Trinity Privacy and Cookies Policy

1         Index

2         Introduction

3         What information do we use, why and how long do we keep it?

3.1          We handle enquiries about weddings, baptisms and other matters

3.2          We maintain a Baptism Register and Cradle Roll

3.3          We hold a Wedding Register for the General Register Office

3.4          We handle bookings for halls and orders for tickets and other items

3.5          We send emails to subscribers

3.6          We maintain a database of members and adherents

3.7          We maintain Trinity Directories

3.8          We maintain a database of children in our church family

3.9          We record names and contact details for newcomers

3.10        We maintain a list of web site members

3.11        We maintain rotas and records of people’s roles

3.12        We maintain lists of group members

3.13        We run a giving scheme and a Gift Aid scheme

3.14        We maintain pastoral records

3.15        We operate a Safeguarding Policy

3.16        We use Closed Circuit TV (CCTV)

3.17        We take photographs and videos

3.18        External contact data

3.19        Accidents

4         Who do we share your data with?

4.1          Sharing your information

4.2          Data transfers outside the European Economic Area

5         How do we keep your data safe?

6         Trinity website cookies

7         Trinity website links

8         Your rights

9         Policy approval

 

2  Introduction

This privacy policy sets out how we, Trinity Church, use and protect your personal information in compliance with the Data Protection Act.  We are committed to ensuring that your privacy is protected. You can be assured that we will only use your personal information in accordance with this privacy policy.

We store and process personal data as a Controller registered with the Information Commissioner's Office, except that for safeguarding, discipline or complaints cases when we choose to follow Methodist procedures we act under the Controller registration of the Connexion of the Methodist Church in Great Britain.

3  What information do we use, why and how long do we keep it?

3.1  We handle enquiries about weddings, baptisms and other matters

When we receive enquiries from you about weddings, baptisms, and other matters we use the information you choose to provide only to respond to your enquiry.  We will not use it or share it with other organisations.  We will retain the information for up to 3 years after your most recent enquiry.

3.2  We maintain a Baptism Register and Cradle Roll

When children or adults are baptised, in our legitimate interests we include their names in our service sheet and we maintain a register of baptisms, including the individual’s name, address, dates of birth and baptism, and where appropriate the parents’ names, which is kept securely and indefinitely with access limited to authorised persons.   We also maintain a “Cradle Roll” list which is used to invite parents and children back to an annual Cradle Roll service and to invite children to join our Junior Church and data is retained for up to 5 years after the baptism.

3.3  We hold a Wedding Register for the General Register Office

When people are married in our church the details are recorded as required by law in a Marriage Register by the Authorised Person on behalf of the General Register Office.

3.4  We handle bookings for halls and orders for tickets and other items

When you make hall bookings or place orders for tickets etc. we use the information you provide to manage your hall booking or order and associated payments.  We will not use it or share it with other organisations except that we may share the information with other organisations for purposes such as debt collection.  We will retain the information for up to 3 years after your most recent contact with us. We protect your payment card details by complying with the Payment Card Industry (PCI) Data Security Standard (DSS).

3.5  We send emails to subscribers

We provide regular emails (a weekly email newsletter, a monthly notification that our Unite! magazine is available online, and Trinity Invites! publicising special events, which is sent several times a year) to which anyone may subscribe. The emails provided via this system are not confidential and you may forward them to anyone.

By subscribing you consent to us using your name and email address for the purpose of sending those emails to which you subscribe.

When you subscribe the system records your IP address and region.  The system collects information such as who opens the emails and who clicks on embedded links. This information is used to improve the effectiveness of the emails.

You can unsubscribe at any time using the “unsubscribe” link at the bottom of each of the emails.  If you “unsubscribe” your email address will normally be retained to ensure you are not inadvertently added to the mail list.

We will not use this information for any other purpose or share it with other organisations for marketing purposes.

3.6  We maintain a database of members and adherents

Our Membership Database includes, for each member and adherent, your name, address, phone numbers and email address, whether you have agreed to be included in the Trinity Directory, family relationships, membership status and dates, pastoral group allocation, date of birth if under 18, and date last updated.

The Membership Database is used in our legitimate interests for management of membership and pastoral groups, provision of our Register of Members, maintenance of the Trinity Directory, enabling contacts and visits, distributing paper copies of the church magazine, determining rights to web site membership and generating membership statistics.

Inclusion in the Membership Database is mandatory for members of the church, and is optional for other regular worshippers at Trinity.  If you choose not to be included, you cannot be included in the Trinity Directory, nor our Pastoral Care Groups, nor usually be a web site member.

Children under 18 are included where they have become members of the church, subject to parental permission.

The Membership Database is held in confidence and is accessible only to the Minister, the Pastoral Committee and a small number of individuals acting in their appointed capacity.

