Privacy Policy
1. Introduction
We value all those who engage with Eltham Park Baptist Church (EPBC) by whatever means, and we do all we can to fully protect your privacy and to make sure the personal data you provide us is kept safe and secure.
This Privacy Notice explains how EPBC collects, stores, manages and protects your data. It outlines the types of data that we hold and how we use them. It also outlines what steps you can take if you would like us to change how we use your data or if you would like us to stop using it altogether.
The Church Trustees are responsible for your personal data and as such are subject to the General Data Protection Regulation 2016 (GDPR).
​
2. Our responsibilities & the legal basis for processing your data
EPBC is committed to protecting your personal data. We aim to be clear how we use your personal information, and not do anything you would not reasonably expect. All information you provide us with will be used in accordance with the EPBC Data Protection Policy (A copy of this policy is available from the Church Website, located on each page footer.)
​
EPBC usually relies on your consent as the legal basis for processing. We recognise that this is not the only lawful ground for processing data. As such, where appropriate, EPBC may process your data on an alternative legal basis. Some of our processing is because we have a legitimate interest to do so, for example, in order to allow us to respond to your enquiry, or contact you in an emergency. We may process your data if it is necessary to fulfil contractual obligations we may have with you, for example, if you make a purchase from us or hire our facilities. Occasionally we have a statutory reason for processing your data, for example to fulfil our safeguarding obligations.
​
3. What personal information do we collect and how do we collect it?
The vast majority of the information we hold is obtained directly from you. We may obtain personal information from you when you fill in a consent form, our directory form, contact us through the website, enquire about our activities, request our help or support, send a message via PrayerNet, register for an event, hire our facilities, make a gift or donation to the Church through Gift Aid, or otherwise provide us with personal information.
​
The personal information we collect and process may include name, title and contact details including postal address, email address and phone number. It may also include some demographic information such as gender or date of birth and details of how you are connected with others whose personal information we have permission to hold i.e. Spouses or children under 18.
​
We may keep a record of contact with you and your attendance at Church events or activities, such as the signup sheets for Bring and Share Lunches. We will also keep a note of any changes you tell us about, including when you change your address, or name. You can keep your personal details up to date by contacting gdpr@epbc.org.uk or info@epbc.org.uk
EPBC may process some information that is considered more sensitive. This is referred to as ‘special category’ personal data in the GDPR. When we process this type of information we are required to apply additional protections. Special category personal data for EPBC is defined as racial or ethnic origin, health and special needs, which is processed to uniquely identify a person, in order to support their unique requirements. In the UK this also includes any personal information relating to criminal convictions and offences.
​
If we need to process any special category data we will usually ask your consent to do this, unless we are processing the data because we are obliged to for legal reasons. For example, we may process special category data you have given us in order to fulfil any dietary requirements you have if you are registering for an event. This data is processed under social protection law relating to Food Safety and Allergens.
​
Religious organisations are permitted to process information about your religious beliefs to administer membership or contact details.
​
If you make a donation to the Church, we will also record your donation, including Gift Aid status, where applicable (as required by HMRC).
​
4. What do we use your personal information for?
We will only process your data for the specific purposes that we tell you and then only to the extent necessary for that specific purpose. If we want to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose.
​
Your personal information will be used to:
-
Keep in touch with you as a member of the Church;
-
Provide church updates through the weekly mailing through Mailchimp;
-
Minister to you and provide you with pastoral care and support;
-
Provide any services you have requested;
-
Process a donation you have made (including Gift Aid information);
-
Carry out administration (rotas, church directory, hire of facilities etc.);
-
Enable us to deliver the Churches Mission to our community or carry out other voluntary or charitable activities;
-
Enable us to fulfil legal and statutory obligations (Process DBS Form, Whistle blowing etc.);
-
Send you communications you have requested or that may be of interest.
​
We may communicate with you about the following:
-
Church news and events;
-
Changes to services, events or role holders;
-
Ways to get involved and support the church;
-
Prayer requests, including the forwarding of PrayerNet text messages;
-
Services you have requested or that may be of interest;
-
To seek your views or comments.
We will ask for your consent to contact you for specific purposes and will only contact you through the communication channels (telephone, email, post or social media) you have consented to. Note that we may have to contact you for a reason where your consent is not required, for example, to comply with the law, fulfil a contractual obligation, or because we have a legitimate reason to do so.
