St Saviour's Church

GDPR

 St Saviour’s Church Privacy Statement

St Saviour’s Church is committed to protecting and respecting your privacy.
This statement explains when and why we collect personal information about people who visit us, our website, or connect with us on social media, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
We may change this statement from time to time and a fuller version of our data protection policy can be found below. Both this statement and our policy are kept under regular review, so please check this page occasionally to ensure that you’re happy with any changes. By using our website, or connecting with us on any other available touchpoint you’re agreeing to be bound by this statement and our data protection policy.

Any questions regarding this Policy and our privacy practices should be sent by email to Dan Allwood at hello@stsaviours.church or by writing to St Saviour’s Vicarage, Hanley Road N4 3DQ.

Who are we?
We’re St Saviour’s Church, a Registered Charity (no. 1185858) and also a member of the Church of England, in the Diocese of London.

How do we collect information from you?
We obtain information about you when you use our website, sign up for any of our events or groups on ChurchSuite, register a child with us for a kids group, fill in a Connect Card, Serve, Give or Welcome flyers, or apply for a paid or volunteer position with the church.

What type of information is collected from you?
The personal information we collect might include your name, address, email address, phone number, attendance information at events, groups and meetings, IP address, and information regarding what pages are accessed and when. If you make a purchase from us, for example for the purpose of purchasing event tickets, your card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions, as explained below.

If you are a prospective employee or volunteer working with children or vulnerable adults, we may also collect criminal records information (such as Disclosure and Barring Service (DBS) checks) where we have a legal right or reason for doing so.

How is your information used?
We may use your information to:

  • Process a donation that you have made, and claim gift aid on it, with your written permission.

  • Process transactions that you have requested, i.e. registering you for groups and events run by the church, or supplying you with tickets for events or products where that is applicable

  • Ensure that children attending a St Saviour’s group or event are safely registered and accounted for.

  • Send you communications which falls within the scope of the charitable objectives of the church, and for the purpose of developing the congregation at St Saviour’s. This would be with your written permission, via our Connect Card, or through a Newcomers event.

  • To seek your views or comments;

  • To notify you of changes to our services, events and role holders;

  • To carry out comprehensive safeguarding procedures (including due diligence and complaints handling) in accordance with best safeguarding practice from time to time with the aim of ensuring that all children and adults-at-risk are provided with safe environments.

  • To enable us to meet all legal and statutory obligations (which include maintaining and publishing our electoral roll in accordance with the Church Representation Rules).

  • Process an application for a job or a volunteer position

We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations (for example the collection of Gift Aid, or children’s registration and attendance). We will hold your personal information on our systems for as long as is necessary for the relevant activity.

Our legal bases for collecting and using your information

We are entitled to use your personal data in the ways set out in this privacy notice on the following bases:

  • the use of your personal data is necessary for our legitimate interests in:

    • communicating with you;

    • ensuring the quality of the services we provide to you;

    • the physical security of our premises (with regard to CCTV); and

    • statistical analysis; and/or

  • we have legal obligations that we have to discharge; and/or

  • you have consented to such use.

If you do choose to provide your consent you can withdraw it at any time by contacting us using the details set out above.

Who has access to your information?
We will not sell your information to third parties.

Where necessary, we may pass your information to third parties that are specifically engaged by us for the purposes of completing tasks and providing services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and where we require those third parties to keep that information confidential and secure and to use it solely for the purpose of providing the specified service. The following is a list of the types of third parties who process your personal data on our behalf:

  • we may share information with entities that provide external events such as New Wine or Wildfire where you have signed up to those events;

  • if you have requested us to do so or consented to the disclosure; or

  • where we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime; or

  • when you are using our secure online donation pages, your donation is processed by a third party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us.

Your choices
You have a choice about whether you wish to receive information from us. We will collect your contact information via our website or a contact card and store it on ChurchSuite from where we send you details of church life, events and groups. If you do not want to receive these communications, you have the right to remove your information from ChurchSuite, or you can request such a preference via the church
office at any time.

How you can access and update your information?
St Saviour’s uses ChurchSuite to host and process all personal information of guests and members of the church. Members of the congregation are invited to download and access ChurchSuite for the purpose of staying in contact with the rest of the church and for adapting their communication preferences. Alternatively, you can contact the church office at hello@stsaviours.church or by post at St Saviour’s Vicarage, 73 Hanley Road, N4 3DQ at any time with such a request. You have the right to ask for a copy of the information St Saviour’s holds about you (we may charge £10 for information requests to cover our costs in providing you with details of the information we hold about you).

Security precautions in place to protect the loss, misuse or alteration of your information
When you give us personal information, we take steps to ensure that it’s treated securely. St Saviour’s uses ChurchSuite as its data management system. ChurchSuite is a cloud hosted, web based management system which complies with the principles of GDPR.

Below is a section of the ChurchSuite privacy policy:
“Maintaining the security of your data is one of our highest priorities, and to
this end, all access to ChurchSuite is over an SSL (https://) connection,
which provides 256-bit military grade encryption to ensure that all data in
transit between your web browser and ChurchSuite is fully encrypted.
Where we are required to store any usernames or passwords for third-party
integrations, such as social media or communication channels, we will always
encrypt these details before they are stored on our servers.
Once we have received any data and stored it on our servers, we make
commercially reasonable efforts to ensure its security on our system. To this end, we have chosen to host our ChurchSuite servers in a data centre that meets some of the strictest of industry security requirements, and is classified as a Tier 2 data centre.

Unfortunately, no data transmission over the Internet can be guaranteed to be
100% secure, so whilst we strive to protect your personal information,
unfortunately we cannot warrant the security of any information you transmit to us.”

This final paragraph applies to the transmission of data over the internet from any St Saviour’s email account too.

Demographic information
Using management information tools on ChurchSuite, we may analyse your personal information to understand demographics of those within the church, including address information. We do this to ensure that the charitable objectives of the church are being met and that what we provide is relevant for all types of people.

Use of ’cookies’
Like many other websites, the St Saviour’s website uses cookies. ’Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. For example, we use cookies to store your country preference. This helps us to improve our website and deliver a better more personalised service.

It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies on your computer, visit our full cookies policy. Turning cookies off may result in a loss of functionality when using our website.
For the purpose of keeping web statistics and analysing how people interact with our website – for the purpose of improving it and making it fit for purpose, we may use software that allows us to track IP addresses and ‘click’ interaction with the website.

18 or Under
We are concerned to protect the privacy of children aged 18 or under. If you are aged 18 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.

Review of this Policy
We keep this statement under regular review. This statement was last updated and reviewed by the PCC on 6th October 2022.