Privacy Policy

Introduction

This privacy notice tells you what to expect us to do with your personal information when you make contact with us or use one of our services.  This notice is in sections so that you can easily find the reason we process your personal information and see what we do with it.

In each section we’ll tell you:

·        why we are able to process your information;
what purpose we are processing it for;      
whether you have to provide it to us;
how long we store it for;
whether there are other recipients of your personal information;
whether we intend to transfer it to another country; and
whether we do automated decision-making or profiling.

The first section though is information we need to tell everybody.

The Data Controller

The Parochial Church Council of the Ecclesiastical Parish of Bentley St Peter is the controller for the personal information we process, unless otherwise stated.  You probably know us better as St Peter’s Church, St Peter’s Bentley or CMA Bentley.  We are the same organisation.

You can contact us by phone on 01302 876272, or by mobile phone (including WhatsApp or SMS) on 07490 582750.  You can email us at hello@stpetersbentley.org or you can send us a messages by email to hello@stpetersbentley.org or by using Facebook Messenger where we are @stpetersbentley.

Our postal address is:

St Peter’s Bentley
The Team Hub
St Peter’s Community Hall
High Street
Bentley
DONCASTER
DN5 0AA

Our Data Protection Officer

Our Data Protection Officer is Dave Berry, you can email him directly on dave.b@stpetersbentley.org.

How do we get information?

Most of the personal information we process is provided to us directly by you for one of the following reasons:
you have asked about or attended one of our groups or events
you have held a special service at St Peter’s (a wedding, baptism or funeral)
you have asked to be put on our electoral roll
you have applied for a role (volunteer or paid) at the church
you have asked for information about, or received help from CMA Bentley
you have made an enquiry to the church

We also receive personal information indirectly, in the following ways:
you have agreed to be a godparent for a child being baptized at St Peter’s
you are the parent of someone getting married at St Peter’s
your personal information has been given to us by a CMA Bentley client in the course of our advice to them

If it is not disproportionate or prejudicial, we’ll contact you to let you know we are processing your personal information.

Your data protection rights

Under data protection law, you have rights we need to make you aware of.  The rights available to you depend on our reason for processing your information.

Your right of access
You have the right to ask us for copies of your personal information.  This right always applies.  There are some exemptions, which means you may not always receive all the information we process.

Your right to rectification
You have the right to ask us to rectify any information you think is inaccurate.  You also have the right to ask us to complete information you think is incomplete.  This right always applies. 

Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances. 

Your right to restriction of processing
You gave the right to ask us to restrict the processing of your information in certain circumstances.

Your right to object to processing
You have the right to object to processing if we are able to process your information because the process is in our legitimate interests.

Your right to data portablility
You have the right to ask that we transfer any information you have given us to another organisation or that we give it to you.  This right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

You can find out more about your data processing rights at ico.org.uk/your-data-matters/.  We are not allowed to charge you for exercising your rights and we have one month to respond.

If you want to exercise any of these rights, please contact us and ask to speak to Dave Berry.

Sharing your information

We will not share your information with any third parties for the purposes of direct marketing. Ever.

We use data processors who are third parties who provide services for us.  We have contracts in place with our data processors.  This means that they cannot do anything with your personal information unless we have instructed them to do it.  They will not share your personal information with any organisation apart from us.  They will hold it securely and retain it for the period we instruct.

Example: We use a database system called iknowchurch to keep track of all our contacts and church members.  They are our data processors and can’t use your personal information.

In some circumstances we are legally obliged to share information.  For example Wedding registers are part of the public record and the information in them is therefore shared with the General Register Office who make it available.  We will always make sure when we have to share information that there is a legal basis for sharing the information.

Complaints

We work to high standards when it comes to processing your personal information.  If you have queries or concerns, please contact Dave Berry who will respond.

If you remain dissatisfied, you can make a complaint about the way we process your personal information to the Information Commissioner’s Office.  You can call their helpline on 0303 123 1113 or visit ico.org.uk/make-a-complaint/

Children’s information

This policy applies to children involved in the Church too.  We will never contact a child under 16 with marketing information.

 

Weddings

What we do with your personal data when you book a wedding at St Peter’s.

Purpose and legal basis for processing?

When you contact us to arrange a wedding, we collect information, including your personal data,  so that we can ensure all the legal requirements for the wedding are met and to provide appropriate pastoral services before and after the wedding.

The legal basis we rely on to process your personal data is GDPR article 6(1)(c).  This is because we use your data to comply with our legal obligations.

We also rely on GDPR article 6(1)(f).  This is because it is our legitimate interests to provide you with a good pastoral service by keeping you up to date with information about the church and the events we are running that may be suitable for you.

What we need and why we need it?

We need enough information to fulfil the legal requirements of the wedding and contact details to ensure we can make the arrangements.

What we do with it?

We create a file on our database to record your details and to keep track of the progress of plans for your wedding.  We will contact you about events that are happening at church which we think you may find helpful.  You can ask us not to contact you at any time.

If your wedding is being taken by another clergy person, we will share your personal information with them so that they can take your service.

At the wedding we will complete marriage registers which are returned to the General Register Office when they are complete.  Your personal information will then form part of the National Public Record.

How long will we keep it?

We will keep your data on our computer system for ten years after your wedding so that we can send you anniversary cards.  The marriage registers are kept for ever.

What are your rights?

You can ask us not to invite you to events or send you reminders.  The registers are a legal obligation however and we are unable to remove your personal information from them.

Do we use any processors?

Yes.  Your data will be stored on iknowchurch and office365.

 

Little Fishes (and more Fishes)

What we do with your personal data when you come to Little Fishes.

Purpose and legal basis for processing?

When you come to Little Fishes we ask for your personal information so that we can make sure that everyone at Little Fishes is safe and we can contact you about the event.

The legal basis we rely on to process your personal data is GDPR article 6(1)(b).  This covers information we need to provide a service.

What we need and why we need it?

We need names and dates of birth so that we know who is in the building and can keep people safe.  We also keep your contact details so that we can contact you if the group is cancelled and so we can contact someone in an emergency.

What we do with it?

We create a file on our database to record your details and to keep track of how many people come to Little Fishes and how often.  We use it to provide appropriate pastoral care.

We will never share it with anyone outside St Peter’s unless we are required to by our Safeguarding Policy.

How long will we keep it?

We will keep your data on our computer system for three years after our last contact with you at Little Fishes.

What are your rights?

You can ask us not to keep this information, but we may have to ask you not to come to Little Fishes as a result.

Do we use any processors?

Yes.  Your data will be stored on iknowchurch and office365.


St Peter’s Flood Fund

What we do with your personal data when you make a donation to St Peter’s Flood Fund.

Purpose and legal basis for processing?

When you make a donation, we collect information, including your personal data,  so that we can keep track of the donations you have made.

The legal basis we rely on to process your personal data is GDPR article 6(1)(f).  This is because it is our legitimate interests to keep details of who has given the money we have collected.

What we need and why we need it?

We need to be able show where the donated money has come from, so we keep your basic details (name and address). We NEVER store your card details. These are only seen by our Card Processor.

What we do with it?

We keep details of donors and amounts on a spreadsheet so that we can see where the money donated has come from.

How long will we keep it?

We will keep your data on our computer system for six years after the Fund has closed.

What are your rights?

We do need to keep accurate financial records, so we will not be able to delete your personal information. We will not pass your information on to anyone else.

Do we use any processors?

Yes.  Stripe will process your card details. Our data is stored by Office 365.