General Data Privacy Notice
Living Grace Church, c/o 9 Ashley Way, Westone, Northampton, NN3 3DZ
Tel: 07393 735684 Email: info@livinggrace.org.uk
Charity No: 1171041 Company Registration: 9889362
Data Controller: Living Grace Church Data
Protection Lead: Carla Merrey
Date of Policy: 25th May 2018
Issue No: 1.03 (January 2021)
General Data Protection Regulation (GDPR) 25th May 2018
The General Data Protection Regulation replaces the existing law on data protection (the Data Protection Act 1998) and gives individuals more rights and protection as to how their personal data is used by organisations.
The information you provide will be held under the General Data Protection Regulation (GDPR) 2018. We will do all we can to protect your privacy and to make sure any personal information you share with us is stored securely.
We value and respect everyone who has a connection with us. In line with our Christian beliefs, our aim is to be as clear as possible about how and why we use the information you give us. If your questions are not fully answered by the information below, please contact us.
By providing your personal details you agree to allow Living Grace Church to contact you either on the basis of the consents you have given us or for our Legitimate Interests in accordance with current data protection regulations.
1. Who are we?
Living Grace Church are the data controllers. This means they decides how your personal data is processed (used and stored).
2. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data (for example a name, photographs, videos, email address or address) Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the GDPR).
3. How do we collect information about you?
We collect personal information from you in a variety of ways: e.g. if you complete a consent form, serve on a team, become a member, make a donation, book onto an event, request a resource, give your details to a member of staff, complete a paper sign up form or card at an event.
4.How do we process your personal data?
Living Grace Church complies with its obligations under the GDPR by keeping personal data up to date* storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
*Keeping us up to date with your details and contact preferences
· Please tell us as soon as any of your contact details change so that we can keep our records up to date
· You can change the way we contact you or the kind of material we send you at any time by contacting us by mail, phone or email using the contact details above.
· If you have access to iKnow you are able to update your personal details and communication preferences yourself. If you choose this option, we advise that you notify the office that a change has been made.
· You can unsubscribe from our regular emails at any time by using the 'unsubscribe' or 'change preferences' links on the email you have received.
5. What is the lawful basis for holding and processing your personal data?
GDPR provides a framework which permits us to use your information in a number of different ways. There are three specific categories which we use at Living Grace Church and they provide the ‘lawful basis’ for holding and processing your personal data:
Consent applies:
· The primary means of capturing and recording your personal data is via the approved consent form. On the basis of this consent, your personal data is then stored in our church database (iKnow).
· We need your consent in order to collect your name and contact telephone number and share this with NHS Test and Trace if requested. You will give us your consent by providing your details on a sign-in form, booking form on iKnow or by email.
· Further information on NHS Test and Trace is set out in Section 6 below (see Covid-19 pandemic).
Legitimate interest applies:
· Where you sign up for an event or group run by the church and we communicate with you about that event or group.
· Where you have contacted us independently for information about the church. In this context we will only use your contact details to respond to your enquiry unless you explicitly consent for us to use your information for another purpose.
· Where we need to communicate with you about: -
- Relevant matters such as church news, events, courses, services and ministries
- A public-interest matter, for example to let you know if an event is cancelled due to bad weather
- A ministry or group that you are involved in as part of a serving team
· For good governance, accounting, planning and analysis. Examples might include:
- A thank you letter.
- Information about a church stewardship programme.
Legal obligation applies:
· Where we are required to maintain and report financial/accounting information for up to six years from the end of the tax year in which a financial transaction was processed. This would typically be in respect of donations you may make to the church, or payments for certain events or courses run by the church.
· Where we are required to maintain attendance records at groups or events in line with our safeguarding policy.
· Where we are required to hold information and data relating to safeguarding incidents in order to fulfil our responsibilities to ensure the safety and wellbeing of people in our church in line with statutory and legal obligations.
6. How do we use your personal data?
· To administer membership records;
· To inform you of news, events, activities and services running at Living Grace Church.
· To process donations you may give us and maintain our own accounts and records (including the processing of gift aid applications);
· To organise rotas and other administrative tasks.
· To ask for financial and non-financial support, such as prayer.
· To customise the information we send to ensure we work in the most cost effective way and only send information which is appropriate to you.
· To record your attendance or involvement at a Living Grace event.
