Privacy Policy

Introduction

The privacy and security of the personal information you give to Christ Church Dunstable (CCD) is extremely important to us and we want to be clear and open about how and why we use this data. We want to keep you informed and for you to be confident when providing us with your personal data.
Christ Church Dunstable will never sell your personal data and will only share your data where we are legally obligated to and will ensure at all times that the privacy and security of your data is assured.

This policy will be updated from time to time and applies if you are a church member or attend any of the groups at Christ Church Dunstable, The Way, or The Way Coffee House.

About Us

We are Christ Church Dunstable (CCD), a registered charity number 1159475.

CCD consists of :-

  • The Church
  • The Way
  • The Way Coffee House
  • We have full and part time Pastoral and administrative employees and volunteers working from the Church Office (Aletheia House), in our main church building, and in The Way
  • We have members of the church running ministry groups in each of the above locations

What information we process?

Website

We do not collect any personal data from our website.

We use Google Analytics for collecting statistical, anonymised, data about the pages website users visit, the search terms they used to find the website and analysing the website’s performance and general user behaviour.

Members

When a new member is accepted into membership we collect personal details via the application forms with information such as full name, home address, contact details, children names and date of birth, members’ questionnaires indicating prior experience and how they can volunteer in the church.

Members data will be processed in the following ways :-

  1. Gift Aid processing (and anyone else giving via GA)
  2. Inform you about events the church is running
  3. Inform you about the running of the church
  4. Create the online members list directory
  5. Create the paper copy of the members list

Church Visitors

Visitors to CCD can complete visitor information cards and place them in the secure Red Boxes in the church building.  We only collect enough information to contact the individual – name, phone number and email address.

The Way Coffee House

Should a visitor to The Way Coffee House show an interest in other ministries that run in The Way, then relevant contact details and the interests will be recorded so future contact can be made.

The Way Ministries

CCD run a number of ministry groups such as patchwork, knit & natter, art, book club etc. Participants of these groups will normally provide personal details (name, phone number, email address etc.) for the purposes of running the group efficiently, keeping in contact and informing participants of the group’s plans and events.  Occasionally, where relevant, information may be sent about other groups running in The Way or events being held in the church.

Children’s Events

CCD run children’s events including annual Holiday Bible Clubs and various weekly clubs.  We will require personal data from both the parents and the children to allow us to fulfil our safeguarding duties and successfully run the events . We collect names, home and email addresses, phone, dates of birth and in some cases special dietary or allergy needs and any specific medical information as would be deemed sensible for looking after children. Our safeguarding policy is here.

Children

Older children groups and leaders will communicate  with each other typically using mobile communication.  Leaders will therefore collect and process their contact details.

Employees

We store data on employees as required to fulfil our employment contracts and will share data with HMRC for statutory purposes.

Volunteers

People serve in many capacities as volunteers leading small groups, or in the church office.  We may process additional information on a volunteer as required for their task such DBS registration, valid driving license and insurance for youth workers etc.

Contractors

We will process contact details and other relevant information to carry out business with contractors who perform work for the church.  

Global Mission Partners

CCD supports a number of mission partners and we will hold information to keep in contact with these people.  This may be about the individual or about a supporting organisation.

Other Information

We may keep a record of attendance for some events/clubs.  This may be for subs or fees; or just as information to help us better serve the needs of those attending.

For all members, friends and visitors of the church we will use your contact information to provide any information you requested and to inform you of other forthcoming church events.

Lawful reasons for data processing

With the exception of employees, our lawful reason for processing your data is Legitimate Interest.

Employee data is processed under the Contract reason.

Sharing your data

We will never sell your data.

Your data may be passed on to relevant bodies for statutory or legal reasons, such as HMRC for employees and gift aid declarations for anyone giving to the church.

We are moving towards using an online centralised application to store all contact information, however, currently data is stored in both paper and electronic forms.  

Data is shared with several data processors with which we have relevant contracts in place.

Central Database

A central database is used to securely store all electronic records in the cloud which contains all church member contact information, church members’ children and some relevant information from church events such as holiday bible club.  In time, all personal information will be held in the central database..

Client Application

The church, by its very nature, consists of members and a way of sharing members contact details is required.  We use a printed members book and a mobile/web client application which links to Central Database. Church members’ data will be available to each other by the printed and online applications. Note that only church members information is shared.  All other contact information is only available to the relevant leaders and administrative staff.

Individuals have the ability to control by means of preference settings what contact information is visible to other members.   The printed members book will contain all contact information.

Security of the app is provided either by the mobile device or the application.  Either the mobile device will be require authentication or the in-app PIN number security feature will be enabled.  Members of the church using the app will agree to using one of these two methods to secure fellow members’ personal data.  The ChurchSuite PIN or mobile device authentication must be complex.

If using ChurchSuite on a computer through a web browser then your computer must be password protected and your account not shared with non-members.

Data Retention

We will hold your data for differing lengths of times depending on your relationship with us and statutory legal requirements and the nature of the information.

How we secure your data

We take the security and safety of your data seriously and take relevant steps to ensure this is maintained.

We protect your data with multiple levels of relevant security at both the network and device level.

  • All computers are kept secure using multiple levels of security including unique authentication, encryption, up to date antivirus and security patches.
  • Appropriate firewalling is provided at the network level.
  • Mobile devices are encrypted where they hold personal data.
  • All data in transit is encrypted

Office Staff (employed and volunteer) complete mandatory security and data protection training when they commence employment and annually thereafter.

Subject access rights

If you would like further information regarding this privacy policy or you wish to make a subject access request then please write to us at Christ Church Dunstable, West Street, Dunstable, LU6 1SX or email privacy@christchurchdunstable.org.uk

We will ask you to provide the following details :-

  • The personal information you want to access
  • Where it is likely to be held
  • The date range of the information you wish to access

Before we are able to provide you with the information we will request sufficient information to confirm your identity. If we hold personal information about you, we will provide you with a copy of the information and an explanation of why we hold and use it.  For simple requests we will respond to you within one month of having confirmed your ID and for more complex requests the timeframe will be two months.

If you are not happy with the way we process your data then please come and talk to us so we can resolve any problem or query using the contact information above. You also have the right to contact the Information Commissioner’s Office (ICO) if you have any questions about Data Protection. You can contact them using their helpline 0303 123 113 or at www.ico.org.uk.

Changes to our privacy policy

We keep our privacy policy under regular review and will place any updates on our website at www.christchurchdunstable.org.uk/privacy. This privacy policy was last updated on 25 May 2018.