New Life Church Rugby
Data Privacy Notice
‘Personal data’ relates to a living individual who can be identified from that data.
New Life Church Rugby (NLC) uses personal data and is the ‘data controller’ which means it decides how your personal data is processed and for what purposes.
NLC complies with its obligations under the General Data Protection Regulation 2018 (GDPR) and will keep your personal data up to date, not collect or retain excessive data, and will protect your personal data from loss, misuse, unauthorised access and disclosure by ensuring that appropriate technical measures are in place.
Why and how we use your personal data
NLC uses your personal data for the purposes of:
- church administration (membership records and contact details, accounts)
- pastoral care (circulating prayer requests, mobilising support)
- safeguarding of children and vulnerable adults (escalating to appropriate bodies when legally required so to do)
- requesting and reviewing DBS records
- informing you of news, events and activities or services (at NLC and other relevant and related churches or organisations)
- processing gift aid applications
- contacting you for your opinions about current or proposed activities and events
- managing contracts with you
If we wish to use your data for other purposes in future, we will explain this new use before starting to process it and seek your prior consent where necessary.
NLC is allowed to process your personal data for these purposes only when:
- we have your explicit consent (needed for general communication),or
- we have a legitimate interest (e.g. for administration of rotas), or
- we have to comply with a legal obligation (e.g. gift aid, safeguarding), or
- it is necessary for the management or performance of a contract with you
Your personal data will be treated as strictly confidential. It is stored securely in:
- ChurchSuite which is itself fully compliant with its obligations under GDPR; – https://churchsuite.com/privacy-policy
- Google Drive which is itself fully compliant with its obligations under GDPR; – https://policies.google.com/privacy
- Mailchimp which is itself fully compliant with its obligations under GDPR; – https://mailchimp.com/legal/privacy/
- Church Office
Personal data for members who no longer attend after 12 months is first archived for 12 months in case of any legal claims, complaints or safeguarding issues. Then it is considered obsolete and erased unless NLC has legal obligations to keep the data longer (e.g. HMRC requires to keep financial data for 6 years). Data for visitors obtained for reasons such as child safeguarding or short-term contact is considered obsolete 8 weeks after their last visit or contact and is erased.
Your consent and your control
We will seek your consent for processing your personal data for some purposes such as contacting you by email, SMS, post or phone.
You can change your consent at any time and you can control what personal data is visible to other church members online or as printed copy.
If you withhold your consent, limit how we can contact you, or restrict what information is visible to others, it will be more difficult, and sometimes not possible, to give you adequate pastoral support, allow other church members to contact you, and keep you informed with up-to-date news and information.
Wherever possible we will seek your consent using online forms in ChurchSuite which will provide the evidence we require under GDPR and give you a confirmation of your data and consent. Paper forms will be used for those without online access.
As stated in previous section, GDPR allows NLC to process your personal data without your consent if we have to comply with a legal obligation, have legitimate interest, or it is necessary for a contract with you.
Your rights about your personal data
You have the following rights with respect to your personal data:
- request a copy of the personal data which NLC holds about you
- request that NLC corrects any personal data that is inaccurate or out of date
- request that your personal data is erased when there is no longer a need to retain it (‘right to be forgotten’); we may have legal obligations that mean we have to retain your data for a time – any legal obligations will be communicated to you at the time of your request
- withdraw your consent to the processing of your data at any time
- lodge a complaint with the Information Commissioners Office (ICO)
NLC will provide, or correct, or erase your personal data within one month of receipt. We may extend the period by a further two months where requests are complex or numerous. If this is the case, we will inform you within one month of the receipt of the request, and explain why the extension is necessary.
In the event of any queries or concerns, please contact in the first instance the Trustees and Elders at New Life Church Rugby.
If your personal data is accidentally or unlawfully lost, altered, disclosed or accessed (that is, there has been a data breach), we will inform you and the ICO within 72 hours of finding out about this.
New Life Church Rugby, 28 – 42 Railway Terrace, Rugby, CV21 3LJ
Charity No. 1169454