General policy statement
The King’s Church, Wisbech is committed to respecting the privacy of individuals and ensuring the personal information that has been entrusted to us is processed in accordance with the Data Protection Act (DPA) 1998 and General Data Protection Legislation (GDPR) 2018.
Definitions used in this policy
Data Subject: the individual whose data we hold or use (eg. A full church member, someone who has attended a course or event, someone who has filled in a card asking to be kept informed about the church and its events). A person becomes responsible for their own data at 13 years of age.
Data Controller: The King’s Church, Wisbech (us).
Data Processor: this is any third party which process data on behalf of the Data Controller. (eg. Church Insight website and church management platform (part of Endis Limited)).
Data Protection Lead: a named person within the church whose can be contacted with regard to any data protection matter and who is responsible for gathering and monitoring the relevant consent.
How we collect personal information
We collect personal information directly from people
at church events when a registration form or ‘Hello’ card is filled out
who sign up as a volunteer
when they register or buy tickets for an event or course
if they have decided to join our prayer chain
when they make a donation, or decide to use ‘Gift Aid’
We collect personal information electronically when a person
registers for an account on our website www.kingswisbech.org.uk
responds to an online survey or sign up form
registers or buy tickets for an event or course
decides to join our prayer chain
makes a donation, or decides to use ‘Gift Aid’
The personal information we collect
Personal identifiers such as a person’ s title, name and year of birth (to verify they are 18 years or over and also to take greater care when engaging with children and vulnerable adults).
Contact details including postal address, postcode, email and telephone number.
Financial information such as bank details (if making a donation or purchasing a ticket).
Whether an individual is a UK taxpayer (for Gift Aid purposes).
Attendance at various services, groups or events and courses (to aid with mutual care and follow-up).
Special category data
Special category data includes things like race, trade union membership, or political affiliation, as well as religious belief.
As the information the church holds falls into the ‘Special Category’ this means we need to ask for explicit consent from Data Subjects (you) to store, share and use their data.
Children under 13
Explicit permission will be sought from parents or legal guardians of children under 13 years of age for their personal details to be held and processed on our bespoke church management software, Churchinsight.
When the child reaches 13 they themselves will be asked to give their own permission, as well as allowing us to keep holding the older data.
We will never contact children directly. If we do need to make contact we will do so through their parent or guardian.
If a vulnerable adult has a personal carer, Power of Attorney or next of kin, explicit permission will be sought from them for us to store, share and use their data.
Why we collect personal information
We collect personal information:
For the smooth running and administration of our organisation.
To keep a person informed about our church’s events and activities.
To keep volunteers informed of their tasks, training, rota reminders etc.
To encourage people on their spiritual journey.
To process donations.
To reclaim tax on Gift Aid donations, if applicable.
To fundraise more effectively.
To provide a useful resource in the form of an online directory of users.
To provide an interactive web site where email is used to communicate with the users.
To provide a security mechanism on our web site whereby we can restrict content to certain groups of users.
To help us to improve the service we offer.
Fundraising is essential for The King’s Church, Wisbech to impact the town of Wisbech and to fulfil our mission to ‘present everyone mature in Christ’.
We ask for donations, or ‘tithes and offerings’ and notify you when we are including this as part of our worship on a Sunday. You are also notified about making a donation in Messy Church communications. These communications are in print, through email and social media.
A ‘donate now’ button is often included in an e-newsletter.
We do not use personal email addresses to make contact with individuals if we are contacting them on church business or within our role as a church leader. Contacting them with regard to any events or activities organised by the church will always come from an official church email account whose address ends in @kingswisbech.org.uk.
Church email is sent to mailing lists by using our website. Any replies are received in our official church email accounts as hosted by LCN.com.
Church email sent to individuals are sent and received from our official church email accounts at LCN.com.
If an email is sent from an individual’s account to another individual this is not an official church communication and as such does not fall under our Data Protection Policy.
