Skip to content

Privacy Policy

Updated June 2024  Next Review June 2025

Revelation Church is committed to protecting your personal data. Under the GDPR/ Data Protection Act 2018, Revelation Church is a Data Controller and as such, must let you know how we collect, use, store and protect (“process”) the personal information entrusted to us.

 

The personal data we process

 

Revelation Church, its projects and services user’s personal data about living individuals for the purpose of general church and project administration and communication.

 

The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and Revelation Church fully endorses and adheres to the eight principles of the GDPR. These principles specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation and storage of personal data. Employees and any others who obtain, handle, process, transport and store personal data for Revelation Church must adhere to these principles.

 

THE PRINCIPLES OF GDPR

The principles require that personal data shall:

 

  1. Be processed fairly and lawfully and shall not be processed unless certain conditions are met.
  2. Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose.
  3. Be adequate, relevant and not excessive for those purposes.
  4. Be accurate and where necessary, kept up to date.
  5. Not be kept for longer than is necessary for that purpose.
  6. Be processed in accordance with the data subject’s rights.
  7. Be kept secure from unauthorised or unlawful processing and protected against accidental loss, destruction or damage by using the appropriate technical and organisational measures.
  8. Not be transferred to a country or territory outside the UK, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

We process the personal information you share with us when completing a Get Connected card or ChurchSuite registration form.

 

Special category data, under the GDPR, is deemed more sensitive information in relation to your race, ethnic origin, politics, religion, trade union membership, biometric and genetic data, health, sex life or sexual orientation.  We do not collect special category data.

 

Data in relation to criminal activity also requires an additional condition to be met when processing. Any criminal activity data we process, such as through DBS disclosures, is processed in line with our Data Protection Policy.

 

Our website uses browser cookies; please see our cookie policy on the website for further information.

 

How we use your personal data

 

We use your personal data for the following purposes:

Revelation Church will use your data for the following purposes:

 

  • To enable us to provide a service for the benefit of the public in a particular geographical area as specified in our constitution
  • The day-to-day administration of the church and its projects, e.g. managing attendance records, preparing ministry rotas, maintaining financial records, managing employees and volunteers
  • To provide pastoral care to Revelation Church attendees, including calls and visits
  • To operate the Revelation Church website and social media accounts and deliver the services that individuals have requested
  • To inform individuals of news, events, activities, resources and services
  • To fundraise and promote the interests of the charity
  • To maintain our own accounts and records (including Gift Aid applications)
  • To conduct surveys and research, helping us to evaluate our activities and services

Our lawful basis for this processing is as follows:

 

  • Consent – this is when you choose to give us your data for a specific purpose such as receiving promotional emails, use of images on promotional material or accepting cookies on our website. It may also include device information and IP addresses. This commonly includes your name and email address or other contact details. We may also collect sensitive data such as medical information on children/youth consent forms.
  • Contract – this is when you enter into an agreement with us where we provide you with a service. This includes when you sign up for an event, register with our children and youth groups (Spark, Fire, Shockwave, RevsYouth and Playscheme). Data we hold will be relevant to the contract and might include contact details, date of birth, age, gender, family and next of kin, DBS check and references, for the purpose of fulfilling the contract.
  • Legal Obligation – this is when we hold your data to comply with the law and statutory requirements such as retaining financial transactions, employment, accident and safeguarding records, among others.
  • Legitimate Interests – this is when we hold your data to carry out the general purposes of the church. Common examples include communicating with church attendees, providing services and advice, coordinating volunteers or statistical analysis and reporting. Data might include contact details, date of birth, age, gender, DBS check, attendance information, financial donations and sometimes school. We may also hold certain Special Category Data on individuals such as their religion under the legitimate activities condition (d) in Article 9 of the GDPR.

 

Disclosure of your personal data

 

Your personal data will be treated as strictly confidential and will be used exclusively within Revelation Church and its projects for the purposes it was obtained for. Only specific individuals authorised by the church can access your information, these include staff, the leadership team and Trustees. We do not pass any of your personal information to other organisations and/or individuals without your express consent, except under special circumstances where we are exempt for safeguarding purposes.

 

 

International transfers

 

We do not transfer personal data outside the UK.

How we protect your personal data

 

Protecting your data is important to us and we have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Access to our ChurchSuite Data management system, Xero Accounting Software, Gsuite File storage system & Slack instant messaging system is limited and restricted to authorised staff only. All data processing software is password protected. We also limit access to your personal data to those employees, volunteer Team Leaders, Core Leadership Team and Trustees. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

Revelation Church takes the security of your data seriously. In the unfortunate event of a personal data breach, we have procedures in place to identify and contain the issue. We will take all reasonable steps to mitigate any damage or risk of harm.

If a personal data breach is identified that poses a high risk to your rights and freedoms, we will notify you and the Information Commissioner’s Office (ICO) without undue delay. The notification will explain the nature of the breach, the categories and estimated number of individuals affected, and the envisaged consequences of the data breach.

We will communicate the data breach concisely, using plain language. We will keep you informed of any action taken to address the breach and minimize any potential harm.

You can find more information about the ICO’s data breach reporting requirements on their website: https://ico.org.uk/

We may anonymise your personal data (so that you can no longer be identified from such data) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

 

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

 

While we strive to maintain accurate links to external websites, Revelation Church is not responsible for the privacy practices of other websites. We encourage you to review the privacy notices of any website you visit through a link from our website.

Data retention

 

We keep your personal data for no longer than reasonably necessary, for as long as you remain at Revelation Church or connected to its events, or for longer periods in compliance with our Finance Policy and/or Safeguarding Policy.

 

Examples of data we keep for longer periods include:

 

  • Financial transactions and Gift Aid declarations, held for six years
  • Adult & Child Safeguarding records, held for 7 years after the date of a safeguarding report.
  • Accident records, held for three years after last recorded date
  • Employment records, held up to six years after employment ceases

Your rights

 

Unless subject to an exemption under the GDPR, you have rights with respect to the personal data we process, including the following:

  • the right to request a copy of the personal data which we hold about you;
  • the right to request that we correct any personal data if it is found to be inaccurate or out of date;
  • the right to request your personal data is erased where it is no longer necessary to retain such data;
  • the right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • the right to data portability from one electronic environment to another, where data is processed by electronic means;
  • the right to object to the processing of personal data in certain circumstances; your right to object to direct marketing is absolute;
  • the right to be informed when automated decision making and profiling is used and to request human intervention;
  • the right to withdraw your consent to the processing at any time, where ‘Consent’ was our lawful basis for processing your data.

For further details on your rights under the GDPR/ DPA 2018, please visit the ICO website.

 

Keeping your data up to date

 

We always try to ensure the data we hold is accurate and up to date. Please advise us if you change any details, such as your address, contact number, etc. so that we may update our records accordingly. Please make this request in writing by email.

 

Automated decision making and profiling

 

We do not use any form of automated decision making in our business.

 

How to make a complaint

 

To exercise all relevant rights, queries or complaints, in the first instance please contact our Data Protection Officer Andy Haddow on andy.haddow@revelation.org.uk

 

FAO Data Protection Officer

Revelation Church

104 The Hornet

Chichester

PO19 7JR

 

If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the: Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.