DATA PRIVACY POLICY
This privacy policy sets out how Oak Grove Community Church uses and protects your personal data We are committed to safeguarding the privacy of church members and former church members, members of the public who are a part of our projects/events, and website visitors, and you can be assured that it will only be used in accordance with this privacy policy. Your personal data is treated in compliance with the provisions of the General Data Protection Regulation 2018 (GDPR).
Oak Grove Community Church may make changes to this policy from time to time but we will always have the latest version available for you on our website and available as a hard copy from the office. If there are any major changes, we will add a notice on our website or contact you via email or in person.
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.
The personal data we collect about you will vary depending on how you interact with us. However, we will only collect data that is relevant, accurate, adequate and limited to what is necessary in relation to the purpose for which it is processed.
Who are we?
For the purposes of GDPR, Oak Grove Community Church (the church, us, we) is the data controller, registered with the Information Commissioner’s Office – Registration Number ZA030094. Our nominated representative is Operation Manager, Rebecca Savory and her contact details can be found at the end of this policy.
How do we process your personal data?
Oak Grove Community Church complies with its obligation under GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes:
● To administer membership records
● To provide pastoral care, support and teaching
● To enable us to maintain appropriate safeguarding arrangements for our children, young people and adults with care and support needs
● To fundraise and promote the interests of the charity
● To manage our employees and volunteers (including those applying to work or volunteer for us)
● To administer and manage Money Advice clients (as applicable)
● To maintain our own accounts and records (including the processing of gift aid applications and donations)
● To inform you of news, events, activities and services running at Oak Grove Community Church
What is the legal basis for processing your personal data?
Legitimate interest
- Where you have signed up to be on a rota or part of any of our groups, as a volunteer or participant, and we need to communicate to you about information relevant to this
Consent
- Where you have voluntarily subscribed to our emailing lists to keep you informed about news, events, activities, prayer requests/updates. You can unsubscribe from these lists at any time using the unsubscribe link in the footer of those emails or by contacting the office.
Legal obligation
- Where you exercise your rights under Data Protection Law and related disclosures
- For maintaining and reporting financial accounting information for up to 6 years from the end of the tax year in which a financial transaction was processed.
- To process gift aid donations
- To carry out obligations under employment, social security or a collective agreement.
Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with other members of the church, organisations or other third parties with your consent, or unless required to do so by law.
Will your data be shared with any third parties?
We use and share data with trusted third party data processors for transactions and donations, website hosting, database storage and event management, and also money advice management. These third parties are only permitted to use the data in accordance with data protection law and under instruction from us.
You can find out more about the third parties we use by contacting the office.
In addition to these third parties, we may disclose information about you for the following reasons:
- to the extent that we are required to do so by law
- in connection with any legal proceedings or prospective legal proceedings
- in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
Except as provided in this Privacy Policy, we will not provide your information to third parties without your express consent.
How long do we keep your personal data?
We keep data in accordance with the guidance set out by UK Data Protection Law. We will only use your personal data for the purpose for which it was given, we will not keep it for longer than necessary usually for the time that you are attending our church or a project we run. After this we may continue to hold your contact details for as long as you agree in order to keep you informed about the ministry of the church, upon which time we will destroy the information securely.
Security of your data
Oak Grove Community Church is committed to ensuring that your information is secure. Any personal information stored on our IT equipment is password protected. Local workstations are protected against viruses and malware using industry best practice standard software. Data is backed up regularly and routinely to an external hard drive.
Paper copies of personal information are kept in locked filing cabinets.
We ensure that access to personal data is restricted only to those staff members or volunteers whose job roles require such access and that suitable training is provided for these staff members and volunteers.
We do not guarantee that any email sent to us will be received or that the contents will remain private during transmission. If you are concerned about this, please consider other means of communication. You are responsible for ensuring any electronic message or information you send to us is free from any virus or defect that may harm our systems in any way.
Our third party processors, Google and Squarespace (website host) are based in the US and have been carefully chosen and complies with the EU-US Privacy Shield agreement. The EU-US Privacy Shield is an approved certification mechanism under Article 42 of the GDPR. You can access the European Commission decision on the adequacy of the EU-US Privacy Shield here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en
ChurchSuite, our church management software is used to manage our church contact database, event bookings, rotas and calendar and is hosted in secure UK data centres. More information about the security of your information on ChurchSuite can be found at https://churchsuite.com/security/
Our website may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
No method of data transmission or method of electronic storage, is 100% secure over the Internet. Therefore, we cannot guarantee its absolute security.
Cookies
Our website uses cookies. A cookie is a small text file stored in your computer containing text data. We use cookies for certain functions to improve the usability of the website. We use ‘statistic’ cookies, which help us to understand how visitors interact with our website by collecting and reporting information anonymously. We also use third party requests, which are requests that are made from a user to an external service. Despite the fact that these requests don't set any cookies, they can still transfer privacy information to third parties.
Your rights and your personal data
Unless subject to an exemption under GDPR, you have the following rights with respect to your personal data:
1. The right to be informed about the collection and use of your personal data
2. The right of access, which allows you to be aware of and verify the lawfulness of the processing
3. The right to rectification, to have inaccurate personal data corrected, or completed if it is incomplete
4. The right to erasure, which is the right to be forgotten – it is not absolute and only applies in certain circumstances
5. The right to restrict processing – this is not absolute and only applies in certain circumstances
6. The right to data portability, which allows you to obtain, reuse and move your personal data in a common format across different services
7. The right to object to processing based on legitimate interests, direct marketing and/or processing for purposes of research and statistics. We confirm that we do not engage in direct marketing
8. Rights in relation to automated decision making and profiling. We confirm we make no decisions on you using an automated process
If you would like to exercise any of the above rights, please contact us. Under the new GDPR regulations, we have up to one calendar month to respond to your request.
For further information on ‘Your Rights’ please refer to the Information Commissioner’s Office website
Protecting Children’s Privacy
We collect and process data about children who attend church, attend children’s activities within church and at our community events. We will seek consent from a parent or guardian if the child is under 13, or consent from the young person, if they are aged 13-17, before collecting personal data.
Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Policy, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Contact details
To exercise all relevant rights, queries or complaints please in the first instance contact us:
Address: Operations Manager
Oak Grove Community Church, 70 Catton Grove Road, Norwich, NR3 3NT
Phone: 01603 403388 or
Email: admin@oakgrovecommunitychurch.co.uk
Complaints
If you are still unhappy with how we have processed your personal data you may contact the following:
Information Commissioner’s Office
0303 123 1113
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Date reviewed:
July 2024
Approved by:
Board of Trustees, September 2024
Date of next review:
July 2025