As required by our Constitution and by the Charity Commission, the names and addresses of members will be provided to any church member who so requests them.

Data is retained for up to 3 years after you have left the church.

3.7  We maintain Trinity Directories

The Trinity Directory includes names, addresses, phone numbers and email addresses for our members and adherents extracted from our membership database.  The Trinity Directory will only include your data if you have given your informed consent.

The Trinity Directory is made available via the web site members’ pages and in paper form only to people who are included in our Membership Database.  The Trinity Directory will also be made available, at the discretion of the Minister or others acting in an official capacity, to other known individuals such as CUCS or Methodist Circuit clergy.

The Trinity Photographic Directory includes names and photographs.  It is published via the web site members’ pages and is displayed in paper form in the church.  By allowing your photograph to be taken for this purpose you are giving your informed consent for the photo to be included in the directory.

Your name and photos for the Trinity Directory are retained indefinitely to enable copies to be provided to you if requested.

You are required to keep the information in these directories confidential.

3.8  We maintain a database of children in our church family

The Junior Church Database includes names, parent’s names, contact details, family relationships, child’s date of birth, school year, any medical issues, whether permission has been given for children to take part in supervised lessons outside the church building and whether permission has been given for photographs of the child to be used.

The information is used to enable us to look after the children in Junior Church, to contact parents regarding the children, to follow our Safeguarding Policy and to operate in accordance with our Policy on Photographs and Videos.

Inclusion in the Junior Church Database is subject to the parents’ informed consent, but is required for children attending Junior Church in order that we can exercise our duty of care to the children.

The Junior Church Database is held in confidence and is accessible only to the Minister, Junior Church Staff and a small number of individuals acting in their appointed capacity.

Information is retained for up to 3 years after a child has left Junior Church.

3.9  We record names and contact details for newcomers

If you are a newcomer to Trinity, with your informed consent we may record your name, contact details and any questions to enable the church to contact you with information about the church and to offer a visit from the Minister.  Your information will be retained for no more than a year.

3.10  We maintain a list of web site members

The Trinity website includes the option for you to register as a “web site member” which allows access to member-only pages using a username and individual password.  Web site membership is different from, and independent of, membership of the church and is voluntary.

Web site member registrations will only be accepted from people who are included in the Trinity Membership Database or, at the discretion of the Minister or others acting in an official capacity, to other known individuals such as CUCS or Methodist Circuit clergy.

If you request web site membership you give your informed consent for Trinity to record your name and email address, whether membership is granted, your last login date and details of any web site interactions such as submitting enquiry forms.

Data will be retained for up to 3 years after your last web site login or interaction.

3.11  We maintain rotas and records of people’s roles

When you agree to help in a specific role or on a rota your name and phone number and email address may, in our legitimate interests, be included in lists of roles or rotas which are published on notice boards in the church, in service sheets and via the web site members’ pages in order that people in the church know who is on the rota or carrying out that role and can contact you about that role.

3.12  We maintain lists of group members

We have several groups for which membership lists are maintained.  Examples include badminton and supper clubs, the Trinity Toddlers Group, regular attenders of the Solo lunches etc.  If you join or attend such a group your name and contact details are stored in our legitimate interests to enable you to be informed of the group’s activities and other church activities which might be of interest to you.

3.13  We run a giving scheme and a Gift Aid scheme

We run a giving scheme enabling your donations to be recorded for Gift Aid purposes.  We record your name, contact details, envelope number if you use giving envelopes, gift amounts, dates of gifts and whether you have a Gift Aid declaration in force for each tax year in order to support our legal obligations in submitting Gift Aid claims to HMRC.

The use of numbered envelopes enables us to restrict knowledge of your giving amounts to the Treasurer, the Gift Aid Treasurer and his assistant.

The information is retained for at least 12 years in order to comply with HMRC requirements.

3.14  We maintain pastoral records

We maintain pastoral records as part of our legitimate interest to provide support to our church family.  These may include sensitive data such as health issues.

Where you share additional information such as wedding anniversary dates or birthdays this information may be stored and used to facilitate distributing flowers or giving congratulations, but will only be shared publicly (e.g. in a service) with your specific permission.

Records are retained for up to 3 years after an individual has left the church.

3.15  We operate a Safeguarding Policy

If you work in the church with children or adults at risk or in certain other roles you may be required or invited to self-certify your suitability for the role, undergo DBS checks and receive safeguarding training in order to comply with our Safeguarding Policy.

In our legitimate interests we record your name, contact details, role, date of birth for those aged 16 to 18, date of certification, date DBS inspected, and dates of training received. 

The data is shared with the Methodist Circuit Administrator.  Data is retained for up to 3 years after you leave the role.

3.16  We use Closed Circuit TV (CCTV)

We monitor our premises using CCTV in order to deter crime and anti-social behaviour and facilitate prosecution of offenders.

