Trinity Privacy and Cookies Policy
v2 28 Sept 2021
1 Index
Page
1 Index ......................................................................................................................... 1
2 Introduction ............................................................................................................... 2
3 What information do we use, why and how long do we keep it? .............................. 2
3.1 We handle enquiries about weddings, baptisms and other matters ...................... 2
3.2 We maintain a Baptism Register and Cradle Roll ................................................. 2
3.3 We hold a Wedding Register for the General Register Office ............................... 2
3.4 We handle bookings for halls and orders for tickets and other items ................. .. 2
3.5 We send emails to subscribers ........................................................................ ..... 2
3.6 We maintain a database of members and adherents ............................................ 3
3.7 We maintain Trinity Directories .............................................................................. 3
3.8 We maintain a database of children in our church family ...................................... 3
3.9 We record names and contact details for newcomers ........................................... 4
3.10 We maintain a list of web site members ...................................................... ...... 4
3.11 We maintain rotas and records of people’s roles ........................................... .... 4
3.12 We maintain lists of group members ............................................................... ... 4
3.13 We run a giving scheme and a Gift Aid scheme ............................................... .. 4
3.14 We maintain pastoral records ............................................................................ . 5
3.15 We operate a Safeguarding Policy ..................................................................... 5
3.16 We use Closed Circuit TV (CCTV) ..................................................................... 5
3.17 We take photographs and videos ....................................................................... 5
3.18 External contact data ......................................................................................... 5
3.19 Accidents............................................................................................................ 6
4 Who do we share your data with? .......................................................................... 6
4.1 Sharing your information ....................................................................................... 6
4.2 Data transfers outside the European Economic Area ........................................... 6
5 How do we keep your data safe? ............................................................................. 6
6 Trinity website cookies .............................................................................................. 6
7 Trinity website links ................................................................................................... 7
8 Your rights ................................................................................................................. 7
9 Policy approval .......................................................................................................... 7
2 Introduction
This privacy policy sets out how we, Trinity Church, use and protect your personal
information in compliance with the Data Protection Act. We are committed to ensuring that
your privacy is protected. You can be assured that we will only use your personal information in accordance with this privacy policy.
We store and process personal data as a Controller registered with the Information
Commissioner's Office, except that for safeguarding, discipline or complaints cases when
we choose to follow Methodist procedures we act under the Controller registration of the
Connexion of the Methodist Church in Great Britain.
3 What information do we use, why and how long do we keep it?
3.1 We handle enquiries about weddings, baptisms and other matters
When we receive enquiries from you about weddings, baptisms, and other matters we use
the information you choose to provide only to respond to your enquiry. We will not use it or
share it with other organisations. We will retain the information for up to 3 years after your
most recent enquiry.
3.2 We maintain a Baptism Register and Cradle Roll
When children or adults are baptised, in our legitimate interests we include their names in
our service sheet and we maintain a register of baptisms, including the individual’s name,
address, dates of birth and baptism, and where appropriate the parents’ names, which is
kept securely and indefinitely with access limited to authorised persons. We also maintain
a “Cradle Roll” list which is used to invite parents and children back to an annual Cradle Roll service and to invite children to join our Junior Church and data is retained for up to 5 years after the baptism.
3.3 We hold a Wedding Register for the General Register Office
Details of people married in our church prior to 4th May 2021 are held, as required by law,
in the marriage registers stored in the church safe by the minister as authorised person.
Details of those married from 5th May 2021 are held by the General Register Office.
3.4 We handle bookings for halls and orders for tickets and other items
When you make hall bookings or place orders for tickets etc. we use the information you
provide to manage your hall booking or order and associated payments. We will not use it
or share it with other organisations except that we may share the information with other
organisations for purposes such as debt collection. We will retain the information for up to
3 years after your most recent contact with us. We protect your payment card details by
complying with the Payment Card Industry (PCI) Data Security Standard (DSS).
3.5 We send emails to subscribers
We provide regular emails (a weekly email newsletter, a monthly notification that our Unite! magazine is available online, and Trinity Invites! publicising special events, which is sent several times a year) to which anyone may subscribe. The emails provided via this system are not confidential and you may forward them to anyone.
By subscribing you consent to us using your name and email address for the purpose of
sending those emails to which you subscribe.
When you subscribe the system records your IP address and region. The system collects
information such as who opens the emails and who clicks on embedded links. This
information is used to improve the effectiveness of the emails.
You can unsubscribe at any time using the “unsubscribe” link at the bottom of each of the
emails. If you “unsubscribe” your email address will normally be retained to ensure you are not inadvertently added to the mail list.
We will not use this information for any other purpose or share it with other organisations
for marketing purposes.
3.6 We maintain a database of members and adherents
Our Membership Database includes, for each member and adherent, your name, address,
phone numbers and email address, whether you have agreed to be included in the Trinity
Directory, family relationships, membership status and dates, pastoral group allocation, date of birth if under 18, and date last updated.
