Your privacy is of the utmost importance to us.
1. Your Personal Data – what is it?
When we use the term Personal Data in this Privacy Notice we refer to data collected or held by KingsGate that identifies and relates to you as an individual. Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or which is likely to come into such possession. The processing of personal data is governed by the UK General Data Protection Regulation 2016/679 (the “UK GDPR and the Data Protection Act 2018, the ‘DPA 2018’”).
2. Who are we?
KingsGate Community Church is a private limited company by guarantee incorporated and registered in England and Wales with the company number 5124435 whose registered office is 2 Staplee Way, Parnwell, Peterborough, PE1 4YT.
For the purposes of the UK General Data Protection Regulations and any other applicable data protection and privacy laws and regulations, KingsGate Community Church (including KingsGate Trading Ltd, a wholly owned subsidiary) will be the ‘data controller’ for all Personal Information we determine the means and purpose of processing and has registered with the Information Commissioners Office under registration number Z2648303.
3. How do we process your personal data?
KingsGate complies with its obligations under the UK GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes:
- To enable us to provide a voluntary service for the benefit of the public as specified in our constitution.
- This includes activities undertaken as KingsGate Community Church, Peterborough Foodbank and CareZone as well as other initiatives organised by the church
- To administer membership records.
- To promote the interests of the charity.
- To manage our employees and volunteers.
- To maintain our own accounts and records (including the processing of gift aid).
- To inform you of news, events, activities and services running at KingsGate.
- To keep you informed about news, events, activities and services from other organisations that KingsGate recommends and in which you may be interested; for example, Compassion, Bulembu, Romsey Mill.
4. What is the legal basis for processing your personal data?
The UK GDPR allows for something called 'legitimate interest'. This allows us to keep records on people who have an association with the church either because they come to church, are members, attend our events or courses or have asked to be kept in touch.
Legitimate interest means that it is in yours and our interest in conducting and managing our organisation to enable us to give you the best service we can.
We also process your data to comply with legal or regulatory obligations we are subject to.
Where personal data is collected for marketing purposes this is done with the consent of the data subject.
5. Financial Records and Card Details
All financial payments and records are held in accordance with The Payment Card Industry Data Security Standard (“PCI DSS”).
All credit/debit card donations made online or by phone, are made securely through third party service providers and payment gateways, which comply with the PCI DSS. Unredacted card details are not recorded and stored on our systems.
We do not store unredacted financial details (credit or debit card numbers) obtained through online transactions nor do we pass any information to third parties, except where we are legally required to do so, to assist fraud reduction, or to provide a service requested and minimise credit risks.
6. Marketing Purposes
Where we have your consent, we may also use your personal data for marketing purposes, which may include contacting you by phone, email, text message or post with information and news of services you may be interested in. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt out.
7. Sharing your personal data
Your personal data will be treated as confidential and will only be shared with other members of the church for purposes connected with the church. We do not share your information unless you have given us explicit instruction to do so.
The exception to this is where it is in the public interest and is necessary for the purposes of:
- Protecting an individual from neglect or physical, mental or emotional harm; or
- Protecting the physical, mental or emotional well-being of an individual where that individual is a child or is an adult at risk.
We do use third party processors to assist with our data processing. These include but are not limited to:
- Typeform (typeform.com)
- Planning Center Online (planningcenteronline.com)
- SurveyMonkey (surveymonkey.com)
- Microsoft Online Services, through the use of Microsoft 365 including Sharepoint and Dynamics
- Thirtyone:eight – an independent Christian safeguarding charity, who conduct Disclosure and Barring Service (DBS) checks, as well as offering other safeguarding support services
Wherever data is used on a third-party processor system KingsGate is still the Data Controller of that data, and the data is not used for purposes unrelated to KingsGate nor may it be re-used or transferred by the third party processor.
We will not transfer your personal information to countries outside the United Kingdom, except where we use the services of a third party who host data outside the UK. We will only use third parties who ensure that data hosted outside the UK is held in accordance with UK GDPR. Where data transfer is required outside these third parties separate consent will be sought.
Cookies are small text files which are transferred to your computer or device when you visit a wesite.
- To remember information about you, so you don’t have to give it to us again
- To keep you signed in, even on different devices
- To help us understand how people are using our services, so we can make them better
- To help us personalise our service to you by remembering your preferences and settings
- To find out if our emails have been read and if you find them useful
The types of cookies we use are defined as:
- Strictly necessary cookies
- These cookies are always on and you can’t turn them off unless you change your browser settings. We use them to make sure our services work correctly.
- Functional, performance and tracking cookies
- These cookies are used to make your experience more enjoyable, you can switch these on or off at any time and you can always change your mind. We’ll only use them if you’ve agreed.
- Third Party cookies
- These might be present if you use a social media company's share option to share something on our website. You can turn them off but not through us, only through the originating company.
Some cookes are only present for the time you are using our services and are erased when you close the browser. Others stay, sometimes forever and are saved onto your device so that they are available when you come back.
You can control these both through our settings, if we are currently using cookies where this is possible or by changing the settings on your own device.
9. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees or volunteers who have a business need to know.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any regulator of a breach where we are legally required to do so.
10. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting and reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
11. Your Rights
Unless subject to an exemption under the UK GDPR or DPA 2018, you have the following rights with respect to your personal data: -
- The right of access – to see what information we hold about you and to verify thelawfulness of our processing of your data.
- The right to correction – to correct the information we hold if it is incomplete or inaccurate.
- The right to erasure – “to be forgotten”; to have your information removed.
- The right to restrict processing – to change the way in which we use your data.
- The right to data portability – to obtain your information in order to transfer it to another service or organisation.
- The right to object; and to object to the way in which we are using your data.
- The right not to be subjected to automatic decision making including profiling – to have your information removed from any databases subject to automatic decision making processes.
- The right to lodge a complaint with the Information Commissioners Office.
If you would like to exercise any of the rights set out above, then please contact us.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is repetitive or excessive.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
12. Further Processing
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
13. Changes to this Privacy Notice
14. Contact Details
To exercise all relevant rights, queries of complaints please in the first instance contact us by email at email@example.com, or by contacting Data Protection, KingsGate Community Church, 2 Staplee Way, Peterborough, PE1 4YT.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.