PRIVACY POLICY

Last Updated: 17th Feb 2023

Who are we?

Brave Church (the church, we, us) as a charity, (which includes Brave Kids Pre-School) are committed to protecting your privacy. This privacy policy explains how we use any personal information we collect about you when you use ChurchSuite, access one of our services or book into one of our events. Brave Church is registered with the Information Commissioner's Office (ICO). Our named data officer is Jordan Whittaker, who can be contacted regarding any queries about this policy on data@bravechurch.co.uk.

This policy will detail:

  • What information do we collect about you?

  • How will we use that information about you?

  • What is the legal basis for processing your data?

  • Sharing your information

  • How secure is your information?

  • How long do we keep your personal information?

  • Your rights and your personal information

  • Further processing

  • Complaints

  • Changes to our privacy policy

  • Our contact details

What information do we collect about you?

Your privacy is really important to us, and we understand how important it is to you. Our aim is to be as clear and open as possible about what we do with your personal information and why we do it. The church is committed to the privacy of all its members, former members and those who have regular contact with us in connection with those purposes, including those who attend the church's services, and events and use our ministries. Our pledge to you is

We collect information about you when you submit an enquiry, access one of our services (i.e. register your child in Brave pre-school), provide your details requesting further information, book into an event, give financially to the charity or request to join our mailing list. We may also collect your data in the form of CCTV footage used to maintain security on our sites, and in the form of photos & videos taken at one of our events.

In simple terms this means:

  • Secured tight - we'll secure and protect your data and only permit access by authorised representatives of the church. This could include staff members, trustee and key leaders.

  • Transparency - we'll talk transparently in how we use your data.

  • Your data - You decide if you want us to stay in touch with you, and you control your privacy settings that determine what others in the church can or can't see as well as how your contacted (i.e. by phone, email or post).

  • Just what is needed - we only collect information that serves a useful purpose. Whether thats in providing a service, updating you on events you're signed up for and more.

  • Requesting what's yours - Your data means you can access and request your data at any given time. It is your right to request deletion or updates to your data.

How will we use that information about you?

The church complies with its obligations under the General Data Protection Regulation "GDPR" by keeping personal information up to date; storing and destroying it securely; by not collecting or retaining excessive amounts of information; by protecting personal information from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal information.

We initially collect information about you to process your enquiry, manage your booking, process your giving, manage how you volunteer and more. We may then use your information to provide you with any service(s) we have agreed with you.

We may also contact you with information about further services or events that may be of interest to you, or to invite you to take part in feedback in relation to our services and events. In the case of financial giving, we may contact you to update you about our work or to invite you to fundraising and other events.

Photos and videos may be used as a part of our social media, web & marketing campaigns. In the case of children, consent may be requested prior to any internal (sunday services) or external (social media, online streams of services, etc.) presentations.

Data will be collected in the following scenerios:

  1. If you make a financial donation to the church

  2. If you are a customer who makes a booking of the church's resources

  3. If you are an authorised user of the church's database

  4. If you are an active member of the congregation of the church

  5. If you sign up for one of our events

  6. If you sign up for one of our small groups

  7. If you check your visiting child into one of our children's groups

In summary, in each case we will only use your personal information for the following purposes: -

  • To enable us to provide a voluntary service for the benefit of the public

  • To administer membership records

  • To fundraise and promote the interests of the charity

  • To manage our employees and volunteers

  • To maintain our own accounts and records (including the processing of Gift Aid)

  • To inform you of news, events, activities and services run by the church

What is the legal basis for processing your data?

We have various scenarios under which we may use your information, and for each have identified a lawful basis, as described below:

  • Legitimate interest applies:

    • Church news, events, course, services and ministries

    • A public-interest matter, for example, to let you know if an event is cancelled for any reason

    • A ministry or group that you are involved in as part of a serving team

    • Where we maintain and process information about our members, former members and those who are in regular contact with us.

    • Where you sign up for an event or group run by the church and we communicate with you about that event or group.

    • Where you have contacted us independently for information about the church. In this context, we will only use your contact details to respond to your enquiry unless you explicitly consent for us to use your information for another purpose.

    • Where we need to communicate with you about: -

    • For good governance and accounting, for planning, analysis and developing new ministries.

  • Legal obligation applies:

    • When you exercise your rights under data protection law and related disclosures.

    • Where we are required to maintain and report financial/accounting information for up to six years from the end of the tax year in which a financial transaction was processed. This would typically be in respect of donations you may make to the church or ticket payments for certain events or courses run by the church.

