Welcome to the privacy notice for Bethlehem Evangelical Church, Ysguthan Road, Sandfields, Port Talbot.
Bethlehem Evangelical Church respects your privacy and are committed to protecting your personal information (personal data). This privacy notice lets you know how we look after your personal data which either you provide to us or we obtain and hold about you and it tells you about your privacy rights and how the law protects you.
This privacy notice is available online in a layered format so you can click through to the specific areas that you may be interested in. These are set out below. Alternatively you can download a PDF version (PDF version) or you may have been provided with a hardcopy (printed) version of the notice.
Please also use the Glossary to understand the meaning of some of the terms used in this privacy notice.
PURPOSE OF THIS PRIVACY NOTICE
This privacy notice aims to give you information on how Bethlehem Evangelical Church collects and processes your personal data which either you provide to us or we obtain and hold about you including any data you may provide when you become a member, volunteer to help at Bethlehem Evangelical Church, or provide your details to be included in the church directory.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or dealing with personal data about you (e.g. website privacy notices and employment privacy notices) so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
CONTROLLER
Trustees for Bethlehem Evangelical Church are the controller and responsible for general data protection issues arising in respect of day to day matters such as lists of members, third party users of church premises and lay employees employed by the Church. They are also responsible for data protection matters concerning safeguarding and complaints and discipline issues. When we mention the controller we mean the relevant controller.
We have appointed a data protection working party (Working Party) comprised of representatives from both controllers which is responsible for overseeing questions in relation to this privacy notice.
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the relevant contact for the Working Party using the details set out below.
CONTACT DETAILS
Our full details are:
The Local Contact is the individual at the Local Church, who is responsible for day to day administration of data protection matters and their details will be set out in the fair processing notice issued by that charity.
The controller for routine, day to day data protection matters for Bethlehem Evangelical Church is Jonathan Morris.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO so please contact us in the first instance.
CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES
This version was last updated on 23/09/2019.
We have the right to update and amend the provisions of this notice to ensure continual compliance with data protection legislation. We will provide you with copies of the new notice wherever it is practically possible to do so but please check the online or locally displayed hard-copy notice regularly to see if any updates have been made.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with Bethlehem Evangelical Church.
Personal data, or personal information, means any information about a living individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about our members, ministers, volunteers, employees, adherents, church attendees, users of our premises, those who are interested in and supportive of the work of Bethlehem Evangelical Church, individuals who provide services to us and individuals who contact us.
We have grouped the different kinds of personal data together as follows:
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with accommodation under a tenancy agreement or process gift aid payments). We will notify you if this is the case at the time.
We use different methods to collect data from and about you including through:
FAIR PROCESSING
Bethlehem Evangelical Church takes its obligations under data protection law (including the General Data Protection Regulation (GDPR)) seriously. We keep personal data as up to date as possible and take active steps to rectify any personal data we find to be incorrect. We store and destroy personal data securely and do not collect or retain personal data which is in excess of our processing activities. We take steps to protect all personal data (including Special Category Data) from loss, misuse, unauthorised access and disclosure by ensuring that appropriate measures are in place to protect personal data.
Bethlehem Evangelical Church ensures that personal data is processed in accordance with the principles of the GDPR and is processed:
HOW WE USE YOUR DATA
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
In rare cases we may need to use your personal data in the following circumstances:
To find out more about the types of lawful basis that we will rely on to process your personal data.
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sharing your personal data with third parties (including where Contact Details are made publically available through Church Directory, Notices and noticeboards), sending marketing communications to you via email or to legitimise dealing with Special Category Data. You have the right to withdraw consent at any time by contacting the appropriate Local Contact although this will not prevent processing where the law allows us to process for a different reason in addition to consent.
SPECIAL CATEGORY DATA
Where data processing relates to Special Categories of Data (e.g. health information included in pastoral records or prayer requests) the following processing conditions apply in addition to the legal basis identified in the table in the Annex to this privacy notice:
PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We have set out in detail in the Annex to this privacy notice, in a table format, a description of the main ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact Jonathan Morrisif you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table in the Annex.