​
To enable us to provide adequate pastoral support to you and your family, our Minister and Safeguarding Lead may record information which may be regarded as sensitive. This information will be stored in password protected folders on the church computer and linked Google Drive. The password is only known by the Minister, Church Officers, Office Administrator, Treasurer or personnel who have a legitimate need to access this information (e.g. Safeguarding Officer). This sensitive information will NOT be disclosed to anyone else without your consent.
​
5. Who do we share your personal information with?
Unless we have a legal obligation to do so, we will not disclose your data to third parties or other entities, unless we have your consent to do so, outside the Church other than those which are acting as agents for the Church (for example, if we use a company to print and send out documents). We do not sell or trade your data with any other organisations.
We may need to disclose your information to a third party if required by law (for example to government bodies and law enforcement agencies) or if we have your permission to do so.
​
If you have consented to it, your contact details will be entered into the Church Paper Directory and Online Directory which will be accessible to the church family who have requested their details in the Directory. You may restrict what details are entered in either Directories.
​
Personal information sent on PrayerNet will be shared with a small group of Church Members via telephone or text. This may include your name and the reason for your prayer request, but not contact details.
​
Although most of the information we store and process stays in the UK, some information may be transferred outside the UK. This may occur, for example, if a cloud server used to store electronic data is located outside the UK. Where this happens we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. Our website is also accessible from oversees, so on occasion, some personal information may be accessed from oversees; though this is usually only by our own church family when they go abroad. The Online Directory can only be accessed by people who have been specifically approved by the Office Administrator.
​
6. How do we protect your personal information?
We may store data you have given us manually, electronically, or on email servers. Any hard copy data is kept in the church office which is locked in a filing cabinet.
​
Electronic data is stored on computers used by the Church and its Officers. These are password protected and access is limited to the Minister, Church Officers, Office Administrator, Treasurer or personnel who have a legitimate need to access this information (e.g. Safeguarding Officer).
​
Personal Data given via PrayerNet is kept on the PrayerNet mobile and limited information may be held on the mobile devices of those servicing PrayerNet.
​
7. How long do we keep your personal information?
Generally, we will process your personal data only as long as is necessary for the purpose(s) for which it was collected (unless otherwise advised). We will hold your details until you are no longer a member or associated with the church (unless you advise us otherwise), or until you withdraw your consent for us to hold your personal data.
​
We may be obliged by law to keep your data for a certain length of time e.g. HMRC requires we record your name, address and Gift Aid declaration for seven years from the date of your last donation. Data will be kept securely and destroyed appropriately when no longer required.
​
8. Website cookies
What are cookies?
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.
Cookies are small text files containing a string of characters that can be placed on your computer or mobile device that uniquely identify your browser or device.
What are cookies used for?
Cookies allow a site or services to know if your computer or device has visited that site or service before. Cookies can then be used to help understand how the site or service is being used, help you navigate between pages efficiently, help remember your preferences, and improve your browsing experience.
You can find out more information cookie settings at third-party information sites, such as www.allaboutcookies.org.
​
9. Your rights and how to contact us
In certain circumstances, by law you have the right to:
-
Be informed as to how we use your data (via this Privacy Notice);
-
Access or request a copy of the data we hold about you (Subject Access Request, SAR);
-
Update, amend or rectify the data we hold about you;
-
Change your communication preferences at any time to restrict how we process your data, or opt out of some or all communication from us;
-
Ask us to remove your data from our records;
-
Withdraw consent, where it is used as a legal basis for processing;
-
Object to or restrict the processing of your information for any of the purposes above.
If you have any questions about this Privacy Notice, your data rights, or would like to receive a copy of the information we hold about you, please contact:
GDPR Team (Jill Rackley, Katie Shelley and Tom Tarling) EPBC, 32a Westmount Road, Eltham, SE9 1JE – gdpr@epbc.org.uk
If we wish to use your data for a new purpose, not covered by this notice, then we will provide you with a new notice. Where necessary, we will seek your prior consent to the new processing.
(We are in the process of joining the ICO, so currently can't do the below, but will be able to soon)
​
If you feel that we have let you down in relation to your information rights then please contact us so that we can discuss this with you and rectify the situation. You can also make complaints directly to the Information Commissioner’s Office (ICO). The ICO is the independent authority upholding information rights for the UK. Their website is ico.org.uk and their telephone helpline number is 0303 123 1113.