1. Your Personal Data – what is it?
When we use the term Personal Data in this Privacy Notice we refer to data collected or held by KingsGate that identifies and relates to you as an individual. Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or which is likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
2. Who are we?
KingsGate Community Church is a private limited company by guarantee incorporated and registered in England and Wales with the company number 5124435 whose registered office is 2 Staplee Way, Parnwell, Peterborough, PE1 4YT
For the purposes of the General Data Protection Regulations and any other applicable data protection and privacy laws and regulations, KingsGate Community Church (including KingsGate Trading Ltd, a wholly owned subsidiary) will be the ‘data controller’ for all Personal Information we determine the means and purpose of processing and has registered with the Information Commissioners Office under registration number Z2648303.
3. How do we process your personal data?
KingsGate complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes: -
- To enable us to provide a voluntary service for the benefit of the public as specified in our constitution;
- To administer membership records;
- To promote the interests of the charity;
- To manage our employees and volunteers;
- To maintain our own accounts and records (including the processing of gift aid);
- To inform you of news, events, activities and services running at KingsGate;-
- To keep you informed about news, events, activities and services from other organisations that KingsGate recommends and in which you may be interested; for example, Compassion, Bulembu, Romsey Mill
The GDPR allows for something called 'legitimate interest'. This allows us to keep records on people who have an association with the church either because they come to church, are members, attend our events or courses or have asked to be kept in touch.
Legitimate Interest means that it is in yours and our interest in conducting and managing our organisation to enable us to give you the best service we can.
We also process your data to comply with legal or regulatory obligations we are subject to.
5. Financial Records and Card Details
All financial payments and records are held in accordance with The Payment Card Industry Data Security Standard (“PCI DSS”).
All credit/debit card donations made online or by phone, are made securely through third party service providers and payment gateways, which comply with the PCI DSS. Unredacted card details are not recorded and stored on our systems.
We do not store unredacted financial details (credit or debit card numbers) obtained through online transactions nor do we pass any information to third parties, except where we are legally required to do so, to assist fraud reduction, or to provide a service requested and minimise credit risks.
6. Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with other members of the church for purposes connected with the church. We do not share your information unless you have given us explicit instruction to do so.
7. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees who have a business need to know.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any regulator of a breach where we are legally required to do so.
8. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting and reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
9. Your Rights
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -
4. What is the legal basis for processing your personal data?
- The right of access – to see what information we hold about you and to verify the lawfulness of our processing of your data.
- The right to correction – to correct the information we hold if it is incomplete or inaccurate.
- The right to erasure – “to be forgotten”; to have your information removed.
- The right to restrict processing – to change the way in which we use your data.
- The right to data portability – to obtain your information in order to transfer it to another service or organisation.
- The right to object; and – to object to the way in which we are using your data.
- The right not to be subjected to automatic decision making including profiling – to have your information removed from any databases subject to automatic decision making processes.
- The right to lodge a complaint with the Information Commissioners Office.
If you would like to exercise any of the rights set out above, then please contact us.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is repetitive or excessive.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
10. Further Processing
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
11. Changes to this Privacy Notice
12. Contact Details
To exercise all relevant rights, queries of complaints please in the first instance contact the Data Protection Officer by email at email@example.com, or by contacting the Data Protection Officer, KingsGate Community Church, 2 Staplee Way, Peterborough, PE1 4YT.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.