NOTIFYING YOU ABOUT EVENTS AND FUNDRAISING
We like to notify our members, those in regular contact with Bethlehem Evangelical Church and third parties who support Bethlehem Evangelical Church about upcoming church events and fundraising opportunities so that you can play as much of a role in the life of the Church as you choose from time to time. Most of the time we will let you know about such opportunities on the basis that we have a legitimate interest in doing so.
If we decide to contact you by email or telephone where you are registered with the telephone preference service we will provide you with choices as required to do so under data protection legislation and the Privacy and Electronic Communications Regulations 2003 (PECR).
THIRD-PARTY MARKETING
As a Church we will not share your personal data with any third parties for marketing purposes but if a Local Church thought you might be interested in hearing from another Christian denomination or a community group or charity about certain events or fundraising we will get your express opt-in consent to us sharing your information with them before we do so.
OPTING OUT
You can ask us or third parties to stop sending you marketing messages (e.g. messages about church events or fundraising) at any time by contacting your Local Contact.
COOKIES
If you are using a Local Website (defined in Section 3) you can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of a Local Website may become inaccessible or not function properly. For more information about the cookies we use on a Local Website please see the Local Website privacy notice.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact the Local Contact.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
SHARING PERSONAL DATA
We treat all personal data as strictly confidential, except where consent has been provided for it to appear in publications available to general members of the public.
Personal data will not be shared with third parties, other than those listed below unless we are legally obliged to do so or:
We will ask all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow third-parties to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may at times transfer and process personal data outside of the EEA. This is particularly relevant where Bethlehem Evangelical Church is engaged with providing missionary and support services abroad.
Storing, publishing or transmitting personal data via the internet, (this includes by email), is not completely secure and therefore whilst Bethlehem Evangelical Church takes all reasonable and necessary precautions to protect personal data from unauthorised access, you acknowledge that there is a risk that your personal data may be transferred and accessed outside of the EEA.
We implement reasonable and appropriate security measures against unlawful or unauthorised Processing of personal data and against the accidental loss of, or damage to, personal data in accordance with our internal data security policy. In addition, we limit access to your personal data to those members, volunteers, ministers and employees who have a need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place reasonable and appropriate procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
HOW LONG WILL YOU USE MY PERSONAL DATA FOR?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Unless personal data is subject to an exemption under GDPR, such as it is subject to the prevention, investigation, detection or prosecution of a criminal offence, you have the following rights with regards to your personal data:
Contacting the ICO
Further information, guidance and advice is available from the ICO at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Web: https://ico.org.uk/global/contact-us/
If you wish to exercise any of the rights set out above, please contact your Local Contact.
NO FEE USUALLY REQUIRED
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
WHAT WE MAY NEED FROM YOU
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
TIME LIMIT TO RESPOND
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
“controller” is the controller described in Section 1 of this privacy notice.
“data subject” is a living, identified or identifiable individual about whom personal data is held. e.g. our members, volunteers, lay employees, those who join us in worship and/or those who are interested in and supportive of the work of the Methodist Church and third parties such as community groups who use our buildings and other third parties.
“explicit consent” is a very clear and specific statement of consent.
GDPR means the General Data Protection Regulation ((EU) 2016/679). Personal data is subject to the safeguards specified in the GDPR.
“lawful bases” are the five lawful grounds on which we can lawfully process personal data set out under Article 6 of GDPR. The lawful basis or bases on which we rely are set out under Section 4 of this privacy notice.
“Local Contact” is the individual at the Local Church, who is responsible for day to day administration of data protection matters whose details will be set out in the fair processing notice or in the absence of specific information, the minister (in the case of a Local Church. “Church” refers to Bethlehem Evangelical Church, Ysguthan Road, Sandfields, Port Talbot.
“personal data” is any information identifying a living individual or information relating to an individual that can be identified from that information/data (alone or in combination with other information in your hands or that can reasonably be accessed). Personal Data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behaviour. Personal information includes an individual’s name, address, date of birth, telephone number, email address, a photograph or disability, health or ethnicity data.
“Processing” “processed” or “process” means any activity that involves the use of personal data. It includes obtaining, recording or holding the data, or carrying out any activity or set of activities on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring personal data to third parties. E.g. sharing member information by email and shredding when information is no longer required.