If you disagree with any part of this policy please do not provide personal information and do not use our website.
This policy explains how the Church and the website comply with the DPA (Data Protection Act), the General Data Protection Regulation (GDPR) which came into effect on 28 May 2018, and the Privacy and Electronic Communications Regulations. We may update this policy when the UK exits the European Union.
By providing your personal details you agree to allow the Church to contact you by post, email, telephone or telephonic and electronic text messages (and other messaging tools including Facebook, WhatsApp etc) in connection with its charitable purposes. either on the basis of the consents you have given us or for our legitimate interests in accordance with current data protection regulations.
How we collect information about you
We collect personal information each time you are in contact with us. For example, when you:
- Visit our website and/or register on MyChurchSuite.
- Register your details and your family details (e.g. Garden City Kids).
- Provide your contact details, in writing or orally, to Church staff or volunteers.
- Purchase goods or services, including when you provide credit or debit card details.
- When you attend particular Church activities (e.g. training events).
- Communicate with the Church by means such as email, letter or telephone.
- Face to face meetings with staff and volunteers.
- Access social media platforms such as Facebook, Twitter, or Instagram.
The Church does not hold any debit or credit card details for donations/payments made via our websites. All card payments are handled by service providers who encrypt card information sent from this website.
How we use your information
- To keep you informed by text and/or email as to church services, activities, resources and conferences plus prayer requests, news and encouragements.
- To provide pastoral care and support to you and your family.
- To establish and maintain your involvement with the Church (e.g. serving rotas), events you have attended, what areas and activities of the Church you have supported, record and acknowledge any donation, to provide the products you have requested.
- To answer an inquiry or request for further information or complaint about the Church, its services, activities and events.
- To register you and/or your family members for activities, events, conferences.
- To assist us to make the Church’s services and products more valuable to our community.
- For promotion of products or services and to keep you informed of new developments we believe may be of interest to you.
- To improve our general ability to assist Church attendees and the wider community.
Who see's your information
The information you provide to us will be held on our Church database, ChurchSuite. The ChurchSuite data centre is in Manchester (UK Fast) and also AWS, in London.
This information may be accessed by or given to our team at the Church, and our service providers who act for us for the purposes set out in this policy or for other purposes approved by you. Those parties may process information, fulfil and deliver orders, process credit card payments and provide support services on our behalf.
We do not sell or pass any of your personal information to any other organisations and/or individuals without your express consent, with the following exceptions:
- By providing us with your details, you are giving the Church your express permission to transfer your data to our service providers including mailing houses, such as MailChimp, to enable fulfilment of the purpose for collection.
- Where such details are shared we ensure that there are clear restrictions in place for the use of your information to the purpose for which it is provided and ensure it is stored securely and kept no longer than necessary.
- We do not intend to store or currently store financial details (credit or debit card numbers) obtained through online transactions. We do not store details online nor do we pass any information to third parties, except where we are legally required to do so, to assist fraud reduction, or to provide a service requested and minimise credit risks.
Sensitive Personal Information: The Church may collect and store sensitive personal information such as health information (for pastoral support). Your personal information will be kept strictly confidential. It is never sold, given away, or otherwise shared with anyone, unless required, by law.
Keeping Data up to date
Please tell us as soon as any of your contact details change so that we can keep our records up to date. You can change the way we contact you, or the kind of material we send you, at any time by contacting us by mail or email using the contact details above. You can unsubscribe from our regular emails or texts at any time by using the ‘unsubscribe’ or ‘change preferences’ links on the email or texts you have received.
If you register with MyChurchSuite you can personally log-on and update your contact details.
Access to your information
You can request access to the personal information that the Church holds about you by contacting the Church’s Privacy Officer as set out below. We will provide you with access to your personal information within one month, unless we are legally authorised to refuse your request or if your request is deemed manifestly unfounded or excessive. In the rare event that we do refuse a request, we will inform you why and let know that you have the right to complain to our Privacy Officer and the statutory supervisory bodies.
f you wish to change personal information that is out of date or inaccurate at any time please contact us. The Church will take reasonable steps to correct any of your information which is inaccurate, incomplete or out of date. If you wish to have your personal information deleted please let us know and we will delete that information wherever practicable.
We may refuse your request to access, amend or delete your personal information in certain circumstances. If we do refuse your request, we will provide you with a reason for our decision and, in the case of an amendment, we will note with your personal information that you have disputed its accuracy.
The Church will take reasonable steps to keep secure any personal information, which we hold and to keep this information accurate and up to date. Personal information, held electronically, is stored in a secure server or secure files.
The Internet is not a secure method of transmitting information. Accordingly, the Church cannot accept responsibility for the security of information you send to or receive from us over the Internet or for any unauthorised access or use of that information. We take security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. Your information will be held for a reasonable period or as long as the law requires or permits.
Data breach policy
In the event that a Data Breach has been discovered the Church Privacy Officer will be notified immediately. A Data Breach, confirmed or suspected, is any incident that may compromise the confidentiality, integrity or availability of systems or data either accidentally or deliberately. Such incidents could include:
- Loss or theft of confidential or sensitive data or equipment on which such data is stored (e.g. loss of laptop, USB stick, iPad/tablet device, or paper record).
- Equipment theft or failure.
- Unauthorised use of, access to or modification of data or information systems.
- Attempts (failed or successful) to gain unauthorised access to information or IT system(s).
- Unauthorised disclosure of sensitive/confidential data.
- Website defacement.
- Hacking attack.
The Church Privacy Officer will investigate the breach and determine any corrective measures that need to be implemented, with appropriate levels of urgency. The Church Privacy Officer will notify the Information Commissioner’s Office if it is likely to result in a risk to the rights and freedoms of individuals e.g. if it could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage. The Church Privacy Officer would also notify those directly concerned if the breach is likely to result in a high risk to the rights and freedoms of individuals.
The Church Privacy Officer will maintain a record of all Data Breaches.
Cookies are small amounts of information that we store on your computer. Unless you have indicated your objection when disclosing your details to us, our system will issue cookies to your computer when you log on to the site. Cookies make it easier for you to log on to and use the site during future visits. They also help to monitor website traffic and to personalise the content of the site for you but will not store save or collect personal information. You may set up your computer to reject cookies although, in that case, you may not be able to use certain features on our site.
This website may also include links to other websites. Links provided by the Church are for your convenience to provide further information.
We use websites such as Vimeo and YouTube to embed videos on our website, service providers such as MailChimp and Google Analytics and you may be sent cookies from them via our site. Please look at the cookie and privacy policies on these third-party sites if you want more information about this.
The Church uses social media such as Facebook, Twitter and Instagram. Users must verify authenticity of sites before posting or providing personal information on such sites.
Our website may provide social media buttons, permitting sharing our web content directly to a social media, platform. Use of such buttons is at your own risk. Unless it is material supplied or officially posted by the Church we do not endorse social media website(s) and have no responsibility for the content nor for the cookies they may contain.
The Church does not ask for passwords nor personal details on social media.
Your individual rights
The GDPR provides the following rights for individuals:
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object
- The rights in relation to automated decision making and profiling.
For more information about your information rights visit www.ico.org.uk.
Any documents or files made available to download from our website are provided at users own risk.
Changes to policy
The Privacy Officer
Garden City Vineyard
c/o 42 Sheep Street
Garden City Vineyard, Milton Keynes is a registered charity (No: 1194753).