facebook

Privacy notice for public and service users

 

We ask that you read this privacy promise carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and other organisations in the event you have a complaint. Please see the section on ‘Your rights’ for more information.

Introduction

We are The Forge Community Church (“The Forge”). In order that we can provide you information about our services and to deliver services to you we need to process your personal information.

 

Personal information means any information about you from which you can be identified, but it does not include information where your identity has been removed (anonymous data).

 

As the ‘controller’ of personal information, we are responsible for how that data is managed. The General Data Protection Regulation (“GDPR”), which applies in the United Kingdom and across the European Union, sets out our obligations to you and your rights in respect of how we manage your personal information.

As the ‘controller’ of your personal information, we will ensure that the personal information we hold about you is:

  1. used lawfully, fairly and in a transparent way.
  2. collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  3. relevant to the purposes we have told you about and limited only to those purposes.
  4. accurate and kept up to date.
  5. kept only as long as necessary for the purposes we have told you about.
  6. kept securely.

If you have any questions about this privacy notice or would like further explanation as to how your personal information is managed then please contact us (see ‘How to contact us’ below).

Purposes of processing

 

Purpose of processing

Examples

Delivering services & events

Planning and running The Base (open access youth service)

Organising and delivering practical support

Operating the furniture bank

Managing sign up to open events, groups and residentials

Financial management

Processing donations and gift aid

Running the hardship fund

Managing grants and fundraising.

Direct Marketing & Communications

Sending information about the Forge to you.

Monitoring the effectiveness and improving our communications activity

Website analytics

Email

 

Personal data we process

We’ll process different information depending on the situation. For example if you are attending a residential event we’ll need more information from you. Generally we process:

  • Name
  • Basic contact details
  • Giving / donation records
  • Details about a service delivered and the context
    • g. Christmas hamper, or Furniture bank delivery
  • For attending events
    • Next of Kin, DoB, Medical needs, Dietary needs
    • Parents details (where we are responsible for a child or young person)
  • Website and marketing emails accessed e.g.
    • IP Address
    • Pages of website accessed
    • Emails opened and links clicked.

Who has access to your personal data

In order to operate our business and deliver our services we rely on third parties to provide specialist support to us. To provide this support they will have access to, or a duty of care over your personal information. These providers are:

 

  • Volunteers organising or providing a service
  • Accountancy and finance providers
  • HMRC (for gift aid) and other relevant national and local authorities
  • Software providers
    • g. Eventbrite for managing events. Mailchimp for sending emails

International transfer

Generally your personal data is stored and processed on systems that are within the European Economic Area (EEA) and offer the same level of legal protection and rights over your data. Certain cloud based IT services are based in the US and provide adequate security under Article 46 of GDPR (EU-US Privacy Shield)

Retention schedule

Type of data

Retention period

Financial records

6 years

Event signup records

3 years

Communications and emails

6 years

Online form responses

3 years

Details of services delivered

6 years

 

 

Legal basis for processing

We rely on the following grounds within the GDPR:

  • Article 6(1)(b) – processing is necessary for the negotiation or performance of our contractsto provide you with our products and services
  • Article 6(1)(c) – processing is necessary for compliance with a legal obligationto which we are subject.
  • Article 6(1)(f) – in pursuit of legitimate interests
    • Applying for funding and reporting to funders.
    • To provide email newsletters to those interested in our work (we will include an unsubscribe link in all marketing emails)
    • To analyse and improve the effectiveness of our communications

Your rights

Under the GDPR you have important rights free of charge. In summary, those include rights to:

 

  • fair processing of information and transparency over how we use your use personal information;
  • access to your personal information and to certain other supplementary information that this Privacy Notice is designed to address;
  • require us to correct any mistakes in your information which we hold;
  • require the erasure (i.e. deletion) of personal information concerning you, in certain situations. Please note that if you ask us to delete any of your personal information which we believe is necessary for us to comply with our contractual or legal obligations, we may no longer be able to provide care and support services to you;
  • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
  • object at any time to processing of personal information concerning you for direct marketing;
  • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
  • object in certain other situations to our continued processing of your personal information;
  • otherwise restrict our processing of your personal information in certain circumstances;
  • claim compensation for damages caused by our breach of any data protection laws;

 

For further information on each of those rights, including the circumstances in which they apply, see theGuidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

 

Attendee Privacy Notice

We ask that you read this privacy promise carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and other organisations in the event you have a complaint. Please see the section on ‘Your rights’ for more information.

We are the Forge Community Church (“The Forge”). In order that we can organise the church activities and to deliver services to the communities we serve, we need to process information about you.

Personal information means any information about you from which you can be identified, but it does not include information where your identity has been removed (anonymous data).

As the ‘controller’ of personal information, we are responsible for how that data is managed. The General Data Protection Regulation (“GDPR”), which applies in the United Kingdom and across the European Union, sets out our obligations to you and your rights in respect of how we manage your personal information.

As the ‘controller’ of your personal information, we will ensure that the personal information we hold about you is:

  1. used lawfully, fairly and in a transparent way.
  2. collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  3. relevant to the purposes we have told you about and limited only to those purposes.
  4. accurate and kept up to date.
  5. kept only as long as necessary for the purposes we have told you about.
  6. kept securely.

