The Storehouse Church
At the Storehouse Church we are committed to protecting your privacy and operate a strict policy to prevent abuse of your personal data. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”). We aim to comply with not only the letter of the law but its spirit also.
The Storehouse Church complies with its obligations under the “GDPR” by keeping personal data up to date where it is known that changes are required; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We will not hold, or share your information with others, without your consent with the exception of 3e below. We will respect your email privacy and you will only receive email from the Storehouse Church in relation to areas you have expressly signed up for.
2. What information do we collect and process?
We collect information on our users through registration.
The minimum information we need to register a user is your first and last name and an email address. The Storehouse Church communicates with its users primarily via email but if a user does not have an email account, we can register them with a postal address. We also ask for some further information so we can provide a richer, more beneficial service to our users but this is completely voluntary.
3. Why do we hold or process your personal data?
We collect, store and use different types of information about our users (known as “personal data”) for the following main reasons:
a) To administer church membership records and to provide a useful resource in the form of an online community of users;
b) To manage our employees, volunteers and CREW members and the rotas they are involved with;
c) To provide an interactive website where email is used to communicate with the users, which gives users the ability to edit their own privacy preferences and provides a security mechanism whereby we can restrict content to certain groups of users.
d) To inform you of news, events, activities and services running at the Storehouse Church or being run by our church partners such as Kingdom Faith or LinkUp;
e) To process your data to comply with our legal obligations in relation to Gift Aid or under employment, social security or social protection law.
f) To enable us to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our Founding Documents and to help us to improve the service we offer.
4. Storehouse Church’s lawful basis for processing personal data
a) Explicit consent of the data subject so that we can keep you informed about news, events, activities and services and keep you informed about church events.
b) Processing is necessary for carrying out legal obligations in relation to Gift Aid or under employment, social security or social protection law, or a collective agreement;
c) Processing is carried out by the Storehouse Church, which is a not-for-profit body with a religious aim and: -
i. the processing relates only to members or former members (or those who have regular contact with us in connection with those purposes); and
ii. there is no disclosure to a third party without consent.
Legitimate interest and consent:
Legitimate interest is considered to be appropriate justification for processing personal data without specific consent. It is where people’s data is used in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing. An example of this would be a church member choosing to join a CREW. The CREW rotas are created, stored securely and disseminated using Insight and direct emails to CREW members, therefore the church can use the justification of Legitimate Interest for processing that data rather than having to obtain consent. However, the Storehouse Church aims not to rely on Legitimate Interest as a basis for processing personal data, but is collecting and will store post GDPR consent from all for whom it stores personal data. You have a right to withdraw your consent at any time by emailing Rosemary at email@example.com
5. How long do we keep your personal data?
a) We keep personal data of active members of the Storehouse Church and of our Trustees.
b) When members or Trustees are no longer active or current, we use Insight to safely and permanently delete their personal data, unless they request to stay in touch.
6. Subject Access Requests
a) Users can view and alter the information that is stored about them at any time by logging on to the Storehouse Church’s website and visiting “my area/my details”.
b) A formal “Subject Access Request” can be used by individuals who want to see a copy of the information we hold about them. An individual who makes a written request and pays a fee (if requested) is entitled to be:
i. told whether any personal data is being processed;
ii. given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people;
iii. given a copy of the information comprising the data; and given details of the source of the data (where this is available).
c) Written Subject Access Requests should be emailed or posted to Rosemary Wroe at firstname.lastname@example.org or the Storehouse Church, Suite S, Wharton Park House, Nat Lane, Winsford, Cheshire. CW7 3BS. Please enquire if a fee is payable.
7. Who will have access to your information?
You have control over who is able to access specific items of information. By default your personal information will be visible to other authenticated users of the site. You can change these settings from your personal profile page. With your agreement, your information will be included as part of the online address book and your birthday will be shown in the Storehouse Church calendar.
From 25th May 2018, we will no longer store any personal data on children under the age of 16. If necessary we will verify an individual’s age before registration can take place. For children who are 16 or 17, consent to be registered will be obtained from the parent or guardian.
Consent is always obtained prior to publishing by the Storehouse Church, a recognizable image of a child on our website, Facebook pages or Google.
9. Facebook and other Social Media
Facebook Public page – people can view, like or follow the public page as they wish.
Facebook Storehouse Community page – only admins can add people and they only get added when they request to be added. They can remove themselves at will.
Messenger and Whatsapp groups – we have groups to aid day to day working of groups such as Core Team, Trustees and CREWS. Members of these groups are aware if they are added and can remove themselves at will.
10. What else you should know about privacy
Remember to close your browser when you have finished your user session. This is to ensure that others cannot access your personal information and correspondence if you share a computer with someone else or are using a computer in a public place
like a library or internet cafe. You as an individual are responsible for the security of, and access to, your own computer.
Please be aware that whenever you voluntarily disclose personal information over the internet, this information can be collected and used by others. In short, if you post personal information in publicly accessible online forums, you may receive unsolicited messages from other parties in return. Ultimately, you are solely responsible for maintaining the secrecy of your usernames and passwords and any account information. Please be careful and responsible whenever you are using the internet.
Our pages may contain links to other websites, and you should be aware that we are not responsible for the privacy practices on other websites.
11. Requests to be forgotten
If at any point you wish the Storehouse Church to delete all personal data held about you, please email Rosemary at email@example.com and we will delete your data from Insight – our church database and the platform for our website. If requested we will make best endeavours to remove any recognisable images of you posted by the Storehouse Church from Insight, Facebook and Google.
12. Queries, complaints and contacts
Rosemary Wroe is responsible for day to day implementation of the GDPR. To exercise all relevant rights, queries or complaints please in the first instance contact Rosemary by email firstname.lastname@example.org or by telephone 01606 592482.
Janine White is the Storehouse trustee with responsibility for overseeing the church’s adherence to GDPR. As such she is the Storehouse Church’s Data Protection Officer and can be contacted on email@example.com
For further queries you can contact the Information Commissioner’s Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
You have the right, where there is a dispute in relation to the accuracy or processing of your personal data, to request for Rosemary to place a restriction on further processing until the dispute has been resolved. You also have the right to lodge a complaint with the Information Commissioner’s Office should neither Rosemary or Janine be able to resolve your query to your satisfaction.
Updated 24.05.2018 RW