Danbury Mission Church and City Church Chelmsford
DATA PROTECTION - Privacy Notice
If you would like to discuss anything in this privacy notice, please contact the church’s Operations Director.
Danbury Mission Church and City Church Chelmsford
Danbury Mission Church and City Church Chelmsford will be referred to as “we” and “us”.
What do we mean by “your data” or “your information”?
"Your data” or “your information” means information volunteered by members of the congregation, visitors to the church, and church Partners / Directory Members. The information we capture may include, but is not limited to, the following:
- Your name
- Your address
- Your phone number/s
- Your email address
- Your gender
- Your marital status
- Your data of birth
You may also volunteer other information to the church through engaging with church activities – this may include details of a sensitive nature, such as medical information to ensure we can keep you safe.
What is the church’s lawful basis for collecting, retaining and using your personal data?
Consent – for most visitors, Church Partners and Church Directory members, the church offers you choice and control over the amount of personal data we hold and how we use that data.
Legal Obligation – In some cases we will process or refer to your personal data without consent because we have a legal obligation to do so. This would generally only apply:
- If you have been offered employment at Danbury Mission Church or City Church Chelmsford. In this case we may require documentation relating to your right to work in the UK such as personal identification (your passport, for example).
- If you are involved in working directly with children or vulnerable adults, in which case we will periodically check your status with the Disclosure and Barring Service (DBS) and keep records relating to this procedure.
Why do we collect your personal information?
We collect your information for the following purposes:
- To enable us and Church Partners / Church Director Members to contact you and/or correspond with you
- To enable us to communicate church news, encourage participation in and run church activities, projects and initiatives
- To enable us to offer and effectively provide pastoral care
- To enable us to monitor and assess the quality of our services
- To comply with legislation and guidance
- For accounting purposes
How might we, Church Partners and members of the Church Directory actively use your data?
Danbury Mission and City Church Chelmsford may use the details you provide to keep in touch with you and send you information about our events and activities by post, by hand, telephone, email and/or SMS (text message). You can control your preferences in respect of how and when we contact you.
Church Partners and members of the Church Directory have limited access to the contact details you provide and may use this to keep in touch with you.
If you use ChurchSuite, you can select your preferred contact method online and limit the amount of data that is visible to Church Partners and members of the Church Directory.
If you support the Danbury Mission or City Church Chelmsford financially, the information you volunteer in order for us to collect your donations will be held confidentially by the Church Treasurer to support mandated regular giving, to complete Gift Aid rebates, complete Church accounts and ensure compliance with financial regulations.
How do we store your data?
We are committed to safeguarding the privacy of your information.
Wherever practical to do so, we store your data electronically using the ChurchSuite platform. ChurchSuite is a secure web-based church database and management solution. To find out more about ChurchSuite’s approach to ensuring data integrity and security, please click here. Using the MyChurchSuite App, you have full control over how visible your information is to Church Partners and other members of the Church Directory via ChurchSuite.
Some of your data may also be stored electronically using the church’s IT infrastructure. If this is the case, appropriate security measures are taken to assure the integrity of data either via local security measures or by utilising third party solutions including, but not limited to Microsoft and Paperform.
Sometimes it is not practical to store or use your data electronically:
- From time-to-time, we may need to provide our activity leaders with paper copies of emergency contact details and Inclusive Risk Assessments if they are overseeing activities with young people away from the church site. Where this is the case, such information is issued from and returned to the church premises and stored securely within the Church Office.
- Where individuals are unable to use a computer and/or access the internet, we provide a small number of Church Partners and those listed in the Church Directory with hard copies of our Church Directory. Data that is shared in hard copy is limited to contact information and those receiving copies of the Directory are issued with clear guidance in respect of their responsibilities to keep and use the data responsibly.
How do we store sensitive data?
We have a code of practice relating to the storage or sensitive information. The principles of this code include:-
- Secure storage
- Limited retention
- Restricted copying
- Restricted distribution
- Appropriate disposal
For more detailed information about this code of practice, please contact the church’s Operations Director.
Do we share your data outside of ChurchSuite?
Outside of ChurchSuite, we will only share your data:-
- Where it is appropriate to do so – for example, with your consent, we may share medical information or care plans with nominated first aiders.
- With appropriately appointed people – for example, some staff and those in voluntary church leadership roles may have appropriately limited access to information that you volunteer. For example, our Youth Leaders (volunteers) would ordinarily have access to parental consent forms and emergency contact details.
- With external agencies such as the Police, Social Care where it is appropriate to do so and in order to protect the safety, wellbeing or interests of individuals and/or Danbury Mission Church and City Church Chelmsford. In other words, we will not share your information with external agencies without your consent, unless the law requires us to do so or there is a credible reason for sharing information to assure safety or wellbeing.