    • Where we are required to maintain attendance records at groups or events for safeguarding purposes.

  • Consent applies:

    • Where you have voluntarily subscribed to the church's subscriber mailing list. You can unsubscribe from this list at any time using the unsubscribe link, getting in touch or updating your preferences within ChurchSuite.

Sharing your information

The information we hold about you will be treated as strictly confidential and we will only share your data with third parties with your prior consent, or unless required to do so by law.

We will not normally share any information we hold about you with others without your prior consent, unless one of the following exceptions apply. Information may be shared between Brave Church staff or with authorised volunteers in order to effectively provide services to you. We may disclose information we hold about you if:

  • If we feel there is a legitimate interest for us to do so. A legitimate interest analysis will be conducted to ascertain where this is appropriate

  • It is necessary for law enforcement or similar purposes

  • To review the quality of our services – for example, we regularly employ auditors to inspect our files and assist with maintaining high levels of security & integrity across our organisation. HMRC also have the right to review our files to ensure we are complying with their rules

  • As a necessary part of providing, you with our service(s) or contacting you as a member, donor or customer – for example, by using a third-party mailing house to process our communications

  • As a necessary part of ensuring we comply with our legal obligations as a data controller – for example, sending information to HMRC for gift aid purposes

Third parties we may share your data with based on these reasons are:

  • HMRC

  • Mailchimp

  • GoCardless

  • Stripe

  • Textlocal

  • QuickBooks

  • Brushfire

  • ChurchSuite

  • CAF Donate

  • Just Giving

  • PayPoint

  • Google Workspace (Formerly known as G-Suite)

How secure is your information?

We will retain your information for as long as you are registered with us as interested in or using our services. You may request at any time for your information to be removed from our database or to change the way you are contacted (see requesting access to, updating & removing your data section below). Even if your information is removed from our database, some personal data will continue to be archived in line with HMRC or other legal regulations, or to continue providing you with a service you are currently using.

The church uses a secure church management system that is only accessible to authorised church leaders, staff and ministry leaders. We have taken all practical and reasonable technical measures to ensure our administrative and processing activities are secure.

How long do we keep your personal information?

We keep data in accordance with the guidance set out by the GDPR. We endeavour to maintain only data that is relevant, accurate and up-to-date. We have internal processes to periodically review the data we hold and delete data that is no longer relevant to our purpose for processing. Specifically, we retain member and former member information while it is still current; Gift Aid declarations and financial data for up to 6 years after the calendar year to which they relate; and legal registers (baptisms, marriages, funerals) and safeguarding records permanently.

Your rights and your personal information

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal information: -

  • Access to your information: You have the right to request a copy of the personal information about you that we hold.

  • Correcting your information: We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.

  • Deletion of your information: You have the right to ask us to delete personal information about you where:

    • you consider that we no longer require the information for the purposes for which it was obtained or that we no longer need to retain it in accordance with our statutory obligations;

    • you have validly objected to our use of your personal information - see 'Objecting to how we may use your information' below;

    • our use of your personal information is contrary to the law or our other legal obligations.

  • Objecting to how we may use your information: Where we use your personal information to perform tasks carried out in the public interest then if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.

  • Restricting how we may use your information: In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, when we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where there is no longer a basis for using your personal information but you do not want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.

  • Withdrawing consent using your information: Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given. Please contact us in any of the ways set out in the 'Contact information and further advice' section if you wish to exercise any of these rights.

  • Lodging a complaint: If you feel we have used your information incorrectly or without a lawful basis, or you dispute our lawful basis, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

Complaints

In the first instance, we would ask that all complaints regarding the handling of your data be sent directly to our data officer via email to data@bravechurch.co.uk, or in writing to Data Officer, Brave Church, Watson St, Oswaldtwistle, Lancashire, BB5 3HH.

If you feel your complaint has not been handled appropriately, you can contact the Information Commissioner’s Office (ICO).

Changes to our privacy policy

We keep our privacy policy under regular review, and we will place any updates on this webpage. This privacy policy was last updated on 9th November 2022.

Our contact details

Please contact us if you have any questions about our privacy policy or information, we hold about you.

We can provide you with access to your personal data at any time. We ask that requests are made in writing to The Data Officer, Brave Church, Watson Street, Oswaldtwistle, BB5 3HH.

You can also email and contact us at data@bravechurch.co.uk.

For more information about your legal rights in relation to the information we hold about you, please visit the Information Commissioner’s Office at ico.org.uk.