LATIMER CHURCH CHARITY DATA PRIVACY NOTICE/POLICY
Latimer Church Charity is committed to protecting and respecting your privacy. This policy outlines how we collect, make use of, communicate and disclose personal information. This statement outlines the ways in which we seek to be compliant with current data protection legislation (including the Data Protection Act 2018 and the General Data Protection Regulation – GDPR) and the rights each person has regarding the handling of their personal information.
Data controller – determines the purpose and manner by which personal data is processed – [Latimer Church Charity]
Data processor – responsible for processing personal data on behalf of the data controller and under their instruction
Personal data – information relating to a living individual who can be identified from that data, whether held in electronic records or in paper or manual filing systems
Data subject – the living individual whose personal data we hold
What is personal data?
Personal data is any information that relates to a living individual who can be identified from that data. Identification can be by the information alone, or in conjunction with any other information in the data controller’s possession or likely to come into their possession. This may be held in electronic records or within structured manual filing systems, and also extends to ‘online identifiers’ such as computer IP addresses.
Latimer Church Charity may process the following categories of personal data about you:
- Personal information (such as name, gender, family members, date of birth, health information if relevant)
- Contact information (such as email address, telephone number, address)
- Financial information (such as bank details, gift aid status, donation history)
- Multimedia information (such as photographs, recordings, video footage)
- Employment and volunteer information (such as employment history, training history, rotas)
- Commercial information (such as contract information, payment information
Our policy for processing your personal data
Latimer Church Charity seeks to ensure that all data processing operations comply with its obligations under relevant legislation, specifically by:
- keeping personal data up-to-date
- storing and destroying personal data securely
- not collecting or retaining excessive amounts of data
- protecting personal data from loss, misuse, unauthorised access and disclosure by ensuring that appropriate technical measures and processes are in place to protect such data
How do we use/process your personal data?
Latimer Church Charity uses your personal data for the following main purposes:
- to enable us to meet our legal and statutory obligations
- to maintain our church list of members, friends and regular attendees and supporters
- to make contact with visitors or stakeholders who have sought to connect with the church
- to deliver our church ministries and activities including: Sunday & midweek services, special services, (including dedications, baptisms, weddings & funerals), special events (including conferences, inter-church meetings, community meetings), children’s work, youth work, young adults’ work, global mission, men’s and women’s ministries, small group activities, pastoral services, enquirers’ courses, and other ad hoc services & ministries
- to enable us to provide community services for the benefit of the public
- to provide news and information relating to events, activities and services running at or supported by Latimer Church
- to promote and include others in our services through photographs, sound recordings, video recordings and live web streaming of services and selected events
- to provide pastoral support for members and others connected with our church
- to safeguard children, young people and adults at risk
- to recruit, support and manage our employees and volunteers
- to maintain our own accounts and records (including the processing of gift aid applications)
- to maintain and secure our property and premises
- to respond effectively to enquirers and handle any complaints
- to adhere to legal requirements e.g. for weddingsWhat is the legal basis for processing your personal data?
Latimer Church Charity may process your information on the following legal grounds:
Explicit consent for processing relating to:
- the provision of information about news, events, activities and services
- visual images and recordings
- gift aid donations
- the provision of marketing/fundraising information
- children under the age of 18
- Fulfilment of contract for processing relating to:
- Legal obligation for processing relating to:
- health & safety
- processing that is necessary to carry out obligations under employment, social security or social protection law
- Legitimate interests for processing relating to:
- church membership
Latimer Church Charity may process some special category, sensitive or high-risk information about you where it is necessary in order for us to fulfil the purposes listed above. In these cases, we process this information on the following ‘Article 9’ legal grounds:
- Explicit consent
- Processing by a not-for-profit body with a political, philosophical, religious or trade union aim
- Collecting your personal data
The majority of information you provide to us is necessary for us fulfil the purposes above and failure to supply such information may mean that we are unable to support you fully as a member or friend of Latimer Church Charity. However, all of your information is provided to us on a voluntary basis.
Sharing your personal data
Your personal data will be treated as strictly confidential. We may share your information with other members of the church in order to carry out a service or for purposes connected with the church. We will only share your data with third parties outside of Latimer Church Charity with your consent.
How long do we keep your personal data?
We will keep data only as long as it is deemed necessary – taking into account legal obligations, accounting & tax obligations, and considering what would be reasonable for the activity concerned.
Specifically, we will retain your information as follows:
- membership data – whilst it is still current [and for up to 6 months after you leave]
- details of donations, gift aid and salary payments (and associated paperwork) – for 6 years after the tax year to which they relate to meet tax and accounting requirements
- official registers (e.g. of marriages) – permanently
- safeguarding and health & safety records – [for 7 years]
- employment records – [for 7 years]
- Your rights and your personal data
- Unless subject to an exemption under relevant legislation, you have the following rights with respect to your personal data:
- the right to request a copy of the personal data which Latimer Church Charity holds about you
- the right to request that Latimer Church Charity corrects any personal data if it is found to be inaccurate or out-of-date
- the right to request your personal data is erased where it is no longer necessary for Latimer Church Charity to retain such data
- the right to withdraw consent to processing at any time
- the right to request that Latimer Church Charity provide you with your personal data and where possible to transmit that data directly to another organisation (the right to data portability) where applicable
- the right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing
- the right to object to the processing of personal data – only applies where processing is based on legitimate interests, for the performance of a task in the public interest/exercise of official authority, direct marketing & for the purposes of scientific/historical research & statistics.
- the right to lodge a complaint with the Information Commissioners Office (ICO)
If Latimer Church Charity should wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining the new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Site visitation tracking;
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people visiting this site, to better understand how they find and use our web pages and to see their journey through our website.
Although GA records data such as geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you, but Google does not grant us access to this. We consider Google to be a third-party data processor.
Contact forms and email links:
Should you choose to contact us from our contact page or email link, none of the data supplied will be stored on our website, or passed to any third party.
To exercise all relevant rights, and lodge queries or complaints, please in the first instance contact the Data Protection Lead at firstname.lastname@example.org, or 07706 087045 and PO Box 5060, Gerrards Cross, SL9 1FY.
For the (ICO), 0303 123 1113, Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF, or contact via their website on www.ico.org.uk