Privacy Policy

Background and Introduction

In accordance with the General Data Protection Regulation (GDPR) and related UK data protection legislation, we are committed to protecting the confidentiality and security of the information that you provide to us. 

This Privacy Notice is designed to help you understand how we collect and use your information. If you have any questions or queries about this Notice, please contact us. 

We may amend this Privacy Notice from time to time, to keep it up to date or to comply with legal requirements. The latest version of this Notice can be found at here or you can contact us for the latest version using any of the methods detailed in the ‘How to contact us’ section. 

Who we are. 

We are Sandhurst Baptist Church, Kent (also referred to in this Notice as “we”, “us”, or “our”). 

How to contact us 

For any questions or concerns relating to this Privacy Notice or our data protection practices, or to make a Subject Access Request or any other request regarding the information we hold, please contact us in the first instance at: 

Sandhurst Baptist Church 

Rye Road 

Sandhurst 

Kent 

TN18 5PG 

Tel: 07960 578341

philip.hyde22@gmail.com

www.sandhurstbaptistchurch.org.uk

Lawfulness and Fairness  

Personal data must be processed lawfully, fairly and in a transparent manner in relation to the Data Subject (you).  This may arise where: 

  • you have given your consent 
  • the processing is necessary for the performance of a contract with you 
  • to meet our legal compliance obligations 
  • to protect your vital interests 
  • to pursue our legitimate interests for purposes where they are not overridden because the processing prejudices your interests or fundamental rights and freedoms. 

Nature of personal information, why we need it and how we use it

Personal data is any information that may identify a living individual.  

We only collect, use, and store your personal information where we have lawful grounds and legitimate reasons to do so. 

We have a legitimate interest in collecting personal information such as your name, contact details, date of birth, significant life event dates such as baptism, marriage, death, bank or payment details and other personal details to enable us to: 

a. maintain our list of church members and regular attenders; 

b. provide pastoral support for members and others connected with our church. 

c. provide services to the community. 

d. safeguard children, young people, and adults at risk. 

e. recruit, support and manage staff and volunteers.

f. maintain our accounts and records.

g. promote our activities and services. 

h. maintain the security of property and premises.

i. respond effectively to enquirers and handle any complaints. 

j. administer and process the church’s Gift Aid scheme. 

We may collect, use and store ‘Sensitive Data’ such as about your religious beliefs as necessary to provide effective pastoral support. Access to this information is restricted and only available to the Pastor and the Elder. 

Photographic images taken at our events would be classed as ‘sensitive data’ if they identify you as an individual.  Photographic images may be displayed or used for future promotional purposes. If you object to us processing this data please contact us using any of the methods detailed in the ‘How to contact us’ section. 

‘Sensitive data’ (as referred to in the GDPR) includes information about a person’s: racial or ethnic origin; political opinions; religious or similar (e.g. philosophical) beliefs; trade union membership; health (including physical and mental health, and the provision of health care services); genetic data; biometric data; sexual life and sexual orientation.

Other data may also be considered ‘sensitive’ but will not be subject to the same legal protection as the types of data listed above. 

We may collect information from you about other people, for example, family members. If you give us information about another person, it is your responsibility to ensure and confirm that: 

  • you have told the individual who we are and how we use personal information, as set out in this Privacy Notice; and 
  • you have permission from the individual to provide that personal information to us and for us to use it, as set out in this Privacy Notice. 

If you do not provide the information required or do not accept the terms of this Privacy Notice, this will have an impact on our ability to carry out our interests as they relate to you. 

We may store emails, text messages and other communications with you. When you contact us, we may keep a record of that correspondence and any information provided to us during that or any subsequent communication. 

Marketing 

Direct marketing means the communication (by any means) of any advertising or marketing material which is directed, or addressed, to individuals. “Marketing” does not need to be selling anything or be advertising a commercial product. It includes contact made by organisations to individuals for the purposes of promoting the organisation’s aims.

We have a legitimate interest in sending you information about our services and activities and making sure our marketing is relevant for you. When we process your personal information based on legitimate interest, we make sure to consider and balance any potential impact on you (both positive and negative) and your rights under the data protection laws. Our legitimate interests do not automatically override your rights and freedoms. We will not use your personal data for activities where our interests are overridden by the impact on you. If we intend to use your data for purposes where consent is specifically required, we will only do so with your consent. If you do not wish to receive the information you can opt-out at any time using any of the methods detailed in the ‘How to contact us’ section. 

Sharing information  

We will only supply your personal information to other parties where such a transfer is a necessary part of the activities that we undertake, or where you give us consent or where we are required to do so by law or regulation (e.g. where the disclosure is necessary for the purposes of the prevention and/or detection of crime).  

In administering the Gift Aid scheme, we must disclose personal information to HMRC. 

We may also disclose your information to service providers, such as our Accountants, engaged to perform services on our behalf. Such service providers are contractually restricted from using or disclosing the information we give them except as necessary to perform those services or to comply with legal requirements.  

We only share your information if we are satisfied that our partners or service providers have sufficient measures in place to protect your information in the same way that we do. 

We never share your information outside our organisation for marketing purposes.

You understand and accept that we may disclose the information you provide to relevant other parties for the purposes described in this Notice. 

Transfer of personal data outside the UK 

Certain personal information held on our Information Technology systems may be transferred across geographical borders in accordance with applicable law. 

By providing us with your information, you consent to the collection, international transfer, storage, and processing of your information. These transfers are governed by European Union (EU) standard contractual clauses or equivalent data transfer agreements to protect the security and confidentiality of personal information. 

How long we keep information about you. 

We will keep information for as long as it is required to enable us to provide our support, services and activities in accordance with our Data Retention Schedule or otherwise as determined by law or regulation or other legislation.  This will usually be a minimum period of three years. Any request from you to have your data erased will be processed taking into account these requirements. Once we decide that we no longer need your information it will be securely and confidentially destroyed. 

Your data protection rights. 

You have certain legal rights under UK data protection law and regulations, summarised as follows:  • The right to be informed about our data processing activities, including through Privacy Notices such as this. 

  • The right of access to the personal information we hold about you. To request a copy of this information you must make a Subject Access Request in writing to us. 
  • The right of rectification. You may ask us to correct any inaccurate or incomplete data and we will do so within 30 days. 
  • The right to erasure and to restrict processing. You have the right to have your personal data erased and to prevent processing except where we have a legal or other obligation to process your personal information. You should bear in mind that by exercising this right you may hinder or prevent our ability to provide products and services.  
  • The right to data portability. On your request, we will provide you with your personal data in a structured format. 
  • The right to object. You have particular rights in relation to automated decision making and profiling to reduce the risk that a potentially damaging decision is taken without human intervention. You can object to your personal data being used for profiling, direct marketing or research purposes. 

If you want to invoke any of these rights, please contact us using any of the methods detailed in the ‘How to contact us’ section. 

Withdrawal of consent 

Where you have provided your specific consent to the use of personal data, you may withdraw that consent using any of the methods detailed in the ‘How to contact us’ section. 

How to make a complaint 

If you wish to make a complaint about how we hold or use your data, please contact us using any of the methods detailed in the ‘How to contact us’ section. 

If you are dissatisfied with how we deal with your complaint, you may contact the Information Commissioner’s Office as follows: 

The Information Commissioner  

Wycliffe House  

Water Lane  

Wilmslow  

SK9 5AF 

Tel: 08456 30 60 60 

ww.ico.org.uk

Suggested text: Visitor comments may be checked through an automated spam detection service.