Privacy Notice

Your PrivacyWhat is Churchsuite?
ChurchSuite Software (“the Services”) is designed to help us administer our church and provide all elements of pastoral care to our members and the community.  Our members may be provided with access to a user account, which they can use to provide us with information (including personal information), update preferences and access options to allow the booking of events and recording attendance.  The Services should bring benefits to everyone as we can stay in touch with you much more easily and you can provide us with information in a quick and efficient way.
 
In addition to Churchsuite, we may also collect information from you in person or on paper forms or online forms within other systems. We have also included information about other forms of processing that we may carry out.
 
What is the purpose of this Privacy Policy?Elim Pentecostal Church Wimbledon is a “data controller” which means we have to tell you certain information when processing your personal information.  We may input personal information into ChurchSuite or may ask you to do so yourself. We may collect information from you in person or we may ask you to fill in paper forms or input information into other systems that the church uses.
 
If you have any queries about this Privacy Policy or how we use your personal information, please contact
[Our Data Protection Lead] is Carla Benjamin who can be contacted at the above address or email at elim.wimbledon@virgin.net.
 
This Privacy Policy relates to your use of the Services and tells you:
What personal information we collect about you when you use the Services
How we collect your personal information in the Services
How we use your personal information
Who we may share your personal information with
Any transfer of personal information outside of the EEA
How long we keep your personal information
What we do to protect your personal information
What choices you have in relation to your personal informationWe last updated this Privacy Policy on 4/5/2018.
Personal Information we process about youWhat information we process about you
We may collect the following information about you:
your name and address
your mobile phone number
your email address
whether or not you are ordained or in holy orders
any ecclesiastical permissions you hold
your marital status
your age and gender
information about your family
your education and employment
your role(s) within the church (if appropriate)
any membership of a PCC or status as a representative for the church
attendance at meetings, events and training
to carry out a DBS check
the result of a DBS check
information about your use of the Services (e.g. when you have logged in, what pages you visited)
information we collect and record as part of pastoral care (this will include anything you tell us unless you tell us not to record it)
payment details when booking events
donations to the church
Any information you provide to us
Any teams or groups you are involved with
When you are unavailable for serving on rota
Dates and times that you are on a rota 
Sensitive Personal Information
We may also collect, store and use the following “special categories” of sensitive personal information (if you give us this information)
Information about your health, including any mental or physical conditions that you notify us about
Your religious beliefs
Your racial origin
Your sexual orientation
Any criminal record

Personal Information you give usWe may collect personal information from you when you attend church and speak to us in person. You may also fill in one of our paper forms, a form available in a different electronic system.
We collect personal information from you when you or we set up a user account in ChurchSuite. If we set up an account on your behalf, then we will input personal information from you that we collected from you in person, on paper forms and from contact forms on our website. We will also collect information from you when you update your user account on ChurchSuite. 
Once the information is collected it is stored securely or they will be destroyed accordingly.
 
 
Personal Information we collect automatically
When you use the Services, we may collect certain information automatically such as:
IP addresses (the name your smartphone uses to identify itself to us)
Your activity in the Services including times and dates of visits
Information on your location
other websites you may have visited 
Cookies
We use cookies to collect information automatically. A cookie is a small file of data which our website places on your computer’s hard drive. The cookies give us information such details of your visits to our website and information about other websites that you visit.
Cookies allow websites to respond to you as an individual and let us tailor our website to your needs, likes and dislikes by gathering and remembering information about you. We use cookies to help us to provide you with a better website.
 
Cookies that we use
Google Analytics From time to time some online services, including mobile apps, use Google Analytics. This is a web analytics service provided by Google, Inc. Google Analytics sets a cookie in order to evaluate use of those services and compile a report for us.
ASP.NET_SessionId is a cookie which is used to identify the users session on the server. The session being an area on the server which can be used to store data in between http requests.
 
How to delete and control cookies
Most computers automatically accept cookies but you can change your settings so that you will not receive cookies and you can also delete existing cookies from your computer.
If you do change your settings, you may find that some parts of our website will not function properly. If you do not adjust your settings, you will accept cookies provided by this website.
To find out how to delete cookies or adjust their settings please visit http://www.allaboutcookies.org/.
 
How we use your Personal InformationOur legal basis for using your information
The law only allows us to use your personal information in certain limited circumstances.  We have listed these below and what information they allow us to process.
1.) Where it is necessary for our legitimate interests
The GDPR specifically states that a church may use legitimate interests to process personal information relating to its members to administer your membership to the church.  We consider that this is the most appropriate condition for us to administer your membership of our church as you would reasonable expect that we would have to process your personal information in order to provide you with membership of our church and so you can take full advantage of all our services.  We have put safeguards into place to ensure that your personal information is protected and that your fundamental rights and freedoms are not overridden.
 
Examples of how we may use your information for administration purposes:
to set up your Churchsuite church account
so that we can keep a record of your attendance at church, bible classes and at other events and meetings
to provide you with pastoral care and other support that you have requested and we believe would be helpful to you
to organise volunteers and put together rotas[Please delete if not applicable - We may also use legitimate interests to send out our marketing materials but only where such materials relate directly to the church and you have not told us not to send you such information]
 
2.) Where you have consented to us using your personal information
Examples of how we may use your information with consent
[Please delete if not applicable - We may ask for your consent to send marketing communications out to you, including information about our events and other marketing materials]
We may also ask for consent where you have given us information as part of our pastoral care and asked us to use it for a certain purpose.3.) Where we need to perform the contract we have entered into with you
Examples of how we may use your information in order to comply with a contract that we have entered into with you:
to buy tickets for events
to administer the Services (such as troubleshooting, data analysis, research)
to tell you about changes to our website, software or Services that will affect your use of ChurchSuite
to help us (or the software developers) improve the Services 
4.) Where we need to comply with a legal obligation
Examples of how we may use your information to fulfil a legal obligation
keeping records for gift aid purposes
to prevent and detect fraud
to protect children and vulnerable adult
to get your feedback on the Services 
 
