In accordance with the General Data Protection Regulations (GDPR), we have implemented this privacy notice to inform you of the types of data that we process about you. We also include within this notice the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.
Data Protection Principles
Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
Your personal data – what is it?
“Personal data” is any information about a living individual which allows them to be identified from that data (for example a name, photographs, videos, email address, or address). Identification can be by the information alone or in conjunction with any other information.
This privacy notice is provided by City Church Manchester, which is the data controller for your data. In the rest of this notice “we” refers to City Church Manchester.
Your privacy is important to us and we are committed to safeguarding the privacy of your information.
Special Categories of Personal Data – what is it?
Data relating to:
Types of Data Held
We keep several categories of personal data in order to carry out effective and efficient processes. We keep this data in locked cabinets located in the operations office and we also hold the data within computer systems such as ChurchSuite, Asana, Google Apps, Xero Financial, Mailchimp Marketing, Stewardship Giving, Stripe Credit/Debit, and GoCardless Direct Debit
The categories of information that we collect, hold and share include:
Why are we collecting your data?
The law on data protection allows us to process your data for certain reasons only. In the main, we process your data in order to provide appropriate pastoral care, to monitor and assess the quality of our services, to fulfil our purposes as a church and to comply with the law regarding data sharing. In legal terms this is called ‘legitimate interests’. When it is required, we may also ask you for your consent to process your data. We do not share your information with others except as described in this notice.
An example of this would be our safeguarding work to protect children and adults at risk. We will always consider your interests, rights and freedoms. Some of our processing is necessary for compliance with a legal obligation. For example, we are required by HMRC to provide details of your personal data when your donations are eligible for Gift Aid. Religious organisations are also permitted to process information about your religious beliefs to administer membership or contact details. Where your information is used other than in accordance with one of these legal bases, we will first obtain your consent to that use.
How do we process your personal data?
We, as the data controllers, will comply with the legal obligations to keep personal data up to date; to store and destroy it securely; to not collect or retain excessive amounts of data; to keep personal data secure, and to protect personal data from loss, misuse, unauthorised access and disclosure and to ensure that appropriate technical measures are in place to protect personal data.
We use your personal data for some or all of the following purposes:
Storing your data
We hold your data for varying lengths of time depending on the type of information in question but in doing so we always comply with Data Protection legislation. We will contact you annually to check that the information we are holding is accurate and that you agree to us holding it.
Who do we share your information with?
We will not share your information with third parties without your consent unless the law requires us to do so. Your personal data will be treated as strictly confidential. It will only be shared with third parties where it is necessary for the performance of our tasks or where you first give us your prior consent. It is likely that we will need to share your data with some or all of the following (but only where necessary):
Examples of our approved 3rd parties are:
Your details will never be shared with anyone outside of City Church Manchester without your express advance permission, except in certain limited situations, such as where we are required to do so by law or to protect members of the public from serious harm.
We take the safeguarding and personal privacy of children extremely seriously. The information in this Privacy Notice is equally applicable to children. According to UK Law, the age that children are considered a parent’s responsibility for the purposes of data protection is up to 12 years old. Following that age, children’s data protection will be treated in the same way as an adult (with consent sought from them as needed). For more information about Children’s Rights, please visit https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/applications/children/
There is a minimum amount of personal data that we need to keep and use for your children, for legal and safeguarding purposes. On Sunday mornings, for example, if your child is going into City Kids, we need to know your child’s name, their age, if they have allergies and who their parents are etc, so we can keep them safe and know what to call them! You will have filled out a registration form the first time you put them in.
Requesting access to your personal data
Under Data Protection legislation, you have the right to request access to information about you that we hold. To make a request for your personal information contact our Executive Pastor.
You also have the right to:
Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data.
For further information on how your information is used, how we maintain the security of your information and your rights to access information we hold on you please contact the Executive Pastor.
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/
If you would like to discuss anything in this privacy notice, please contact: