Who are we?
Church of the Living God (“the Church”) is an independent church currently based around the Twickenham area of Southwest London. We are registered with the Evangelical Alliance under reference number 234362 and our operating address is Church of the Living God, Ash House Business Centre, 8 Second Cross Road, Twickenham, TW2 5RF.
General Data Protection Regulation 2018 (“GDPR”)
The Church holds and uses personal data in accordance with the eight requirements of the GDPR that personal data shall:
- Be processed fairly and lawfully.
- Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose.
- Be adequate, relevant and not excessive for those purposes.
- Be accurate, and where necessary, kept up to date.
- Not be kept for longer than is necessary for that purpose.
- Be processed in accordance with the data subject’s rights.
- Be kept secure from unauthorised or unlawful processing and protected against accidental loss, destruction or damage by using the appropriate technical and organisational measures.
- Not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
How we collect data and information about you
We collect personal information when you contact us. For example, when you
- Login to our website, as a member, or use the contact form on our website.
- Register your details and your family details, on ChurchSuite*.
- Make a donation, by completion of offering envelopes or a standing order or an electronic payment directly to our bank account.
- Provide your contact details, in writing or orally, to Church staff or volunteers.
- Communicate with the Church by means such as email, letter or telephone.
- Access social media platforms such as Facebook, YouTube/Vimeo, WhatsApp, Twitter, Instagram.
*ChurchSuite is a commercial database that the Church uses.
The Church will treat all your personal information as private and confidential and not disclose any data about you to anyone other than the leadership and ministry overseers/co-coordinators of the church in order to facilitate the administration and day-to-day ministry of the church.
All the Church staff and volunteers who have access to personal data will be required to agree to sign a Confidentiality Policy and a Data Protection Policy.
To that end, we have assigned a data privacy manager to superintend all aspects of this Privacy Notice, ensuring your questions are answered and your rights are respected. If you have questions, you should contact the data privacy manager, see below for contact details.
There are four exceptional circumstances to the above permitted by law:
- where we are legally compelled to do so.
- where there is a duty to the public to disclose.
- where disclosure is required to protect your interest.
- where disclosure is made at your request or with your consent.
Use of Personal Information
The Church will use your data for two main purposes:
- The day-to-day administration of the church; e.g. pastoral care and oversight including calls and visits, and preparation of ministry rotas.
- Contacting you to keep you informed of church activities and events.
Personal information will not be passed onto any third parties outside of the church environment, ministries connected to the Church or our Church Accountants (who may use this information for the preparation of our annual accounts). We do not sell or pass any of your personal information to any other organisations and/or individuals without your express consent, with the following exceptions:
- By providing us with your details you are giving the Church your express permission to transfer your data to service providers including mailing houses, such as MailChimp, to enable fulfilment of the purpose for collection.
- When required by law.
We store data mainly in a database called “ChurchSuite”. The ChurchSuite database is accessed through the “cloud” and therefore can be accessed through any computer or smart device with internet access. The ChurchSuite data is held in three secure separate data centres in the UK, hosted by ChurchSuite and is encrypted with military grade encryption.
We also store data for financial and other admin purposes.
- Access to the ChurchSuite is strictly controlled through the use of name specific passwords, which are selected by the individual.
- Access to other databases are controlled by passwords and other security measures included in the software.
- Those authorised to use ChurchSuite only have access to their specific area of use within the database. It is controlled by the employees at ChurchSuite and specified Church administrators. These are the only people who can access and set these security parameters. People who will have secure and authorised access to the database include the Church Staff, Ministry Team Leaders, House Group Leaders and Church leaders. All access and activity on the database is logged and can be viewed by ChurchSuite.
- Individuals are responsible for keeping their account contact details up to date. The Church have internal processes to periodically review the data held and delete data that is no longer relevant to the purpose for processing.
- For other databases the access is limited to Church Staff authorised to do so.
Rights to Access Information
Employees and other subjects of electronic or manual personal data held by the Church are entitled to:
- ask what information the church holds about them and why;
- ask how to gain access to it;
- be informed how to keep it up to date.
Personal information may be withheld if the information relates to another individual.
Any person who wishes to exercise this right should make the request in writing to the Church Data Protection Officer, using the standard letter which is available online from www.ico.org.uk.
Please address all correspondence to:
FAO: The Data Protection Officer
Church of the Living God,
Ash House Business Centre
8 Second Cross Road
or emailing email@example.com
If personal details are inaccurate, they can be amended upon request.
Removing your data
If you wish to have your details removed entirely from our systems please send an email to firstname.lastname@example.org, or write to The Data Protection Officer Church of the Living God, Ash House Business Centre, 8 Second Cross Road, Twickenham, TW2 5RF. providing your full name and postal address.
The Church aims to comply with requests for access to personal information as quickly as possible, aiming to do so within the 30 days, unless there is good reason for delay. If that is the case, we will write to you within that period providing you with the reason for delay and will follow this up as soon as possible thereafter.
If the Church wish to use an individual’s personal information for a new purpose, not covered by this privacy notice, we will provide all relevant subjects with a new notice, explaining the new use, setting out the relevant purposes and legal basis for processing, and seeking your approval prior to starting the processing.