Our Vision St Mary’s Cogges (“Cogges” or “the church”) uses personal data about living individuals for the purpose of general church administration and communication.

As a charity we rely on our member, volunteers, partners, staff and many other people who work with us to build a community that enables everyone to flourish. To be able to do this we need to use personal data and we take the privacy of such data very seriously. This privacy notice explains our approach.

Data Controller St Mary’s Cogges Parochial Church Council

Data Protection Officer James Webster

Last Updated November 2021

Privacy Contact Details office@coggesparish.com 01993 779613

Definitions

  • Personal data is information about a living individual which is capable of identifying that individual. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.

  • Processing is anything done with/to personal data, including storing it.

  • The data subject is the person about whom personal data are processed.

  • The data controller is the person or organisation who determines the how and what of data processing.

  • The GDPR is the General Data Protection Regulation 2016/679 which governs the processing of personal data.

What information we collect about you

We will process some or all of the following where necessary to perform our tasks:

  • Names, titles, and aliases, photographs;

  • Contact details such as telephone numbers, addresses, email addresses;

  • Where you provide them to us, we will process personal information such as gender, age, date of birth, marital status, nationality, volunteering interests rotas and history, education/work histories, academic/professional qualifications, hobbies, family composition, and dependents;

  • Where you provide them to us, we will process sensitive classes of information that may include physical or mental health details, racial or ethnic origin, religious or other beliefs, trade union membership and information about offences/alleged offences;

  • Where you pay to attend an event, buy merchandise or make donations, we will process financial identifiers such as bank account numbers, payment card numbers, security code, expiry date and payment/transaction identifiers (and for Gift Aid purposes, UK taxpayer status).

Where we collect your information

Cogges collects your personal data when you interact directly with us. This could be when you sign-up for our weekly news, attend an event, make a donation (thank you!) offer to volunteer (or apply for a job with us); or provide your data to us over the phone, by email, via the website and app, via physical mail, or in person.

If you have specific requirements e.g. in relation to accessibility or involving children, we may collect details of such requirements (which may involve you providing information about mental or physical health).

When you engage with Cogges’s social media accounts, we might also obtain your personal data through your use of platforms such as Facebook, Twitter or Instagram depending on your settings or the privacy notices of these social media and messaging services. To change your settings, please refer to their privacy notices which will tell you how to do this.

How we use your information

We use your personal data for the following purposes:

  • To plan, organise, administer and manage our church;

  • To keep you up to date with news of weekly services, year round events, activities and other information;

  • To process a donation that you have made (including Gift Aid information);

  • To administer and manage our employees and volunteers (including recruitment);

  • To maintain our own financial accounts and records;

  • To process a grant;

  • To deliver an event you are attending;

  • To plan, organise and administer support for you;

  • To enable us to provide pastoral care to our members and parishioners;

Legal basis for processing your personal information

Cogges relies on the following legal bases for processing personal data:

Consent of the data subject: The data subject has given consent to the processing of his or her data for one or more specific purposes. (Your consent may be withdrawn and these activities will stop)

  • to receive emails such as our weekly news;

  • to belong to the electoral role

  • to hold your contact details on our database (ChurchSuite)

Processing is necessary for the legitimate interests of the data controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.

Cogges will rely on this basis to:

  • Contact you in response to your donations;

  • Make Gift Aid claims;

  • To administer and manage our employees and volunteers (including recruitment);

  • To maintain our own financial accounts and records;

  • To process a grant;

  • To deliver an event you are attending;

  • To provide support to you as the recipient.

Generally you can not opt-out of this processing, for example we must account for where donations have come from. However, if you would prefer we do not use your personal information in this way, or want to change the way you hear from us, please speak to us.

Who we share your personal information with and why

Cogges will treat all your personal information as private and confidential and not disclose any data about you to anyone other than the staff and leadership of the church in order to facilitate the administration and day-to-day ministry of the church. (Leadership in this context is a wide definition includes volunteers leading an activity such as a Connect Group or Alpha Course.)

