Privacy Policy & Cookies

GDPR PRIVACY NOTICE
INTRODUCTION

Welcome to Emmaus Road Community Church’s privacy notice.

Emmaus Rd respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data (regardless of where you visit it from), how we process it and tell you about your privacy rights and how the law protects you.

The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).

PURPOSE OF THIS PRIVACY NOTICE

This privacy notice aims to give you information on how Emmaus Rd collects and processes your personal data, including any data you may provide through this website when you interact with us, register for an event, donate to the church, apply for a role as a volunteer or staff member or sign up to our weekly newsletter.

This notice is not intended for children, however, we do collect data relating to children if they attend one of our events or take part in our Emmaus Rd Kids and Youth activities.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.

DEFINITIONS

Data controller– A controller determines the purposes and means of processing personal data.

Data processor– A processor is responsible for processing personal data on behalf of a controller.

Data subject– Natural person

Categories of data: Personal data and special categories of personal data

Personal data– The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.

Special categories personal data-The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.

Processing– means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Third party– means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

DATA CONTROLLER

Emmaus Road Community Church is a charity registered in England and Wales with number 1152606 and is the data controller. This means we decide how your personal data is processed and for what purposes. Our contact details are: Allen House Pavilion, Eastgate Gardens, Guildford GU1 4UT.

We have appointed a Data Protection Lead (DPL) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPL at gdpr@emmausrd.comor by calling 01865 385 216, or in writing to Emmaus Rd, Allen House Pavilion, Eastgate Gardens, Guildford GU1 4UT.

We will keep this privacy notice under regular review to ensure it represents an accurate reflection of the way we use your personal information.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

THE DATA WE COLLECT ABOUT YOU

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:

  • Identity Data includes first name, last name, username or similar identifier, marital status, title and gender.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of events, products or services you have purchased from us or gifts you have donated to us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
  • Usage Data includes information about how you use our website, events, products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

IF YOU  WITHDRAW OR FAIL TO PROVIDE PERSONAL DATA

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel your tickets to an event or service you have with us but we will notify you if this is the case at the time. If you request that your personal data be withdrawn from us, it will directly impact our ability to let you know what’s happening in the life of the church, to process donations and to connect you in with those ministries you want to serve alongside.

HOW IS YOUR PERSONAL DATA COLLECTED?

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms (Get Connected Card) or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • get involved in the life of church through one of our services, groups or activities;
  • donate online, by text message or completing a giving envelope;
  • register for an event or course;
  • subscribe to our services or publications;
  • request marketing to be sent to you;
  • respond to a survey; or
  • give us some feedback.

Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.

Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:

  • Technical Data from analytics providers such as Google based outside the EU.
  • Identity and Contact Data from publicly availably sources such as Companies House based inside the EU.

HOW WE USE YOUR PERSONAL DATA

As a church, we hold records of the people in our congregation, volunteers, guest and service users and use this information to coordinate church activities and to keep you informed of things happening in the life of the church.

We also collect and use information about our suppliers and contractors. This information is used to manage and administer the church and to carry out our charitable purposes.  We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of Emmaus Rd) and your interests and fundamental rights do not override those interests.

 

PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA

We have set out below a description of the ways we plan to use your personal data.  Emmaus Rd collects and processes information so that we can:

  • Manage, administer and promote the life of the church
  • Administer financial transactions and donations
  • Administer our courses or events
  • Manage our websites and social media accounts
  • Manage our volunteers and HR function
  • Prevent and detect crime
  • Where we need to comply with a legal or regulatory obligation

CHANGE OF PURPOSE

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please email gdpr@emmausrd.com

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

 

DISCLOSURES OF YOUR PERSONAL DATA

We may have to share your personal data with the parties set out below for the purposes of which we will use your personal data set out above.

ExternalThird Parties

  • Service providers acting as processors based in the UK who provide website, social media, media and IT and system administration services.
  • Course and event management systems including 24-7 Prayer, ChurchSuite and Eventbrite.
  • Electronic marketing and research services such as Mailchimp, SurveyMonkey and Google Forms.
  • Our contact database ChurchSuite
  • Professional advisers including payroll providers, lawyers, bankers, auditors, pension advisors and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance and accounting services.
  • HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.