We will retain CCTV data for no more than 14 days unless the data is being used to investigate an alleged crime or an incident in which case it may be retained for up to 2 years following the conclusion of any investigation.  We may share CCTV data with the Police. 

We process CCTV data without your consent in pursuit of our legitimate interests to protect the general interests and well-being of people using our premises. 

3.17  We take photographs and videos

We take photos and videos on our premises (though not in hired halls for the duration of the hire) and use them on our web site and in news and publicity materials and emails in pursuit of our legitimate interests to inform members of the church family and the wider community about the life of our church family and to promote services and other events.  It is impracticable to obtain the consent of every person that might appear in a photo or video as there are often large groups of people, some of whom may be visitors.  We have clear procedures to safeguard the rights of those who appear in images.  For more information see our Policy on Photographs and Videos on our web site.

If you do not want your images to be used you should seek to avoid being captured in photographs or videos being taken at church events.  Where it is particularly important that your image is not published, you should advise the minister.

Photos and videos may be archived in perpetuity for historical records.

3.18  External contact data

We maintain contact lists for people whom we may need to contact such as potential guest preachers and suppliers in pursuit of our legitimate interest to manage our organisation.

3.19  Accidents

If you suffer an accident on our premises or during a church activity then we record your name, contact details and details of the accident in an accident book in order to monitor accidents and reduce risks of recurrence and to comply with our legal obligations.

4  Who do we share your data with?

4.1  Sharing your information

We will not share your information with others without your consent other than as described above and except that personal information may be made available to contracted third parties for the purpose of enabling our communication with you (e.g. to enable the operation of the web site or the email newsletters) or completing card payment transactions, with our denominational bodies where so required by their procedures (particularly in connection with safeguarding, complaints or discipline cases) and with contracted advisers, lawyers  etc. and with the relevant authority if so required by law.

4.2 Data transfers outside the European Economic Area

Some of our data is stored in the USA by our platform operators DropBox, Google, Wix and MailChimp.  All these are certified under the EU - US Privacy Shield Framework and are therefore considered as providing adequate provisions to safeguard your personal information.

Our hall booking reviews and other web feedback are stored by Countable Web Productions on their HTML CommentBox platform in the USA which is not certified under the EU - US Privacy Shield Framework. The risk to your personal information has been assessed as acceptably minimal given that the only data involved is the reviews (which are intended to be public anyway) and the contributor’s email addresses, and data volumes are very low.

When you make card payments via our web site your card data passes via SSL encrypted links directly to industry-leading payment platform PayPal, who may transfer data outside of the EEA.

5  How do we keep your data safe?

Sensitive pastoral records are kept securely in a locked cabinet in a locked room.

Wedding Registers are kept securely in a locked safe.

Computer files are generally stored securely using DropBox and GoogleDrive (cloud storage platforms) to allow secure sharing with appropriate people and data recovery.

Computer files containing sensitive data such as the Membership Database and the Junior Church Database are stored with password protection.

We protect your payment card data by complying with the Payment Card Industry (PCI) Data Security Standards (DSS).

6  Trinity website cookies

In common with many other websites, the Trinity website uses “cookies”.

A cookie is a small piece of text which is sent from a website and stored by the browser on your computer. By using our website you agree to us placing cookies on your computer.

We use cookies to manage your logging-in as a web site member, to record your last log-in and to make available the identity of the page on the site which you are currently visiting.

We also use anonymous analytical tracking cookies which collect information in an anonymous form, including the number of visitors to the website, where visitors have come from and the pages they have visited during their session and the time spent on the website.  We use this non-personal information to compile reports on usability and improve your experience of the website.

You may disable cookies (see instructions specific to your browser) but if you do so the web site may not provide the same level of functionality.

For more information about cookies, and how to identify, delete or control them please see www.aboutcookies.org

7  Trinity website links

Our website contains links to other websites of interest.  However, once you have used one of these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

8  Your rights

You have the right to withdraw or change your consent preferences, request access to personal data relating to you, to request the rectification or erasure of your personal data (subject to other conditions) and to object to our use of your personal data. Please contact us via email to trinitychurchsutton@gmail.com or on 020 8643 6884 with any questions, requests or complaints.  For matters relating to safeguarding, complaints and discipline you may contact the Data Controller at The Methodist Church in Great Britain, The Conference Office, Methodist Church House, 25 Marylebone Road, London  NW1 5JR.

You also have the right to complain to the Supervisory Authority (ICO at ico.org.uk) about our data processing activities.

9  Policy approval

This policy was approved by the Trinity Church Trustees on 4 September 2019.

 

Trinity Church Sutton                                                            www.trinitychurchsutton.org.uk

Charity number 1136623

Regulated by the Charity Commission