UNION CHURCH TOTTERIDGE (URC)
1 NORTHIAM, TOTTERIDGE, LONDON, N12 7ET.
1. Personal data:
Personal data, or personal information, means any information about a living individual from which that person can be identified.
It does not include data where the identity has been removed (anonymous data)
Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation
(the ‘GDPR’). We may collect, use, store and transfer different kinds of personal data about our members, ministers, volunteers, employees, adherents, church attendees, users of our premises,
those who are interested in and supportive of the work of Union Church Totteridge individuals who provide services to us and individuals who contact us.
We have grouped the different kinds of personal data together as follows:
Administrative Data includes details about you included in orders of service; Circuit Plans, Worship Plans; Church Council,
Circuit Meeting and District Synod Minutes; Local Church notices and magazines; lists of room bookings; invoices;
suppliers and contractor details; catering records and back-up files e.g. something that you said in a meeting that could identify you. Image Data includes photographs taken of you where it is possible to identify you and images of you caught by any CCTV
or similar devices at Local Church premises.
Contact data includes home address, emails address and telephone numbers e.g. information used to contact you.
Employment Data includes employment history, training records, pension information, details about next of kin and other details relating to your employment by Local Church.
Financial Data includes bank account and payment card details.
Identity Data includes first name, maiden name, last name, username or similar identifier,
marital status, title, date of birth and gender.
Marketing and Communication Data includes your preferences in receiving information from us about church events and fundraising and our third parties and your communication preferences.
Member and Group Data includes details of membership of Union Church Totteridge, offices held, membership of church groups, rotas, registration for Local Church groups and events, attendance information e.g. Youth Group attendance.
Official Records includes lists of those who have been baptized, confirmation records, marriage records, funeral records,
and lists of visitors to Union Church Totteridge (Local Church).
Parental Contact Data includes details of parents e.g. on parent contact/consent forms.
Pastoral Data includes details and records of pastoral support and prayer requests.
Special Categories of Data includes your race or ethnicity, your religious beliefs, sex life, sexual orientation, information about your health, also information about criminal convictions and offences in keeping with the Safeguarding Policy
of Union Church Totteridge.
Tax Data includes national insurance numbers and other information that may be required by HMRC relating to Gift Aid donations and other tax related payments and receipts.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access any websites or social media operated by Union Church Totteridge.
Transaction Data includes details about payments to and from you and other details of your room hire, licence agreement or rental agreements that you enter into with us relating to our premises.
IF YOU FAIL TO PROVIDE PERSONAL DATA:
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with accommodation under a rental agreement or process Gift Aid payments).
We will notify you if this is the case at the time.
2. How your personal data is collected?
We use different methods to collect data from and about you including thought:
Direct exchanges. You may choose to provide personal information to us direct e.g. by speaking to us at Union Church Totteridge, by filling in forms or by corresponding with us by post, phone, email or otherwise.
This includes personal data you provide when you:
Join and take part in Union Church Totteridge groups;
Become a member of Union Church Totteridge;
Apply for paid or voluntary roles within Union Church Totteridge; or enter into property contracts with Union Church Totteridge including, licence agreements, leases, and booking forms, automated technologies or interactions.
As you interact with any website run by Union Church Totteridge, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We may collect this personal data by using cookies, server logs and other similar technologies.
Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
Your family members;
Our ecumenical partners in the case of shared churches and Local Ecumenical Partnerships;
Identity and Contact Data from publicly available sources such as Companies House,
The Charity Commission and the Electoral Register based inside the EU.
3. How do we process your personal data?
The Trustees of Union Church Totteridge complies with its obligations under the “GDPR” by keeping personal data up to date;
by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
Where it is necessary for our legitimate interest (or those of a third party) and your interest and fundamental rights do not override those interests.
Legitimate interests means the interest of Union Church Totteridge operating as a membership Church, supporting our members and the communities we work in and conducting and managing our missional activities to enable us to fulfil the calling of Union Church Totteridge. We make sure we consider and balance any potential impact on you (both positive and negative)
and your rights before we process your personal data for our legitimate interests.
We do not use your personal data for activities where our interests are overridden by the impact on you
(unless we have your consent or are otherwise required or permitted to by law).
