To enable us to provide a service for the benefit of the public as specified in our trust deed, Clitheroe Community Church processes personal data about our members, staff, suppliers, website users and people who use our premises and services. ‘Processing’ can mean collecting, recording, organising, storing, sharing or destroying data.
Your privacy is important to us and this privacy notice describes how we collect and use personal information about you in accordance with the General Data Protection Regulations (GDPR) and the Data Protection Act 2018. It also explains your rights when it comes to your data.
What data do we have?
- Basic details and contact information, e.g. name, address, telephone number, email address.
- Information to facilitate participation in groups and courses, contact preferences, etc.
- Financial details, e.g. relating to donations, Gift Aid, payments to or by Clitheroe Community Church. (Bank account details are only stored on our secure banking portal, with access strictly limited to authorised personnel.)
- Details of baptism, infant dedication and marriage for our church log.
- Pastoral information is rarely processed in written or electronic format. Where this occurs, it is kept strictly confidential and safeguards are in place to ensure that accidental disclosure does not take place.
- Prayer requests may be made by or on behalf of individuals. It is not necessary to include personal data to make a prayer request.
- Your image may be included in photographs or videos.
- We may process special category information, e.g. health information for our employees or children attending our activities; information relating to religious belief.
- Before beginning a role with us, depending on the nature of the role, volunteers and staff may be required to apply for a criminal record check. We may also ask you to declare any convictions or cautions that we’re legally entitled to know about.
Why do we have this data and what is the legal basis?
- Explicit consent of the data subject so that we can keep you informed about news, events, activities and services, and enable members to contact each other.
- We need your consent to use images of you, except where they are taken in a public setting, e.g. Sunday worship or open visitor events. Even then, we need your consent if they can clearly identify you as a Christian, e.g. if you have your hands raised in worship. Images are chosen and used responsibly – if we wouldn’t use a similar image of ourselves, we don’t use yours.
- Consent is not necessary for images that include you in a public setting that don’t identify your religious belief. These may be used in the legitimate interest of publicising church activities, e.g. in flyers or online.
- Legal obligation to keep records, e.g. for the Charity Commission, HMRC.
- Processing is necessary in the performance of a contract, such as providing room hire, paying staff or obtaining goods and services for the church. Failure to supply such information may mean we are not able to fulfil the contract.
- It is a legitimate interest of the church to provide pastoral care and to accept prayer requests. Any personal data involved is treated with strict confidentiality by the prayer team or those providing pastoral care.
- It is also a legitimate interest to manage membership and participation in groups and courses, to respond effectively to enquirers, to handle any complaints and to keep a church log.
- Where children attend our activities, it is a legitimate interest to collect emergency contact details and information relating to health needs to facilitate the safe running of the activities.
- Processing is necessary for carrying out obligations under employment, social security or social protection law.
- Processing of special category information (such as information about religious beliefs) may be carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided that the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and provided there is no disclosure to a third party without consent.
- If we request your criminal records data, it is usually because we have a legal obligation to do this due to the type of role you fulfil. This is set out in the Data Protection Act 2018 and the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975. If your role is not eligible for a standard or enhanced DBS check, we may still request a basic DBS check and ask about any unspent convictions or conditional cautions. This is a legitimate interest as an employer or provider of voluntary services.
How do we process your personal data?
- Clitheroe Community Church complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We provide guidance on this in our data protection policy and procedures.
- We collect personal data face to face and via phone, paper and digital communications. We may collect data from third parties, such as referees when you apply for a role with us.
- Where we process data based on your consent, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent at any time.
- We only share information with individuals or organisations that have a legitimate right to the information, such as:
- Where you have given your consent for the sharing
- The DBS Service and Thirtyone:eight (the safeguarding umbrella organisation we use)
- Our pension scheme provider
- Our payroll provider
- Organisations we have a legal obligation to share information with e.g. the Charity Commission
- Our insurer, e.g. in the event of a claim
- The police or other law enforcement agencies if we have to by law or court order.
- Where we use services such as Google Drive or MailChimp, no transfer of your personal data will take place to an organisation or a country outside the UK unless there are adequate controls in place relating to the security of your data.
