in accordance with our Retention of Data and Records Policy which is available from the Grace Church’s Data Protection Contact dataprotection@gracechurchcambridge.org

 

8. Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –

  • The right to request a copy of your personal data which Grace Church Cambridge holds about you;
  • The right to request that Grace Church Cambridge corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for the Grace Church Cambridge to retain such data;
  • The right to withdraw your consent to receive information from Grace Church about news, events, activities and services provided by Grace Church, or by other Christian groups.
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance dataprotection@gracechurchcambridge.org   or you  may go directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/

9. Changes to our privacy notice?

Any changes we may make to our privacy notice in the future will be posted on our website and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to this notice.

 

10. Contact Details

If you have any questions regarding the processing of your data please speak to one of the leaders at Grace Church or contact dataprotection@gracechurchcambridge.org

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.