*MailChimp, SurveyMonkey, Google and Eventbrite are US based companies and are certified under Privacy Shield.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

SHARING YOUR DATA

Except for the circumstances outlined above under, ‘Disclosures of your Personal Data’ will never share your data with any third party. Your personal data will be treated as strictly confidential.

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We keep your personal data for no longer than reasonably necessary which in most cases is for the period of time that you are part of the Emmaus Rd Community in order to keep you connected to what’s going on in the life of the church. We would only retain your data beyond this time where there was an ongoing complaint, legal claim or safeguarding investigation.

PROVIDING US WITH YOUR PERSONAL DATA

You are under no statutory or contractual requirement or obligation to provide us with your personal data. But failure to do so means that we won’t be able to inform you about anything that’s happening in the church, to connect you to a collective (Emmaus Rd’s mid-week small groups) or write/call to thank you for any financial donations or serving as a volunteer.

YOUR RIGHTS AND YOUR PERSONAL DATA

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of the personal data which we hold about you;
  • The right to request that we correct any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary to retain such data;
  • The right to request that we provide you with your personal data.
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.

 

TRANSFER OF DATA ABROAD

We do not transfer personal data outside the EEA.

AUTOMATED DECISION MAKING

We do not use any form of automated decision making in our organisation.

FURTHER PROCESSING

If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.

CHANGES TO OUR PRIVACY POLICY

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

HOW TO MAKE A COMPLAINT

To exercise all relevant rights, queries or complaints please in the first instance contact our Data Protection Lead on gdpr@emmausrd.com

If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Officeon 03031231113 or via email https://ico.org.uk/global/contact-us/email/or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.

LAWFUL BASIS

Legitimate Interest means the interest of our charities in conducting and managing our charitable activities to enable us to give you the best church community, events, products and services and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

May 2018


WEBSITE PRIVACY & COOKIES

What is this Privacy Policy for?

This privacy policy is for this website [www.emmausrd.com] and governs the privacy of its users who choose to use it.

The policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the website and website owners. Furthermore the way this website processes, stores and protects user data and information will also be detailed within this policy.

The Website

This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies to all UK national laws and requirements for user privacy.

Use of Cookies

This website uses cookies to better the users experience while visiting the website.

Cookies are small files saved to the user’s computers hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.

This website uses tracking software to monitor its visitors to better understand how they use it. This software is provided by Google Analytics which uses cookies to track visitor usage. The software will save a cookie to your computers hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information. You can read Google’s privacy policy here for further information [www.google.com/privacy.html].

Other cookies may be stored to your computers hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.

Contact & Communication

Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 1998. Every effort has been made to ensure a safe and secure form to email submission process but advise users using such form to email processes that they do so at their own risk.

This website and its owners use any information submitted to provide you with further information about the products / services they offer or to assist you in answering any questions or queries you may have submitted. This includes using your details to subscribe you to any email newsletter program the website operates but only if this was made clear to you and your express permission was granted when submitting any form to email process. Or whereby you the consumer have previously purchased from or enquired about purchasing from the company a product or service that the email newsletter relates to. This is by no means an entire list of your user rights in regard to receiving email marketing material. Your details are not passed on to any third parties.

External Links

Although this website only looks to include quality, safe and relevant external links, users are advised adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text / banner / image links to other websites).

The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Social Media Platforms

Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.

Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.

This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.

Shortened Links

This website and its owners through their social media platform accounts may share web links to relevant web pages. By default some social media platforms shorten lengthy urls [web addresses] (this is an example: http://bit.ly/zyVUBo).

Users are advised to take caution and good judgement before clicking any shortened urls published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine urls are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.

v.1.0 March 2017
Emmaus Rd, Allen House, Allen House Grounds, GU1 4AZ. Charity Number: 1152606.