Revelation Family Church is committed to protecting your personal data. Under the GDPR/ Data Protection Act 2018, Revelation Family Church is a Data Controller and as such, must let you know how we collect, use, store and protect (“process”) the personal information entrusted to us.
The Personal Data We Process
- Revelation Family Church, its projects and services user’s personal data about living individuals for the purpose of general church and project administration and communication.
The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) and Revelation Family Church fully endorses and adheres to the eight principles of the GDPR. These principles specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation and storage of personal data. Employees and any others who obtain, handle, process, transport and store personal data for Revelation Family Church must adhere to these principles.
THE PRINCIPLES OF GDPR
The principles require that personal data shall:
- Be processed fairly and lawfully and shall not be processed unless certain conditions are met.
- Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose.
- Be adequate, relevant and not excessive for those purposes.
- Be accurate and where necessary, kept up to date.
- Not be kept for longer than is necessary for that purpose.
- Be processed in accordance with the data subject’s rights.
- Be kept secure from unauthorised or unlawful processing and protected against accidental loss, destruction or damage by using the appropriate technical and organisational measures.
- Not be transferred to a country or territory outside the UK, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
We process the personal information you share with us when completing a Get Connected card or ChurchSuite registration form.
Special category data, under the GDPR, is deemed more sensitive information in relation to your race, ethnic origin, politics, religion, trade union membership, biometric and genetic data, health, sex life or sexual orientation. We do not collect special category data.
Data in relation to criminal activity also requires an additional condition to be met when processing. Any criminal activity data we process, such as through DBS disclosures, is processed in line with our Data Protection Policy.
How We Use Your Personal Data
We use your personal data for the following purposes:
Revelation Family Church will use your data for the following purposes:
- To enable us to provide a service for the benefit of the public in a particular geographical area as specified in our constitution
- The day-to-day administration of the church and its projects, e.g. managing attendance records, preparing ministry rotas, maintaining financial records, managing employees and volunteers
- To provide pastoral care to Revelation Family Church attendees, including calls and visits
- To operate the Revelation Family Church web site and social media accounts and deliver the services that individuals have requested
- To inform individuals of news, events, activities, resources and services
- To fundraise and promote the interests of the charity
- To maintain our own accounts and records (including Gift Aid applications)
- To conduct surveys and research, helping us to evaluate our activities and services
Our lawful basis for this processing is as follows:
- Consent – this is when you choose to give us your data for a specific purpose such as receiving promotional emails, use of images on promotional material or accepting cookies on our website. It may also include device information and IP addresses. This commonly includes your name and email address or other contact details. We may also collect sensitive data such as medical information on children/youth consent forms.
- Contract – this is when you enter into an agreement with us where we provide you with a service. This includes when you sign up for an event, register with our children and youth groups. Data we hold will be relevant to the contract and might include contact details, date of birth, age, gender, family and next of kin, DBS check and references, for the purpose of fulfilling the contract.
- Legal Obligation – this is when we hold your data to comply with the law and statutory requirements such as retaining financial transactions, employment, accident and safeguarding records, among others.
- Legitimate Interests – this is when we hold your data to carry out the general purposes of the church. Common examples include communicating with church attendees, providing services and advice, coordinating volunteers or statistical analysis and reporting. Data might include contact details, date of birth, age, gender, DBS check, attendance information, financial donations and sometimes school. We may also hold certain Special Category Data on individuals such as their religion under the legitimate activities condition (d) in Article 9 of the GDPR.
Disclosure Of Your Personal Data
Your personal data will be treated as strictly confidential and will be used exclusively within Revelation Family Church and its projects for the purposes it was obtained for. Only specific individuals authorised by the church can access your information, these include staff, the leadership team and Trustees. We do not pass any of your personal information to other organisations and/or individuals without your express consent, except under special circumstances where we are exempt for safeguarding purposes.
We do not transfer personal data outside the UK.
How We Protect Your Personal Data
Protecting your data is important to us and we have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Access to our ChurchSuite Data management system is limited and restricted to authorised staff only. All data processing software is password protected. We also limit access to your personal data to those employees, volunteers and Trustees. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator of a breach where we are legally required to do so.
We may anonymise your personal data (so that you can no longer be identified from such data) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
When you leave our website, we encourage you to read the privacy notice of other websites you visit.
We keep your personal data for no longer than reasonably necessary, for as long as you remain at Revelation Family Church or connected to its events, or for longer periods in compliance with our Finance Policy and/or Safeguarding Policy.
Examples of data we keep for longer periods include:
- Financial transactions and Gift Aid declarations, held for six years
- Childcare records, held for 7 years after the date of a childs attendance at an event
- Accident records, held for three years after last recorded date
- Employment records, held up to six years after employment ceases.
Unless subject to an exemption under the GDPR, you have rights with respect to the personal data we process, including the following:
- the right to request a copy of the personal data which we hold about you;
- the right to request that we correct any personal data if it is found to be inaccurate or out of date;
- the right to request your personal data is erased where it is no longer necessary to retain such data;
- the right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- the right to data portability from one electronic environment to another, where data is processed by electronic means;
- the right to object to the processing of personal data in certain circumstances; your right to object to direct marketing is absolute;
- the right to be informed when automated decision making and profiling is used and to request human intervention;
- the right to withdraw your consent to the processing at any time, where ‘Consent’ was our lawful basis for processing your data.
For further details on your rights under the GDPR/ DPA 2018, please visit the ICO website.
Keeping Your Data Up To Date
We always try to ensure the data we hold is accurate and up to date. Please advise us if you change any details, such as your address, contact number, etc. so that we may update our records accordingly. Please make this request in writing by email.
Automated Decision Making And Profiling
We do not use any form of automated decision making in our business.
How To Make A Complaint
To exercise all relevant rights, queries or complaints, in the first instance please contact our Data Protection Officer Andy Haddow on email@example.com
FAO Data Protection Officer/Operations Manager
Revelation Family Church
104 The Hornet
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the: Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.