You can obtain further information about how we assess our legitimate interest against any potential impact on you
in respect of specific activities by contacting Union Church Totteridge Trustees.
We use personal data for the following purposes:
to administer membership records;
to maintain our financial accounts and records (including the processing of Gift Aid);
to provide news and information about events, activities and services at the church;
to fundraise and promote the interests of the church;
to manage employees and volunteers;
to enable the church to provide voluntary services for the benefit of the public in our local community;
to provide contact details of officers and others with specific responsibilities (eg DBS signatories) to the URC Thames North Synod Office, URC Church House. This enables the Synod/Circuit and National Administration of the United Reformed Church.
In rare cases we may need to use your personal data in the following circumstances:
Where we need to protect your vital interests e.g. in an emergency life or death situation where the emergency services are called to treat you when you are with us. Vital interest means where it is necessary to use your personal data to protect your “vital interests” or those of another person (such as a child) in a life-or-death situation.
Where we need to perform a task carried out in the public interest e.g. in certain safeguarding situations
4. What is the legal basis for processing your personal data?
Processing is carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided: -
the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and
there is no disclosure to a third party without consent; or
Processing is necessary for carrying out obligations under employment, social security or social protection law,
or a collective agreement; or explicit consent of the data subject has been given.
5. Sharing personal data:
We treat all personal data as strictly confidential, except where consent has been provided for it to appear in publications available to general members of the public.
Personal data will not be shared with third parties, other than those listed below unless we are legally obliged to do so or:
With your explicit consent;
It is necessary for law enforcement purposes; or
It is necessary to protect our rights, property or safety of our members, ministers, volunteers or staff.
We may have to share your personal date with the parties set out below for the purposes set out in the tables in the Annex.
Internal third parties such as other United Reformed Churches
External third parties such as:
Any third party groups who provide support to Union Church Totteridge, in providing services to their members and the local communities in which they serve.
Professional advisers, including lawyers, surveyors, bankers, auditors and insurers based in the UK who provide legal, surveying, consultancy, banking, insurance and accounting services.
HM Revenue & Customs, regulators and other authorities based in the UK who require reporting of processing activities in certain circumstances.
Our ecumenical partners in the case of shared churches and Local Ecumenical Partnerships.
We will ask all third parties to respect the security of your personal date and to treat it in accordance with the law. We do not allow third parties to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
6. Transfer of Personal Data outside of the European Economic Area (‘EEA’)
We may at times transfer and process personal date outside of the EEA. This is particularly relevant where members of Union Church Totteridge are engaged with providing missionary and support services abroad.
Storing, publishing or transmitting personal date via the internet, (this includes email), is not completely secure and therefore whilst Union Church Totteridge will take all reasonable and necessary precautions to protect personal data from unauthorised access,
you acknowledge that there is a risk that your personal data may be transferred and accessed outside of the EEA.
7. How long do we keep data?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Some data we retain on the following basis:
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
8. Your rights and your personal data:
Unless subject to an exemption under the GDPR, such as it is subject to the prevention, investigation, detection or prosecution of a criminal offence, you have the following rights with respect to your personal data:
The right to request a copy of the personal data which Union Church Totteridge holds about you
(a Subject Access Request or ‘SAR’);
The right to request that the Trustees of Union Church Totteridge corrects any personal data if it is found to be inaccurate or out of date;
The right to request your personal data is erased where it is no longer necessary for Union Church Totteridge to retain such data;
The right to withdraw your consent to the processing at any time;
The right to request that the data controller provide you with your personal data and where possible, to transmit that data directly to another data controller.
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
The right to object to the processing of personal data;
The right to lodge a complaint with the Information Commissioners Office.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you:
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond:
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
9. Further processing:
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
10. Contact Details:
To exercise all relevant rights, queries or complaints please in the first instance contact the Trustees at Union Church Totteridge, 1 Northiam, Totteridge, N12 7ET or via email firstname.lastname@example.org.
You can contact the Information Commissioners Office on 0303 123 1113 or via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
Signed on behalf of the Trustees of Union Church Totteridge.
Union Church Totteridge in partnership with Trinity Church Harrow.