LIFESPRING CHURCH PRIVACY POLICY

LifeSpring Church (referred to as “the Church”, “we”, “us” or “our” in this Privacy Policy) respects your privacy and is committed to protecting your personal data whether it is held on paper, on computer or other media. This Privacy Policy will inform you as to how we look after your personal data when you visit our website or that you have submitted to us in some other way. It will also tell you about your rights and how the law protects you.

From 25th May 2018, the processing of personal data will be governed by the General Data Protection Regulation (the “GDPR”), which has changed the previous laws applicable to the protection of data.

This Privacy Policy covers:

1.     What is personal data?
2.     Who is the ‘controller’ of personal data?
3.     How do we collect your personal data?
4.     What will we use your personal data for?
5.     Church Directory
6.     How will we treat your personal data?
7.     How long do we keep your personal data?
8.     New purposes
9.     Changes to your personal data
10.  Your legal rights
11.  Rights to access your personal data
12.  Contact details
13.  Third party links
14.  Further information

1.     What is personal data?

Personal data is data that relates to a living individual which identifies that individual, either directly or indirectly (eg name, address, date of birth, email address, telephone numbers, photographs etc).

2.     Who is the ‘controller’ of personal data?

The Church is the controller of your personal data which means we are responsible for how it is processed and for what purposes.

LifeSpring Church is a charitable company limited by guarantee and registered in England and Wales; Company No. 8087254 and Charity No. 1148013; registered office: The Pavilion, 143-145 Oxford Road, Reading, RG1 7UY.

For details of our legal obligations, click here.

3.     How do we collect your personal data?

3.1.  We use different methods to collect data from and about you including when you give us your data by filling in forms (either in hard copy or on our website), by corresponding with us for example by email, phone or post or by entering your details on our online contacts database using MyChurchSuite (“Church Directory”).

3.2.  [If you pay for any Church event (eg an Encounter) via the website using MyChurchSuite, we will not have access to or be able to see or store any of your payment details (such as your credit card number).]

4.     What will we use your personal data for?

4.1.  We will only use your personal data when the law allows us to.

4.2.  We may use your personal data for when we consider this to be in our ‘legitimate interests’. This is the legal basis for us processing your personal data under the GDPR without us needing to obtain your consent.

4.3.  Our ‘legitimate interests’ are to facilitate the day-to-day administration and ministry of the Church and related communication purposes including the following:

4.3.1.    pastoral care and support including calls and visits;

4.3.2.    preparation and circulation of ministry rotas;

4.3.3.    sharing information between and within cell groups;

4.3.4.    sharing information between and within any other internal Church groups (such as the various ministry teams);

4.3.5.    contacting you to keep you informed of Church notices, activities and events;

4.3.6.    management of our employees and volunteers;

4.3.7.    maintenance of our own accounts and records (including the processing of gift aid applications and for audit and tax purposes);

4.3.8.    to enable the Church to run children’s and youth clubs and events (including holiday clubs) safely by ensuring we can contact the nominated adult in case of an emergency;

4.3.9.     administering and protecting our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).

4.4.  We may also use your personal data where you have given your express consent (for example, by actively consenting to receive our e-newsletter).

5.     Church Directory

5.1.  Information contained on the Church Directory will only be used in accordance with this section. The Church Directory is accessed through the cloud and therefore, can be accessed through any computer or smart device with internet access. The server for the database is in the UK and hosted by ChurchSuite.

5.2.  Access to the Church Directory is strictly controlled through the use of name specific passwords, which are selected by the individual. It cannot be accessed by general visitors to the Church’s website.

5.3.  Those authorised to use the Church Directory only have access to their specific area of use within the Church Directory. This is controlled by the Church and other specified administrators. These are the only people who can access and set these security parameters.

5.4.  People who will have secure and authorised access to the Church Directory include the Church’s office employees, the Directors and Senior Leadership Team.

5.5.  All access and activity on the Church Directory is logged and can be viewed by the nominated administrator of the Church Directory.

5.6.  The Church Directory will NOT be accessed by any authorised users outside of the EU unless prior consent has been obtained from the individual whose data is to be viewed.

6.     How will we treat your personal data?

6.1.  Except where permitted by law (for example where we are legally compelled to do so), we will treat all your personal data as private and confidential and will not disclose or share any of your personal data to or with anyone except as set out in this section or with your consent.

6.2.  We will not disclose any personal data about you to anyone other than those involved in the administration and day-to-day ministry of the Church who include:

6.2.1. the Directors, Senior Leadership Team, Cell Leaders, Ministry teams and the Church’s employees and volunteers; or

6.2.2. with other regular attendees of the Church solely in order to carry out a service to other regular attendees of the Church or for purposes connected with the Church.

6.3.  We will ensure that all Church staff and volunteers who have access to personal data are trained in data protection and will only process personal data in accordance with their duties as part of their role within the Church.

