PRIVACY POLICY

Introduction

About us

We are Christ the Rock Christian Fellowship, or ‘CtR’ for short.

Our registered address is:

88 Station Road, Yate, Bristol. BS37 4PH

Overview

We are committed to maintaining the privacy of the personal information that is entrusted to us, and we want to ensure you can exercise your privacy rights – partly because we need to comply with Data Protection and GDPR (the General Data Protection Regulations), but mainly because we want to do the right thing.

‘Personal information’ is any information relating to a person which can be traced in some way to the relevant individual. If the information is completely anonymous (so no keys, codes or membership numbers are stored, for example) then the GDPR does not apply, otherwise assume it does. The personal data may be information of any type, including (but not limited to) CCTV images, IP addresses, biometrics and DNA.

Your personal information will be held by CtR. The Trustees of CtR decide how your personal information is managed, so they are the Data Controller.

This document

This document tells you what personal information we collect, how we use it, who we may share it with, the steps we take to protect and secure it, how we ensure you can exercise your rights under data protection law, and how you can contact us with any questions or concerns.

We may change this Privacy Policy at any time; this may be done to clarify what has been said, to address details which were not previously covered, to respond to changes in the legislation (or to the interpretation of the legislation) or for some other reason.

The current version of this Privacy Policy can be found on the CtR web site, and a paper copy can be requested from the church office.

  1. Personal Information

    1.1 Sources of personal information

We may collect personal information from the following sources:

  • Forms you complete when (for example) you register for activities, courses and special events.

  • Letters and emails you send us, when you make an offer to or a request of us.

  • Our website, when you visit it.

  • DBS (The Disclosure and Barring Service) when you offer to undertake financial work, or to work with children or vulnerable adults

    1.2 Recipients of personal information

When we use your personal information we may need to disclose it as detailed below. However, we will never sell your personal information, and we will never disclose it to any other third party without your prior permission.

1.3 Uses of Personal Information

We have put the personal information we hold about you into the following categories. The category headings are for your information only.

We make no use of automated decision making.

You have the general right to ask us to delete your personal information if you believe we no longer have a valid reason to continue holding it. Upon such a request, we will delete your personal information, or as much of it as we are allowed to do while observing our legal obligations.

All of the personal information described below may also enable us to fulfil some general obligations, such as the following.

  • Running the church in an effective way.

  • Complying with the law.

  • Responding to court orders or legal processes.

  • Establishing or exercising our legal rights.

  • Defending ourselves against unjust legal claims.

  • Testing new systems and checking upgrades to existing systems.

  • Detecting, investigating or preventing crime or illegal activities.

  • Managing situations involving actual or potential threats to the safety of any person.

    1.4 Contact

This is information we use to maintain contact with you.

We will use this information for the following purposes:

  • Managing our relationship with you (including administering membership records).

  • Responding to your enquiries and complaints.

  • Providing updates on church life, including news about special events, services and courses.

  • Highlighting ways you can engage in church life.

  • Providing general information which we believe will be of interest to you.

  • Notifying you about important changes or developments to the features and operation of our services.

  • Updating, consolidating, and improving the accuracy of our records.

  • Informing you of news, events, activities and associated ministries.

We will not use this information to contact you if you have asked us not to. You can ask us to stop sending you communications or change your contact preferences at any time by contacting us, using any convenient means.

The legal basis for holding information to respond to your enquiries or complaints is legitimate interest.

The legal basis for holding information for the administration of our membership records is legal obligation.

The legal basis for holding other contact information is consent.

1.5 Finance

This is information relating to the money you give to us, to our engagement with the HMRC (for example, to claim back tax via the gift aid process) and other information relating to financial transactions, payments, credit and debt.

We will use this information for the following purposes:

  • Managing finance (including gifts, payments and refunds), maintaining accounts and records, business capability, planning, charity governance and audits.

This information may need to be shared with HMRC, The Charity Commission, banks, credit card or debit card providers or other lawful authorities.

Information relating to our accounts must be retained for seven years; other financial information will be retained only for as long as it is needed.

The legal basis for holding finance information is legal obligation.

1.6 Consent

This is information relating to permissions, consents and contact preferences.

We will use this information for the following purposes.

  • Providing you with services.

We may need to provide this information to the ICO (Information Commissioner’s Office) to demonstrate that we are complying with data protection regulations.

We must retain consent information for as long as it is relevant.

The legal basis for holding consent information is legal obligation.

2. DBS

This is information relating to DBS (Disclosure and Barring Service) checks on individuals within the church who undertake financial work or work with children or vulnerable adults.

We will use this information for the following purposes:

  • Deciding whether people are suitable to work with finances, children or vulnerable adults.

  • Identifying any special checks or measures which may need to be put in place in order for us to fulfil our obligations.

  • Managing the use of volunteers to ensure we follow best practice in keeping finances, children and vulnerable adults safe.

The DBS information you provide will be shared with DBS and stored securely for as long as it is relevant.

The information provided by DBS will be stored securely and retained as long as it is relevant.

We may request an update from DBS from time to time, to ensure that the information we hold is up to date.

