top of page



1. Your personal data – what is it?


Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).


2. Who are we?


The PCC of Christ Church, Epsom Common is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.

3. How and why do we process your personal data?


We receive, collect and store any information you enter on our website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, product reviews, recommendations, and personal profile.

The PCC of Christ Church, Epsom Common complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the following purposes: -

  • To enable us to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our constitution; • To administer membership records;

  • To fundraise and promote the interests of the church; • To manage our employees and volunteers;

  • To maintain our own accounts and records (including the processing of gift aid applications);

  • To inform you of news, events, activities and services running at Christ Church

  • To determine eligibility for attendance and participation at the Annual Parochial Church Meeting and for election to the Parochial Church Council deanery, diocesan and general synods where applicable and to calculate the number of representatives who may be elected to each of these synods in the following year;

  • To undertake a review and revision of the electoral roll as necessary; and

  • To publish the electoral roll, by exhibiting the roll in the parish church in accordance with our legal obligations.


4. What is the legal basis for processing your personal data?


  • Processing is necessary for the purposes of the legitimate interests of the church, namely to enable us to perform the functions outlined above;

  • Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement;

  • Processing is carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided: -

    • the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and

    • there is no disclosure to a third party without consent;

  • Processing of personal data in relation to the parish electoral roll is necessary for compliance with a legal obligation, namely the Church Representation Rules which require us to create, publish and keep an electoral roll and use the electoral roll to calculate numbers for election to synod;

  • The automatic legal consequence of submitting an application to have your name added to the electoral roll is that your name only will be published in the necessary public electoral roll and any copy made available for inspection must include every name on the role but no other personal data.

  • Where the legal bases listed above do not apply, processing of personal data only be carried out with the consent of the data subject.


5. Sharing your personal data


Your personal data on the electoral roll will be available to the institutional Church of England and the general public.  Your personal data will be treated as strictly confidential and will only be shared with other members of the church as necessary in order to carry out a service to other church members or for purposes connected with the church. We will only share your data with third parties outside of the parish with your consent.

Our website is hosted on the platform. Your data may be stored through’s data storage, databases and the general applications. They store your data on secure servers behind a firewall. 

All direct payment gateways offered by and used by us adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

6 Cookies

A cookie is a small text file which is placed onto your device (eg computer, smartphone or other electronic device) when you use our website. We use cookies on our website. These help us recognise you and your device and store some information about your preferences or past actions.

For example, we may monitor how many times you visit the website, which pages you go to, traffic data, location data and the originating domain name of your internet service provider. This information helps us to build a profile of our users and analyse how users use our site.  Our website uses Google Analytics to track this information. If you would like to opt out of being tracked by Google Analytics across all websites, visit:

For further information on our use of cookies, including a detailed list of your information which we and others may collect through cookies, please see below.


For further information on cookies generally, including how to control and manage them, visit the guidance on cookies published by the UK Information Commissioner’s Office, or


Consent to use cookies and changing settings

We will ask for your permission (Consent) to place cookies or other similar technologies on your device, except where they are essential for us to provide you with a service that you have requested (e.g. to book an appointment).  


Our use of cookies

The cookies we use on the site include Google Analytics_ga, _gid, which are used for analysis of website usage.

Please see Google Analytics Cookie Usage on Websites for more information


How to turn off all cookies and consequences of doing so

If you do not want to accept any cookies, you may be able to change your browser settings so that cookies (including those which are essential to the services requested) are not accepted. If you do this, please be aware that you may lose some of the functionality of our website.

For further information about cookies and how to disable them please go to the guidance on cookies published by the UK Information Commissioner’s Office,

7. How long do we keep your personal data?


We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Specifically, we retain: • electoral roll forms and related paperwork and records while they are still current;

  • gift aid declarations and associated paperwork and records for up to 6 years after the calendar year to which they relate;

  • parish registers (baptisms, marriages, funerals) permanently;

  • Safeguarding/DBS clearance forms for volunteers for up to one year after the volunteer ceases to remain in post;

  • Parental forms for children’s activities for as long as the child in question remains of Sunday School or youth group age;

  • Contact details of members and former members of the church for as long as reasonably necessary for the legitimate interests of the church;

  • Contact details of non-members who have had some involvement with the church (for example for weddings, baptisms, funerals, hall hire) for as long as is necessary for the activity in question and for a reasonable period thereafter to enable follow up contact as necessary.


8. Your rights and your personal data


Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: - • The right to request a copy of your personal data which the PCC of Christ Church, Epsom Common holds about you;

  • The right to request that the PCC of Christ Church, Epsom Common corrects any personal data if it is found to be inaccurate or out of date;

  • The right to request your personal data is erased where it is no longer necessary for the PCC of Christ Church, Epsom Common to retain such data;

  • The right to withdraw your consent to the processing at any time

  • The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable).

  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;

  • The right to object to the processing of personal data, (where applicable)

  • The right to lodge a complaint with the Information Commissioners Office.

9. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

10. Contact Details


To exercise all relevant rights, or to raise queries or complaints, please in the first instance contact the Churchwardens at Christ Church Parish Office, Christ Church Road, Epsom KT19 8NE.


You can contact the Information Commissioners Office on 0303 123 1113 or via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.


V4: May 2022

bottom of page