Privacy Policy
PRIVACY POLICY
April, 2018
1. Your Privacy
1.1. What is the purpose of this Privacy Policy?
This Privacy Policy is provided to you by Life Community Church (“LCC”), who uses personal information for general church administration and communication purposes. LCC recognises the importance of the correct and lawful treatment of personal information. All personal information, whether it is held on paper, on computer or other media, will be subject to the appropriate legal safeguards as specified in the General Data Protection Regulation (GDPR).
LCC is a “data controller” which means we have to tell you certain things when processing your personal information. We may input personal information into our Church Database system (iKnow Church software) or may ask you to do so yourself. We may collect information from you in person or we may ask you to fill in paper forms or input information into other systems that the church uses.
If you have any queries about this Privacy Policy or how we use your personal information, please contact our Data Protection Lead, using the details in our “Contact Us” section below.
This Privacy Policy relates to your use of the Services and tells you:
- What personal information we collect about you, and how we collect it (see Section 2)
- How we use your personal information (see Section 3)
- Who we may share your personal information with (see Section 4)
- How we keep and protect your personal information, how long for, and any transfer outside of the EEA (see Section 5)
- What rights you have in relation to your personal information (see Section 6)
- How to contact us (see Section 7)
1.2. Our Database and Systems
LCC mostly uses iKnow Church Software (“the Services”) to help us administer our church and provide all elements of pastoral care, communication and support to our members and the community. Our members may be provided with access to a user account, which they can use to provide us with information (including personal information), update preferences and access options to allow the booking of events and recording attendance.
2. Personal Information we process about you
2.1. What information we process about you
We may collect the following information about you:
- Contact Details: name, title, telephone number(s), address, and email address;
- Demographic Information: gender, age, date of birth, marital status, education, employment, academic/professional qualifications, hobbies, family information and dependants, where they are relevant to our charitable objectives, or where you provide them to us;
- Financial Information: bank account details or payment details when making donations or paying for services/ products, such as the hire of church facilities;
- Attendance Information: Where you attend a course, training event, life group or other church-based event or ministry, we may capture the fact you attended to help us with our planning and coordination of such activities.
- Church Roles: Your role(s) within the church, or any teams/ groups you are involved with (if appropriate)
- Safeguarding: Information to carry out a DBS check, and the result of a DBS check
- Rota Information: When you are unavailable for serving on rota; dates and times that you are on a rota
- Pastoral Care: information we collect and record as part of pastoral care (this will include anything you tell us unless you tell us not to record it)
- Audit: Information about your use of the Services (e.g. when you have logged in, what pages you visited)
- Other: photographs, videos or any other information you provide to us
2.2. Sensitive Personal Information
We may also collect, store and use the following “special categories” of sensitive personal information (if you give us this information – section 3 explains our legal basis for processing such information, and how we use it):
- Information about your health, including any mental or physical conditions that you notify us about
- Your religious beliefs
- Your racial origin
- Your sexual orientation
- Any criminal record
2.3. Personal Information you give us
We collect personal information from you, when you:
- Fill in one of our paper forms, or a form available in a different electronic system, including our website.
- Attend church and speak to us in person.
- Sign up to an LCC event or course.
- Join a church serving team (rota) or ministry (for example a Life Group, Sunday Stars).
- Make a financial donation to the church, typically through the Gift Aid scheme.
- Or we set up a user account in iKnow church. If we set up an account on your behalf, then we will input personal information from you that we collected from you in person, on paper forms, or other electronic/ contact forms.
- Update your user account on iKnow church.
2.4. Personal Information we collect automatically
When you use the Services, we may collect certain information automatically such as:
- IP addresses (the name your computing device uses to identify itself to us)
- Your activity in the Services including times and dates of visits
- Information on your location
2.5. Cookies
We use cookies to collect information automatically. A cookie is a small file of data which our website places on your computer’s hard drive, to give us standard internet log information, such as details of your visits to our website. They allow websites to respond to you individually and tailor your visit by gathering and remembering information about you, providing a better experience.
For further information visit www.aboutcookies.org or www.allaboutcookies.org.
You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function properly as a result.
3. How we use your Personal Information
3.1. Our legal basis for using your information
The law only allows us to use your personal information in certain limited circumstances. We have listed these below and what information they allow us to process.
- Where it is necessary for our legitimate interests
Under GDPR, it is for our Legitimate Interests as a church, to process information relating to its members for the purpose of administering your membership of the church.