HOW WE USE SENSITIVE PERSONAL INFORMATION  
“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:
1. In limited circumstances, with your explicit consent recorded in writing (e.g. where you tell us information in order to obtain support and pastoral care from us – for example this could relate to physical or mental health).
2. Where we need to carry out our legal obligations (e.g. ensure DBS checking is done where appropriate)
3. Where it is needed in the public interest and in line with our data protection policy.
4. Where It Is needed In connection with our children and vulnerable adults protection policy
Less commonly, we may process this type of information where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public
 
What this means in practice
We may use your sensitive personal information in the following ways:
 
Your mental or physical health, racial origin, sexual orientation or criminal record in order to provide you with support and pastoral care.  We may also use this information to help you access support and benefits if appropriate and requested by you
your religious beliefs in order to administer your membership of our church
your DBS check (which may contain information relating to criminal offences or presence on a register) to decide your suitability for roles in the church 

In all cases where we require consent, we will seek your written consent or record you consent in writing to allow us to process certain sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
 
Information about Children
 
Whilst information relating to children is not considered to be special category information, it is information that is given specific protection.  Where the child is under the age of 13 we will always ask for the consent of parents before allowing the child to set up an account in ChurchSuite and ensure that the parent are able to access and administer the account. 
 
Where a child is 13 or over then we will permit the child to have their own ChurchSuite account, but we may (if we believe it to be appropriate in the circumstances) inform the parents. We will tell the child at the time of signing up that we may inform their parents and we will only do this where it is appropriate and lawful to do so.
 
Sharing your Personal InformationOther third parties
We may share your information with certain third parties including:
With other members of our church so that they can provide you with support and pray for you
Other churches – if you request us to pass on your information either to them or from them (if you move)
Support services and benefits providers (e.g. local authorities, your doctor)
Our suppliers for the performance of any contract we enter into with them or you
Our software providers who need to see your information in order to keep our website up and running
Analytics and search engine providers who analyse information about your use of our website and help us to tailor the product and offers that we offer to you and other users 
We work with the following organisations:
Churchsuite
Church Insight/Endis(Website)
HMRC (for claiming of Gift Aid)
Lloyds Cardnet(for processing of Card Donations)
Text Local (sending of text messages) 
Legal Requirements and Law Enforcement
We may also disclose your personal information to third parties:
If we are required by law, or in order to enforce or apply our terms of use. This includes exchanging information with other organisations such as law enforcement agencies. 
Third Party Privacy Policies
The Services may contain links to websites owned by other organisations.  If you follow a link to another website, these websites they will have their own privacy policies.  We suggest that you check the policies of any other websites before giving them your personal information as we cannot accept responsibility for any other website.
Keeping your Personal InformationHow we store your personal information
The security of your personal information is important to us.
We use appropriate technical and organisational measures to safeguard personal information and  encryption technology where appropriate to enhance privacy and help prevent information security breaches.
Any personal information that we provide to you will be held within the EEA.
All third parties who provide services to us or our software provider are required to sign a contract requiring them to have appropriate technical, administrative and physical procedures in place to ensure that your information is protected against loss or misuse.
All information you provide to us is stored on our secure servers or on secure servers operated by a third party. Information on our third-party providers can be found above.
 
Retention of information
We only hold your personal information for as long as necessary for the purposes for which we collected your information.
We have set these timescales in accordance with any applicable legislation and where none exists then we will keep your information for the duration of any contract that you have entered into with us and then for a period of 7 years after which time it will be deleted.
 
Emails
If you chose to send us information via email, we cannot guarantee the security of this information until it is delivered to us.
Your rightsAccess to information
You have the right to access information that we hold about you. If you wish to receive a copy of the information that we hold, please contact at elim.wimbledon@virgin.net or write to us at the address above
 
Changing or deleting your information
You can ask us at any time to change, amend or delete the information that we hold about you or ask us not to contact you with any further marketing information.  You can also ask us to restrict the information that we process about you.
You can request that we change, amend, delete your information or restrict our processing by emailing us at elim.wimbledon@virgin.net.
 
Right to prevent Automated decision making
You have a right to ask us to stop any automated decision making. We do not intentionally carry out such activities, but if you do have any questions or concerns we would be happy to discuss them with you and you can contact us at elim.wimbledon@virgin.net.
 
Transferring Personal Information
You have the right to request that your personal information is transferred by us to another organisation (this is called “data portability”). Please contact us at elim.wimbledon@virgin.net with the details of what you would like us to do and we will try our best to comply with your request. If may not be technically feasible, but we will work with you to try and find a solution.
 
Complaints
If you make a request to us under this Privacy Policy and you are unhappy with the response, you can ask for the request to be reviewed under our internal complaints procedure. Our internal complaints procedure allows your request to be reviewed by Carla Benjamin our Data protection Lead who will do their best to try and resolve the issue.
If you have been through the internal complaints procedure and are still not happy with the result, then you have the right to complain to the Information Commissioner’s Office. They can be contacted as follows:

Website: www.ico.org.uk
Telephone: 03031231113
Address:           Information Commissioner's Office
                        Wycliffe House
                        Water Lane
                        Wilmslow
                        Cheshire
                        SK9 5AF
           
Changes to our Privacy Policy
We review our Privacy Policy on a frequent basis to check that it accurately reflects how we deal with your information and may amend it if necessary. You should check this page regularly to see the most up to date information.
 
How to Contact us
We welcome questions, comments and requests regarding this Privacy Policy which can be sent to elim.wimbledon@virgin.net.