The King’s Church is committed to protecting and respecting your privacy in accordance with the General Data Protection Regulation (GDPR). This policy sets out what personal data we collect from you, or that you provide to us, and how it will be used. Please read it through carefully and if you have any queries please contact us by email to email@example.com.
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
The King’s Church Epsom is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
Generally, we will only collect your data when you give it to us directly, for example when you:
Sign up to our mailing list
Give us your details at one of our events or activities
Register your children for one of our events
Apply for or attend one of our events or activities (paid or free)
Contact us on one of our online platforms such as (but not exclusively) our website, Twitter, Facebook, Youtube or Instagram
Contact us directly by telephone, electronically, post or in person
Purchase a ticket for an event or activity
Make a donation to the church
Apply for a position, paid or voluntary
Sometimes we may also receive your data indirectly because you have given permission to other organisations to share your data, or it is publicly available. For example:
Your likes and preferences on social media and some websites (depending on your privacy settings on those platforms)
Information from public sources such as Companies House, the internet or published in newspapers and magazines
Personal data includes your contact details, date of birth, your contact preferences, details of communications with you, images of you taken at participatory and public events, details of your transactions and your access or other requirements. We may also keep information such as which groups you are part of, what courses and events or activities you have attended.
We comply with our obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
Special Category Data
Special Category Data may be asked for in certain instances; this includes your bank details (if we need to pay you), ethnicity, gender identity, medical information including allergies and next of kin. In certain situations, we may also record information regarding pastoral care and support that is given to you.
This information is available to a restricted number of people for whom it is deemed necessary. It is used to process some transactions, in the case of an emergency, or safeguarding (including, but not exclusively, for things like children’s camps and trips) or aggregated and anonymised for monitoring and reporting as required by funding bodies.
We collect and store data for under 18s who participate in any of our events or activities, which includes Special Category Data. Where possible and when appropriate, we obtain consent from the parent/carer of the child before collecting this data. This information is available to a restricted number of people for whom it is deemed necessary. When the young person reaches 18, consent is sought from the individual.
You give us your personal data so that we can efficiently and effectively manage the administration of the church and the events and activities that we do, including providing appropriate pastoral care, monitoring and assesses the quality and effectiveness of the services we provide, and to fulfil our purposes as a church.
Based on your contact preferences we use your details to keep you up to date with the latest information and forthcoming events. You can opt out of this at any time.
When you make a donation to King’s Church and choose to make a Gift Aid declaration this will be stored against your record and your Personal Details will be shared with HMRC.
When you apply for a job (paid or voluntary), work experience, or to help on a serving team, we collect Personal Data and Special Category Data as part of your application. For any role that requires a DBS (Disclosure and Barring Check) to comply with safeguarding regulations, this data is shared with the CCPAS (The Churches’ Child Protection Advisory Service) and through these the relevant organisations required to perform the DBS check.
When you visit our website we may automatically collect technical information about your session including the Internet Protocol (IP) address that connects your device to the internet, the type of device you use, your browser, operating system, and from where you have arrived at our site. We do not link this information to anything that identifies individuals. This information enables us to analyse how the website is used, and where improvements can be made.
We use essential and non-essential cookies on our website. A cookie is a small text file of letters and numbers that gets put onto your computer when you visit a website. This allows the site to distinguish you from other users. Essential cookies are required to login or to purchase items from our website. Non-essential cookies are used to track how you use and interact with our website and for analytical purposes and to monitor the efficacy of digital advertising. Cookies are not normally linked to information that allows us to identify individuals.
We have processes in place and carry out regular reviews of who has access to data to ensure that your information is only accessible to appropriately trained and identified people. Special Category Data is only accessible to the people for whom it is deemed absolutely necessary.
Paper files with Personal and Special Category Data are kept to a minimum and are stored securely when not in use. When they are no longer needed, paper copies are securely shredded.
If there is a breach of data that is likely to have a detrimental effect on individuals (for example, result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage), King’s Church will notify the Information Commissioners Office within 72 hours of becoming aware of the breach. Any individuals affected will also be notified within this timeframe.
If legally required we may disclose your information to the police, regulatory bodies or legal advisors. We will only share your data in other circumstances with your consent.
We do not share your information with anyone outside the church except as described in this policy.
Please let us know when your details change so we can make sure that our information is current. However, we do have other processes in place to ensure that we keep our records up to date:
If we find a record on our system that matches another one and we are sure it is the same person, we may merge the two accounts so we have all your information in the same place.
Images and film taken of public and participants may be used for up to ten years for marketing and publicity purposes by King’s Church. After this point it will either be deleted, or if deemed to be of historical and public interest, added to our archive.
If you apply for a job, work experience, or to volunteer at Welcome Church and your application is unsuccessful, we delete/destroy the application 6 months after the closing date.
Records relating to donations, gift aid declarations, DBS checks, safeguarding and similar will be stored for at least the time required by law.
We will generally review all our records once a year and may contact you to ask if your details are up to date and if anything has changed.
If you wish to amend your data, ask us to stop using your Personal and Special Category Data for reasons other than processing your transaction, or erase your Personal and/or Special Category Data please contact us.
You have a right to ask for a copy of the information we hold about you. To request this please send an email to firstname.lastname@example.org. We do not make a charge for this, but may charge a reasonable administrative fee if we deem the request to be unfounded or excessive. We endeavour to respond to requests within 30 days.
Object to processing of personal data that is likely to cause, or is causing, damage or distress,
Prevent processing for the purpose of direct marketing,
Object to decisions being taken by automated means,
In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
Claim compensation for damages caused by a breach of the Data Protection regulations.
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/