DATA PRIVACY POLICY
This privacy policy sets out how Oak Grove Community Church uses and protects any personal data that you give us while you use our website, are part of the church or any of our projects/events. We are committed to safeguarding the privacy of church members, members of the public who a part of our projects/events, and website visitors and you can be assured that it will only be used in accordance with this privacy policy. Your personal data is treated in compliance with the provisions of the General Data Protection Regulation 2018 (GDPR).
Oak Grove Community Church may make changes to this policy from time to time but we will always have the latest version available for you on our website and available as a hard copy from the office. If there are any major changes, we will add a notice on our website or contact you via email or in person.
This policy is effective from May 2018.
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.
The personal data we collect about you will vary depending on how you interact with us. However, we will only collect data that is relevant, accurate, adequate and limited to what is necessary in relation to the purpose for which it is processed.
Who are we?
For the purposes of GDPR, Oak Grove Community Church is the data controller, registered with the Information Commissioner’s Office – Registration Number ZA030094. Our nominated representative is Church and Facilities Administrator, Rebecca Savory and her contact details can be found at the end of this policy.
How do we process your personal data?
Oak Grove Community Church complies with its obligation under GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes:
· To administer membership records
· To provide pastoral care, support and teaching
· To enable us to maintain appropriate safeguarding arrangements for our children, young people and adults with care and support needs
· To fundraise and promote the interests of the charity
· To manage our employees and volunteers (including those applying to work or volunteer for us)
· To administer and manage Money Advice clients (as applicable)
· To maintain our own accounts and records (including the processing of gift aid applications and donations)
· To inform you of news, events, activities and services running at Oak Grove Community Church
What is the legal basis for processing your personal data?
· Explicit consent from you so that we can keep you informed about news, events, activities and services and process your gift aid donations, if applicable.
· Processing is necessary for carrying out obligations under employment, social security or a collective agreement.
Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with other members of the church, organisations or other third parties with your consent.
Will your data be shared with any third parties?
We use and share data with trusted third party data processors for transactions and donations, website hosting, database storage and event management, and also money advice management. These third parties are only permitted to use the data in accordance with data protection law and under instruction from us.
You can find out more about the third parties we use by contacting the office.
In addition to these third parties, we may disclose information about you for the following reasons:
- to the extent that we are required to do so by law
- in connection with any legal proceedings or prospective legal proceedings
- in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
Except as provided in this Privacy Policy, we will not provide your information to third parties without your express consent.
How long do we keep your personal data?
Oak Grove Community Church will only use your personal data for the purpose for which it was given, we will not keep it for longer than necessary usually for the time that you are attending our church or a project we run. After this we may continue to hold your contact details for as long as you agree in order to keep you informed about the ministry of the church, upon which time we will destroy the information securely.
Security of your data
Oak Grove Community Church is committed to ensuring that your information is secure. Our IT equipment is password protected and is safely stored. Local workstations are protected against viruses and malware using industry best practice standard software. Data is backed up regularly and routinely to an external hard drive.
Paper copies of personal information are kept in locked filing cabinets.
We ensure that access to personal data is restricted only to those staff members or volunteers whose job roles require such access and that suitable training is provided for these staff members and volunteers.
We do not guarantee that any email sent to us will be received or that the contents will remain private during transmission. If you are concerned about this, please consider other means of communication. You are responsible for ensuring any electronic message or information you send to us is free from any virus or defect that may harm our systems in any way.
Our third party processors, Google, Squarespace (website host) and Planning Center (church management software) are based in the US and have been carefully chosen and complies with the EU-US Privacy Shield agreement. The EU-US Privacy Shield is an approved certification mechanism under Article 42 of the GDPR. You can access the European Commission decision on the adequacy of the EU-US Privacy Shield here.
Our website may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
No method of data transmission or method of electronic storage, is 100% secure over the Internet. Therefore, we cannot guarantee its absolute security.
Cookies
Our website uses cookies. A cookie is a small text file stored in your computer containing text data. We use cookies for certain functions to improve the usability of the website. We use ‘statistic’ cookies, which help us to understand how visitors interact with our website by collecting and reporting information anonymously. We also use third party requests, which are requests that are made from a user to an external service. Despite the fact that these requests don't set any cookies, they can still transfer privacy information to third parties.
Your rights and your personal data
Unless subject to an exemption under GDPR, you have the following rights with respect to your personal data:
1. The right to be informed about the collection and use of your personal data
2. The right of access, which allows you to be aware of and verify the lawfulness of the processing
3. The right to rectification, to have inaccurate personal data corrected, or completed if it is incomplete
4. The right to erasure, which is the right to be forgotten – it is not absolute and only applies in certain circumstances
5. The right to restrict processing – this is not absolute and only applies in certain circumstances
6. The right to data portability, which allows you to obtain, reuse and move your personal data in a common format across different services
7. The right to object to processing based on legitimate interests, direct marketing and/or processing for purposes of research and statistics. We confirm that we do not engage in direct marketing
8. Rights in relation to automated decision making and profiling. We confirm we make no decisions on you using an automated process
If you would like to exercise any of the above rights, please contact us. Under the new GDPR regulations, we have up to one calendar month to respond to your request.
For further information on ‘Your Rights’ please refer to the Information Commissioner’s Office website
Protecting Children’s Privacy
We collect and process data about children who attend church, attend children’s activities within church and at our community events. We will seek consent from a parent or guardian if the child is under 13, or consent from the young person, if they are aged 13-17, before collecting personal data.
Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Policy, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Contact details
To exercise all relevant rights, queries or complaints please in the first instance contact us:
Address: Church & Facilities Administrator,
Oak Grove Community Church, 70 Catton Grove Road, Norwich, NR3 3NT
Phone: 01603 403388 or
Email: admin@oakgrovecommunitychurch.co.uk
Complaints
If you are still unhappy with how we have processed your personal data you may contact the following:
Information Commissioner’s Office
0303 123 1113
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF