Your personal data – what is it?
Personal data is any information about a living individual who can be identified from that data (for example a name, photographs, videos, email address, or address). Identification can be by the information alone or in conjunction with any other information. The processing of personal data is governed by General Data Protection Regulation (GDPR).
Who are we?
King’s Church Guildford is the data controller. This means the church decides how your personal data is processed and for what purposes.
How do we process your personal data?
King’s Church Guildford complies with its obligations under GDPR by
- Collecting and processing data for a lawful reason and in a fair and transparent way
- Only using it for the purposes we originally collected it
- By not collecting or retaining excessive amounts of data
- By keeping personal data up to date
- By storing personal data securely
- By keeping personal data for only as long as is necessary and destroying out of date data quickly and effectively
- By protecting personal data from loss, misuse unauthorised access and disclosure
We use your personal data for the following purposes:
- To maintain our own accounts and records
- To carry out comprehensive safeguarding procedures
- To administer membership records
- To inform you of news, events, activities and services
- To provide appropriate pastoral care
- To manage our employees and volunteers
- To process a donation(s) that you have made (including Gift Aid information)
What is the legal basis for processing your personal data?
- Explicit consent of the data subject – so that we can keep you informed about news, events, activities, services and process your gift aid donations.
- Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement.
- Processing is carried out by the Church as a not-for-profit body with a religious aim provided:
- The processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and
- There is no disclosure to a third party without consent.
Sharing your personal data
Your personal data will be treated as strictly confidential. It will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church. We will only share your data with third parties outside of the church with your consent unless required by law or by a regulatory body (for example a Gift Aid audit by the HMRC, or if asked for details by a law enforcement agency).
IT solutions used by King’s Church Guildford (where some information may be stored) are:
- ProclaimIT (website consultants)
- Dropbox (file sharing and storage)
- Sage (accounts software)
- Stripe (online payment portal)
- Ticket tailor (event digital ticketing provider)
- Klemi (database software)
- MailChimp (e-marketing provider)
- Microsoft (file sharing and email)
The organisations referred to above are joint data controllers. We may need to share personal data we hold with them so that they can carry out their responsibilities. This means we are all responsible to you for how we process your data.
How long we keep your personal data
We will keep some records permanently if we are legally required to do so. We may keep some other records for an extended period of time. For example, it is current best practice to keep financial records for a minimum of 7 years to support HMRC audits. In general, we will endeavour to keep data only for as long as we need it. Data will be periodically archived to provided statistical records of Church membership and activities.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of your personal data, which the church holds about you
- The right to request that the church corrects any personal data if it is found to be inaccurate or out of date
- The right to request your personal data is erased, where it is no longer necessary for the church to retain such data
- The right to withdraw your consent to the processing of your data at any time
- The right to right to data portability (the right to request that we transfer some of your data to another controller)
- The right to lodge a complaint with the Information Commissioner’s Office.
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
To exercise all relevant rights, queries or complaints please in the first instance contact King’s Church Guildford at .
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.