St Andrew’s United Reformed Church, Cheam
About us
Contact us
What's on
For members

To know Christ
and to make
Christ known


St Andrew’s • Cheam

Privacy Policy

This is the old version of the website which is not kept up to date.
For the current website please go to


This privacy policy sets out how St Andrew’s United Reformed Church, Cheam (‘the Church’) uses, processes and protects any personal data that you give it.

Personal data is information which relates to a living individual who can be identified from that data alone or in conjunction with any other information in the data controller’s possession or likely to come into their possession. The processing of personal data is governed by UK law1.

The data controller for the Church is the Elders Meeting, which comprises the serving elders2 of the Church.

There are different levels of privacy depending on the nature of the information held as explained below. However this policy covers all information that is held, relating to members, adherents, friends, employees and participants in activities controlled by the Church, including those for children and young people.

The Church is committed to ensuring that your privacy is protected. Should we ask you to provide certain personal information by which you or your children can be identified it will only be used in accordance with this privacy policy.

The Church may change this policy from time to time by resolution of the Elders Meeting. We will advise you using the contact details you have supplied of any change which affects our use of your data.

This policy is effective from 4 October 2021.

What we hold

We may hold and process the following information about you or your children if you or a member of your family provides it to us:

Contact details

  • Your name
  • Your home address
  • Your landline and mobile telephone numbers
  • Your email address

You may request that your address, telephone numbers or email be marked as 'ex-directory', in which case they will only be released or used in an emergency.

Church-related details

  • Your relationship to the Church: member, adherent, friend, young person or other
  • Any role you have in the Church, such as Elder, Pastoral Visitor, Church Secretary
  • The name of the Pastoral Visitor in whose district you are, if any
  • Any rotas for which you have volunteered
  • Details of your current or past subscription to the Church Magazine
  • Records of your recent attendance at church events or membership of church groups

Other personal details

  • The gender by which you identify yourself (male, female or other)
  • The family connection between you and other people in our records
  • Your dates of birth and of significant events relating to the Church (such as baptism, marriage and becoming a member)

Your financial gifts to the Church

  • Commitments you make to regular giving to the Church
  • Gift Aid declarations you make in favour of the Church
  • The value and dates of your giving

What we do with the information we hold

Your email address may be used in communications from the Church office or office bearers.

Your name and contact details may be released to leaders of church organisations or events who have a reasonable need to know these details.

If you have volunteered for any rotas, your contact details may be used to remind you of your scheduled duties, and you may elect to receive reminders of these duties by email, text message to your mobile phone or calls to your landline phone. Your name and duties for the upcoming fortnight will be visible on a public page of the church website, and more details of your future duties will be visible to the managers of the rotas.

If you are a member or adherent we will include you in our count of members and adherents submitted annually to URC headquarters. From time to time the URC also requests more detailed breakdowns of membership, for example by age. None of these reports identifies individuals by name.

The data listed above as Contact details, Church-related details and Other personal details, but not Your financial gifts to the church are held in a database which is accessible only to nominated Church office bearers and staff for the purpose of fulfilling the Church’s mission. These individuals have been made aware of and have committed to uphold this privacy policy.

The information listed above as Your financial gifts to the Church is held only by the Treasurer or an Assistant Treasurer and is released to others only for the purpose of managing and audit of the accounts and for reclaim of Gift Aid from HMRC. If you participate in Gift Aid we may be required to provide your home address to HMRC, even if you have elected to make that ex-directory.

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and management procedures to safeguard and secure the information we collect.

The lawful basis under whch we hold your data

UK data protection laws1 stipulate a number of lawful reasons for the Church holding your personal information.

In the case of members and adherents and their children we assert that the Church has a legitimate interest in processing their data. In the case of employees, the Church has a contractual relationship with them. In the case of friends, we have or will have obtained consent from the data subjects.

