Data privacy statement for King's Community Church
Preservation of your privacy is very important to King's Community Church (referred to throughout this statement as KCC) and we are committed to letting you know why we keep your personal information and how it is used. This statement covers the use of your 'personal data'. This is 'personal data' because it is about you as a particular person, and it can be linked to you.
This statement explains how KCC complies with the DPA (Data Protection Act 2018) and the General Data Protection Regulation (GDPR) which came into effect on 28 May 2018. We may update this statement upon the UK's exit from the European Union.
By providing your personal details you agree to allow KCC to contact you by post, email, telephone or telephonic and electronic text messages (and other messaging tools including Facebook, WhatsApp etc) in connection with its charitable purposes. Either on the basis of the consents you have given us or for our legitimate interests in accordance with current data protection regulations.
How we collect your data
We collect personal information each time you are in contact with us. For example when you:
- Register on MyChurchSuite
- Register your details and your families details (e.g. registering with KingsKids, KingsCreche or Elevate)
- Make a donation either by completing a gift envelope or by electronic means
- Complete a gift aid declaration form
- Register for a conference or church event
- Provide your contact details to church staff or volunteers
- Purchase goods or services including when you provide credit/debit card details
- Attend particular church activities (e.g. Little Ones or Love Hatfield Family Film)
- Communicate with KCC by means such as letter, email or telephone
- Have face to face meetings with staff or volunteers
- Access social media platforms such as Facebook, WhatsApp, Twitter or Instagram
- Provide HR data
- Apply for a DBS check
- Attend Go Team trips or other mission tem trips abroad (e.g. to Russia)
What is your data used for?
KCC will use the personal information we collect for the purpose disclosed at the time of collection, or otherwise as set out in this data privacy statement. We will not use your personal information for any other purpose without first seeking your consent, unless authorised or required by law. Generally, we will only use and disclose your personal information as follows:
- To keep you informed by text and/or email of church services, activities, resources and conferences. Plus for prayer requests and KCC news.
- To provide pastoral care for you or your family.
- To establish and maintain your involvement within KCC for example as part of a serving rota.
- To provide you with up to date information about events you have attended, or activities you have supported.
- To acknowledge a donation you have made.
- To provide you with requested products or services.
- To answer a query or request for further information as well as to respond to any complaints made by you about KCC, its services, activities or events.
- To register you and/or your family members for activites, events and conferences.
- For promotion of products or services we believe may be of interest to you.
- To improve our general ability to assist church attendees and the wider community.
- To obtain or renew a DBS check.
- To organise a trip abroad (e.g. to obtain a VISA or book a flight on your behalf).
- To provide you with a contract of employment.
We will never share your data with third parties for marketing purposes.
Who can see your data?
Other data you have provided may be accessed by or given to our team at KCC, and our service providers who act for us for the purposes set out in this statement or for other purposes approved by you.
We do not sell or pass any of your personal information to any other organisation and/or individuals without your express consent unless required to do so by law.
Sensitive personal information
KCC may collect and store sensitive personal data such as health information for pastoral support. Your personal information will be kept strictly confidential. It is never sold, given away or otherwise shared with anyone unless required by law.
Keeping your details up to date
Please tell us as soon as any of your contact details change so that we can keep our records up to date.
You can change the way we contact you, or the kind of material we send you, at any time by contacting us by mail or email firstname.lastname@example.org.
You can unsubscribe from our regular emails or texts at any time using the email address above using the subject line 'unsubscribe'.
If you register with MyChurchSuite you can personally log on and update your contact details.
How long will your data be kept?
We will keep your personal data until you withdraw your consent for us to have it.
Who do you speak to if you have questions?
If you have questions about your data and what we do with it then you should contact Lizzie Stacey (our data protection officer). Please email email@example.com and use the subject line 'Data protection enquiry'.
How is your personal data kept secure?
KCC will take reasonable steps to keep secure any personal information, which we hold and to keep this information accurate and up to date. Personal information, held electronically, is stored in a secure server or secure files.
The Internet is not a secure method of transmitting information. Accordingly, KCC cannot accept responsibility for the security of information you send to or receive from us over the Internet or for any unauthorised access or use of that information. We take security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.
What rights do you have?
You have a number of rights under data protection legislation:
- Right to know what data we hold
- You have a right to know what personal data we hold about you.
- This data Privacy Statement describes the data that we will hold. But you can ask if we have any other data which is not covered by this data privacy statement.
- Right to have a copy of the data we hold
- You can ask for a copy of the data we hold about you. This is called a 'subject access request'. If you make a subject access request we will give you a copy of all the data we hold about you. We will do this within one month of receiving your request.
- Right to object
- You can object if you think we are using your data in the wrong way.
- You can also object if you don't think we have 'lawful grounds' for using your data.
- We will give you a statement explaining why we use your data and explaining the 'lawful grounds'.
- If you are still not happy you can complain to the Information Commissioners Office (The ICO). For more information visit their website.
- If we find we are using your data in the wrong way, we will stop immediately and stop it happening again.
- Right to have your data corrected
- If you think there is a mistake on your data please tell us. You have a right to have your data corrected. Please contact firstname.lastname@example.org to do this using the subject 'data correction'.
- We may need to check what is the correct data but will put right mistakes as soon as possible.
- Right to be forgotten
- You have the right to be forgotten in three specific circumstances:
- If you have given specific consent and then you withdraw your consent.
- If you object to us processing your data and we do not have legitimate grounds for doing so.
- If your data is no longer needed.
Data breach statement
In the event that a Data Breach has been discovered the Church data protection officer will be notified immediately. A Data Breach, confirmed or suspected, is any incident that may compromise the confidentiality, integrity or availability of systems or data either accidentally or deliberately. Such incidents could include:
- Loss or theft of confidential or sensitive data or equipment on which such data is stored (e.g. loss of laptop, USB stick, iPad/tablet device, or paper record)
- Equipment theft or failure
- Unauthorised use of, access to or modification of data or information systems
- Attempts (failed or successful) to gain unauthorised access to information or IT system(s)
- Unauthorised disclosure of sensitive/confidential data
- Website defacement
- Hacking attack
The Data Protection Officer will investigate the breach and determine any corrective measures that need to be implemented, with appropriate levels of urgency. The data protection officer will notify the Information Commissioner's Office if it is likely to result in a risk to the rights and freedoms of individuals e.g. if it could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage. The Church data protection officer would also notify those directly concerned if the breach is likely to result in a high risk to the rights and freedoms of individuals.
The data protection officer will maintain a record of all Data Breaches.
The website and social media
Our website provides links to other websites (e.g. Youtube). Links provided by KCC are for your convenience to provide further information.
KCC uses social media such as Facebook, Twitter, Instagram, WhatsApp and Youtube. Users must verify authenticity of sites before posting or providing personal information on such sites. Any files or documents made available to download from our website are provided at users own risk.
Change to this statement
KCC may amend this Data Privacy Statement from time to time to ensure compliance with changes or amendments to the law of the UK. Any amended version will be available on our website at www.kcchatfield.org.uk. We suggest that you visit our website regularly to keep up to date with any changes.
If you would like any further information or have any queries, problems or complaints relating to KCC's data privacy statement then please contact our data protection officer by emailing email@example.com.