If you have any questions after reading this policy, please do not hesitate to get in touch with us at email@example.com
- What is your personal data?
When we use the term Personal Data in this Privacy Notice we refer to data collected or held by Relentless Church that identifies and relates to you as an individual. Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or which is likely to come into such possession. The processing of personal data is governed by the UK General Data Protection Regulation 2016/679 (the “UK GDPR and the Data Protection Act 2018, the ‘DPA 2018’”).
- Who are we?
Relentless Church is a registered charity (#1055622) whose office is Relentless Church, Thewlis Street, Warrington, WA5 1AJ.
- How do we process your personal data?
Relentless Church complies with its obligations under the UK GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access, and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
At Relentless Church we use your personal data for the following purposes:
– To enable us to provide voluntary services for the benefit of the public. This includes activities undertaken as Relentless Church as well as other initiatives organised by us.
– To promote the interests of our charity.
– To manage our employees and volunteers.
– To maintain our own accounts and records (including the processing of Gift Aid).
– To inform you of news, events, activities and services running at Relentless Church.
– To keep you informed about news, events, activities and services from other organisations that we partner with.
- What is the legal basis for processing your personal data?
The UK GDPR allows for ‘legitimate interest’. This allows us to keep records on people who have an association with the church because they come to Relentless Church, serve on team, attend our events or courses or have asked to be kept in touch.
Legitimate interest means that it is in yours and our interest in conducting and managing our organisation to enable us to give you the best service we can.
We also process your data to comply with legal or regulatory obligations we are subject to. Where personal data is collected for marketing purposes this is done with the consent of the data subject.
- Financial records and card details
All financial payments and records are held in accordance with The Payment Card Industry Data Security Standard (“PCI DSS”).
All credit/debit card donations made online or by text giving are made securely through third party service providers and payment gateways, which comply with the PCI DSS. Unredacted card details are not recorded and stored on our systems.
We do not store unredacted financial details (credit or debit card numbers) obtained through online transactions nor do we pass any information to third parties, except where we are legally required to do so, to assist fraud reduction, or to provide a service requested and minimise credit risks.
Where we have your consent, we may also use your personal data for marketing purposes, which may include contacting you by phone, email, text message or post with information and news of services you may be interested in. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt out.
- Sharing your personal data
Your personal data will be treated as confidential and will only be shared with other members of the church for purposes connected with the church. We do not share your information unless you have given us explicit instruction to do so.
The only exception to this is where it is in the public interest and is necessary for the purposes of:
– Protecting an individual from neglect or physical, mental or emotional harm; or
– Protecting the physical, mental or emotional well-being of an individual where that individual is a child or is an adult at risk.
We do use third party processors to assist with our data processing. These include but are not limited to:
– Planning Center Online (planningcenteronline.com)
– ChurchSuite Ltd
Wherever data is used on a third-party processor system Relentless Church is still the Data Controller of that data, and the data is not used for purposes unrelated to Relentless Church nor may it be re-used or transferred by the third party processor.
We will not transfer your personal information to countries outside the United Kingdom, except where we use the services of a third party who host data outside the UK. We will only use third parties who ensure that data hosted outside the UK is held in accordance with UK GDPR. Where data transfer is required outside these third parties separate consent will be sought.
- What about cookies?
Cookies are small text files which are transferred to your computer or device when you visit a website.
– To help us understand how people are using our services, so we can make them better
– To help us personalise our service to you by remembering your preferences and settings
– To find out if our emails have been read and if you find them useful
The types of cookies we use are defined as:
Strictly necessary cookies
These cookies are always on and you can’t turn them off unless you change your browser settings. We use them to make sure our services work correctly.
Functional, performance and tracking cookies
These cookies are used to make your experience more enjoyable; you can switch these on or off at any time and you can always change your mind. We’ll only use them if you’ve agreed.
- Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees or volunteers who need access to fulfil their responsibilities.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any regulator of a breach where we are legally required to do so.
- Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting and reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
- Your rights
Unless subject to an exemption under the UK GDPR or DPA 2018, you have the following rights with respect to your personal data:
– The right of access – to see what information we hold about you and to verify the lawfulness of our processing of your data.
– The right to correction – to correct the information we hold if it is incomplete or inaccurate.
– The right to erasure – “to be forgotten”; to have your information removed.
– The right to restrict processing – to change the way in which we use your data.
– The right to data portability – to obtain your information in order to transfer it to another service or organisation.
– The right to object; and to object to the way in which we are using your data.
– The right not to be subjected to automatic decision making including profiling – to have your information removed from any databases subject to automatic decision making processes.
– The right to lodge a complaint with the Information Commissioners Office.
If you would like to exercise any of the rights set out above, then please contact us.
You will not need to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a fee if your request is repetitive or excessive.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
- Additional processing
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
- Changes to this Privacy Notice
We may change this Privacy Notice from time to time to reflect changes in best practice, security and control and to ensure compliance with any changes or amendments to the law or other applicable legislation in the United Kingdom. Any amended version will be available on this webpage.
- Contact details
To exercise all relevant rights, queries of complaints please contact us by email at firstname.lastname@example.org, or by contacting Data Protection, Relentless Church, Thewlis Street, Warrington, WA5 1AJ.