WHAT THIS PRIVACY NOTICE IS FOR: This Privacy Notice sets out how any Personal Data that you give to Albert Road Evangelical Church (AREC) is collected, stored and used, this is referred to as Data Processing. All data processed by AREC is undertaken in accordance with the UK General Data Protection Regulations (GDPR) 2019 which come into force on 1st January 2021. You can learn more about your rights under the UK GDPR at: Individual rights | ICO
WHO WE ARE Albert Road Evangelical Church is a small community church based in the town of Oswestry, Shropshire, we are a member of Rural Ministries. Our activities include: · Regular Christian Worship Services · Community Parent and Toddler Groups · Community Coffee Mornings and Meals · Summer Holiday Activities for Children.
OUR DATA PROTECTION DETAILS: Our data protection processes are managed by the trustees; all queries in relation to Data Protection in the first instance should be directed to: our administrator as above. Our full Data Protection and Confidentiality Policy can be found on our website: as above.
OUR PRINCIPLES AND PROMISES FOR PROCESSING DATA AREC use the GDPR 2018 definitions of Personal Data, Special Category Data and Criminal Offence Data adopted by the UK GDPR Regulations 2019. Personal Data is information that include any attributable information such as name, age, address, contact details or electronic identifiers. Special Category Data includes sensitive data such as revealing health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership. Criminal Offence Data contains records and details of criminal offences.
We ensure that all data is
1. Processed lawfully, fairly and in a transparent manner; 2. Collected only for specified, explicit and legitimate purposes; 3. Adequate, relevant, limited to what is necessary for the purpose for which it is collected; 4. Accurate and kept up to date; 5. Kept for no longer than is necessary; and 6. Kept securely.
OUR OBLIGATIONS AND YOUR RIGHTS AREC will ensure that we inform you under which legal basis your information is being obtained and processed, usually this will be one of the following three GDPR approved reasons:
1. Consent – You have expressly consented to us having your data for the purposes of taking part in an activity with us or enabling us to communicate with you about church business and activities. We will only use the information you have provided for the purpose you have agreed to. You are fully in control of any information that you have provided consent for, you can withdraw your consent at anytime and we will no longer use your data and will delete it if requested. If you wish to withdraw your consent, please contact us by phone or e-mail as above. or speak to member of the church leadership team. Please be aware that if you have chosen to give your permission for your details to be included in a church directory, newsletter or prayer list, we can only remove your details from future publications not from those previously in circulation.
2. Legitimate Interests – If you choose to become a member of our church, your information will be held and utilised to enable you to fully participate as a member of the church, therefore you will receive information in respect of all church business and activities. You can choose not to have your details included in any circulation of church member information and make requests to have your information reviewed on request in line with the conditions set out in our Data Protection Policy. Please be aware we can only remove your details from future publications not from those previously in circulation.
If you are a church member or a member of the public and you decide to take part in activities, agree for us to claim gift aid on any donations you give, or undertake a role within the church, we may need to retain or process data for these purposes. This is the legal basis for processing data when we need to process your data for a legitimate functional purpose. We will use your data in a way that you would reasonably expect us to, which will have a minimal impact on your privacy and will not cause you harm. We may also need to retain this information for legal purposes. This includes the use of your email address for the purposes of engaging with online/virtual activities by the church. You can make requests to have your information reviewed on request in line with the conditions set out in our Data Protection Policy.
If we have provided you with a specific information in the past, ie: our community activities and events, we may use the ‘legitimate interests’ basis for continuing to send you this information; however as this is a form of marketing, we will always provide you with the opportunity to ‘object’; this will always be respected and we will immediately stop contacting you for these purposes. If you have received information of this nature and you wish this to stop, please contact us at: details as above. Contract – You have entered, or wish to enter, a contract with us directly, you are giving us data to provide us with a quote or service according to the contract. We will process your data as agreed in the terms of the contract that you have entered with us, and as required for financial, audit and legal purposes. This applies to AREC employees and companies that AREC uses to purchase equipment or services.
Your Rights - Rights of access, rectification, restriction, objection or erasure: · The right to be informed of what data we collect, how it is used and why · The right to access a copy of, or a summary of the data we hold about you · The right to rectification, if the data we hold is incorrect · The right to restrict how we process your data · The right to object to how we process your data · The right to erasure of your data (where applicable/legal) · The right to data portability (not applicable to AREC) · Rights in relation to automated decision making and profiling (Not applicable to AREC as this method of data collection and processing is not utilised)
If you wish to request: · Access to your data · Rectification of a mistake in the data we hold about you · Restriction or Objection to the processing of your data · Erasure of your data
Please contact us at: information above.
