1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or together with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
2. Who are we?
3. How we collect information from you or your parent/guardian?
- from consent forms;
- from medical forms;
- when you contact us via the Church website.
4. What information we will collect from you?
- Details of how we can contact you such as your name, address, email address and phone number;
- Your birthday;
- Your gender;
- Any bank details belonging to your parents or guardian so that we can receive payments from you and details of any payments you make;
- Any images we capture on CCTV cameras;
- Records that tell us whether you attended an event;
- Videos and photographs of you;
- Identification documents;
- Details of your family members and other people we may need to contact in case of an emergency.
5. How do we process your personal data?
Valley Church complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or keeping large amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate measures are in place to protect personal data.
We will only collect information that is needed for us to carry out our work.
We use your personal data for the following purposes:
- For safeguarding purposes and to be able to contact you or a parent/guardian/carer/significant adult in the event of an emergency, medical or otherwise;
- To provide welcoming, safe spaces for activities and to provide learning experience;
- To arrange any travel and/or accommodation if you are attending an event;
- To provide pastoral care;
- To inform you of news, events, activities and services at Valley Church;
6. What is the legal basis for processing your personal data?
Explicit consent of the data subject so that we can keep you informed about news, events, activities and services and keep you informed about events.
7. Are your details safe?
We have put in place security measures to make sure your details don’t go missing or get used in a way they should not be. We have a great team of people working with us who are trained to know how to use your details and will only use your details when and how we tell them to.
8. Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with other
members of the church in order to carry out a service to other church members or for
purposes connected with the church.
We may have to share your data with the following third parties or use third party service
providers for the purposes set out below:
- CCPAS (The Churches’ Child Protection Advisory Service) – for DBS (disclosure and barring service checks) and safeguarding queries.
- ChurchSuite – personal data, provided by consent, will be processed via ChurchSuite in order to maintain the church database and to allow communication via email.
- Google – for communication purposes via email and data/document storage.
- MailChimp and Text Local – for church-wide communication. Please see below for further information relating to MailChimp.
- Professional advisers (lawyers, insurers in the UK who provide legal and insurance
We require all third parties to respect the security of your personal data and treat your data in accordance with the law. Our third party service providers are not allowed to use your personal data for their own purposes. They are only allowed to process your personal details for specific reasons and in accordance with our instructions.
9. How long do we keep your personal data?
Consent is valid for 14 months from the start of the new term at Church. Following this date, we will store your data securely for a maximum of 6 months. After this 6 month period, your data will be deleted unless you have signed a new consent form. You will be asked to sign a new consent form at the start of each term.
If you do not attend church or any youth events and/or we are unable to contact you for a period of 6 months then your data will be deleted.
Please note that we may have to keep your data for a longer time for legal reasons.
10. Your rights and your personal data
You can ask us the following:
- To tell you how your details are being used;
- To provide you with a copy of the details we hold;
- To correct some of the details we hold if they are not correct or out of date e.g. your contact details;
- To delete all the details we hold on you (unless we have a good reason not to!);
- To stop using your details in a certain way;
- To send your details to you or another organisation;
- The right to lodge a complaint with the Information Commissioners Office.
11. What we may need from you
Please note that for any requests made, Valley Church may need to request more information from you to help us confirm your identity and to make sure we give access to your personal data to the right person (or to exercise any of your other rights). This is a security measure to ensure that your personal data is not disclosed to any person who has no right to receive it. This may involve contacting you to ask for further information.
12. Obligation to inform us of any changes to your personal data
It is very important that the personal data we hold about you is correct, as such, we ask that you inform us of any changes to your personal data so we may update our database.
13. Third party website links
14. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
15. Contact Details
To exercise all relevant rights, queries of complaints please in the first instance contact the Designated Data Controller at:
You can contact the Information Commissioners Office on 0303 123 1113, via their website or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Last updated: Wednesday 12th December 2018