GDPR PRIVACY NOTICE
Welcome to Emmaus Road Community Church’s privacy notice.
Emmaus Rd respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data (regardless of where you visit it from), how we process it and tell you about your privacy rights and how the law protects you.
The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).
PURPOSE OF THIS PRIVACY NOTICE
This privacy notice aims to give you information on how Emmaus Rd collects and processes your personal data, including any data you may provide through this website when you interact with us, register for an event, donate to the church, apply for a role as a volunteer or staff member or sign up to our weekly newsletter.
This notice is not intended for children, however, we do collect data relating to children if they attend one of our events or take part in our Emmaus Rd Kids and Youth activities.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
Data controller– A controller determines the purposes and means of processing personal data.
Data processor– A processor is responsible for processing personal data on behalf of a controller.
Data subject– Natural person
Categories of data: Personal data and special categories of personal data
Personal data– The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.
Special categories personal data-The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
Processing– means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third party– means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Emmaus Road Community Church is a charity registered in England and Wales with number 1152606 and is the data controller. This means we decide how your personal data is processed and for what purposes. Our contact details are: Allen House Pavilion, Eastgate Gardens, Guildford GU1 4UT.
We have appointed a Data Protection Lead (DPL) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPL at firstname.lastname@example.org by calling 01865 385 216, or in writing to Emmaus Rd, Allen House Pavilion, Eastgate Gardens, Guildford GU1 4UT.
We will keep this privacy notice under regular review to ensure it represents an accurate reflection of the way we use your personal information.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
IF YOU WITHDRAW OR FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel your tickets to an event or service you have with us but we will notify you if this is the case at the time. If you request that your personal data be withdrawn from us, it will directly impact our ability to let you know what’s happening in the life of the church, to process donations and to connect you in with those ministries you want to serve alongside.
HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms (Get Connected Card) or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
HOW WE USE YOUR PERSONAL DATA
As a church, we hold records of the people in our congregation, volunteers, guest and service users and use this information to coordinate church activities and to keep you informed of things happening in the life of the church.
We also collect and use information about our suppliers and contractors. This information is used to manage and administer the church and to carry out our charitable purposes. We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We have set out below a description of the ways we plan to use your personal data. Emmaus Rd collects and processes information so that we can:
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please email email@example.com
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
DISCLOSURES OF YOUR PERSONAL DATA
We may have to share your personal data with the parties set out below for the purposes of which we will use your personal data set out above.
*MailChimp, SurveyMonkey, Google and Eventbrite are US based companies and are certified under Privacy Shield.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
SHARING YOUR DATA
Except for the circumstances outlined above under, ‘Disclosures of your Personal Data’ will never share your data with any third party. Your personal data will be treated as strictly confidential.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We keep your personal data for no longer than reasonably necessary which in most cases is for the period of time that you are part of the Emmaus Rd Community in order to keep you connected to what’s going on in the life of the church. We would only retain your data beyond this time where there was an ongoing complaint, legal claim or safeguarding investigation.
PROVIDING US WITH YOUR PERSONAL DATA
You are under no statutory or contractual requirement or obligation to provide us with your personal data. But failure to do so means that we won’t be able to inform you about anything that’s happening in the church, to connect you to a collective (Emmaus Rd’s mid-week small groups) or write/call to thank you for any financial donations or serving as a volunteer.
YOUR RIGHTS AND YOUR PERSONAL DATA
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
TRANSFER OF DATA ABROAD
We do not transfer personal data outside the EEA.
AUTOMATED DECISION MAKING
We do not use any form of automated decision making in our organisation.
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
HOW TO MAKE A COMPLAINT
To exercise all relevant rights, queries or complaints please in the first instance contact our Data Protection Lead on firstname.lastname@example.org
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Officeon 03031231113 or via email https://ico.org.uk/global/contact-us/email/or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.
Legitimate Interest means the interest of our charities in conducting and managing our charitable activities to enable us to give you the best church community, events, products and services and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
The policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the website and website owners. Furthermore the way this website processes, stores and protects user data and information will also be detailed within this policy.
This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies to all UK national laws and requirements for user privacy.
Cookies are small files saved to the user’s computers hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.
Other cookies may be stored to your computers hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.
Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 1998. Every effort has been made to ensure a safe and secure form to email submission process but advise users using such form to email processes that they do so at their own risk.
This website and its owners use any information submitted to provide you with further information about the products / services they offer or to assist you in answering any questions or queries you may have submitted. This includes using your details to subscribe you to any email newsletter program the website operates but only if this was made clear to you and your express permission was granted when submitting any form to email process. Or whereby you the consumer have previously purchased from or enquired about purchasing from the company a product or service that the email newsletter relates to. This is by no means an entire list of your user rights in regard to receiving email marketing material. Your details are not passed on to any third parties.
Although this website only looks to include quality, safe and relevant external links, users are advised adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text / banner / image links to other websites).
The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
This website and its owners through their social media platform accounts may share web links to relevant web pages. By default some social media platforms shorten lengthy urls [web addresses] (this is an example: http://bit.ly/zyVUBo).
Users are advised to take caution and good judgement before clicking any shortened urls published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine urls are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.
v.1.0 March 2017
Emmaus Rd, Allen House, Allen House Grounds, GU1 4AZ. Charity Number: 1152606.