We will: · Record and acknowledge your request on receipt · Ensure that the administrator/trustees are made aware of the request within 3 working days · Review your request within 10 Working Days · Respond within 1 calendar month if possible · If your data request is lengthy or complex, we may seek to agree an extension with you which will be no longer than 2 months. · If we agree to your request, we will provide the information in a clear, accessible manner. · If we are refusing your request will inform you of the reasons for this and explain how you can complain if you are not satisfied with the response.
If for any reason your data rights have been breached, we will do everything possible to rectify this and minimise the harm caused to you through any data loss or misuse. You have the right to raise a complaint if you do not feel we have adequately responded to your concerns. Our process for dealing with data requests and data breach can be found in our full Data Protection and Confidentiality Policy.
WHAT DATA DO WE COLLECT AND HOW DO WE USE IT? The most common data we collect is your name, email address, address and phone number so that we can contact you with information about events or activities that you attend, for example to let you know about transport arrangements or if an activity is cancelled. We may also need to know you or your child(ren)’s date of birth, any allergies or medical information and who to contact in case of an emergency in order to help ensure your health and safety whilst on our premises. Some information is also required for compliance with our safeguarding policy.
Information will be retained for as long as you are regularly taking part in our activities, we will review our lists every 6 months and remove the details of anyone who is no longer attending, however you may ask for your details to be removed at any time, in line with our data protection policy, as outlined, some information must be retained by law, if this is the case we will inform you of this in writing. We will ask your permission before taking any photos of you or your family joining in with our activities and we will check if you are happy for these to be displayed in our church and/or on our website. You can change your mind at anytime. If we wish to include your pictures in a newsletter or publication, we will ask for your written permission, as once published it will not be possible to retrieve all copies issued.
If you are a church member, we will also use your information to keep you informed about church business and activities, as part of supporting our members and enabling the church to support each other, we will also include your details in the church directory and/or prayer lists and communications; these are only circulated internally within the church. If you do not wish us to include you, you can request for your details to be withheld when you become a member; you may also change your mind at any point, however, please be aware your details can only be removed from future publications and your details may remain in circulation on previously distributed copies. Your details will be retained for the length of your membership. If you cease to be a member of the church, your details will be removed from the membership list.
If you are a regular part of our congregation but you are not a member of the church, you may request to be included in the church directory and/or prayer list/regular communications, which we will ask you to consent to in writing. As detailed above you can change your mind at any point, however, please be aware your details can only be removed from future publications and your details may remain in circulation on previously distributed copies.
The most common data we retain is contact details, all lists are reviewed every 6 months, if you are no longer actively involved with us, we will remove your details from our systems, if we are unsure, we will contact you & ask if you still wish us to retain your details, if you do not respond you will be removed from our contact lists. Contact information will not be used for any other purposes than those they were originally initiated for.
Information that is kept for 7 years or longer includes emails and financial, contract & employment information. This enables AREC to comply with HMRC and legal requirements. If you have agreed for AREC to collect gift aid on any donations you have made, we will retain and use the data you have provided for this purpose. Some information in retained in order to be able to respond to Safeguarding requirements.
More information on our retention, archiving and deletion procedures can be found in our full Data Protection and Confidentiality Policy.
PROTECTING YOUR DATA All data stored electronically is protected by the use of passworded systems. Physical storage of information is in locked cabinets within AREC offices, a small amount of data may be kept in the homes of those holding specific posts within the church, these will be kept in confidential folders out of general sight of visitors to the home and secured as part of home security. Information in transit is the responsibility of the AREC member transporting it, information will be kept secure and minimal personal data will be transported to reduce the likelihood of data loss.
SAFEGUARDING AND PUBLIC PROTECTION We undertake DBS checks on all church members who are leading or supporting church activities with children and/or vulnerable adults unsupervised. This ensures we can keep everyone safe. This information is kept confidential and is used for the purpose of safe recruitment. This information is only retained for active volunteers. DBS Information will be returned to you or destroyed when your role with us ends.
Occasionally we may be obliged to breach your confidentiality and share information you have given, or information received about you, even if you do not consent. This decision will always be approved by the AREC Leadership team, and where possible you will be informed. These exceptional circumstances are:
· A situation which raises concerns about the safety of a child or vulnerable adult; · Immediate danger to the person or someone else · As required by the Terrorism Act 2006 and the Counter Terrorism & Security Act 2015.