If you have any questions about this privacy notice or would like further explanation as to how your personal information is managed then please contact us (see ‘How to contact us’ below).

Purposes of processing

Purpose of processing

Examples

Attendee management (including Adults, Youth and Kids)

●       Maintaining the Church Suite database which we use to manage day-to-day operations

●       Managing giving and gift aid

Service and event planning

●       Organising production and technical rotas on Planning Centre

●       Organising serving rotas on Church Suite

●       Tracking and communicating with people signed up to attend.

Facilitate community and groups

●       Providing the Church Directory on ChurchSuite

Safeguarding

●       Completing DBS checks before you work as a volunteer with Kids or Youth.

Online forms

●       Signing up to 10 month groups

●       Applying to go on a missions trip

Communications

●       Sending the email newsletter (Forge Feed)

●       Sending text messages (Spiritual health survey)

●       General email communication

Insurance, Finance and Legal

●       Arranging insurance when travelling on a missions trip

●       Maintaining health and safety records about accidents

●       Processing expenses

Personal data we process

Our primary activity is similar to other membership based charitable organisations that serve the wider community. We process information to organise our operations and to fulfil our legal and social responsibilities such as safeguarding and health and safety. To do this we process:

  • Name
  • Basic contact details (email, post, phone)
  • Bank details
  • Date of Birth
  • Details of family members
  • Team & group membership
  • Giving status
  • Rotas
  • Specifically for safeguarding
    • Employment history
    • Address history
    • Referee contact details
  • Details about any accidents you have been involved in
  • Next of Kin – Name and contact details
  • Communications message history (e.g Emails and Text messages)

     

Certain information that we process is classed as ‘special category data’. It is sensitive by nature. We have a higher duty of care in how we process this:

  • Unspent Criminal Convictions
  • Medical, Health and dietary needs

Who has access to your personal data

In order to operate the church and to deliver what we do, we rely on third parties to provide specialist support to us. To provide this support they will have access to, or a duty of care over your personal information. These providers are:

  • Legal and financial service providers
    • Our Bank
    • Insurance providers and brokers
    • Accountancy service providers
    • HMRC
    • Our DBS provider
  • Software and IT service providers
    • Email service provider
    • ChurchApp Ltd – the provider of ChurchSuite
    • Planning center
    • Eventbrite
    • Jotform
    • TextLocal
    • Mailchimp
    • Dropbox
  • Volunteer leaders
    • eg. Elders, Serving team coordinators

International transfer

Generally all your personal data is stored and processed on systems that are within the European Economic Area (EEA) and offer the same level of legal protection and rights over your data. Certain cloud based services are based in the US and provide adequate security under Article 46 (EU-US Privacy Shield).

Retention schedule

Type of data

Retention period

Accident records

3 years from incident

Financial records

6 years

Event signup records

3 years

Church suite records

2 years following last recorded activity

Planning centre rota records

3 years

Communications and emails

6 years

Online form responses

3 years

Legal basis for processing

We rely on the following grounds within the GDPR:

  • Article 6(1)(b) – processing is necessary for the negotiation or performance of our contractsto provide you with services
  • Article 6(1)(c) – processing is necessary for compliance with a legal obligationto which we are subject.
  • Article 6(1)(f) – in pursuit of legitimate interests
    • To provide email newsletters to those interested in our work (we will include an unsubscribe link in all marketing emails)
    • To maintain our church management system

GDPR recognises that additional care is required when processing special category (sensitive) data such as your health and religious views . We process this under the following grounds within GDPR

  • Article 9(2)(b) – Legal obligations under employment or social benefit law
  • Article 9(2)(d) – For a membership organisation to manage members or former members of the body

All providers process data under a written processing agreement with us.

Your rights

Under the GDPR you have important rights free of charge. In summary, those include rights to:

  • fair processing of information and transparency over how we use your use personal information;
  • access to your personal information and to certain other supplementary information that this Privacy Notice is designed to address;
  • require us to correct any mistakes in your information which we hold;
  • require the erasure (i.e. deletion) of personal information concerning you, in certain situations. Please note that if you ask us to delete any of your personal information which we believe is necessary for us to comply with our contractual or legal obligations, we may no longer be able to provide care and support services to you;
  • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
  • object at any time to processing of personal information concerning you for direct marketing;
  • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
  • object in certain other situations to our continued processing of your personal information;
  • otherwise restrict our processing of your personal information in certain circumstances;
  • claim compensation for damages caused by our breach of any data protection laws;

For further information on each of those rights, including the circumstances in which they apply, see theGuidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

How to complain

We hope that we can resolve any query or concern you raise about our use of your information.

The GDPR also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.

 

Data controller details

The Forge Community Church, The Old Chapel, Forward Green, Stowmarket, Suffolk, IP14 5HP

How to contact us

  • Email– privacy@forgechurch.com
  • Post–FAO: Data Controller, The Forge Community Church, The Old Chapel, Forward Green, Stowmarket, Suffolk, IP14 5HP
  • Telephone– 01449 710437