St Andrew’s United Reformed Church, Cheam
St Andrew’s Cheam
To know Christ and to make Christ known

Privacy Policy

Purpose

This privacy policy sets out how St Andrew’s United Reformed Church, Cheam (‘the Church’) uses, processes and protects any personal data that you give it.

Personal data is information which relates to a living individual who can be identified from that data alone or in conjunction with any other information in the data controller’s possession or likely to come into their possession. The processing of personal data is governed by the General Data Protection Regulation1 (the GDPR).

The data controller for the Church is the eldership, which comprises the serving elders2 of the Church.

There are different levels of privacy depending on the nature of the information held as explained below. However this policy covers all information that is held, relating to members, adherents, friends, employees and participants in activities controlled by the Church, including those for children and young people.

The Church is committed to ensuring that your privacy is protected. Should we ask you to provide certain personal information by which you or your children can be identified it will only be used in accordance with this privacy policy.

The Church may change this policy from time to time by resolution of the Elders Meeting. We will advise you using the contact details you have supplied of any change which affects our use of your data.

This policy is effective from 25 May 2018.

What we hold

We may hold and process the following information about you or your children if you or a member of your family provides it to us:

Contact details

  • Your name *
  • Your home address *
  • Your landline and mobile telephone numbers *
  • Your email address

Church-related details

  • Your relationship to the Church: member, adherent, friend, young person or other *
  • Any role you have in the Church, such as Elder, Pastoral Visitor, Church Secretary *
  • The name of the Pastoral Visitor in whose district you are, if any *
  • Any rotas for which you have volunteered
  • Details of your current or past subscription to the Church Magazine
  • Records of your recent attendance at church events or membership of church groups

Other personal details

  • The gender by which you identify yourself (male, female or other)
  • The family connection between you and other people in our records
  • Your dates of birth and of significant events relating to the Church (such as baptism, marriage and becoming a member)

Your financial gifts to the Church

  • Commitments you make to regular giving to the Church
  • Gift Aid declarations you make in favour of the Church
  • The value and dates of your giving

What we do with the information we hold

With your agreement, the information marked with * above may be published in a printed directory of which copies are available at a small charge to all members and adherents. Upon request to the Church Administrator your landline or mobile phone numbers or your address will be suppressed from future copies of this directory.

Your email address may be used in communications from the Church office or office bearers.

If you have volunteered for any rotas, your contact details may be used to remind you of your scheduled duties, and you may elect to receive reminders of these duties by email, text message to your mobile phone or calls to your landline phone. Your name and duties for the upcoming fortnight will be visible on a public page of the church website, and more details of your future duties will be visible to the managers of the rotas.

If you are a member or adherent we will include you in our count of members and adherents submitted annually to URC headquarters. From time to time the URC also requests more detailed breakdowns of membership, for example by age. None of these reports identifies individuals by name.

The data listed above as Contact details, Church-related details and Other personal details, but not Your financial gifts to the church are held in a database which is accessible only to nominated Church office bearers and staff for the purpose of fulfilling the Church’s mission. These individuals have been made aware of and have committed to uphold this privacy policy.

The information listed above as Your financial gifts to the Church is held only by the Treasurer or an Assistant Treasurer and is released to others only for the purpose of managing and audit of the accounts and for reclaim of Gift Aid from HMRC.

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and management procedures to safeguard and secure the information we collect.

The lawful basis under whch we hold your data

The GDPR stipulates a number of lawful reasons for the Church holding your personal information.

In the case of members and adherents and their children we assert that the Church has a legitimate interest (GDPR clause 6.1.f) in processing their data. In the case of employees, the Church has a contractual relationship with them (GDPR clause 6.1.c). In the case of friends, we have or will have obtained consent from the data subjects (GDPR clause 6.1.a).

The Church is aware that the personal information it holds may indicate the religious beliefs of the data subjects and thus constitute a special category of data under the GDPR. This use is permitted under the GDPR (clause 9.2.d) as the Church is a not-for-profit body with a religious aim.

The Church website

If you log on to the Church website, it records the most recent time you used a page. This is done so that long-unused accounts may be deleted. The Church’s website is hosted in the UK by a commercial supplier, which logs information which ultimately could be used to track all your activity on the site, but this is only accessed for the purposes of improving the site (for example, correcting any broken links).

Most interaction between your computer or device and the Church website is strongly encrypted in both directions. The only exceptions are some pages in the News area, where the inclusion of external links may prevent encryption being used. You can tell encrypted pages by the 'https' prefix to the web address. Your personal data which is held in a database is only accessible to Church staff and office bearers with a need to have such access, and that access is protected by individual passwords and commensurate security measures.

How we use cookies

A cookie is a small piece of information placed by a website on your computer or smart phone. The Church’s website uses cookies only as part of its security measures to ensure that private information is accessible only by those with the authority to view it.

You can choose to decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This will prevent you from using some features of the website.

Links to other websites

Our website contains links to other websites of interest. While we believe these to be free from harmful software, you should note that if you use one of these links we do not have any control over the other website and we cannot accept responsibility for the protection and privacy of any information which you provide whilst visiting such sites, which are not governed by this privacy policy. You should exercise caution and look at the privacy statement applicable to the website in question.

Retention of records

Some of the information listed above is held in paper records, including the Roll of Members, the Cradle Roll (of children baptised in the church), archive copies of the Church Magazine and minutes of meetings. These historical records are retained indefinitely.

Statutory certificates of marriages carried out in the church are held in a fireproof safe for the period required by the registration authorities.

Your records in the computer-based database will be deleted 24 months after you cease to be a member, adherent, friend or employee of the Church. Employment records and records relating to safeguarding are kept for as long as is required by law or recommended by regulatory bodies.

Photographs and video recordings

From time to time we take photographs to illustrate the life of the church. We use these photographs on our website and in printed publications and other documents. We do not identify individuals by name in captions or accompanying text unless there is a specific reason to do so. We do not use pictures of children showing their faces at a recognisable size without asking permission from their parents or guardians.

We do display posters within the church premises showing pictures of office bearers and staff together with their names and responsibilities.

Security cameras operate in and around the Church premises. The equipment holds the recordings for around 30 days. They may be held for longer if needed for the investigation of suspected criminal or safeguarding issues.

Occasional video recordings are made of events within the church sanctuary, such as special services, weddings, funerals or concerts. Copies may be made available to participants. If the Church fixed equipment is used to make the recording, the master copy is retained for no longer than 24 months.

If you have any concern about our present or future use of your or your children’s photographs please let us know as soon as possible in writing to the Church Administrator.

Disclosing your personal information

The Church respects the privacy of its members and will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

You may request details of personal information which we hold about you as required by the General Data Protection Regulation. If you would like a copy of the information held on you or your children please make a request to the Church Administrator.

You may request that the Church deletes all the personal data that the Church holds about you or your children. If you would like this done please make a request to the Church Administrator.

If you believe that any information we are holding about you or your children is incorrect or incomplete, please contact the Church Administrator or write to her at St Andrew’s URC, Northey Avenue, Cheam, Sutton SM2 7HF. We will promptly correct any information found to be incorrect.

1 The General Data Protection Regulation may be found at gdpr-info.eu/.

2 The membership of the Elders Meeting may be found at standrews-cheam.org.uk/elders_list.

fox-transient