Hope Church Luton Privacy Statement

 

Updated: July 2020

Date created: November 2019

Date for next Review: November 2023

 

Who are we?

Hope Church Luton (the church, we, us) is the Data Controller. This means it decides how your personal data is processed and for what purposes.

Our privacy mission statement

Your privacy is really important to us, and we understand how important it is to you. Our aim is to be as clear and open as possible about what we do with your personal information and why we do it. The church is committed to the privacy of all its members, former members and those who have regular contact with us in connection with those purposes, including those who attend the church’s services, events and use our ministries.

How do we process your personal information?

The church complies with its obligations under the General Data Protection Regulation “GDPR” by keeping personal information up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of information; by protecting personal information from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate physical security or technical measures are in place to protect personal information.

In the interests of transparency and to be as clear as possible, you can read about the specific information we collect about you, how we keep your information confidential and secure, and how you can access your information in our Privacy Notice, which is on our website.

This policy explains what we will use information for…

  1. If we collect information about you or your children
  2. If you make a financial donation to the church
  3. If you are a customer who makes a booking of the church’s resources
  4. If you are a visitor to Hope Church Centre
  5. If you are an authorised user of the church’s database
  6. If you sign up for one of our events
  7. If you sign up for one of our small groups
  8. If you check your visiting child in to one of our children groups
  9. If you are an employee of the church

In summary, in each case we will only use your personal information for the following purposes: –

  • To enable us to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our vision and strategy statement, which can be found on our website;
  • To administer membership records;
  • To fundraise and promote the interests of the charity;
  • To manage our employees and volunteers;
  • To maintain our own accounts and records (including the processing of Gift Aid);
  • To inform you of news, events, activities and services run by the church;
  • To pass information to NHS Test and Trace as required to prevent the spread of Covid 19.

What is the legal basis for processing your data?

We have various scenarios under which we may use your information, and for each have identified a lawful basis, as described below:

  • Legitimate interest applies:
    • Where we maintain and process information about our members, former members and those who are in regular contact with us.
    • Where you sign up for an event or group run by the church and we communicate with you about that event or group.
    • Where you have contacted us independently for information about the church. In this context we will only use your contact details to respond to your enquiry unless you explicitly consent for us to use your information for another purpose.
    • Where we need to communicate with you about: –
      • Church news, events, course, services and ministries
      • A public-interest matter, for example to let you know if an event is cancelled due to bad weather
      • A ministry or group that you are involved in as part of a serving team
    • For good governance and accounting, for planning, analysis and developing new ministries.
  • Legal obligation applies:
    • When you exercise your rights under data protection law and related disclosures.
    • Where we are required to maintain and report financial/accounting information for up to six years from the end of the tax year in which a financial transaction was processed. This would typically be in respect of donations you may make to the church, or ticket payments for certain events or courses run by the church.
    • Where they are required for employment information relating to employees.
    • Where we are required to maintain attendance records at groups or events for safeguarding purposes.
    • Where we are required to In line with guidance issued by the Department for Health and Social Care related to NHS Test and Trace.
  • Consent applies:
    • Where you have voluntarily subscribed to the church’s subscriber mailing list. You can unsubscribe from this list at any time using the unsubscribe link in the footer of those periodic emails.

Sharing your personal information

The information we hold about you will be treated as strictly confidential and we will only share your data with third parties with your prior consent, or unless required to do so by law.

How secure is your information?

The church uses a secure church management system that is only accessible by authorised church leaders, staff and ministry leaders. We have taken all practical and reasonable technical measures to ensure our administrative and processing activities are secure.

The church uses a bulk mailing service, Mail Chimp, to send out a regular “What’s On” email. Personal data held to operate this service is only accessible by authorised church staff. We have taken all practical and reasonable technical measures to ensure our administrative and processing activities are secure. You can unsubscribe to this service at anytime through the link included on each email.

The church uses password protected online storage for some data – Google Drive and One Drive.

Information that is of necessity in paper copy is stored in locked offices and in locked storage facilities when it is not in use.

How long do we keep your personal information?

We keep data in accordance with the guidance set out by the GDPR. We endeavour to maintain only data that is relevant, accurate and up to date. We have internal processes to periodically review the data we hold and delete data that is no longer relevant to our purpose for processing. Specifically, we retain member and former member information while it is still current; Gift Aid declarations and financial data for up to 6 years after the calendar year to which they relate; and safeguarding records permanently.

Your rights and your personal information

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal information: –

  • Access to your information: You have the right to request a copy of the personal information about you that we hold.
  • Correcting your information: We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
  • Deletion of your information: You have the right to ask us to delete personal information about you where:
    • you consider that we no longer require the information for the purposes for which it was obtained or that we no longer need to retain it in accordance with our statutory obligations;
    • you have validly objected to our use of your personal information – see ‘Objecting to how we may use your information’ below;
    • our use of your personal information is contrary to law or our other legal obligations.
  • Objecting to how we may use your information: Where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
  • Restricting how we may use your information: In some cases, you may ask us to restrict how we use your personal information.  This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information.  The right might also apply where there is no longer a basis for using your personal information but you do not want us to delete the data.  Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
  • Withdrawing consent using your information: Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given. Please contact us in any of the ways set out in the ‘Contact details” section if you wish to exercise any of these rights.
  • Lodging a complaint: If you feel we have used your information incorrectly or without lawful basis, or you dispute our lawful basis, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

Our contact details

We can provide you with access to your personal data at any time. We ask that requests are made in writing to The Data Protection Officer, Hope Church Luton, Villa Road,
Luton, LU2 7NT

You can opt out of receiving communications from the church by clicking the ‘unsubscribe’ link in the footer of the email, or by contacting the church office on 01582 968521, or by emailing office@hopechurch.co.uk