DATA PRIVACY POLICY

The Church of the Nazarene, Largs

The Church of the Nazarene, Largs, is committed to protecting your privacy and security. This policy explains how and why we use your personal data, to ensure you remain informed and in control of your information.

This policy applies if you are connected with the church (member, visitor, donor, volunteer, employee) or use any of our services, online, face to face, by post, over the phone or via SMS.

  1. Who are we?

In this policy, whenever you see the words ‘we’, ‘us’, ‘our’, or ‘church’, it refers to The Church of the Nazarene, Largs (Registered Charity No. SCO47352).

For the purposes of data protection law, the Church Board of Directors of the Nazarene, Largs, will be the “data controller”.  This means the Church Board decide how your personal data is processed and for what purposes.

As the Board are made up of different persons working together, we may need to share personal data with each other so that we can carry out our responsibilities to the Church and our community. This means we are all responsible to you for how we process your data.

The Church Board will identify a named person or persons to become the data protection lead for the organisation. 

  1. Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data (for example a name, photographs, videos, email address, or address). Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”) of 25th May 2018.

  1. What information we collect

We collect data you provide to us. This includes information you give when visiting, becoming a member, or communicating with us. For example:

  • personal details (name, date of birth, email, address, telephone etc.)
  • financial information (e.g. donation information such as direct debit details, and whether donations are gift-aided.) If you decide to donate to us then we may keep records of when and how much you give to a particular cause.

Involvement

Your involvement with the church will result in personal data being created. This would include registers held at children’s and young people’s groups, Alpha Courses and such like, and details of how you’ve helped us by volunteering or being involved in our activities and fundraising events. Occasionally we may conduct research and analysis on the information we hold, which can in turn generate personal data.

Special Category data

We do not normally collect or store Special Category data about visitors, volunteers and members (for example information relating to health, beliefs or political affiliation). However, some data we process is likely to constitute Special Category personal data because, as a church, the fact that we process your data at all may be suggestive of your religious beliefs.

Additionally, there may be other situations where Special Category data may be processed  (e.g. if you are employed by us or volunteer with us or if you have an accident on our premises or at one of our events). If this does occur, we’ll take extra care to ensure your privacy rights are protected.

Accidents or incidents

If an accident or incident occurs on our property, at one of our events or involving a visitor or one of our employees (including volunteers) then we’ll keep a record of this (which may include personal data and Special Category  personal data).

Employees / Volunteers

If you are an employee or volunteer (whether specifically for the church, or if you are helping us for other reasons – for example you work for another organisation which is running an event with us) then we may collect extra information about you (e.g. references, criminal records checks, details of emergency contacts, medical conditions etc.). This information will be retained for legal reasons, to protect us (including in the event of an insurance or legal claim) and for safeguarding purposes.

Marketing/Fundraising

As a charity, we rely on donations and support from others to continue our work. From time to time, we may contact members and those connected with us with fundraising material and communications. This might be about an appeal, a competition we’re running, or to suggest ways you can raise funds (e.g. a sponsored event or activity). We’ll only contact you specifically about fundraising if you’ve opted into receiving this from us (and you can, of course, withdraw consent at any time). If you tell us you want to fundraise to support our cause, we’ll use the personal information you give us to record your plans and contact you to support your fundraising efforts.

Children and Young people

We want children and young people to play an active part in the life of our church, and there may be opportunities in our children’s and youth activities for us to share their photos, stories, testimonies and pictures and creative work. If we publish your child’s picture, photo, story or testimony, we will usually include their first name and age with it.

Parental permission:

 If your child is under 13 then we’ll need permission from you as their parent or guardian us to share photos / videos.

Information for parents

We will take great care to protect and respect the rights of individuals in relation to their personal data, especially in the case of children.  If your child is under 13, we’ll only use his or her personal data with your consent. This means that, for example, if your child wants to have his or her name or picture featured in a newsletter or other printed material or online (e.g. social media, and website), we’ll need you to confirm you’re happy for us to do so. We won’t send fundraising emails, letters, calls or messages to under 13 year-olds.

  1. How do we process your personal data?

We comply with our obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We will use personal data for these purposes: –

  • To minister to you and provide you with pastoral and spiritual care (such as visiting you when you are ill or bereaved) and to organise and perform services for you, such as baptisms, dedications, weddings and funerals;
  • To deliver the Church’s mission to our community, and to carry out any other voluntary or charitable activities for the benefit of the public
  • To carry out comprehensive safeguarding procedures (including due diligence and complaints handling) in accordance with best safeguarding practice from time to time with the aim of ensuring that all children and vulnerable adults are provided with safe environments;
  • Administering membership records;
  • Managing our employees and volunteers;
  • Maintaining our own accounts and records (including the processing of gift aid applications);
  • Fundraising and promoting the interests of the charity;
  • Informing you of news, events, activities and services running at the Church of the Nazarene, Largs, and at other Nazarene churches within the British Isles North District;
  • Complying with a legal duty
  • Protecting your vital interests
  • Sharing your contact details with the wider Nazarene Church so they can keep you informed about news in the District and events, activities and services that will be occurring and in which you may be interested.
  • Operating the church website/ social media pages
  • Occasionally we may contact individuals via surveys to conduct research about their opinions of current services or of potential new services that may be offered.
  • Occasionally we may use personal data to communicate with people, to promote the church and its activities and to help with fundraising. This includes keeping you up to date with our news, updates, campaigns and fundraising information.
  • Helping us respect your choices and preferences (e.g. if you ask not to receive marketing/fundraising material, we’ll keep a record of this).
  1. What is the legal basis for processing your personal data?

