This statement outlines our commitment to you with regards to what information we collect, steps we take to protect and secure it, how we use and share the information, and how you can contact us with questions or concerns. Please note that we are not responsible for the privacy practices or the content of other websites to which we provide links.
We will notify our contacts via this website, email and social media if we need to change how we intend to use your personal information.
Personal Access & Erasing Data
St Peter's Church is fully committed to compliance with the requirements of the General Data Protection Regulation and will therefore follow procedures which aim to ensure that all employees and volunteers or others serving email@example.com who need to have access (see Data Sharing below) to any personal data held by or on behalf of St Peter's Church are fully aware of and abide by their duties under the General Data Protection Regulation.
We rely on Legitimate Interest as the lawful basis for processing personal data. The data we process is freely provided by the data subject at the point of account registration (with the exception of family/group bookings, see below). We request the minimum amount of data to carry out the processes requested by the data subject, and do not share this data outside of our organisation (exceptions outlined under Data Sharing below). We also process data for the purpose of direct marketing of events and products that we believe are of interest and benefit to the individual, and always provide a clear and simple option to unsubscribe from such communications.
St Peter's Church needs to collect and use information about employees, Church visitors, volunteers and referees (for volunteer applications) in order to operate and carry out its functions. St Peter's Church may also be required by law to collect and use information. St Peter's Church regards the lawful and appropriate treatment of personal information vital to successful operations and in maintaining confidence between St Peter's Church and those with whom it carries out business.
On visiting our website, St Peter's Church receives and records information from your browser, including your IP address and cookies (see Cookies below). We also use Google Analytics to monitor how visitors use our website. These forms of data collection are to enable us to make our user experience useful and relevant.
St Peter's Church may also collect and store information about your financial transactions with us. This is needed to keep a record of income, for tax purposes and to process payments and Gift Aid. We do not have access to your credit card details if you have paid online and we do not retain your credit card details provided by any other means once your payment has been cleared (e.g., for donations to our event offerings). All online payments are processed via a GDPR-compliant third party (Sage).
St Peter's Church does not allow those under18 year-olds to create personal accounts. For the purpose of children and youth group activities the Child's legal guardian will be required to share emergency contact details and medical information to be able to attend any St Peter's Church events. These personal details will only be shared with authorised Team Leaders.
The information we ask you to provide when creating a St Peter's Church account will be used to create your user profile, which can be accessed and used by St Peter's Church to offer administrative support; in relation to any further action you may take relating to your account (e.g., booking for an event); and to contact you about products and services that may be of interest (we always provide an opportunity to opt out of receiving further communications at the time you are contacted).
If you have a Facebook account linked to your email address, we may let you know about St Peter's Church products and services that may be of interest to you via Facebook.
St Peter's Church will, through management and use of appropriate controls, monitoring and review:
• Use personal data in the most efficient and effective way to deliver its services.
• Strive to collect and process only the data or information which is needed.
• Use personal data for such purposes as are described at the point of collection, or for purposes which are legally permitted.
• Strive to ensure information is accurate.
• Not keep information for longer than is necessary.
• Securely destroy data which is no longer needed.
• Take appropriate technical and organisational security measures to safeguard information (including unauthorised or unlawful processing and accidental loss or damage of data).
• Ensure that information is not transferred abroad without suitable safeguards.
• Ensure that there is general information made available to the public of their rights to access information.
• Ensure that the rights of people about whom information is held can be fully exercised under the General Data Protection Regulation. These rights include:
• The right to be informed
• The right of access to personal information
• The right to request rectification
• The right to request erasure
• The right to restrict processing in certain circumstances
• The right to data portability
• The right to object to processing
Personal Access & Erasing Data
Account holders can log in to access their St Peter's Church account information at any time and view or change personal details and communication preferences. St Peter's Church must act upon any request to remove personal data without undue delay and at least within one month of receipt. However, the right to remove your personal data is not absolute and only applies in certain circumstances. It does not apply if processing is necessary for one of the following reasons:
• To exercise the right of freedom of expression and information.
• To comply with a legal obligation.
• For the performance of a task carried out in the public interest or in the exercise of official authority.
• For archiving purposes in the public interest, scientific research, historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing
• For the establishment, exercise or defence of legal claims.
Access to your online data is limited to St Peter's Church employees and named employees of our web server and database team for the purpose of system support and management. This access is restricted by a data protection contract which prohibits data sharing (see Security below).
We securely store your first name, last name and email address with a GDPR-compliant online communications platform (Mailchimp) to manage and distribute emails. We use tracking to monitor the performance of our emails and their content (e.g., to monitor the open rate of emails or the popularity of specific links). You are given the opportunity to manage your communication preferences or unsubscribe from all emails each time you receive an email from us.
We will not disclose your personal details outside of our organisation unless to comply with a legal obligation or to deliver services that you have signed up to, which are limited to the following:
• Sharing your name and address with our external mailing and sorting house to distribute postal mailings and to maintain up-to-date postal records. We have a data protection contract in place preventing the sharing or use of your data for any purposes other than that outlined above.
• Personal details relating to volunteer or employment applications and references (name, address, telephone number, date of birth and Disclosure and Barring Service information) will be shared with St Peter's Church appointed staff, who are sent a data protection acknowledgement and are required to undergo GDPR training (annually). Referees (nominated by the applicant) are only sent the name and Team applied for. We do not store any data for referees.
Your St Peter's Church account information is password-protected. We use physical, electronic and procedural safeguards to protect your personal information.
St Peter's Church use HTTPS security and SSL-encryption to protect data transmissions (for purposes outlined in Data Sharing above). Please note that this is not a guarantee that such information may not be accessed, disclosed, altered or destroyed by breach of firewalls and secure server software. If St Peter's Church learns of a security systems breach, we will post a notice on our website and will attempt to notify you via email so that you can take appropriate protective steps.
It is the responsibility of the account holder to ensure the security of their personal account log-in details.
St Peter's Church reserves the right to photograph or film volunteers or visitors within public areas at St Peter's Church locations and events. Only official St Peter's Church photographers will be authorised and are recognisable by a St Peter's Church ‘media pass’.
Only distance photography will be taken during ministry times, and we will not photograph faces.
All photographs taken for St Peter's Church are the property of St Peter's Church and may be used for illustrative purposes, such as for the website, social media or brochures, for educational purposes, such as providing a visual explanation of the different activities that run during the conferences, or as a resource for future marketing and promotion of St Peter's Church events. It is the responsibility of St Peter's Church to make sure that all staff, visitors and volunteers are aware that there may be photography and filming in the public spaces provided. This should be made clear through public notices, signs and/or visual projection.
If you have any concerns or queries, please don’t hesitate to contact us at firstname.lastname@example.org
Last updated: 24 May 2018