Examples of how we may use your information for administration purposes:
- to set up your iKnow church account
- so that we can keep a record of your attendance at church, small groups, and at other events and meetings
- to provide you with pastoral care and other support that you have requested and we believe would be helpful to you (e.g. visiting you when you are ill, or performing ecclesiastical services such as baptisms, weddings and funerals)
- to organise volunteers and put together rotas
- to send out our marketing materials but only where such materials relate directly to the church and you have not told us not to send you such information. These may include information about events, campaigns, appeals, other fundraising activities
- Where you have consented to us using your personal information
Examples of how we may use your information with consent
- to send marketing communications out to you, including information about our events
- We may also ask for consent where you have given us information as part of our pastoral care and asked us to use it for a certain purpose.
- Where we need to perform the contract we have entered into with you
Examples of how we may use your information in order to comply with a contract that we have entered into with you:
- to buy or reserve tickets for events, or enter into competitions or prize draws
- to administer the Services (such as troubleshooting, data analysis, research)
- to tell you about changes to our website, software or Services (e.g. that will affect your use of iKnow church or our website)
- to help us (or the software developers) improve the Services
- Where we need to comply with a legal obligation
Examples of how we may use your information to fulfil a legal obligation:
- to process a donation you have made (keeping records for Gift Aid purposes)
- to prevent and detect fraud
- to carry out comprehensive safeguarding procedure, to protect children and vulnerable adults
- to get your feedback on the Services
3.2. How we use Sensitive Personal Information
“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:
- In limited circumstances, with your explicit consent recorded in writing (e.g. where you tell us information to obtain support and pastoral care from us – for example this could relate to physical or mental health).
- Where we need to carry out our legal obligations (e.g. ensure DBS checking is done where appropriate)
- Where it is needed in the public interest and in line with our data protection policy.
- Where it is needed in connection with our safeguarding policy (to protect children and vulnerable adults)
Less commonly, we may process this type of information where it is needed to protect your (or someone else’s) interests, and you are not capable of giving your consent, or where you have already made the information public.
3.3. What this means in practice
We may use your sensitive personal information in the following ways:
- your mental or physical health, racial origin, sexual orientation or criminal record in order to provide you with support and pastoral care. We may also use this information to help you access support and benefits if appropriate and requested by you
- your religious beliefs in order to administer your membership of our church
- your DBS check (which may contain information relating to criminal offences or presence on a register) to decide your suitability for roles in the church
In all cases where we require consent, we will seek your written consent or record your consent in writing to allow us to process certain sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
3.4. Information about Children
Whilst information relating to children is not considered to be special category information, it is information that is given specific protection. Where the child is under the age of 13 we will always ask for the consent of parents before allowing the child to set up an account in iKnow church and ensure that the parent(s) are able to access and administer the account.
Where a child is 13 or over then we will permit the child to have their own iKnow church account, but we may (if we believe it to be appropriate in the circumstances) inform the parents. We will tell the child at the time of signing up that we may inform their parents and we will only do this where it is appropriate and lawful to do so.
4. Sharing your Personal Information
Please remember:
- We will NOT sell or rent your information to third parties
- We will NOT share your information with third parties for marketing purposes
4.1. Other third parties
We may share your information with certain third parties including:
- Other members of our church so that they can provide you with support and pray for you
- Other churches – if you request us to pass on your information either to them or from them (if you move)
- Other churches and charities, where we work with them to undertake a joint event or activity, and you have expressly volunteered to support such an event or activity. In such cases, we may release limited personal information (for example your name and a method of contact) to that organisation (but never outside of the European Economic Area “EEA”), and only such specific information which is necessary for the safe and efficient running of the event or activity.
- Support services and benefits providers (e.g. local authorities, your doctor)
- Our suppliers for the performance of any contract we enter into with them or you
- Our software providers who need to see your information in order to keep our website up and running
- Analytics and search engine providers who analyse information about your use of our website and help us to tailor the product
- Other organisations, such as law enforcement agencies, if we are required by law to enforce or apply our terms of use, and fulfil our legal requirements
We work with the following organisations:
- Edit Websites Limited (provider of iKnow Church software – www.iknowchurch.co.uk)
- Pulsant
- SendGrid (for sending emails)
- HMRC (for claiming of Gift Aid)
- WorldPay (for processing of secure online Card Donations)
- Text Marketer (sending of text messages)
- MailChimp (for sending of church emails)
- Office365 for cloud-based secure storage (ONEDrive)
- Google for cloud-based secure storage (Google Drive)
- HostPapa (website host)
- Eventbrite (ticketing supplier for events)
- WhatsApp (for group and team based communication – see Section 5.4)
- Hotmail/ Outlook, Yahoo! Mail, Gmail, AOL Mail, iCloud Mail, Fastmail (for sending receiving emails from some volunteers)
4.2. Third Party Privacy Policies
The Services may contain links to websites owned by other organisations. If you follow a link to another website, these websites they will have their own privacy policies. We suggest that you check the policies of any other websites before giving them your personal information as we cannot accept responsibility for any other website.