Data Subject’s rights and choices
GDPR gives Data Subjects the right to:
Be informed as to how their data is going to be stored, used and secured through our Privacy Notice available at meetings.
Request in writing and securely obtain copies of the personal information The King’s Church, Wisbech holds about them which we will give to the Data Subject concerned within one month.
Correct or update their personal information held by us at any time. This can be done by a Data Subject if they have login access to our website in the ‘My Area’ section. Or by contacting the church office and their data will be updated as soon as possible (within one month).
Object to the use of their personal information for certain things (eg. Emailing you about a forthcoming course or event, but you may wish to still receive the emailed newsletter). Preferences will be updated once we receive a written request to do so and these will take effect as soon as possible (within one month).
Request The King’s Church, Wisbech to stop using their personal information at any time. Upon receipt of a written request we will delete all data held on a particular Data Subject as soon as possible (within one month) and all communication will stop at this time.
Lodge a complaint with the Information Commissioner’s Office about how we manage your data.
Data Subjects will be given the choice to opt-in to sharing their personal information in the Church Directory. They can decide to restrict the sharing of their data to just hard copy, electronic address book (accessible only through secure login by website members) or to be ex-directory (where data is stored for church administration purposes, but not shared with others).
Everyone who explicitly opts-in to sharing their data via this format will also have access to everyone else’s data who have also opted-in.
Each Data Subject will be able to select what data is included and what is omitted.
A ‘Data Protection Notice’ will be printed in the Directory that will state:
Please take care of the data contained in this Directory. Keep it in a safe and secure place.
Do not share the information inside this DIrectory with anyone else before asking permission directly from the person whom the personal data belongs to.
If you are updating this Directory (getting a new one), please return the old one to the church so it can be disposed of securely.
If you leave the church, please return this Directory to the church so that it can be disposed of securely.
Generally: please treat the personal data contained in this Directory how you would want your own personal data to be treated.
Electronic Address Book
Everyone who explicitly opts-in to sharing their data via this format will also have access to everyone else’s data who have also opted-in. A person will not have access to the online address book if they have not chosen to join it.
By logging in to ‘My Area’ of the church website the Data Subject can manage their contact details, make changes, update preferences and select which information you want visible in the address book or not. This can be done by the Data Subject at any time.
They also have the choice of being ex-directory where personal information is stored on the website/church management system to help with administration but will not be visible in the address book.
If a person leaves the church, their access to the website can be restricted so that they can no longer access the personal details of others.
Who we share your information with
We are absolutely committed to protecting your privacy. Our policy can be summarised in one sentence: we will not share your information with others without your consent.
Our data processors:
HMRC – If you are claiming Gift Aid, we are legally required to share your Gift Aid information with HMRC.
Endis Limited (of which Churchinsight is part) - This is the company we use to host our website and to run our church management software which includes our email mailing-lists. Their system is extremely secure and our site also has SSL encryption. You can manage your contact details on this system by logging in to your account on our website at any time.
LCN.com Limited– we use this company to host our church email system so email addresses will be stored here as well as received and sent email. This is a lot safer and more secure than using domestic email and is encrypted with TLS encryption.
A data breach occurs whenever the security of personal data is compromised. This could be as simple as sending an email to the wrong person, leaving a folder containing paper financial records on the bus, or wiping a computer drive which contained important records.
If a Data Breach is serious in that there is a high risk of an adverse effect against the Data Subject’s rights and freedoms they will be notified of the breach within 72 hours.
If we experience a significant Data Breach we will notify the ICO within 72 hours and a record of the breach will be kept.
We will do everything possible to keep personal data safe and secure. Please refer to our Information Security Policy.
Our data protection lead
Please contact our Data Protection Lead with regard to any data protection matter.
Our Data Protection Lead is: Matthew McChlery
Address: The King’s Church, Wisbech
10A-14 South Brink
Phone: 01945 467413
Contact us via email at firstname.lastname@example.org