Grace Church Manchester Church Privacy Notice
How Grace Church Manchester (“we”) use your information as a data controller
Your privacy is important to us. We are committed to safeguarding the privacy of your information.
It is important that you read this privacy notice together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
Why are we collecting your data?
We collect personal data to provide appropriate pastoral care, to monitor and assess the quality of our services, to fulfil our purposes as a church and to comply with the law regarding data sharing. In legal terms this is called ‘legitimate interests’. Some of our processing is necessary for compliance with a legal obligation. Retaining safeguarding records and gift aid declarations are examples of this. When it is required, we may also ask you for your consent to process your data. We do not share your information with others except as described in this notice.
We collect and use your information to
· Enable us to meet all legal and statutory obligations
· Carry out comprehensive Safeguarding procedures (including due diligence and complaints handling) in accordance with best safeguarding practice from time to time with the aim of ensuring that all children and adults at risk are provided with safe environments
· Minister to you and provide appropriate pastoral and spiritual care including through Life Groups
· Fulfil our purposes as a church and deliver our Church’s mission to the community
· Comply with the law regarding data sharing
· Enable us to follow up membership, course and event enquiries
· Administer our membership records of adult and child members, friends and regular attenders
· Fundraise and promote the interests of the Church and charity
· Process and record financial donations that you have made (including Gift Aid information)
· Send you communications such as our weekly news email and information about our activities and church ministries that may be of interest to you
· Operate team rotas for the effective function of the church and Sunday services
· Recruit, support and manage our employees and volunteers
· Respond effectively to enquirers
· Maintain our own accounts and records
· Promote and include others in our services through photographs, sound recordings, video recordings and live website streaming of service and selected events
· Update you about changes to our services, events, role holders and any matters of interest related to the church community
· Reimburse you using financial identifiers for ministry expenses occurred on behalf of the church or if we provide a direct service to you e.g. you purchase a ticket for a church event
The categories of information that we may collect, hold and share include:
· Personal information (such as name, photos, telephone number, address, email address, date of birth, marital status)
· Characteristics (such as gender, ethnicity, language, nationality, country of birth)
· Special categories of personal data (such as your religious beliefs)
How do we process your personal data?
The controllers will comply with their legal obligations to keep personal data up to date; to store and destroy it securely; to not collect or retain excessive amounts of personal data; to keep personal data secure; and to protect personal data from loss, misuse, unauthorised access and disclosure and to ensure that appropriate technical and organisational measures are in place to protect personal data.
Storing your data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
We hold your data for varying lengths of time depending on the type of information in question but in doing so we always comply with Data Protection legislation. Details of retention periods are available in our retention policy which you can request by contacting us at email@example.com
Security of your data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees or trustees who need to know. They will only process your personal data on our instructions.
We have put in place procedures to deal with any suspected personal data breach and will notify you and the ICO where we are legally required to do so.
Who do we share your information with?
We will not share your information with third parties without your consent unless the law requires us to do so.
Your rights and personal data
You have the following rights with respect to your personal data:
When exercising any of the rights listed below, in order to process your request, we may need you to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.
1. The right to access personal data we hold on you
At any point you can contact us to request the personal data we hold on you as well as why we have that personal data, who has access to that information and where we obtained the personal data from. Once we have received your request we will endeavour to respond within one month.
2. The right to correct and update the personal data we hold on you
If the personal data we hold on you is out of date, imcomplete or incorrect, you can inform us and your personal data will be updated.
3. The right to have your personal data erased
If you feel that we should no longer be using your personal data or that we are illegally using your personal data, you can request that we erase the personal data we hold.
When we receive your request we will confirm whether the data has been deleted or the reason why it cannot be deleted (for example because we need it for our legitimate interests or regulatory purposes).
4. The right to object to processing of your personal data
You have the right to request that we stop processing your data. Upon receiving the request we will contact you and let you know if we are able to comply or if we have legitimate grounds to continue to process your personal data. Even after you exercise your right to object, we may continue to hold your personal data to comply with your other rights or to bring or defend legal claims.
5. The right to data portability
You have the right to request that we transfer some of your personal data to another controller in certain circumstances. We will comply with your request, where it is feasible to do so, within one month of receiving your request.
6. The right to withdraw consent to the processing at any time for any processing of persona data to which consent was sought.
You can withdraw your consent easily by telephone, email or by post (see contact details below)
7. The right to object to decisions being taken by automated means
8. The right to lodge a complaint with the Information Commissioner’s Office
Changes to this notice
We keep this Privacy Notice under regular review and we will place any updates on our website. If we make significant change we will notify you. This Notice was updated in May 2018.
Please contact us if you have any questions about this Privacy Notice or if you would like further details on how your information is used, how we maintain the security of your information and your rights to access information we hold on you, please contact:
The Data Protection Officer
Address: Grace Church Manchester, 247a Wilmslow Road, Manchester, M14 5LW
Telephone: 0161 826 1160
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/