It will only be shared with third parties where it is necessary for the performance of our tasks; where we are legally required to share your personal data; where we share your personal data to protect you, Cogges, or another individual; or where you first give us your prior consent. We will not, under any circumstances, share with or sell your personal data to any third party for marketing purposes and you will not receive offers from other organisations as a result of giving your details to us.

It is likely that we will need to share your personal data with some or all of the following (but only where necessary):

  • website: Squarespace;

  • document storage: Dropbox, Google & Microsoft One Drive

  • process donations: GoCardless, Parish Giving Scheme; CAF

  • maintain our database software: ChurchSuite;

  • send out emails: MailChimp;

  • internal communications: Slack;

You can find the Privacy Notices for such service providers on their websites.

Data Protection

At Cogges, we take data protection and integrity very seriously. Only authorised staff and key volunteers have access to your personal information, and only when necessary. They are trained and understand the policies, processes and protocol for keeping it safe.

Transfer of personal information outside the European Economic Area (EEA)

Where information is transferred outside the EEA, we ensure that appropriate safeguards are in place to protect your information to the same or an equivalent level as would be found in UK and EU data protection legislation. One of the organisations we work with, our email service provider Mailchimp, processes personal information in the USA and has verified its data processing standards meet the EU-US Privacy Shield, which sets out clear safeguards and transparency responsibilities for US-based organisations processing personal information from EU citizens.

How long will we keep personal information

In general, we will endeavour to keep personal data only for as long as we need it. This means that we may delete it when it is no longer needed.

We will retain the personal data of a data subject on our database whilst the data subject remains an active member of Cogges as demonstrated by any of the following:

  • attending a church service or another church organised event;

  • opening electronic communications;

  • making a donation;

  • volunteering;

We will delete from our database the personal data of a data subject where the data subject is no longer an active member of Cogges (as demonstrated above) in which case the personal data will be deleted after 5 years have elapsed from the last occasion on which the data subject demonstrated active support for Cogges.

We will retain Gift Aid declarations and associated paperwork for 7 years after the the most recent donation was made by the data subject.

Your rights

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which Cogges holds about you;

  • The right to request that Cogges corrects any personal data if it is found to be inaccurate or out of date;

  • The right to request your personal data is erased where it is no longer necessary for Cogges to retain such data;

  • The right to withdraw your consent to the processing at any time;

  • The right to request that Cogges provides you with your personal data and, where possible, transmits that data directly to another data controller, (known as the right to data portability), (where applicable);

  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;

  • The right to object to the processing of personal data, (where applicable);

  • The right to lodge a complaint with the Information Commissioners Office.

Please note that if you ask us not to contact you, we will keep some basic information about you on our suppression list in order to avoid sending you unwanted materials in future.

How to ask us to access, amend or delete your information

If you would like to:

  • Tell us that your contact details have changed;

  • Advise us that we have incorrect, out-of-date or inaccurate details for you;

  • Ask us to stop sending you information or communications;

  • Have your details removed from our database; you can contact us directly or edit your own details through ChurchSuite if you have an account.

Children’s Information

Where appropriate, we will always ask for consent from a parent or guardian to collect information about children. We have clear rules on safeguarding of children and the collection of children’s information will be managed with appropriate safeguards in place.

Revisions

  • May 9th 2016 initial check-in - draft [James Webster]

  • May 10th 2016 format changes & clarifying the re-publishing of information already in the public domain [James Webster]

  • June 13th 2016 feedback from PCC Lay Chair (Harvey Leach) clarifications and detail around access control to database

  • Sept 19th 2017 typos and change of database provider

  • June 2019 major revision to increase clarity post GDPR [James Webster]

  • October 2020 minor revision to include date stored about gift recipient and to add One Drive as a storage platform

  • September 2021 - reviewed without change [James Webster]

  • September 2021 - adding CAF as partner we share personal data with [James Webster]

  • October 2021 - addition of pastoral support clauses [James Webster / David Spence]