DATA PRIVACY NOTICE

 

1. Your personal data – what is it?

 

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).

 

2. Who are we?

 

The PCC of Christ Church, Epsom Common is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.

3. How and why do we process your personal data?

 

We receive, collect and store any information you enter on our website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, product reviews, recommendations, and personal profile.

The PCC of Christ Church, Epsom Common complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the following purposes: -

  • To enable us to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our constitution; • To administer membership records;

  • To fundraise and promote the interests of the church; • To manage our employees and volunteers;

  • To maintain our own accounts and records (including the processing of gift aid applications);

  • To inform you of news, events, activities and services running at Christ Church

  • To determine eligibility for attendance and participation at the Annual Parochial Church Meeting and for election to the Parochial Church Council deanery, diocesan and general synods where applicable and to calculate the number of representatives who may be elected to each of these synods in the following year;

  • To undertake a review and revision of the electoral roll as necessary; and

  • To publish the electoral roll, by exhibiting the roll in the parish church in accordance with our legal obligations.

 

4. What is the legal basis for processing your personal data?

 

  • Processing is necessary for the purposes of the legitimate interests of the church, namely to enable us to perform the functions outlined above;

  • Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement;

  • Processing is carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided: -

    • the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and

    • there is no disclosure to a third party without consent;

  • Processing of personal data in relation to the parish electoral roll is necessary for compliance with a legal obligation, namely the Church Representation Rules which require us to create, publish and keep an electoral roll and use the electoral roll to calculate numbers for election to synod;

  • The automatic legal consequence of submitting an application to have your name added to the electoral roll, is that your name and address will be published in the necessarily public electoral roll and by submitting the application form you are making that data public.

  • Where the legal bases listed above do not apply, processing of personal data only be carried out with the consent of the data subject.

 

5. Sharing your personal data

 

Your personal data on the electoral roll will be available to the institutional Church of England and the general public.  Your personal data will be treated as strictly confidential and will only be shared with other members of the church as necessary in order to carry out a service to other church members or for purposes connected with the church. We will only share your data with third parties outside of the parish with your consent.

Our website is hosted on the Wix.com platform. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall. 

All direct payment gateways offered by Wix.com and used by us adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

6 Cookies

A cookie is a tiny data file that is used to store information. Most websites use cookies for a number of purposes, including providing essential functionality (e.g. a shopping cart), providing useful information about the way in which the website is being used (e.g. analytics), and many other functions such as enhanced security.  For more information about cookies and how to control them can be found here [INSERT COOKIE BOT CODE]

7. How long do we keep your personal data?

 

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Specifically, we retain: • electoral roll forms and related paperwork and records while they are still current;

  • gift aid declarations and associated paperwork and records for up to 6 years after the calendar year to which they relate;

  • parish registers (baptisms, marriages, funerals) permanently;

  • Safeguarding/DBS clearance forms for volunteers for up to one year after the volunteer ceases to remain in post;

  • Parental forms for children’s activities for as long as the child in question remains of Sunday School or youth group age;

  • Contact details of members and former members of the church for as long as reasonably necessary for the legitimate interests of the church;

  • Contact details of non-members who have had some involvement with the church (for example for weddings, baptisms, funerals, hall hire) for as long as is necessary for the activity in question and for a reasonable period thereafter to enable follow up contact as necessary.

 

7. Your rights and your personal data

 

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: - • The right to request a copy of your personal data which the PCC of Christ Church, Epsom Common holds about you;

  • The right to request that the PCC of Christ Church, Epsom Common corrects any personal data if it is found to be inaccurate or out of date;

  • The right to request your personal data is erased where it is no longer necessary for the PCC of Christ Church, Epsom Common to retain such data;

  • The right to withdraw your consent to the processing at any time

  • The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable).

  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;

  • The right to object to the processing of personal data, (where applicable)

  • The right to lodge a complaint with the Information Commissioners Office.

8. Further processing

 

If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

9. Contact Details

 

To exercise all relevant rights, or to raise queries or complaints, please in the first instance contact the Churchwardens at Christ Church Parish Office, Christ Church Road, Epsom KT19 8NE.

 

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

 

V4: 31 March 2020

SUBSCRIBE FOR EMAILS
CONTACT

Christ Church

Epsom Common

Christ Church Road

Epsom

KT19 8NE

Telephone: 01372 743133 Email: office@christchurchepsom.org.uk

SOCIAL
  • Twitter

Registered as a charity with the Charities Commission Charity No. 1127945

© 2020 Christ Church Epsom Common