Emmanuel Church Privacy Notice
Your personal data - what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by [the General Data Protection Regulation 2016/679 (the “GDPR”)].
Who are we?
Emmanuel Church, Durham (ECD) is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
How do we process your personal data?
ECD complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We ensure that we have in place appropriate controls to protect any personal data you provide.
We ensure that access to personal data is restricted only to those staff members or volunteers whose job roles require such access and that suitable data protection training is provided for these staff members and volunteers.
Our legal basis for processing data
ECD must have a lawful basis in order to collet, store and process your personal data. These legal bases are listed below with a general explanation of what they actually apply to at ECD:
Article 6(1)(a) gives you a lawful basis for processing where:
(a) the data subject has given consent to the processing of their personal data for one or more specific purposes;
ECD will use consent as a legal basis to “sign up” for regular news articles sent in different medium, or to request for further information about the church or its activities.
Article 6(1)(b) gives you a lawful basis for processing where:
“processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”
ECD will use contract as a legal basis for processing personal data with regard to employment of staff for ECD.
Article 6(1)(c) provides a lawful basis for processing where:
“processing is necessary for compliance with a legal obligation to which the controller is subject.”
ECD will use legal obligation as a legal basis for processing data with regard to weddings, safeguarding, gift aid and accident book reporting.
Article 6(1)(d) provides a lawful basis for processing where:
“processing is necessary in order to protect the vital interests of the data subject or of another natural person”.
ECD will use vital interest as a legal basis as we process data regarding health so that we can effectively supervise children, and others on trips away from home base including international travel.
Article 6(1)(e) gives you a lawful basis for processing where:
“processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”
ECD will use public task as a legal basis when processing personal data regarding weddings.
Article 6(1)(f) gives you a lawful basis for processing where:
“processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”
ECD will use legitimate interest as a legal basis for the majority of the personal data that is collected stored and processed for people who are part of ECD. This will include, but not be restricted to areas such as:
· To administer courses, groups and serving teams
· Personal references
· Bank details
· Membership and growth tracking data
Processing may include email, phone numbers, addresses and utilise social media providers.
Special Category Data
Special category data is personal data which the GDPR says is more sensitive, and so needs more protection. We will sometimes have to collect, process and store this more sensitive data.
In order to lawfully process special category data, it has been identified with a lawful basis under Article 6 and a separate condition for processing special category data under Article 9.
ECD sees these conditions as applicable in certain situations, as listed in Article 9(2) of the GDPR:
(a) the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject;
ECD will ask for consent when passing sensitive data onto a third party for processing. For example, but not limited to, health data when seeking corporate travel insurance
(c) processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;
ECD may collect data for an individual’s dietary or medical needs at an event or trip.
(d) processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects;
ECD may collect data that is part of our legitimate activity as a church, which may reveal religious aims.
(e) processing relates to personal data which are manifestly made public by the data subject;
ECD may use data that is made public by someone which may contain special category data.
(i) processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy;
ECD may use data to protect people’s health or pass onto Police or Local Authorities.
How long do we keep your personal data?
We keep your data for no longer than reasonably necessary. Different types of information are subject to different retention periods. We will process your data as long as you are a member of the church or are in regular contact with the church. E.g. Sunday services, volunteering and/or small groups.
Who will have access to my information?
Your personal information will be visible to our internal, authenticated users. Such personnel are only allowed to use that data for ECD purposes.
Information will only be transferred to a 3rd party, or outside the EU, on the basis of informed consent, or for the performance of a contract, to protect the data subject or other persons, for important reasons of public interest, or for legal reasons.
Your rights and your personal data
Unless subject to an exemption you have the following rights with respect to your personal data:
· The right to request a copy of your personal data which ECD holds about you;
· The right to request that ECD corrects any personal data if it is found to be inaccurate or out of date;
· The right to request your personal data is erased where it is no longer necessary for ECD to retain such data;
· The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
· The right to lodge a complaint with the Information Commissioners Office.
ECD is committed to respecting and protecting your online privacy.
This includes your need and your right to know what we do with the personal information you share with us. It also guides our policies regarding the management of this data, including how the information is collected, processed, and for what purposes.
Every time you log on to our website your IP (Internet Protocol) address registers on our servers. Your IP address reveals no information other than the number assigned to you. We do not use this technology to gain any other personal data (e.g. automatically recording e-mail addresses of visitors), nor do we use it for any purpose other than to help us monitor traffic on our website, or (in case of criminal activity or misuse of our information) to cooperate with law enforcement.
We use a number of different cookies on our site. If you do not know what cookies are, or how to control or delete them, then we recommend you visit http://www.aboutcookies.org for detailed guidance.
The list below describes the cookies we use on this site and what we use them for. Currently we operate an ‘implied consent’ policy which means that we assume you are happy with this usage. If you are not happy, then you should either not use this site, or you should delete the cookies having visited the site, or you should browse the site using your browser’s anonymous usage setting (called “Incognito” in Chrome, “InPrivate” for Internet Explorer, “Private Browsing” in Firefox and Safari etc.)
First party cookies
These are cookies that are set by this website directly.
Third party cookies
These are cookies set on your machine by external websites whose services are used on this site. Cookies of this type are used by the “share” buttons across the site to allow visitors to share content on social networks, the Twitter live feed and our contact form functionality. Cookies are currently set by LinkedIn, Twitter, Facebook, Google+, YouTube and Vimeo. In order to implement this functionality and connect you to the relevant social networks and external sites, there are scripts from domains outside of our website. You should be aware that these sites are likely to be collecting information about what you are doing all around the internet, including on this website.
You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.
The Durham Centre
Belmont Industrial Estate
Telephone: 0191 386 1077
Emmanuel Church, Durham, a company limited by guarantee, registered in England and Wales, number 06101946
Registered charity number 1120286
Registered Office: The Durham Centre, Belmont Industrial Estate, Durham, DH1 1TN
Last Updated: 19 July 2018
Review due two years after this date.