The Membership Database is used in our legitimate interests for management of
membership and pastoral groups, provision of our Register of Members, maintenance of
the Trinity Directory, enabling contacts and visits, distributing paper copies of the church
magazine, determining rights to web site membership and generating membership
statistics.
Inclusion in the Membership Database is mandatory for members of the church, and is
optional for other regular worshippers at Trinity. If you choose not to be included, you cannot be included in the Trinity Directory, nor our Pastoral Care Groups, nor usually be a web site member.
Children under 18 are included where they have become members of the church, subject
to parental permission.
The Membership Database is held in confidence and is accessible only to the Minister, the
Pastoral Committee and a small number of individuals acting in their appointed capacity.
As required by our Constitution and by the Charity Commission, the names and addresses
of members will be provided to any church member who so requests them.
Data is retained for up to 3 years after you have left the church.
3.7 We maintain Trinity Directories
The Trinity Directory includes names, addresses, phone numbers and email addresses
for our members and adherents extracted from our membership database. The Trinity
Directory will only include your data if you have given your informed consent.
The Trinity Directory is made available via the web site members’ pages and in paper form
only to people who are included in our Membership Database. The Trinity Directory will
also be made available, at the discretion of the Minister or others acting in an official
capacity, to other known individuals such as CUCS or Methodist Circuit clergy.
The Trinity Photographic Directory includes names and photographs. It is published via
the web site members’ pages and is displayed in paper form in the church. By allowing your photograph to be taken for this purpose you are giving your informed consent for the photo to be included in the directory.
Your name and photos for the Trinity Directory are retained indefinitely to enable copies to
be provided to you if requested.
You are required to keep the information in these directories confidential.
3.8 We maintain a database of children in our church family
The Junior Church Database includes names, parent’s names, contact details, family
relationships, child’s date of birth, school year, any medical issues, whether permission has been given for children to take part in supervised lessons outside the church building and whether permission has been given for photographs of the child to be used.
The information is used to enable us to look after the children in Junior Church, to contact
parents regarding the children, to follow our Safeguarding Policy and to operate in
accordance with our Policy on Photographs and Videos.
Inclusion in the Junior Church Database is subject to the parents’ informed consent, but is
required for children attending Junior Church in order that we can exercise our duty of care to the children.
The Junior Church Database is held in confidence and is accessible only to the Minister,
Junior Church Staff and a small number of individuals acting in their appointed capacity.
Information is retained for up to 3 years after a child has left Junior Church.
3.9 We record names and contact details for newcomers
If you are a newcomer to Trinity, with your informed consent we may record your name,
contact details and any questions to enable the church to contact you with information about the church and to offer a visit from the Minister.
3.10 We maintain a list of web site members
The Trinity website includes the option for you to register as a “web site member” which
allows access to member-only pages using a username and individual password. Web site membership is different from, and independent of, membership of the church and is
voluntary.
Web site member registrations will only be accepted from people who are included in the
Trinity Membership Database or, at the discretion of the Minister or others acting in an
official capacity, to other known individuals such as CUCS or Methodist Circuit clergy.
If you request web site membership you give your informed consent for Trinity to record
your name and email address, whether membership is granted, your last login date and
details of any web site interactions such as submitting enquiry forms.
Data will be retained for up to 3 years after your last web site login or interaction.
3.11 We maintain rotas and records of people’s roles
When you agree to help in a specific role or on a rota your name and phone number and
email address may, in our legitimate interests, be included in lists of roles or rotas which are published on notice boards in the church, in service sheets and via the web site members’ pages in order that people in the church know who is on the rota or carrying out that role and can contact you about that role.
3.12 We maintain lists of group members
We have several groups for which membership lists are maintained. Examples include
badminton and supper clubs, the Trinity Toddlers Group, regular attenders of the Solo
lunches etc. If you join or attend such a group your name and contact details are stored in
our legitimate interests to enable you to be informed of the group’s activities and other
church activities which might be of interest to you.
3.13 We run a giving scheme and a Gift Aid scheme
We run a giving scheme enabling your donations to be recorded for Gift Aid purposes. We
record your name, contact details, envelope number if you use giving envelopes, gift
amounts, dates of gifts and whether you have a Gift Aid declaration in force for each tax
year in order to support our legal obligations in submitting Gift Aid claims to HMRC.
The use of numbered envelopes enables us to restrict knowledge of your giving amounts to the Treasurer, the Gift Aid Treasurer and his assistant.
The information is retained for at least 12 years in order to comply with HMRC requirements.
3.14 We maintain pastoral records
We maintain pastoral records as part of our legitimate interest to provide support to our
church family. These may include sensitive data such as health issues.
Where you share additional information such as wedding anniversary dates or birthdays this information may be stored and used to facilitate distributing flowers or giving
congratulations, but will only be shared publicly (e.g. in a service) with your specific
permission.
Records are retained for up to 3 years after an individual has left the church.
3.15 We operate a Safeguarding Policy
If you work in the church with children or adults at risk or in certain other roles you may be
required or invited to self-certify your suitability for the role, undergo DBS checks and
receive safeguarding training in order to comply with our Safeguarding Policy.