Sharing your data in response to the Coronavirus / COVID-19 Pandemic
To support NHS Test and Trace in England, some organisations, including Danbury Mission Church, have been asked to maintain records of staff, customers and visitors on their premises. In the event that a case of COVID-19 is traced back to the church, we may be asked to volunteer information to the Department of Health and Social Care (DHSC).
The purpose of DHSC’s processing of information, should we be asked to share it, will be to facilitate NHS Test and Trace in conducting contact tracing. This may be necessary in the event that an individual, who was present at the church at the same time as you, tests positive for coronavirus. NHS Test and Trace may then contact you to provide appropriate advice.
In addition to information required by the Test and Trace service, Danbury Mission may use this information to support us operationally - the information we ask you for in relation to church visits during the pandemic helps us prepare for your visit and enables us to keep you and our staff safe.
Danbury Mission Church will be a data controller for the data obtained at the point the information is collected. The church will continue to be responsible for compliance with data protection legislation for the period of time it holds the information and will operate in accordance with its existing Data Protection Policy and Privacy Statement.
The church's legal basis for collecting the information requested within this form is covered by GDPR Article 6(1)(f): legitimate interests.
DHSC will be the data controller for the data at the point that it receives the data from the venue/establishment (which will be to start contact-tracing activities). For more information about DHSC policies please click here.
Requesting access to your personal data (subject access)
You have the right to request access to the personal data we hold in relation to you. To make a request for your personal information you should contact the church’s Operations Director and may make your request verbally or in writing.
Requesting amendment of your personal data
It is important that the information we hold is accurate. If you would like us to amend any of the information we hold because it is inaccurate, you should contact the church’s Operations Director and make your request verbally or in writing.
You also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress
- prevent processing for the purpose of direct marketing
- object to decisions being taken by automated means
- have inaccurate personal data rectified, blocked, erased or destroyed (in some circumstances)
- claim compensation for damages caused by a breach of the Data Protection regulations.
How do we review data that is stored electronically?
The data we hold is reviewed periodically. The frequency of review is dependent upon the type of information in question. We also hold your data for varying lengths of time depending on the type of information in question, but in doing so we always comply with Data Protection legislation and strive to meet best practice guidelines. These processes are overseen by the church’s Operations Director.
How do we review data that is stored in hard copy?
If we store your data in hard copy, this will be regularly reviewed periodically by the member of staff with allocated responsibility for the data. The frequency of review is dependent upon the type of information in question. All data in hard copy is held and used in accordance with Data Protection legislation.
How long do we keep your data?
Standard data retention periods differ depending on the type of data in question. Retention periods are set out in the church’s Data Retention Schedule.
Your right to object
In most cases, you have control over how your data is used via the ChurchSuite app. Additionally, if you feel your information being processed in particular ways that you feel you have not agreed to, you can voice your objection. If you do not use ChurchSuite, you should contact the church’s Operations Director and make your request verbally or in writing.
Your rights in respect of direct marketing
The right to object is absolute in relation to direct marketing. Again, you have control via ChurchSuite over how we use your data and can stipulate that the church does not use your data for direct marketing (i.e. if you object to direct marketing, the church would not send you details relating to forthcoming church events). If you do not use ChurchSuite, you should contact the church’s Operations Director to discuss any concerns you have around direct marketing.
Your right in relation to automated processing of your data
The only automated processing used by the church is the use of ‘smart tagging’ within ChurchSuite. This process enables us to attach dynamic ‘tags’ to your data based on fulfilment of predetermined parameters that may change, for example, your age. This process enables us to filter information within ChurchSuite more easily and thereby ensure that we send information to the most appropriate people. At time of writing, ‘smart tagging’ is not widely used and is unlikely to impact upon visitors, Church Partners or members of the Church Directory. If you would like to discuss our use of ‘smart tagging’, you should contact the church’s Operations Director.
Your right to data portability
In some circumstances, data generated by you (for example, your name, ChurchSuite username, email address etc) can be transmitted to another data controller on request. If this is something you would like to discuss further, you should contact the church’s Operations Director. The portability of data is limited - for example, we would not be able to directly share an Inclusive Risk Assessment relating to an individual with another data controller.
Your right to erasure (or ‘right to be forgotten’)
If you wish to have your data removed from the church records, you should contact the church’s Operations Director and make your request verbally or in writing. Action will be taken to remove your data from live systems within one month of request, however, it may take longer for data to be removed from back-up systems.
Your right to complain about our collection, retention or use of personal data
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance by contacting the church’s Operations Director. If you are dissatisfied with the church’s response to your concerns, you can speak directly to the Information Commissioner’s Office at https://ico.org.uk/concerns
Danbury Mission Church,
54 Maldon Road,
Tel: 01245 227428
Policy Drafted: Nov 2019
Policy Published: Dec 2019
Amended: Mar 2020
Amended: July 2020