Your privacy is important to us. We want to act with transparency, and to be faithful stewards of your personal information, as well as ensuring that we meet all of our obligations under UK and international law.
Redeemer Church Privacy Notice
1. Your personal data – what is it?
Personal data is any data which relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”).
2. Who are we?
Redeemer Church, Chester le Street, (“Redeemer Church”) is the Data Controller. This means it decides how your personal data is processed and for what purposes.
3. How do we process your personal data?
Redeemer Church complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. Importantly, we also only process your personal data when we have a legal basis for doing so.
We ensure that we have in place appropriate controls to protect any personal data you provide us. We ensure that access to personal data is restricted only to those staff members or volunteers whose job roles require such access and that suitable data protection training is provided for these staff members and volunteers where appropriate.
We use your personal data for the following purposes:
- To administer courses, groups and serving teams (e.g. contacting members, and setting up rotas)
- Personal references (e.g. for children’s work)
- Bank details where appropriate (e.g. for tithing and expenses)
- Membership and growth tracking data
- Processing may include email, phone numbers and addresses; and utilise social media providers.
- To inform you of news, and events through our mailing list, e-news (if you sign up to receive it)
4. What is the legal basis for processing your personal data?
Redeemer Church must have a lawful basis in order to collect, store and process your personal data. These legal bases are listed and explained below, with examples for each of how they may apply to Redeemer Church:
Article 6(1)(a) gives the data controller a lawful basis for processing personal data where: “the data subject has given consent to the processing of their personal data for one or more specific purposes”
Explanation – Redeemer Church can process your personal data if you give us permission to use certain information about yourself in a particular way or for a specific purpose. However, we can only use such data within the extent of the permission given by you.
Example – We may use consent to allow us to collect and store your contact details in order to contact you with further details about the church and its activities, or to sign you up to various mailing lists (such as enews). We may also use it to get your permission to take photos/videos of you during one of our services or events and to use these in promotional material
Article 6(1)(b) gives the data controller a lawful basis for processing where: “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”
Explanation – Redeemer Church can use your personal data when it is necessary to fulfil an obligation arising out of a contract you have entered into with the church (if you have entered into such a contract), or when steps are being taken at your request prior to entering into such a contract.
Example – This applies mainly to the legal/professional dealings Redeemer Church may be involved in. For example, Redeemer Church may use contract as a legal basis for processing personal data with regard to employment of staff for the church, or when entering into contracts for the use of certain buildings/spaces for church meetings and activities.
- LEGAL OBLIGATION
Article 6(1)(c) provides the data controller with a lawful basis for processing where: “processing is necessary for compliance with a legal obligation to which the controller is subject.”
Explanation – Redeemer Church can collect and use your personal data when it is necessary in order to allow the church to fulfil its legal obligations (for example, under health and safety laws).
Example – Redeemer Church may use this basis for processing data with regard to safeguarding, weddings, gift aid and accident book reporting.
- VITAL INTEREST
Article 6(1)(d) provides the data controller with a lawful basis for processing where: “processing is necessary in order to protect the vital interests of the data subject or of another natural person”.
Explanation – This basis allows Redeemer Church to process your data in order to protect your own vital interests (such as your health/wellbeing), or that of another person.
Example – Redeemer Church may use vital interest as a legal basis as we process data regarding health or safeguarding, so that we can effectively supervise children during our various children’s groups and meetings.
- PUBLIC TASK
Article 6(1)(e) gives the data controller a lawful basis for processing where: “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”
Explanation – This section allows Redeemer Church to use your personal data when to do so is necessary for the church to carry out a task that is in the public interest, or if the church is given (or is in possession of) official authority that requires it to use your personal data in a certain way.
Example – This may be used by the church as a legal basis when processing personal data regarding weddings.
- LEGITIMATE INTEREST
Article 6(1)(f) gives the data controller a lawful basis for processing where: “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”
Explanation – This section allows Redeemer Church to use your data when to do so is necessary for the church (or a third party) to pursue a legitimate interest which it holds. However, this can only be done where such data usage is not overridden by your own conflicting interests or fundamental rights/freedoms. This is especially so in the case of children under the age of 18.
Example – This is a wide-ranging provision, and is likely to cover the majority of the personal data that is collected, stored and processed for people who are a part of Redeemer Church.
5. Sharing your
Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church.
We will only share your data with third parties outside of the church with your consent.
When sending bulk emails such as e-news, we will ensure that emails addresses go into the ‘BCC’ area to prevent them being inadvertently disclosed to other recipients.
Special category data is personal data which the GDPR says is more sensitive, and so needs more protection (e.g. data regarding your health or religious beliefs). We will sometimes have to collect, process and store this more sensitive data as a church. In order to lawfully process special category data, not only do we have to identify one of the lawful bases listed under Article 6 (above), but we also have to fulfil an additional separate condition for processing special category data under Article 9. There are a number of conditions listed under Article 9, but Redeemer Church sees the following conditions as potentially applicable in certain situations, as listed in Article 9(2) of the GDPR:
(a) the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject;
– For example, Redeemer Church will ask for explicit consent when collecting data about an individual’s dietary or medical needs for an event or trip.