5. Keeping your Personal Information
5.1. How we store your personal information
The security of your personal information is important to us. We use appropriate technical and organisational measures to safeguard personal information, and encryption technology where appropriate to enhance privacy and help prevent information security breaches.
Any personal information that we provide to you will be normally be held within the EEA. If data was ever transferred outside of the EEA, your information will only be placed on systems that gave equivalent protection of your rights, through international agreements approved by the European Union.
All third parties who provide services to us or our software provider are required to sign a contract requiring them to have appropriate technical, administrative and physical procedures in place to ensure that your information is protected against loss or misuse. We will never pass your information to third parties for commercial purposes (e.g. for marketing), unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
All information you provide to us is stored on our secure servers or on secure servers operated by a third party. Information on our third-party providers can be found above.
5.2. Retention of information
We only hold your personal information for as long as necessary for the purposes for which we collected your information. In practice, we will:
- Delete personal information/ records if you ask us to;
- Maintain regular monitoring of databases and where individuals are known to have left the church, seek confirmation of such and archive and then remove such individuals from the database;
- Undertake a deep cleanse of the database, approximately every two years.
We will keep some records permanently if we are legally required to do so. We may also keep some other records for an extended period of time. For example, it is current best practice to keep financial records for a minimum period of 6 years to support HMRC audits. In general, LCC will endeavour to keep information only for as long as we need it, after which time, it will be deleted.
5.3. Emails
If you choose to send us information via email, we cannot guarantee the security of this information until it is delivered to us. Also, we cannot guarantee the security of any information sent to other volunteers who use third party email providers such as Gmail accounts.
5.4. WhatsApp Groups
We use 3rd party messaging systems such as WhatsApp, for group and team based communication. If you want to join such a group, then you can only do so once you have given us your consent verbally or electronically, as other people in the group will see your name, telephone number and picture. WhatsApp uses end-to-end encryption to keep your messages secure.
6. Your rights
In order to exercise any of your rights listed below, please email/ write to us using the contact details listed in the “Contact Us” section below.
6.1. Access to information
You have the right to access information that we hold about you, which means you can contact us anytime, to request the information we hold on you, and we will respond within one month. There are generally no charges for a request (only if excessive), but additional requests for the same data may be subject to an administrative fee.
6.2. Changing or deleting your information
You can ask us at any time to change, correct or delete the information that we hold about you. You may also ask us not to contact you with any further marketing information, or to restrict the information that we process about you. When we receive your request to delete or restrict information, we will confirm whether we can do so, or the reason why we cannot (for example, because we need it for our legitimate interests or legal purposes).
6.3. Right to prevent Automated decision making
You have a right to ask us to stop any automated decision making. We do not intentionally carry out such activities, but if you do have any questions or concerns we would be happy to discuss them with you.
6.4. Transferring Personal Information
You have the right to request that your personal information is transferred by us to another organisation (this is called “data portability”). Please contact us in writing, with details of what you would like us to do, and we will try our best to comply with your request. It may not be technically feasible, but we will work with you to try and find a solution.
6.5. Complaints
If you make a request to us under this Privacy Policy and you are unhappy with the response, you can ask for the request to be reviewed under our internal complaints procedure. Our internal complaints procedure allows your request to be reviewed by the complaints handling team who will do their best to try and resolve the issue.
If you have been through the internal complaints procedure and are still not happy with the result, then you have the right to complain to the Information Commissioner’s Office. They can be contacted using the details in the “Contact Us” section below.
7. Contact Us
We welcome questions, comments and requests regarding this Privacy Policy or the information we hold about you. You may also contact us to exercise all relevant rights, queries or complaints.
The Data Controller:
Email: [email protected]
Address: Life Community Church, Charlotte Street, Leamington Spa, Warwickshire. CV31 3EB
Telephone: 01926 338 488
You can contact the Information Commissioner’s Office:
Email: www.ico.org.uk/global/contact-us/email
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Telephone: 0303 123 1113
8. Changes to our Privacy Policy
We keep our privacy policy under regular review and we will place any updates on the website at:
www.life-cc.org/privacy-policy.
This privacy policy was last updated on 21st April, 2018
9. Further Information
The General Data Protection Regulation (GDPR):