Welcome to St Peter’s Farnborough privacy notice.

St Peter’s respects your privacy and is committed to protecting your personal data. This privacy notice will inform you how we look after your personal data (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

Your Privacy

Please use the Glossary to understand the meaning of some of the terms used in this privacy notice.

1. Your personal data – what is it? 

2. Who are we? 

3. The data we collect about you

4. How is your personal data collected?

5. How do we process your personal data? 

6. What is the legal basis for processing your personal data? 

7. Sharing your personal data 

8. Data security

9. How long do we keep your personal data?

10. Your rights and your personal data 

1. Your personal data – what is it? 

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).

2. Who are we? 

St Peter’s Church is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.

3. The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you, including:

  • Identity Data: first name, maiden name, last name, username (or similar identifier), marital status, title, date of birth, ethnic group, gender, photograph, video footage and any other biographical information you may provide us;

  • Contact Data: billing address, delivery address, email address and telephone numbers;

  • Financial Data: bank account and payment card details;

  • Transaction Data: details about payments to and from you and other details of events, products or services you have purchased from us or gifts you have donated to us;

  • Technical Data: internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website;

  • Profile Data: your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;

  • Usage Data: information about how you use our website, events, products and services;

  • Marketing and Communications Data: your preferences in receiving marketing from us and our third parties and your communication preferences;

  • Special Category Data: racial or ethnic origin, religious or philosophical beliefs.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data at law as the data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We will always make it clear to you when we collect this information and why. 

Where we need to collect your personal data to perform the contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel your tickets to an event or service you have with us but we will notify you if this is the case at the time.

4. How is your personal data collected?

We use different methods to collect data from and about you which include:

Direct interactions: You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • are involved in the life of the church through one of our gatherings, groups or activities;

  • fill out a welcome card;

  • are photographed or filmed during our services or events;

  • apply to volunteer with us;

  • when we ask you to undertake a DBS check before volunteering with us;

  • donate online or completing a giving flyer;

  • create an account on our website or ChurchSuite;

  • register for an event or course;

  • subscribe to our services or publications;

  • request marketing to be sent to you;

  • respond to a survey; or

  • give us some feedback.

Automated technologies or interactions: As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies. 

Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources as set out below:

  • Technical Data from analytics providers such as Google based outside the EU.

  • Identity and Contact Data from publicly available sources such as Companies House based inside the EU.

5. How do we process your personal data? 

St Peter’s Church holds records of the people in our congregation, volunteers, guest and service users and use this information to coordinate church activities and to keep individuals informed of things happening in the life of the church.

St Peter’s Church complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access, and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data for the following purposes to: 

  • manage, administer and promote the life of the church;

  • manage, maintain and publish the electoral roll in accordance with Church Representation Rules;

  • determine your suitability to volunteer for our work with vulnerable adults, children and youth;

  • coordinate and provide assistance to you through our Pastoral Care structures;

  • administer financial transactions and donations (including the processing of gift aid applications);

  • administer our courses or events;

  • manage our websites and social media accounts;

  • manage our volunteer teams and employees;

  • prevent and detect crime;

  • where we need to comply with a legal or regulatory obligation;

  • enable us to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our constitution to enable us to further our charitable purpose;

  • administer membership records;

  • fundraise and promote the interests of the charity;

  • inform you of news, events, activities and services running at St Peter’s Church.

You have the right to withdraw consent to marketing at any time by clicking on an unsubscribe link in one of our emails to you or by emailing admin@stpetersfarnborough.org.uk.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please email admin@stpetersfarnborough.org.uk.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Where and whenever necessary, we will seek your prior consent to the new processing.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

6. What is the legal basis for processing your personal data? 

  • Explicit consent of the data subject so that we can keep you informed about news, events, activities and services and keep you informed about diocesan events. 

  • Processing is necessary for carrying out legal obligations in relation to Gift Aid or under employment, social security or social protection law, or a collective agreement.

  • Processing is carried out by a not-for-profit body with a political, philosophical or religious aim provided: the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and there is no disclosure to a third party without consent. 

7. Sharing your personal data 

Your personal data will be treated as strictly confidential and will only be shared with other employees & key volunteers of St Peter’s Church, in order to carry out a service to other members of St Peter’s Church or for purposes connected with St Peter’s Church.

8. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, key volunteers, agents, contractors and other third parties who have a need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9. How long do we keep your personal data?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We also keep data in accordance with the guidance set out in the guide “Keep or Bin: Care of Your Parish Records” which is available from the Church of England website. Specifically, we retain electoral roll data while it is still current; gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate; and parish registers (baptisms, marriages, funerals) permanently.

10. Your rights and your personal data 

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: 

  • The right to request a copy of your personal data which St Peter’s Church holds about you; 

  • The right to request that St Peter’s Church corrects any personal data if it is found to be inaccurate or out of date; 

  • The right to request your personal data is erased where it is no longer necessary for St Peter’s Church to retain such data; 

  • The right to withdraw your consent to the processing at any time; 

  • The right to request that St Peter’s Church provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller (known as the right to data portability). This only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means.

  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing; 

  • The right to object to the processing of personal data (this applies only when processing is based on legitimate interests, the performance of a task in the public interest, or the exercise of official authority; as well as for direct marketing and processing for scientific or historical research and statistical purposes).

  • The right to lodge a complaint with the Information Commissioner’s Office.