(c) processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;
– For example, if there is a medical emergency at one of our events or services and someone is unable to provide their own details to emergency services due to medical incapacity, Redeemer Church may do it on their behalf in order to protect their vital interests.
(d) processing is carried out in the course of the data controller’s legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects;
– For example, if you attend our church, Redeemer Church may collect data that is part of our legitimate activity as a church, about your religious beliefs. However, we will not pass this on to anyone else without your explicit consent.
(e) processing relates to personal data which is manifestly made public by the data subject;
– For example, Redeemer Church may use data about you which is classed as “special category data” if you have already made such data openly public yourself.
(i) processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy;
– For example, Redeemer Church may use your data to protect people’s health or to pass onto Police or Local Authorities in certain situations.
6. How long do we keep
your personal data?
As stated in the Redeemer Data Protection Policy 8.3.1. Every three years, a review and refresh of personal data will be carried out by employees, trustees and the relevant volunteers. Any personal data that is inaccurate or no longer required will be amended or deleted as appropriate.
We keep your data for no longer than is reasonably necessary. Different types of information are subject to different retention periods. We will process your data as long as you are a member of the church or are in regular contact with the church. E.g. Sunday services, volunteering and/or small groups.
Membership data will be kept while it is still current; gift aid declarations while Gift Aided donations are being made and a period of 2 years after the last such donation. Financial records are kept for a period of 6 years after the year to which they relate. A register of Marriages is kept permanently
7. Who will have access to my information?
Your personal information will only be visible to our internal, authenticated users. Such personnel are only allowed to use that data for Redeemer Church purposes.
Information will only be transferred to a 3rd party, or outside the EU, on the basis of informed consent, or for the performance of a contract, or to protect yourself or other persons, or for important reasons of public interest, or for legal reasons.
8. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –
- The right to request a copy of your personal data which Redeemer Church holds about you;
- The right to request that Redeemer Church corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for Redeemer Church to retain such data;
- The right to withdraw your consent to the processing at any time
- The right to request that the data controller provide you with your personal data and where possible, to transmit that data directly to another data controller.
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request that a restriction is placed on further processing.
- The right to object to the processing of personal data.
- The right to lodge a complaint with the Information Commissioners Office. Contact details for the ICO are shown below.
9. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
10. Contact Details
To exercise all relevant rights, queries or complaints please in the first instance contact the Data Controller (Redeemer) by email using the contact details on the website.
If Redeemer does not resolve the matter to your satisfaction you can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
Redeemer Church is committed to respecting and protecting your online privacy.
This includes your need and your right to know what we do with the personal information you share with us. It also guides our policies regarding the management of this data, including how the information is collected, processed, and for what purposes.
Every time you log on to our website your IP (Internet Protocol) address registers on our servers. Your IP address reveals no information other than the number assigned to you. We do not use this technology to gain any other personal data (e.g. automatically recording e-mail addresses of visitors), nor do we use it for any purpose other than to help us monitor traffic on our website, or (in case of criminal activity or misuse of our information) to cooperate with law enforcement.
We use a number of different cookies on our website. If you do not know what cookies are, or how to control or delete them, then we recommend you visit http://www.aboutcookies.org for independent, detailed guidance.
The list below describes the cookies we use on our website and what we use them for. Currently we operate an ‘implied consent’ policy which means that we assume you are happy with this usage. If you are not happy, then you should either not use our website, or you should delete the cookies having visited the site, or you should browse the site using your browser’s anonymous usage setting (called “Incognito” in Chrome, “InPrivate” for Internet Explorer, “Private Browsing” in Firefox and Safari etc.)
FIRST PARTY COOKIES
These are cookies that are set by our website directly.
Comments Cookies: When you leave a comment on our website, it automatically sets a cookie containing your username, email address and URL. This cookie allows us to automatically fill in the username, email address and URL fields on any subsequent visits you make to our site.
Plugins: In addition, plugins on our website may use the information stored in these default cookies to provide personalization features. Plugins may also store their own cookies.
THIRD PARTY COOKIES
These are cookies set on your machine by external websites whose services are used on our own website. Cookies of this type are used by the “share” buttons across the site to allow visitors to share content on social networks, and by our contact form functionality. Cookies are currently set by LinkedIn, Twitter, Facebook, Google+, YouTube and Vimeo. In order to implement this functionality and connect you to the relevant social networks and external sites, there are scripts from domains outside of our website. You should be aware that these sites are likely to be collecting information about what you are doing all around the internet, including on this website.
You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.
Redeemer Church Chester-le-Street
Registered charity number: 1187165
Registered office: 13 Runnymede, Great Lumley, Chester-le-Street, DH3 4LN.
Last Updated: 9th January 2020. Review due three years after this date.