The legal basis for holding DBS information is legal obligation.

2.1 Event

This is information relating to attendance at courses or special activities and events.

We will use this information for the following purposes:

  • Running the event(s) you have signed up for.

  • Planning future events.

This information may need to be shared with our agents, service providers, contractors and others involved in running church events and activities.

Anonymised information will be retained for planning purposes, but the personal information will be deleted when we are confident that all the activity relating to the event is complete.

The legal basis for holding event information is legitimate interest.

3. Using Your Personal Information

3.1 Confidentiality and security of personal information

The security of your personal information is of paramount importance to us and we use a wide range of technical and organisational security measures to safeguard it, including physical, electronic, and procedural controls.

From time to time we may publish photographs or video, captured at church events and meetings, on our websites or social media to help publicise events or demonstrate church life. We do our best to ensure that permission to publish these images is given at the time, we ask for your explicit consent when displaying your name alongside any such content and we do not publish any photos of anyone under the age of 18 without explicit parental consent. If we have used an image of you or your child and you would like it to be removed, or have any other concern about our publicity, please contact us by email or by writing to our registered office.

3.2 Obtaining a copy of your personal information

You have the right of access to copies of the personal information we hold about you by sending us an email or writing to us at our registered address. Please note that we can only tell you about personal information relating to you or your children if you are the parent or guardian.

If you become aware that any of your personal information that we hold is inaccurate or incorrect, please let us know and we will correct it.

4. Other Important Details

4.1 Contacting us about privacy concerns

If you have a privacy concern regarding Christ the Rock Christian Fellowship or this Privacy Policy and if you cannot satisfactorily resolve it verbally, you should contact us using email or by writing to us at our registered address.

In some instances, honoring your requests (for example requesting that we erase your personal information) may preclude your ability to use our website or access other services.

You can also contact the Information Commissioner’s Office on 0303 123 1113, via email (see https://ico.org.uk/global/contact-us/email/) or in writing at The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

4.2 Changes to this policy

If we change how we use your personal details, we will notify the people with whom we maintain contact and publish details of the changes on our website.

We reserve the right to consult about such changes before making them, in what seems to us to be the most appropriate way at the time.

4.3 Cookies

When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device; for example, computer or mobile phone. These are known as ‘cookies’.

The cookies we use include an anonymous unique identifier that is sent to your browser from a web site's computers and stored on your computer's hard drive. We will not use cookies to collect personally identifiable information about you.

You can normally configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is set. However, if you reject our cookies, you will not be able to use our services that require you to ‘log in’ and you may not be able to take full advantage of our other services.

These cookies are used to improve services for you, for example, by:

  • enabling a service to recognise your device so you don't have to give the same information several times during one task;

  • recognising that you already have given a username and password so you don't need to do it for every web page requested;

  • measuring how many people are using services, so they can be made easier to use and there's enough capacity to ensure they are fast;

  • analysing anonymised data to help us understand how people interact with Christ the Rock Christian Fellowship’s website so we can make it better

You may wish to visit www.aboutcookies.org which contains comprehensive information on how to manage cookies on a wide variety of browsers on your computer. You will also find details on how to delete cookies from your machine as well as more general information about cookies.

For information on how to manage cookies on the browser of your mobile phone you may need to refer to your handset manual.

5. Legal Framework

This is a summary of our understanding of our obligations concerning data processing and data protection.

To exercise any of your rights, or ask us about how we implement them, please contact us by email or by writing to us at our registered address.

5.1 Data Protection

Personal data must be handled in accordance with the following eight principles from the Data Protection Act.

  1. Fair. Personal data shall only be processed if this can be done fairly and lawfully.

  2. Source. Personal data shall be obtained only for one or more of the purposes specified in the Act, and shall not be processed in any manner incompatible with that purpose or those purposes,

  3. Relevant. Personal data shall be adequate, relevant and not excessive in relation to those purpose(s),

  4. Accurate. Personal data shall be accurate and, where necessary, kept up to date,

  5. Temporary. Personal data shall not be kept for longer than is necessary,

  6. Rights. Personal data shall be processed in accordance with the rights of data subjects under the Act,

  7. Secure. Personal data shall be kept secure by the Data Controller who takes appropriate technical and other measures to prevent unauthorised or unlawful processing or accidental loss or destruction of, or damage to, personal information,

  8. Territory. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal information.

    5.2 Data Processing

Under the General Data Protection Regulations, individuals have a number of rights concerning their personal details.

  1. Information. The right to be informed: the organisation must provide ‘fair processing information’.

  2. Access. The right to access: confirmation that their data is being processed; access to their personal data; and other supplementary information.

  3. Correction. The right to rectification: data subjects can correct incorrect information.

  4. Deletion. The right to erasure: the freedom to be forgotten.

  5. Restriction. The right to restriction of processing: allowing the organisation to store but not process the data in certain ways.

  6. Portability. The right to portability: enabling the data subject to take and reuse their personal data across a range of services.

  7. Objection. The right to object to some aspect of the data storage or processing.

Consideration. The right to decision making: people can object if a human is not in the loop on a decision about them.