In our legitimate interests we record your name, contact details, role, date of birth for those aged 16 to 18, date of certification, date DBS inspected, and dates of training received.
The data is shared with the Methodist Circuit Administrator. Data is retained for up to 3
years after you leave the role.
3.16 We use Closed Circuit TV (CCTV)
We monitor our premises using CCTV in order to deter crime and anti-social behaviour and facilitate prosecution of offenders.
We will retain CCTV data for no more than 14 days unless the data is being used to
investigate an alleged crime or an incident in which case it may be retained for up to 2 years following the conclusion of any investigation. We may share CCTV data with the Police.
We process CCTV data without your consent in pursuit of our legitimate interests to protect the general interests and well-being of people using our premises.
3.17 We take photographs and videos
We take photos and videos on our premises (though not in hired halls for the duration of the hire) and use them on our web site and in news and publicity materials and emails in pursuit of our legitimate interests to inform members of the church family and the wider community about the life of our church family and to promote services and other events. It is impracticable to obtain the consent of every person that might appear in a photo or video as there are often large groups of people, some of whom may be visitors. We have clear procedures to safeguard the rights of those who appear in images. For more information see our Policy on Photographs and Videos on our web site.
If you do not want your images to be used you should seek to avoid being captured in
photographs or videos being taken at church events. Where it is particularly important that
your image is not published, you should advise the minister.
Photos and videos may be archived in perpetuity for historical records.
3.18 External contact data
We maintain contact lists for people whom we may need to contact such as potential guest preachers and suppliers in pursuit of our legitimate interest to manage our organisation.
3.19 Accidents
If you suffer an accident on our premises or during a church activity then we record your
name, contact details and details of the accident in an accident book in order to monitor
accidents and reduce risks of recurrence and to comply with our legal obligations.
4 Who do we share your data with?
4.1 Sharing your information
We will not share your information with others without your consent other than as described above and except that personal information may be made available to contracted third parties for the purpose of enabling our communication with you (e.g. to enable the operation of the web site or the email newsletters) or completing card payment transactions, with our denominational bodies where so required by their procedures (particularly in connection with safeguarding, complaints or discipline cases) and with contracted advisers, lawyers etc. and with the relevant authority if so required by law.
4.2 Data transfers outside the European Economic Area
Some of our data is stored in the USA by our platform operators DropBox, Google, Wix and MailChimp. All these are certified under the EU - US Privacy Shield Framework and are therefore considered as providing adequate provisions to safeguard your personal
information.
Our hall booking reviews and other web feedback are stored by Countable Web Productions on their HTML CommentBox platform in the USA which is not certified under the EU - US Privacy Shield Framework. The risk to your personal information has been assessed as acceptably minimal given that the only data involved is the reviews (which are intended to be public anyway) and the contributor’s email addresses, and data volumes are very low.
When you make card payments via our web site your card data passes via SSL encrypted
links directly to industry-leading payment platform PayPal, who may transfer data outside
of the EEA.
5 How do we keep your data safe?
Sensitive pastoral records are kept securely in a locked cabinet in a locked room.
Wedding Registers are kept securely in a locked safe.
Computer files are generally stored securely using DropBox and GoogleDrive (cloud
storage platforms) to allow secure sharing with appropriate people and data recovery.
Computer files containing sensitive data such as the Membership Database and the Junior Church Database are stored with password protection.
We protect your payment card data by complying with the Payment Card Industry (PCI)
Data Security Standards (DSS).
6 Trinity website cookies
In common with many other websites, the Trinity website uses “cookies”.
A cookie is a small piece of text which is sent from a website and stored by the browser on
your computer. By using our website you agree to us placing cookies on your computer. We use cookies to manage your logging-in as a web site member, to record your last log-in and to make available the identity of the page on the site which you are currently visiting.
We also use anonymous analytical tracking cookies which collect information in an
anonymous form, including the number of visitors to the website, where visitors have come from and the pages they have visited during their session and the time spent on the website.
We use this non-personal information to compile reports on usability and improve your
experience of the website.
You may disable cookies (see instructions specific to your browser) but if you do so the web site may not provide the same level of functionality.
For more information about cookies, and how to identify, delete or control them please see
www.aboutcookies.org
7 Trinity website links
Our website contains links to other websites of interest. However, once you have used one of these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
8 Your rights
You have the right to withdraw or change your consent preferences, request access to
personal data relating to you, to request the rectification or erasure of your personal data
(subject to other conditions) and to object to our use of your personal data. Please contact
us via email to trinitychurchsutton@gmail.com or on 020 8643 6884 with any questions,
requests or complaints. For matters relating to safeguarding, complaints and discipline you may contact the Data Controller at The Methodist Church in Great Britain, The Conference Office, Methodist Church House, 25 Marylebone Road, London NW1 5JR.
You also have the right to complain to the Supervisory Authority (ICO at ico.org.uk) about
our data processing activities.
9 Policy approval
This policy was approved by the Trinity Church Trustees on 4 September 2019.
This policy was updated and approved by Trinity Church Trustees on 28th September 2021.
