PRIVACY AND COOKIES NOTICE
All Saints Presbyterian Church (“ASPC”) is the data controller in relation to all personal information collected by the Church. APSC is a Charitable Incorporated Organisation registered in England (No. 1184509), whose registered office is at All Saints Presbyterian Church, Akenside Hill, Newcastle upon Tyne, NE1 3UF.
Whose data do we collect?
• our members and regular congregation
• our donors and supporters
• those who register to attend events we organise
• those who make enquiries with us
Why do we process personal data?
• To maintain our membership roll
• To meet the pastoral and social needs of our members and regular congregation
• To administer events and activities hosted by us
• To inform our regular congregation of church activities and news
• Sharing member details (with consent) with other members of ASPC to facilitate fellowship
• To maintain safeguarding procedures and records in line with our policies
• To maintain our own records and accounts (including processing gift aid)
• To fundraise and promote the interests of ASPC
• To answer enquiries from those who email us through the website
• To manage our employees and volunteers
• To enable us to meet all legal and statutory obligations
• To maintain the content of our website
What data might we process?
• Name and title
• Contact details such as telephone numbers, addresses, and email addresses
• Where relevant, information such as age, date of birth, sex, marital status, nationality, education/work histories, academic/professional qualifications, hobbies, family composition, and dependants
• Donations or payments for activities such as a church holiday or youth activity camp
• Religious or philosophical beliefs
• During the course of providing pastoral care or discharging our responsibilities as an employer, we may process special category data such as racial or ethnic origin, mental and physical health, and biometric data
What is the legal basis for processing your personal data?
• Explicit consent of the data subject to keep our regular congregation informed by email about congregational news, events and activities
• Processing is necessary to carry out the legitimate interests of ASPC in terms of administering a voluntary service for the benefit of the public
• Processing is necessary to protect the vital interests of individuals and protecting life with regard to safeguarding and the medical health and safety of individuals
• In relation to special category data, processing is carried out by a not-for-profit body with a religious aim and the processing relates only to members or those who have regular contact with ASPC in connection with its purposes
• In our employment practices, processing is necessary for the performance of a contract and for carrying out obligations under employment, social security or social protection law
Sharing your personal data
Your personal data will be treated as strictly confidential. However, there may be occasions where it is necessary to share personal information where it is required by law or to respond to any legal or regulatory action. We will provide information to HMRC on gift aided donations since we have a legal obligation to provide this information.
There may be a few situations where our legitimate interests involve us sharing some information with service providers who are contracted to fulfil specific services for us. But where that is the case, we remain in control of the information and the service provider is not allowed to do anything with the information other than what we have requested.
How long do we keep your personal data?
ASPC will retain personal data only for as long as is necessary. All data will be deleted when it is no longer needed. Certain types of data will therefore be kept for longer periods than others based on what is deemed necessary or based on certain legal requirements.
• name and contact details of our members and regular congregation for the currency of their association with us
• employment information and records generally for seven years after the date the record was made, but some employee details for seven years after employment has ceased
• gift aid declarations, financial records and paperwork for up to 7 years after the financial year to which they relate
• youth group registers for 7 years
• the baptism register and records relating to safeguarding matters permanently.
The church database will be reviewed by the Church Administrator on a quarterly basis. The purpose of this review will be check the accuracy of the data and remove any data where the retention period has lapsed. A full data review of all digital and physical personal data will be conducted annually for the purpose of complying with this data retention policy.
What are cookies?
Cookies are small text files that are downloaded to a user’s device when they visit a website.
Some cookies are retained in a user’s browser for only as long as they visit our website, while others may persist for a longer specified or unspecified period.
How do I change my cookie settings?
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org
Visitor IPs are logged and stored in the server logs, for troubleshooting purposes, but they are not tracked by ASPC.
Under data protection law, you have the following rights in relation to your personal data:
Right to access
Subject to some exemptions, the right to access a copy of the personal information we hold about you.
Right to correct
The right to obtain from us the rectification of inaccurate or incomplete personal information we hold concerning you.
Right to erase
The right to ask us to erase your personal information in certain circumstances.
Right to restriction of processing
The right to ask us to restrict the processing of your personal information in certain circumstances.
Right to object
The right to object to our use of your personal information where we use it on the basis of our legitimate interests. We shall no longer process your personal information unless we can demonstrate compelling legitimate grounds for the processing. A person also has the right to object to processing of their personal information for direct marketing purposes.
Right to withdraw consent
The right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before the withdrawal of consent.
More information about these rights can be found at https://ico.org.uk/your-data-matters/.
Changes to this notice
We keep this Notice under review and we will place any updates on our website. This Notice was last updated in February 2023.
If we wish to use your personal data for a new purpose, not covered by this Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
To make enquiries in relation to this privacy notice, exercise any of the above rights, or to make a complaint about our use of your personal information, please contact the Church Administrator at the address at the start of this Notice or email firstname.lastname@example.org.
If you are not satisfied with the way we deal with your complaint, you have the right to refer it to the Information Commissioner’s Office. You are also entitled to make a complaint to the Information Commissioner’s Office without first referring it to us.