The Church is aware that the personal information it holds may indicate the religious beliefs of the data subjects and thus constitute a special category of data under data protection law. This use is permitted under the data protection laws as the Church is a not-for-profit body with a religious aim.

The Church website

If you log on to the Church website, it records the most recent time you used a page. This is done so that long-unused accounts may be deleted. The Church’s website is hosted in the UK by a commercial supplier, which logs information which ultimately could be used to track all your activity on the site, but this is only accessed for the purposes of improving the site (for example, correcting any broken links).

Most interaction between your computer or device and the Church website is strongly encrypted in both directions. You can tell encrypted pages by the 'https' prefix to the web address. Your personal data which is held in a database is only accessible to Church staff and office bearers with a need to have such access, and that access is protected by individual passwords and commensurate security measures.

How we use cookies

A cookie is a small piece of information placed by a website on your computer or smart phone. The Church’s website uses cookies only as part of its security measures to ensure that private information is accessible only by those with the authority to view it.

You can choose to decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This will prevent you from using some features of the website.

Links to other websites

Our website contains links to other websites of interest. While we believe these to be free from harmful software, you should note that if you use one of these links we do not have any control over the other website and we cannot accept responsibility for the protection and privacy of any information which you provide whilst visiting such sites, which are not governed by this privacy policy. You should exercise caution and look at the privacy statement applicable to the website in question.

Retention of records

Some of the information listed above is held in paper records, including the Roll of Members, the Cradle Roll (of children baptised in the church), archive copies of the Church Magazine and minutes of meetings. These historical records are retained indefinitely.

Statutory certificates of marriages carried out in the church are held in a fireproof safe for the period required by the registration authorities.

Your records in the computer-based database will be deleted 24 months after you cease to be a member, adherent, friend or employee of the Church. Employment records and records relating to safeguarding are kept for as long as is required by law or recommended by regulatory bodies.

Photographs and video recordings

From time to time we take photographs to illustrate the life of the church. We use these photographs on our website and in printed publications and other documents. We do not identify individuals by name in captions or accompanying text unless there is a specific reason to do so. We do not use pictures of children showing their faces at a recognisable size without asking permission from their parents or guardians.

We do display posters within the church premises showing pictures of office bearers and staff together with their names and responsibilities.

Security cameras operate in and around the Church premises. The equipment holds the recordings for around 30 days. They may be held for longer if needed for the investigation of suspected criminal or safeguarding issues.

Video recordings are made of events within the church sanctuary, such special services, weddings, funerals or concerts. Copies may be made available to participants. If the Church fixed equipment is used to make the recording, the master copy is retained for no longer than 24 months.

Most worship services are live-streamed to a commercial hosting site. They are available for anyone in the world to watch as they happen and for a period of normally 7 days thereafter. The purpose of doing this is to allow housebound members to participate in the service, and it may also serve to attract prospective members. An area of the church which the video cameras do not cover is available for any who do not want to be seen. A form is available for parents or guardians to allow (or forbid) their children to appear on video.

If you have any concern about our present or future use of your or your children’s images please let us know as soon as possible in writing to the Church Secretary.

Disclosing your personal information

The Church respects the privacy of its members and will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

You may request details of personal information which we hold about you as required by the legislation. If you would like a copy of the information held on you or your children please make a request to the Church Administrator

You may request that the Church deletes all the personal data that the Church holds about you or your children. If you would like this done please make a request to the Church Administrator.

If you believe that any information we are holding about you or your children is incorrect or incomplete, please contact the Church Administrator. or write to her at St Andrew’s URC, Northey Avenue, Cheam, Sutton SM2 7HF. We will promptly correct any information found to be incorrect.

Adopted by the Elders Meeting on 4 October 2021.

1 The UK data protection laws as of the date of adoption of this policy are the UK General Data Protection Regulation as enacted by the European Union (Withdrawal) Act 2018 and the Data Protection Act 2018.

2 The membership of the Elders Meeting may be found at