Introduction

The Church of St Peter, Farnborough (St Peter’s) collects and uses personal data to support the mission of the church.  This notice sets out how we will use personal data and the rights of the individual. It is made under the UK Data Protection Act 2018 and the Privacy & Electronic Communications Regulations 2003 ("the PECR") relating to electronic communications.

The data we collect about you

St Peter’s Church holds records of the people in our congregation, volunteers, guests and service users and uses this information to coordinate church activities and to keep individuals informed of things happening in the life of the church.

We use your personal data for the following purposes:

·       Management of church membership

·       Financial management including Acts435, donations and GiftAid

·       Personnel records of employees and recruitment information for applicants

·       Management of volunteers and church groups

·       Children’s and youth groups, including parent and/or legal guardian data

·       Mailing lists for church news and groups (e.g. toddlers’ groups)

·       Management of weddings, funerals, and baptisms

·       Management of bookings for the Church and Parish Centre

·       To comply with legal obligations such as under Safeguarding.

What is the legal basis for processing your personal data?

Except for mailing lists, St Peter’s has a legitimate business interest to collect and use personal data to undertake church activities in a safe manner.  

Explicit consent is sought for mailing list membership.

How is your personal data collected?

All personal data is supplied to us by you or someone with a related connection with you (e.g. parents or guardians) through direct interactions. Examples include:

·       becoming involved in the life of the church through one of our gatherings, groups or activities

·       fill out a welcome card

·       are photographed or filmed during our services or events

·       the Safer Recruitment process for volunteers and employees

·       donating online or completing a giving flyer

·       creating an account on our website or ChurchSuite

·       registering for an event or course

·       subscribing to our services or publications

·       responding to a survey; or

·       giving us some feedback.

The data we collect about you

The following data is collected (where appropriate):

·       Name

·       Email address

·       Street address

·       Telephone number(s)

·       Family Connections

·       Financial information.

For specific events and purposes (e.g. Hear Here, holiday club and children’s groups) appropriate medical information is collected and processed.

St Peter’s does not collect other special category data but as a religious institution, the fact of data being held implies a religious connection.

Sharing your personal data

Personal data may be stored on our IT infrastructure or may be shared with our data processors who provide email, financial tools, membership management and storage services. The third-party data processors used are:

·       Church Suite for church management

·       Microsoft Office365 for e-mail and back-office tools

·       Mail Chimp for mailing lists and e-mail

·       Stripe for payment card processing

·       Expense Plus for accounting & financial services

·       BrightPay for payroll management

In addition to the information shared, third-party processors using web interfaces may collect Internet addresses and similar data to manage the service.  This is not accessed or used by St Peters’ Church.

St Peter’s does not sell personal information or provide personal information to third parties, outside of the uses above unless required to do so by law or court instruction.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, key volunteers, agents, contractors and other third parties who need to know. They will only process your personal data on our instruction and are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long do we keep your personal data?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your rights and your personal data

Unless subject to an exemption under UK legislation, you have the following rights concerning your personal data:

·       The right to request a copy of your personal data which St Peter’s Church holds about you

·       The right to request that St Peter’s Church corrects any personal data if it is found to be inaccurate or out of date

·       The right to request your personal data is erased where it is no longer necessary for St Peter’s Church to retain such data

·       The right to withdraw your consent to the processing at any time

·       The right to request that St Peter’s Church provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller (known as the right to data portability). This only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means.

·       The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing

·       The right to object to the processing of personal data (this applies only when processing is based on legitimate interests, the performance of a task in the public interest, or the exercise of official authority; as well as for direct marketing and processing for scientific or historical research and statistical purposes).

·       The right to lodge a complaint with the Information Commissioner’s Office.

Children’s data

We only collect data on children with parental or guardian consent and we ensure it is handled with extra care and protection.

Updates to this notice

We may update this policy from time to time to reflect changes in legal requirements or church operations. The latest version will always be available on our website.