PRIVACY POLICY
Reviewed May 2021
Your personal information
This statement sets out how we will deal with any personal information that you provide to us and that we collect about you. We will collect and deal with your personal information in accordance with the Data Protection Act 2018. For the purpose of the Act, we (Rising Brook) are the data controller of personal data we hold about you.
How we may use your personal information
Personal information that we collect may be used by us in a number of ways including:
To tell you about areas of the life of the church which we think may be of interest to you
To provide pastoral care, support, teaching and challenge for you in accordance with the teaching of the Bible
To enable us to maintain appropriate safeguarding arrangements for our children and young people and adults at risk
To help you identify where you could serve in the life of the church
To help us organise rotas, small groups and to communicate with you
We will collect and handle your personal information because it is necessary for us to do so for the purposes of our legitimate interests.
Information we may collect about you
We may collect and process the following information about you:
Your contact details
Your attendance at events and meetings run or hosted by us
Your participation in rotas for service in the church
Your participation in groups
Information contained in emails or other correspondence from you and records of telephone calls or meetings with you
Your marital status, age, gender and information about your immediate family
Your university course details (where relevant)
Details of money that you give to the church and gift aid certification
Information contained in checks provided by the Disclosure & Barring Service and evidence of safeguarding training
Information that you share with us for the purposes of pastoral care, encouragement, training and prayer
Information relevant to your suitability for Membership of and service in the church, employment by the church or service with other Christian organisations
Medical information where necessary to ensure that the care and hospitality that we provide for you is appropriate to your needs
How we may collect information
You may complete information forms for us.
We may collect information directly from you.
We may collect information from others about you:
To enable us to maintain appropriate safeguarding arrangements for our children, young people and adults at risk
To help us to better support you and to provide pastoral care, support, teaching and challenge for you in accordance with the teaching of the Bible
Who we may share information with
We may share your information as appropriate with others in the church including:
To enable them to provide pastoral care, prayer and support for you
To inform them that you are applying to be a member or that your membership has ended
On our on-line church management website, Church Suite, to allow other members and leaders to contact you or e.g. to arrange rota swaps with you, group arrangements
We may occasionally share your information with others outside the church including:
Where we are approached for a reference by another church or organisation
In certain circumstances, the Data Protection Act allows personal data to be disclosed to statuary bodies without the consent of the data subject. Under these circumstances Rising Brook will disclose requested data. However, the Data Protection Officer will ensure the request is legitimate, seeking assistance from the Head of Compliance and from the organisation’s legal advisers where necessary
People or organisations you have agreed we may contact who may be able to support you.
Accounting and tax reasons - with HMRC and church auditors
How we will store information
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
The data that we control may be transferred and stored outside the European Economic Area ("EEA"), for example where our software providers store information on servers outside the EEA. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Where there is a transfer outside the EEA we will ensure that organisation to whom information is transferred is one which subscribes to equivalent standards under the Act.
We may use the following third-party service providers named below to process and store your data:
MailChimp: We use MailChimp to manage lists, preferences and to send emails. Mail Chimp has staff based outside the European Economic Area and stores your data in the USA. You can find out more about its privacy policy at https://mailchimp.com/
Church Online Platform: We use Church Online Platform allows users to access church services and other online events. Church Online has staff based outside the EEA and stores your data in the USA. Find out more about the Terms of Service at https://churchonlineplatform.com/terms
We will not share your personal information with any other third-party unless we have your permission, or the law requires us to.
We will take reasonable, necessary steps to ensure that your data is treated securely and in accordance with this privacy statement.
We will store your information for no longer than reasonably necessary and in line with legal requirements. After this we may continue to hold your contact details for as long as you agree in order to keep you informed about the ministry of the church.
Your Rights
You have the right to ask us not to process your personal data for the purposes of informing you of events and other opportunities. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing at any time by contacting us.
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.
You may request that personal information is corrected where it is not correct or that the information is deleted. You may also object to the church processing information about you. Where you have consented to us handling your information, you have the right to withdraw that consent at any time.
Our website may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Further Processing
If we wish to use your personal data for a new purpose, not covered by this Privacy Policy, then we will provide you with a new Policy explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Our Data Protection Officer
Our nominated representative for the purpose of the Act is Gary Sloan. For further information about how your personal information is used, how we store your information securely and your rights to access the information that we hold about you, please contact him on dataprotection @risingbrook.org.
If you are unhappy with how we have handled your information, you may complain to the Information Commissioner.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF