Protection, Privacy and Rights
Andover Vineyard Church is a Data Controller under the Data Protection Act 1998 and under Regulation (EU) 2016/679 (General Data Protection Regulation).
We hold information including personal data, financial data, pastoral care details and statistical analysis.
The Data Protection Act 1998 and GDPR states that data must be:
- Fairly and lawfully processed;
- Processed for limited purposes;
- Adequate, relevant and not excessive;
- Not kept longer than necessary;
- Processed in accordance with the data subject’s rights;
- Not transferred to countries without adequate protection.
We must also hold the explicit and informed consent of the individual concerned or that of their legal guardian.
We will treat all your personal information as private and confidential and not disclose any data about you to anyone other than the leadership in order to facilitate the administration and day-to-day ministry of the church. Information will be processed via Church Suite. We do not share this information with any third parties other than Church Suite, and necessary financial institutions (i.e. banks) except as below:
There are four exceptional circumstances to confidentiality permitted by law:
- Where we are legally compelled to do so
- Where there is a duty to the public to disclose
- Where disclosure is required to protect our interests
- Where disclosure is made at your request or with your consent
Our Policy and Procedures on Data and Privacy
We only collect data with the explicit and informed consent of the individuals involved (or that of their legal guardian) or where we have a legitimate interest. We hold the data on our Church Suite software and individuals can have access at all times to amend their data or to ask for their information to be forgotten. We hold data on members of the church and visitors either to the church or to our website who have supplied information (with consent).
We collect some or all of the following data: names, addresses, email addresses, telephone numbers, dates of birth, gender, marital status, children, areas of interest, contact preferences, baptismal information, attendance at events, and photographs. Some computer data may also be automatically collected. If money is given via direct debit, standing order or Church Suite, we may hold further financial details such as account numbers and sort codes and amounts given.
Any individual may refuse to share some or all of this data if they wish. Contact information may be shared with other church members via Church Suite only if that permission is given. This permission setting is set by the individual themselves and not by us and they have the ability to change it at any time. Other types of information is only accessible by church leaders. We use this data for contacting, recording attendance at relevant events, recording birthdays, generating anonymous statistics, sending rota reminders, dealing with financial planning and legal compliance.
Data Retention, subject access requests and your right to be forgotten
We hold data on individuals for as long as they are a continuing visitor or member of the church and for up to 6 months afterwards.
At any time, an individual can ask us to remove their details [or particular details] from our records. This is part of their right to be forgotten. They may also ask to see the data we hold on them, via a subject access request. It may take us up to 30 days to prepare this information. There is no charge for the first request but any subsequent requests within six months will incur an administration charge of £10. If you wish to contact the data controller, please email firstname.lastname@example.org.
You may also contact us by post:
Andover Vineyard Church
44 Herons Rise
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at
The Information Commissioner’s Office