Privacy policy for St Gregory's RC Church Bollington

1.        INTRODUCTION

1.1.     We are St Gregory’s RC Church Bollington operating under the Diocese of Shrewsbury (registered charity number 234025). We are committed to protecting and respecting your privacy. 

1.2.    This privacy policy sets out the basis on which we will process and use your personal data.

1.3.    We comply with the Data Protection Act (DPA) and will comply with the General Data Protection Regulation (GDPR) once this becomes applicable from 25 May 2018 in respect of the collection, holding, storage, use, and processing of personal data about our supporters (such personal data is held in both manual and electronic records).

1.4.       We may make changes to this privacy policy from time to time which will be posted on this page.  This privacy policy was last updated on 8 May 2018.

2.      PERSONAL DATA WE COLLECT, STORE AND PROCESS

2.1    At St Gregory’s (subsequently designated ‘we’ and ‘us’ and ‘our’) we store contact details and other information about people who are connected with the church. This helps staff, clergy and group leaders to communicate effectively with you about church activities and new events that are coming up.

2.2    We can also record attendance information, for instance in children's groups, to help us manage these groups effectively and for child protection requirements.

2.3    We use a computer system to keep all this data safe and to help us comply with data protection regulations. If you opt in to allowing your data to be shared with other church members on this system then they will have access to read parts of your contact details at your discretion.

2.4    The information that we keep usually consists of your name, adult/child, gender and family connections. If you have provided them to us then we also have the ability to keep your address, telephone, email addresses, mobile number, occupation, website, company, allergies and date of birth.

2.5    If the church is involved in your pastoral care, then information relating to this may be stored. We will also store information regarding membership of groups or committees within the church, such as being an attendee of a congregation or small group, for example the readers.

2.6    We may also process and store information on any invitations we have sent to you for activities or events, your attendance at any activities or events, details of any church-related subscriptions and all information we may have requested for the purposes of Disclosure and Barring Services (DBS) checks. It will also be necessary to store information about ministries you are involved with and the dates and times of any duties associated with those ministries.

2.7    We may ‘profile’ the information we collect about you and use automatic processing particularly for the purposes of  choosing how relevant a church activity is to you based on group membership, age, gender or address.  For example, we may search for all parishioners who attend a specific mass who are also Eucharistic Ministers.

2.8    If you are involved with a ministry at the church we may email or text you about this ministry, for instance with rota updates or information about what's coming up. If you opt-in to receiving emails about new ministries, events or products then we can keep you advised of those things that may interest you.

2.9    We will not give or sell your data to a third party unless legally compelled to do so.

3       LEGAL BASIS FOR PROCESSING PERSONAL DATA

The GDPR provides several acceptable reasons for processing your information.  These legal bases are set out below:

 i.          If you are a regular attendee at the church or a recent new contact then we use the ‘Legitimate Interest’ reason because keeping your contact details is important to running the church.

ii.          If you are not a regular attendee then we use the ‘Consent’ reason which requires us to obtain your opt-in consent allowing us to process your data.

iii.          If you are a church attendee who has left the church, we may keep your name on record, for historical or statistical purposes for a limited period of 3 years.

iv.              We may keep more details and for longer periods if you have been involved in ministries that have legal record-keeping obligations such as child-protection, employment or accident reporting.

4       YOUR RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATIONS

You have the following rights under the GDPR.  If you would like to contact the data protection supervisor, Margaret Raeburn, for St Gregory’s Church please email . Requests regarding data protection, for example, access to personal information, can also be addressed to the St Gregory’s RC Church, Wellington Road, Bollington, Macclesfield, SK10 5JR (Tel: 01625 572108).

Use and access. You have the right to be informed about how we use your contact information and you have the right of access – we must provide you with details of information we hold about you on request. However, if your request is manifestly unfounded or excessive then we can charge a reasonable fee for responding or we can refuse to respond.

Erasure. You have the right to request that we delete some or all of your details. This right only applies where we have no legitimate interest or legal requirement (eg child protection) to keep them. For example, if you gave us your mobile number but now want us to delete it, since it is not a requirement for running the church, but just a convenience, then we are obliged to delete the number if you make that request.

Prevention of processing likely to cause damage or distress. Legitimate Interest is also overridden by your interests, rights or freedoms. For example, if we want to hold your address to help us provide pastoral care, but you argue that you want your address to be confidential because you would be at risk of harm if it became known, then that risk would override our convenience and we would be obliged to delete the address.

Rectification. If we hold incorrect details about you then you can require us to correct them.

Right to object. You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you think we have been mishandling your data.

Right to object to marketing. If you are not currently involved with the church and have not been involved in any ministries that would legally require us to keep records then we require opt-in consent from you to keep your data. You have the right to withdraw this consent at any time.

Restriction. You have the right to restrict further processing of your data for example if you have lodged a formal complaint and are awaiting the outcome.

Data portability. You have a right of portability – the right to request that all of your information be sent to another church or organisation.

5       USE OF COOKIES

5.1      ChurchBuilder uses session cookies to ensure that the system works consistently as a user navigates around it. This cookie is not left on the visitor’s computer when they leave the site.

5.2      Once logged in, a user can choose to save login details on their computer, and some parts of the system store preference information. ChurchBuilder uses long-lived cookies for remembering login and preference information.

5.3      Our website has links to other third party website, the privacy of which we cannot guarantee.  You will need to check the privacy policies of any third party website links from our website.

6       CONTACT AND COMPLAINTS

6.1    The full detail of your rights can be found on the UK Information Commissioners Office website www.ico.org.uk/ or by phoning the ICO by telephone on 0303 123 1113.

6.2    We are not a ‘public authority’ as defined under the Freedom of Information Act 200 and we will therefore not respond to requests for information made under that Act.