· To enhance or improve your experience on our website. When you indicate your preferences through the use of our site, we may use this information to personalise the site to better meet your needs.
· Living Grace Church may carry out analysis of the personal information we collect about you to create a profile of your interests and preferences so we can contact you in the most appropriate way and with the most relevant information.
· Although we may have your contact details already for our usual work, the Covid-19 pandemic has created a unique situation and additional reasons for us to collect the name and contact telephone numbers of all staff, members and visitors who visit our church in order to support the NHS Test and Trace. This is specifically in relation to contact tracing, which is the process of identifying, assessing and managing people who have been exposed to a disease to prevent onward transmission and the investigation of local outbreaks.
· If we are collecting your data for the sole purpose of Test and Trace we will need your consent to do so. This is voluntary and you don’t have to provide your details. However if you do, they will only be used for the purpose of sharing them with NHS Test and Trace.
· Further information about Test and Trace, can be found at the end of this Privacy Notice.
7. How long do we keep your personal data?
We keep data in accordance with the guidance set out by the GDPR. We endeavour to maintain only data that is relevant, accurate and up to date. We operate to an annual process of review by which we assess who is actively engaging in church membership and where this is not the case, we will remove your data. However, we retain member and former member information if there is a legal requirement to do so eg Gift Aid declarations and financial data for up to 6 years after the calendar year to which they relate; and safeguarding records permanently.
If we are collecting your data for the sole purpose of Test and Trace (NHS), we will keep your name and telephone number for a maximum of 21 days and will dispose of it securely after this period.
8. Viewing the Information we hold about you
You may request details of all the information Living Grace Church holds about you by submitting a written or verbal request to the Church Office. Please write to: Living Grace Church, c/o 9 Ashley Way, Westone, Northampton, NN3 9DZ or email: info@livinggrace.org.uk. We will respond to your request, free of charge, within 30 days.
9. Who sees your information?
Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church. We will only share your data with third parties outside of the church with your consent.
Your personal data (name and telephone number) may be shared with NHS Test and Trace if requested and providing you have given consent for us to do so.
10. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -
· The right to be informed about the identity of Living Grace Church and how Living Grace Church intends to use your information (this is usually achieved through the Data Privacy Notice).
· The right of access to your personal data which Living Grace Church holds about you (Subject Access Request).
· The right to be forgotten (erasure)- to request your personal data is erased where it is no longer necessary for the Data Controller to retain such data, unless there is a legal obligation to keep it.
· The right to withdraw your consent to the processing at any time. In this case we will inform you if we are able to comply or if we have legitimate grounds to continue to process your data.
· The right to rectification (correction) - to request that the Data Controller corrects any personal data if it is found to be inaccurate or out of date.
· The right to data portability – you have the right to request that we transfer some of your data to another controller and we will comply with your request where it is feasible to do so, within one month of receiving your request(known as the right to data portability), [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means]
· The right to object to the processing of personal data. You have the right to request that we stop processing your data, upon receiving the request, we will contact you and let you know if we are able to comply or if we have legitimate grounds to continue to process your data. Even after you exercise your right to object, we may continue to hold your data to comply with your other rights or to bring or defend legal claims.
· The right to lodge a complaint with the Information Commissioners Office (see below details of how to contact the ICO).
11. Further Processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
12. Contact Details
To exercise all relevant rights, queries or complaints please, in the first instance, contact the Office Administrator at the Church office by email: info@livinggrace.org.uk
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
Further information on NHS Test and Trace COVID-19
For more information about Test and Trace and how they will use your personal details, please see the Government guidance website:
https://www.gov.uk/guidance/nhs-test-and-trace-how-it-works
In summary, Test and Trace:
· provides testing for anyone who has symptoms of coronavirus to find out if they have the virus;
· gets in touch with anyone who has had a positive test result to help them share information about any close recent contacts they have had; and
· alerts those contacts, where necessary, and notifies them they need to self isolate to help stop the spread of the virus.
This is voluntary, and you don’t have to provide your details, however, if you do, they will only be used for the purpose of sharing them with NHS Test and Trace.
You can withdraw your consent at any time after giving your details by letting us know you no longer want us to keep or share your personal data for this purpose, however, once we have given your details to Test and Trace we will no longer be able to prevent processing
Living Grace Church is a registered charity, charity number 1171041, and is a business registered in England with number 09889362