- We keep criminal records information only as long is required to make decisions about appointments to roles and for the resolution of any disputes. After this we retain only a record of the type of disclosure and the certificate number. Criminal record certificate information is stored securely and separately from other information, with access restricted to those legally entitled to see it.
- We will only retain your personal information for as long as necessary to fulfil the purposes for which we have collected it. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. When we no longer have a lawful purpose for holding your data, we will securely destroy your personal information in accordance with our data protection policy and procedures.
- We reserve the right to lawfully transfer such information as is required to obtain legal advice and to protect the rights, property or safety of the church, its employees, service users and others.
- We reserve the right to monitor use of our telecommunications network (including telephone, email and internet use) to such extent as we consider necessary and reasonable, in accordance with applicable law.
What data do we have?
While using our website, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. This may include, but is not limited to:
- Your basic details and contact information, e.g. your name, email address and telephone number
- Cookies and usage data
We may collect information about how the service is accessed and used. This usage data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Tracking and Cookies Data
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service. Examples of cookies we use are:
- Session cookies. We use temporary session cookies to operate our service.
- Preference cookies. We use preference cookies to remember your preferences and various settings.
- Security cookies. We use security cookies for security purposes.
Why do we have this data?
We use your data to provide and improve the service. By using the service, you consent to the collection and use of information in accordance with this notice. Clitheroe Community Church uses the collected data for various purposes:
- To provide and maintain the service
- To provide support and respond to enquiries
- To provide analysis or information so that we can improve the service
- To monitor the usage of the service
- To detect, prevent and address technical issues
How do we process your data?
Transfer of Data
Your information, including personal data, may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction, where the data protection laws may differ than those from your jurisdiction. Your consent to this privacy notice followed by your submission of such information represents your agreement to that transfer.
Clitheroe Community Church will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice and no transfer of your personal data will take place to an organisation or a country unless there are adequate controls in place relating to the security of your data.
Security of Data
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
We may employ third party companies and individuals to facilitate our service, to provide the service on our behalf, to perform website-related services or to assist us in analysing how our service is used. These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We use YouTube to embed videos. Cookies are used by this service to track levels of usage. To opt out of having cookies set by YouTube, please see the relevant cookie and privacy policies on their website.
Links to Other Sites
Our website may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
Our website service does not address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.
Your rights regarding your data
It is important that the personal information we hold about you is accurate and current. Please inform us if your personal information changes (e.g. address, contact details).
You have the following rights with regard to your data.
- You have the right to be informed about the collection and use of your data.
- You have the right to request access to a copy of all the data we keep about you. Generally, we will not charge for this service.
- You have the right to ask us to correct any data we have which you believe to be inaccurate or incomplete. You can also request that we restrict all processing of your data while we consider your rectification request.
- You can ask for your data to be erased if we have asked for your consent to process your data. You can withdraw consent at any time – please contact us to do so. You also have the right to ask that we erase any of your personal data which is no longer necessary for the purpose we originally collected it for.
- You may also request that we restrict processing if we no longer require your personal data for the purpose we originally collected it for, but you do not wish for it to be erased.
- If we are processing your data as part of our legitimate interests as an organisation or in order to complete a task in the public interest, you have the right to object to that processing. We will restrict all processing of this data while we look into your objection.
- If we are processing your data by automated means on the basis of consent or in the performance of a contract, you have the right to receive the personal data you have provided in a structured, commonly used and machine-readable format, where this is technically feasible.
If you have a concern about the way we are collecting or using your personal information, please contact us using the details below. We will always respond to your request as soon as possible and, at the latest, within one month. You may need to provide adequate information for our staff to be able to identify you, for example, a passport or driver’s licence. This is to make sure that data is not shared with the wrong person inappropriately.
You can also contact the Information Commissioner’s Office at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or at ico.org.uk.
Review of this Privacy Notice
We regularly review and, when necessary, update our privacy information. The most up-to-date version is displayed here and the date of the last update is 8 July 2022.
If you would like further information regarding this privacy notice please contact the administrator by email or by post at Clitheroe Community Church, Millthorne Avenue, Clitheroe, BB7 2LE.
Clitheroe Community Church is a registered charity, number 701869.