Privacy Policy.

Name: Tina Winter, Church Administrator

Address: The Brook Church, The Square, Bagshot, Surrey, GU19 5AY

Phone Number: 01276 479316

E-mail: office@brookchurch.uk

This policy describes the procedures, guidelines and policies that The Brook Church Bagshot has put into place in order to comply with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

It applies to all Employees and Volunteers of The Brook Church Bagshot. The Brook Church Bagshot collects and manages information about people on the basis of specific consent and our legitimate interests as a registered charity. If there is any uncertainty regarding this Policy, Employees and Volunteers must contact Tina Winter via the details set out above.

This policy is based on the GDPR principles. It outlines the rights granted to individuals and defines how these principles and rights are addressed in The Brook Church operations, departments, and activities.

What are the principles? 

Article 5 of the UK GDPR sets out seven key principles which lie at the heart of the general data protection regime.

Article 5(1) requires that personal data shall be:  

“(a) processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’);

(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);

(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);

(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).”

The UK GDPR provides the following rights for individuals:

  1. The right to be informed

  2. The right of access

  3. The right to rectification

  4. The right to erasure

  5. The right to restrict processing

  6. The right to data portability

  7. The right to object

  8. Rights in relation to automated decision making and profiling.

Collection Notices

When data is obtained from an individual, the following information must be made clear to the data subject at the time of collection:

·         The identity and the contact details of the organisation behind the data request

·         The purpose of acquiring the data and how it will be used

·         Whether the data will be transferred internationally

·         The period for which the data will be stored

·         The individual’s right to access, rectify or erase the data

·         The individual’s right to withdraw consent at any time

·         The individual’s right to lodge a complaint

 The type of personal information we collect

We currently collect and process the following information:

·         Name and surname

·         Home address

·         E-mail address

·         Telephone numbers

·         Bank details (via our website or via third party payment processors)

·         Other contact details

How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you with your consent for one of the following reasons:

·         Gift Aid Declaration Form

·         Contact Form

·         Church Directory information

·         Prayer Request Form

·         Other forms, notices and cards collected by The Brook Church

·         Orally during church services or events

We also receive personal information indirectly, from the following sources in the following scenarios:

·         Donations to the Brook Church – whilst your donation may be anonymous, depending on your bank it is possible that your personal information will be provided or referenced to in your donation

 

We use the information that you have given us in order to:

·         Communicate with you with regards to church events, activities or other church purposes

·         Keep records internally

·         Help us improve our services

·         Process Gift Aid claims via HMRC and a third party treasurer – Martell Associates, who are UK based

We may share this information with New Frontiers, Commission and HM Revenue & Customs as required by law however will not be shared internationally unless otherwise stated.

 

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

(a)       Your consent. You are able to remove your consent at any time. You can do this by contacting Tina Winter on the details above.

(b)       We have a legal obligation. Processing is necessary for compliance with a legal obligation to which The Brook Church Bagshot is subject to.

 

How we store your personal information

Your information is securely stored within The Brook Church database (Microsoft Excel file) in the UK.

We keep all personal information provided to us for one month unless we have your permission to retain this for a longer time period. We will dispose of your information by deleting all electronic and physical copies of this data.

Information contained on the church database will not be used for any other purpose than stated here. The database can only be accessed by those with admin access to the admin computer at The Brook Church, Bagshot.

Access to the database is strictly controlled through the use of an administrator password.

  • Only the church elders and church employees have access to this database.

  • The database will not be accessed by any authorised users outside of the EU, in accordance with the Data Protection Act, unless prior consent has been obtained from the individual whose data is to be viewed.

  • Subject Access – all individuals who are the subject of personal data held by The Brook Church are entitled to:

    • Ask what information the church holds about them and why.

    • Ask how to gain access to it.

    • Be informed how to keep it up to date.

    • Be informed what The Brook Church is doing to comply with its obligations under the 1988 Data Protection Act.

    • The only third party that your information will be shared with is Martell Associates who act as church treasurer, and whom process our Gift Aid Declaration Forms.

Your data protection rights

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information.

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us at office@brookchurch.uk if you wish to make a request.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at office@brookchurch.uk.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:           

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk