West Wickham & Shirley Baptist Church Privacy Notice

1.      Introduction

We value all those who engage with West Wickham & Shirley Baptist Church (WWSBC) by whatever means, and we do all we can to fully protect your privacy and to make sure the personal data you provide us is kept safe and secure.

This Privacy Notice explains how WWSBC collects, stores, manages and protects your data. It outlines the types of data that we hold and how we use them. It also outlines what steps you can take if you would like us to change how we use your data or if you would like us to stop using it altogether.

The Church’s Charity Trustees are the ‘Data Controller’ of your personal data and as such are subject to the General Data Protection Regulation 2016 (GDPR).

2.      Our responsibilities & the legal basis for processing your data

WWSBC is committed to protecting your personal data. We aim to be clear how we use your personal information, and not do anything you would not reasonably expect. All information you provide us with will be used in accordance with the WWSBC Data Protection Policy (A copy of this policy is available from the Church Office office@wwsbc.org.uk).

WWSBC usually relies on your consent as the legal basis for processing. We recognise that this is not the only lawful ground for processing data.  As such, where appropriate, WWSBC may process your data on an alternative legal basis. Some of our processing is because we have a legitimate interest to do so, for example, in order to allow us to respond to your enquiry, or contact you in an emergency.  We may process your data if it is necessary to fulfil contractual obligations we may have with you, for example, if you make a purchase from us or hire our facilities. Occasionally we have a statutory reason for processing your data, for example to fulfil our safeguarding obligations. 

3.      What personal information do we collect and how do we collect it?

The vast majority of the information we hold is obtained directly from you. We may obtain personal information from you when you fill in a consent form, a Connect Card, contact us through the website, enquire about our activities, request our help or support, register for an event, hire our facilities, make a gift or donation to the Church through Gift Aid, or otherwise provide us with personal information. 

The personal information we collect and process may include name, title and contact details including postal address, email address and phone number. It may also include some demographic information such as gender or date of birth and details of how you are connected with others whose personal information we have permission to hold i.e. Spouses or children.

We may keep a record of contact with you and your attendance at Church events or activities. We will also keep a note of any changes you tell us about, including when you change your address, or name. You can keep your personal details up to date by contacting office@wwsbc.org.uk

WWSBC may process some information that is considered more sensitive. This is referred to as ‘special category’ personal data in the GDPR. When we process this type of information we are required to apply additional protections. Special category personal data is defined as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sex life and sexual orientation, genetic data and biometric data which is processed to uniquely identify a person. In the UK this also includes any personal information relating to criminal convictions and offences.

If we need to process any special category data we will usually ask your consent to do this, unless we are processing the data because we are obliged to for legal reasons. For example, we may process special category data you have given us in order to fulfil any dietary requirements you have if you are registering for an event. This data is processed under social protection law relating to Food Safety and Allergens.

Religious organisations are permitted to process information about your religious beliefs to administer membership or contact details.

If you make a donation to the Church, we will also record your donation, including Gift Aid status, where applicable (as required by HMRC).

4.      What do we use your personal information for?

We will only process your data for the specific purposes that we tell you and then only to the extent necessary for that specific purpose. If we want to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose.

Your personal information will be used to:

·         Keep in touch with you as a member of the Church;
·         Minister to you and provide you with pastoral care and support;
·         Provide any services you have requested;
·         Process a donation you have made (including Gift Aid information);
·         Carry out administration (rotas, church directory, hire of facilities etc.);
·         Enable us to deliver the Churches mission to our community or carry out other voluntary or charitable activities;
·         Enable us to fulfil legal and statutory obligations;
·         Send you communications you have requested or that may be of interest.

We may communicate with you about the following:

·         Church news and events;
·         Changes to services, events or role holders;
·         Ways to get involved and support the church;
·         Prayer requests;
·         Services you have requested or that may be of interest;
·         To seek your views or comments.

We will ask for your consent to contact you for specific purposes and will only contact you through the communication channels (telephone, email, post or social media) you have consented to. Note that we may have to contact you for a reason where your consent is not required, for example, to comply with the law, fulfil a contractual obligation, or because we have a legitimate reason to do so.

To enable us to provide adequate pastoral support to you and your family, one of the Ministers may record information which may be regarded as sensitive. This information will be stored (in password protected documents) on the church computer but the password will only be known by the Ministers. This information will NOT be disclosed to anyone else without your consent.

5.      Who do we share your personal information with? 

Unless we have a legal obligation to do so, we will not disclose your data to individuals, organisations or other entities outside the Church other than those which are acting as agents for the Church (for example, if we use a company to print and send out documents).  We do not sell to or trade your data with any other organisations.

We may need to disclose your information to a third party if required by law (for example to government bodies and law enforcement agencies) or if we have your permission to do so.

If you have consented to it, your contact details will be entered into the Church Directory which will be accessible to members, friends and others who have requested their details in the Directory. You may restrict what details are entered in the Directory.

Although most of the information we store and process stays in the UK, some information may be transferred outside the European Economic Area (EEA). This may occur, for example, if a cloud server used to store electronic data is located outside the EEA. Where this happens we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. Our website is also accessible from oversees so on occasion, some personal information may be accessed from oversees.  

6.      How do we protect your personal information? 

We may store data you have given us manually, electronically, or on email servers. Hard copy data is kept in the church office which is locked and alarmed.

Electronic data is stored on computers used by the Church and its Officers. These are password protected and access is limited to Ministers, and other Church Officers, Staff or personnel who have a legitimate need to access this information (e.g. Safeguarding Officer).

7.      How long do we keep your personal information?

Generally, we will process your personal data only as long as is necessary for the purpose(s) for which it was collected (unless otherwise advised). We will hold your details until you are no longer a member or associated with the church (unless you advise us otherwise), or until you withdraw your consent for us to hold your personal data.

We may be obliged by law to keep your data for a certain length of time e.g. HMRC requires we record your name, address and Gift Aid declaration for seven years from the date of your last donation. Data will be kept securely and destroyed appropriately when no longer required.

8.      Your rights and how to contact us

In certain circumstances, by law you have the right to:

·         Be informed as to how we use your data (via this Privacy Notice);
·         Access or request a copy of the data we hold about you;
·         Update, amend or rectify the data we hold about you;
·         Change your communication preferences at any time to restrict how we process your data, or opt out of some or all communication from us;
·         Ask us to remove your data from our records;
·         Withdraw consent, where it is used as a legal basis for processing;
·         Object to or restrict the processing of your information for any of the purposes above.

If you have any questions about this Privacy Notice, your data rights, or would like to receive a copy of the information we hold about you, please contact:  

Data Protection Trustee (Church Secretary), WWSBC, Wickham Road, Croydon, CR0 8EH Office@wwsbc.org.uk, 020 8777 5705.

If we wish to use your data for a new purpose, not covered by this notice, then we will provide you with a new notice. Where necessary, we will seek your prior consent to the new processing.

If you feel that we have let you down in relation to your information rights then please contact us so that we can discuss this with you and rectify the situation.  You can also make complaints directly to the Information Commissioner’s Office (ICO). The ICO is the independent authority upholding information rights for the UK. Their website is ico.org.uk and their telephone helpline number is 0303 123 1113.