6.4.  We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

6.5.  The following will be kept in a securely locked cabinet or cupboard in the Church office:

6.5.1. any personal data supplied in paper form to which only the Church’s employees and volunteers, the Directors and Senior Leadership Team will have access (on a ‘need to know’ basis);

6.5.2. any ‘special categories of personal data’ (such as information about your health) in paper form to which only the Pastor and those specifically authorised by the Pastor will have access. (Click here to find out more about ‘special categories of personal data’);

6.5.3.  any data relating to criminal convictions and offences to which only the Pastor, those responsible for Safeguarding and others specifically authorised by the Pastor will have access.

6.6.  Any ‘special categories of personal data’ and/or any data relating to criminal convictions and offences may be stored on our computers. If this is the case, any such data will be in password protected documents where the password will only be known by the Pastor and those specifically authorised by the Pastor.

6.7.  The personal data provided on forms relating to a Holiday Club run by our Junior Church team will be destroyed once a Holiday Club has finished unless the box on the forms asking us to keep you informed about future activities we think your child might be interested in attending has been ticked. If this is the case we will retain your details for the sole purpose of notifying you of such events. We will NOT pass on this information to anyone else. You have the right to ask to be removed from this circulation list at any time.

6.8.  We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

6.9.  We will not transfer your personal data outside the European Economic Area (EEA) without your consent.

7.     How long do we keep your personal data?

7.1.  Where you have given consent for example, to use your email address so you can receive the e-newsletter, we will endeavour to refresh your consent at appropriate intervals.

7.2.  Specifically, we retain gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate and we keep records in a marriage register permanently.

7.3.  Otherwise, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including to satisfy any legal, accounting or reporting requirements.

8.     New purposes

If we wish to use your personal data for a new purpose not covered by this Privacy Policy, we will notify you and we will explain the legal basis which allows us to do so.

9.     Changes to your personal data

It is important that the personal data we hold about you is accurate and current. Please tell us if any of your personal data changes so that it can be amended (or update your details on the Church Directory where applicable).

10.  Your legal rights

10.1.        Under certain circumstances, you have rights under data protection laws in relation to your personal data:

10.1.1.         to request access to your personal data;

10.1.2.         to request correction of your personal data;

10.1.3.         to request deletion of your personal data;

10.1.4.         to request transfer of your personal data;

10.1.5.         to request restriction of processing your personal data;

10.1.6.         to object to processing of your personal data;

10.1.7.         a right to withdraw your consent;

10.1.8.         a right to lodge a complaint with the Information Commissioner’s Office.

10.2.    Please click here to find out more about these rights.

 

11.  Rights to access your personal data

11.1.    You can ask for one copy of the personal data we hold about you free of charge. (If you ask for more than one copy, we are entitled to charge a fee based on the administrative cost of providing the information.)

11.2.    If you wish to exercise this right, you should make the request in writing by sending us an email or a letter – see the Contact details below.  A standard template for this should be available on the Information Commissioner’s Office (“ICO”) website at https://ico.org.uk/.

11.3.    We will provide the information requested without delay and at least within 1 month of receipt of your request unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the individual making the request.

 

12.  Contact details

12.1.    To exercise a legal right, raise a query or make a complaint, please email admin@lifespringchurch.org (reference: Data Protection Issue) or send a letter to Data Protection Administrator, LifeSpring Church, The Pavilion, 143-145 Oxford Road, Reading, RG1 7UY.

12.2.    Although you have the right to make a complaint at any time to the Information Commissioner’s Office, we would appreciate the chance to deal with your concerns before you approach them, so please contact us in the first instance.

 

13.  Third-party links

13.1.    This website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements.

13.2.    When you leave our website, we encourage you to read the privacy notice of every website you visit.

Further information

14.  Your legal rights

14.1. You have the following rights with respect to your personal data:

14.1.1. the right to access or request a copy of your personal data which the Church holds about you (also known as a Subject Access Request);

14.1.2. the right to request that the Church corrects any personal data if it is found to be inaccurate or out of date;

14.1.3. the right to request your personal data is deleted where it is no longer necessary for the Church to retain such data;

14.1.4. the right to request that the Church provides you or a third party with your personal data;

14.1.5. the right, for example where there is a dispute in relation to the accuracy or use of your personal data, to request a restriction is placed on any further processing of your personal data by the Church;

14.1.6. the right to object to the processing of your personal data, where the Church is relying on the ground of a legitimate interest where you feel processing on this ground impacts on your fundamental rights and freedoms;

14.1.7. the right to withdraw your consent to the processing of your personal data at any time;

14.1.8. the right to lodge a complaint about how we have handled your personal data with the Information Commissioner’s Office, the UK supervisory authority for data protection issues, (www.ico.org.uk).

14.2.    For further details on exercising these rights, see the Contact details above.

 

15.  What are our legal obligations?

We will comply with our obligations under the GDPR including by processing personal data fairly and lawfully; by obtaining it for a specified and lawful purpose; by keeping it up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

16.  What are ‘special categories of personal data?

The GDPR refers to what was previously called sensitive personal data as “special categories of personal data”. These categories include details about your race or ethnicity, religious or philosophical beliefs, sexual orientation and information about your health.

This version of the Privacy Policy was last updated on 2nd May 2018