Most of our data is processed because it is necessary for our legitimate interests, or the legitimate interests of a third party. An example of this would be our safeguarding work to protect children and vulnerable adults. We will always take into account your interests, rights and freedoms.

Data is also processed because individuals have given explicit consent to process such data for a specific purpose. An example of this would be so that we can use your photograph on our website, inform you of events and if you have ‘opted in’ to being contacted with regards to our fundraising events.

We may also process data if it is necessary for the performance of a contract with you, or to take steps to enter into a contract. An example of this would be processing your data in connection with the hire of church facilities.

We will also process your data in order to assist you in fulfilling your role in the church including pastoral and administrative support or if processing is necessary for compliance with a legal obligation.

Data may be processed in terms of vital interests. An example of this would be where it is necessary to protect/save someone’s life.

Where your information is used other than in accordance with one of these legal bases, we will first obtain your consent to that use.

  1. Sharing your personal data

Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church. Occasionally, where we partner with other organisations, we may also share information with them (for example, if you register to attend an event being jointly organised by us and another charity). We’ll only share information when necessary and we’ll make sure to notify you first.
We will only share your data with third parties outside of the church with your consent. We will never sell your personal data.

  1. How we protect data

Electronic data and databases are stored on secure computer systems and encrypted pen drives.  We control who has access to information (using both physical and electronic means).

Paper storage – We will make it difficult, if not impossible, for unauthorised people to access or make copies of documents that contain personally identifiable information. We will review and revise where necessary information storage, retention and destruction processes, with privacy requirements in mind.

  1. How long do we keep your personal data?

We will keep some records permanently if we are legally required to do so. We may keep some other records for an extended period of time. For example, it is current best practice to keep financial records for a minimum period of 7 years. In general, we will endeavour to keep data only for as long as we need it. This means that we may delete it when it is no longer needed.

  1. Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –

  • The right to request a copy of your personal data which we hold about you;
  • At any point you can contact us to request the information we hold on you as well as why we have that information, who has access to the information and where we obtained the information from. Once we have received your request we will respond within one month
  • There are no fees or charges for the first request but additional requests for the same data may be subject to an administrative fee. All requests will be logged at the time of request.
  • The right to request that we correct any personal data if it is found to be inaccurate or out of date;
  • If the data we hold on you is out of date, incomplete or incorrect, you can inform us and your data will be updated within one month.
  • The right to request your personal data is erased where it is no longer necessary for us to retain such data;
  • If you feel that we should no longer be using your data or that we are illegally using your data, you can request that we erase the data we hold.
  • When we receive your request we will confirm whether the data has been deleted or the reason why it cannot be deleted (for example because we need it for our legitimate interests or regulatory purpose(s) for example, gift Aid, Safeguarding).
  • The right to withdraw your consent to the processing at any time;
  • You can withdraw your consent easily by email, or by post (see Contact Details below).
  • The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable)
  • You have the right to request that we transfer some of your data to another controller. We will comply with your request, where it is feasible to do so, within one month of receiving your request.
  • Data will be transferred in a secure manner.
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • In certain circumstances, if you consider that your personal data is inaccurate, or if you object to the processing, you may have the right to restrict processing of your personal data. In such an event the data can continue to be stored but not used/processed in any other way.
  • The right to object to the processing of personal data, (where applicable)
  • The right to lodge a complaint with the Information Commissioners Office.
  1. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

  1. Changes to this privacy policy

We will amend this privacy policy from time to time to ensure it remains up to date and reflects how and why we use your personal data and new legal requirements. Please visit our website to keep up to date with any changes. The most current version of this Policy will always be available from our website.

This privacy policy was last updated on 10th January 2021.

  1. Updating your data and fundraising preferences 

We want you to remain in control of your personal data. If, at any time, you want to update or amend your personal data or fundraising preferences please contact us in one of the following ways: 

Email:  [email protected]

Write to:   Largs Church of the Nazarene, 21 Aitken St, Largs KA308AT

Updating or amendment of personal data will be free of charge and take place within one month of receipt of your request.

  1. Contact Details

To exercise all relevant rights, queries of complaints please in the first instance contact us either by email or in writing

Email:  [email protected]

Write to:   Largs Church of the Nazarene, 21 Aitken St, Largs KA308AT

You can contact the Information Commissioners Office Scotland  on 0131 244 9001or via email  [email protected] or at The Information Commissioner’s Office – Scotland
45 Melville Street, Edinburgh, EH3 7HL