At King’s Church, we take your privacy very seriously and will take all necessary care to guard any personal data that we gather.
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2018 (the “GDPR”).
Who are we?
King’s Church Edinburgh is a Registered Scottish Charity, number SC034328. We are the “data controller”. We comply with our obligations under the “GDPR” by keeping your personal data up to date; by storing and destroying it securely; by not collecting or retaining unnecessary or excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure; and by ensuring that appropriate technical measures are in place to protect personal data.
How do we collect personal data?
We collect personal data each time you are in contact with us. For example, when you:
- provide your contact details digitally, in writing, or orally, to King's Church staff or volunteers;
- attend church services or participate in other church activities, events or courses;
- communicate with King's Church by means such as email, letter, or telephone;
- attend face to face meetings with King’s Church staff and volunteers;
- register or login to ‘ChurchSuite’ (our church database system);
- make a donation to King's Church electronically or via our website or ChurchSuite.
What do we do with personal data?
We use your personal data for the following purposes:
- To administer our church congregation member lists including our contact list;
- To manage our employees and volunteer teams.
- To carry out statistical analysis; to monitor trends in attendance at services, small groups and courses to help us be more responsive to the needs of the church and our community.
- To assist us in making the Church’s meetings and other services more accessible and valuable to our community.
- To fundraise and promote the interests of the charity.
- To maintain our own accounts and records (including processing Gift Aid applications).
- To inform you of news, events, activities and courses run by King’s Church.
- To register you for events, courses and other church activities, and keep you informed about them.
- To provide effective pastoral care for members and attendees of King’s Church.
- If you have any pastoral discussions with elders, pastoral staff, or small group leaders, they may keep notes to ensure they can continue supporting you. These may be shared with the elders of King's Church or with appointed pastoral staff or key pastoral volunteers such as small group cluster leaders.
- We collect the IP address of any device you use to login to ChurchSuite in order to identify suspicious activity and ensure your information remains secure.
The legal basis
Under GDPR we rely on a specific legal basis for all information we collect. The legal basis is different depending on the purpose for which the data was collected.
- We rely on your explicit consent to keep you informed about news, events, activities and services; and to process your Gift Aid.
- We can process your personal data if (i) we have a genuine and legitimate reason; and (ii) are not harming any of your rights and interests. We rely on this basis to share your information with small group leaders and other selected church members in order to facilitate the running of church services, courses and events. We also rely on this basis to record your participation in certain courses and events at King’s Church.
- We rely on a legal obligation where processing is necessary for carrying out obligations under employment, social security or social protection law.
- Data collected about children or young people (for example, at one of our kids work groups) is held on parental consent, vital interest, and sometimes in order to fulfil our legal obligations.
- Personal information is regarded as “sensitive” when it reveals a person’s religious beliefs. This may apply to our membership lists, and any pastoral notes that elders or small group leaders take. Sensitive data can be processed by a not-for-profit body with a political, philosophical, religious or trade union aim provided: –
- the processing relates only to members or former members of King's Church (or those who have regular contact with it in connection with those purposes); and
- there is no disclosure to a third party without consent.
Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church. We will only share your data with third parties outside of the church with your consent.
If you serve on any team or take on any duty, rota or role within the congregation, your personal data may be shared with other members of the congregation. You will be informed if your personal data will be shared more widely than this.
We may also share your information or disclose it to third parties where required to comply with any court order or other legal obligation or when data is requested by government or law enforcement authorities, to enforce any agreements, or to protect the rights, property, or safety of us, members of the congregation or others.
How long do we keep personal data?
We keep data relating to members and attendees of King’s Church for up to 2 years after they cease to be members or attendees, but if you want to stay in touch you can request that we keep your data for longer. If you want us to stop keeping your data, you have the right to request that your data be immediately destroyed, except where our legal obligations are concerned. For example, we are legally required to keep Gift Aid declarations and associated paperwork for up to 7 years after the tax year to which they relate.
For a full data retention schedule, please refer to our Data Protection Policy on our website: www.kingschurchedinburgh.org.
Unless subject to an exemption under the GDPR, you have the following rights with respect any of your personal data that King’s Church Edinburgh holds:
- The right to request a copy of your personal data.
- The right to request that we correct any personal data if it is found to be inaccurate or out of date.
- The right to request your personal data is erased where it is no longer necessary us to retain it.
- The right to withdraw your consent to the processing at any time.
- The right to request that we provide you with your personal data and where possible, that we transmit that data directly to another data controller. (This is known as the right to data portability).
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
- The right to object to the processing of personal data, where applicable.
- The right to lodge a complaint with the Information Commissioner’s Office.
To exercise all relevant rights, queries or complaints please in the first instance contact us by email: firstname.lastname@example.org
You can contact the Information Commissioner’s Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.