PRIVACY NOTICE

Introduction

Hope Church Ipswich values everyone who engages with us by whatever means, and we do all we can to protect your privacy and to make sure the personal data you provide us is kept safe. This policy has our privacy statement, explains how we collect data, how we use and store information and what it means for you and how long we store the data.

Who we are

Hope Church Ipswich is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.

Hope Church Ipswich

The Hope Centre, 10 St Margaret’s Street, Ipswich, Suffolk, IP42AT

Charity Number: 1137936, Company Number: 733161

Data Privacy Statement – What we want and why 

We want to know your basic personal data only for the purpose of contacting you with further information about Hope Church Ipswich and for internal processing. We will not collect any personal data from you that we do not need in order to do this.

What we do with it 

Hope Church Ipswich is the Data Controller of the personal data that you provide to us and all personal data we process is by our staff and volunteers and located on servers in the UK. No third parties have access to your personal data unless the law allows them to do so. We have a Data Protection Policy in place to oversee and secure the processing of your personal data. More information can be found on our website: www.hopeipswich.co.uk/privacy.

How long we keep it 

The data you provide will be deleted once you are no longer associated with Hope Church Ipswich unless required to be kept under UK law.

What are your rights 

If you believe the data we hold concerning you is incorrect, you can request to see this information and have it corrected or deleted. If you are concerned about the way your information is being handled, please email: privacy@hopeipswich.co.uk. If you are still unhappy, you have the right to complain to the Information Commissioner’s Office.

What information we collect

This privacy notice explains how Hope Church Ipswich and its website comply with the DPA (Data Protection Act) and the General Data Protection Regulation (GDPR). Hope Church Ipswich complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

1.Directly from us

We collect personal information each time you deal with us, for example when you provide your contact details in writing to church staff or volunteers; request materials or information; sign up for an event; make a donation; sign in your children to Hope Kids and Youth, or otherwise provide your personal details.

2. From website interaction with us

We collect non-personal data such as IP addresses, details of pages visited and files downloaded. Website usage information is collected using cookies, see the section on Cookies below.

3. Indirectly from third parties

We collect information from third parties such as Stripe, where you have agreed to support Hope Church Ipswich and have given your consent. You may wish to check their privacy policy to find out more information on how they will process your data.

4. Where you give permission to other organisations

We may collect information that you make available on, for example, Twitter, Facebook or similar organisations. You may wish to check their privacy policy to find out more information on how they will process your data.

5.Sensitive data

Where you provide the information, we may collect sensitive personal data, including, but not limited to, your religious beliefs, or your physical or mental health.

What we do with it

1. Processing of requests/donations

We collect personal information each time you deal with us, for example when you provide your contact details in writing to church staff or volunteers; request materials or information; sign up for an event; make a donation; sign your children into Hope Kids and Youth, or otherwise provide your personal details. We may use the personal data we collect:

To inform you of news, events, activities and services running at Hope Church Ipswich;

To enable us to provide a voluntary service for the benefit of the public;

To provide pastoral care to our attendees;

To administer attendance/membership records;

To provide an interactive website where email is used to communicate with users;

To raise funds and promote the interests of the charity;

To manage our employees and volunteers;

To maintain our own accounts and records (including the processing of Gift Aid applications);

Basis of processing your data

So that we can provide services you have requested, and keep you informed about news, events, activities and services and process your donations, we will process your personal data on the basis of the consent you provided us with. You are free to change your preferences at any time.

Other processing based on legitimate interest is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement. Legitimate interest is also the basis of our processing relating to members or former members (or those who have regular contact with us in connection with these purposes) and for claiming back tax under the government’s Gift Aid scheme, as we are a not-for-profit body with religious aims.

Applying for a job or volunteering with us

Where you provide personal data and sensitive personal data when applying for a job or volunteer role with us, such as the information on your CV, we will process, store and disclose the personal data we collect to:

Support the recruitment process;

Answer any questions you may have;

Use third parties to provide services such as references, qualifications, criminal referencing, checking services, verification of information you have provided, health screening and psychometric evaluation or skills tests;

Provide anonymised data to monitor compliance with our equalitypolicy.

How and where we store your information

1. How long?

We will keep your personal information only for as long as we consider it necessary to carry out each activity. We have a data retention policy to implement this. We take account of legal obligations and accounting and tax considerations as well as considering what would be reasonable for the activity concerned.

2. Security

We ensure that we have appropriate technical controls in place to protect any personal data you provide. For example, we ensure that any online forms are encrypted and our network is protected and routinely monitored. We ensure that access to personal data is restricted only to those staff members or volunteers whose job roles require such access and that suitable training is provided for these staff members and volunteers.

We may make limited use from time to time of external companies to collect or process personal data on our behalf. When we do so, we carry out checks on these companies, put in place contracts to make sure our requirements are clear, and carry out periodic reviews. When we do use external companies, we remain responsible for the storing and processing of your personal data.

3. Credit/Debit card security

If you use your debit or credit card to donate to us, purchase something or pay for an event, whether online or by giving envelope, we will process your information securely in accordance with the Payment Card Industry Data Standard. We may hold your bank account details if you have asked us to set up a standing order for you, which are stored securely and retained in line with legal requirements.

4. Where we store your personal information

We use cloud-based systems to process data and therefore data may be processed outside of the European Economic Area (EEA). We adopt the Information Commissioners approved measures and therefore ensure that personal data is held in compliance with European data protection regulations. We take all reasonable steps to ensure that your data is stored and processed securely in accordance with this policy. By submitting your personal data you agree to this transfer, storing and processing of your information.

When we share your personal information

Your personal data will be treated as strictly confidential and will only be shared with staff and members of the church in order to carry out a service or for purposes connected with the church. We will only share your data with third parties with your consent.

1. Legal duty

We may need to pass on information if required by law or by a regulatory body. For example, a Gift Aid audit by the HMRC, or if asked for details by a law enforcement agency.

2. Our service providers

We do not sell or pass any of your personal information to any other organisations and/or individuals without your express consent, with the following exception – by providing us with your details you are giving the church your express permission to transfer your data to our service providers including mailing houses, such as Church Suite and MailChimp, to enable fulfilment of the purpose for collection.

Cookies

What are cookies?

A cookie is a small amount of data that is sent to your browser and stored on your computer’s hard drive. Our website does not use cookies directly, however it does use Google Analytics and WordPress to collect information about our visitors.

How we use them on our website

The data that is collected through Google Analytics and WordPress may be used to customise the content on our website and to help to understand visitor’s current and future needs

Managing cookies

Most browsers allow you to turn off the cookie function. To do this you can look at the help function on your browser.

Third party cookies

We work with a number of third-party suppliers who set cookies on our website to enable them to provide us with services. These are mainly used for reporting purposes so we can improve the way we communicate. We use websites such as Vimeo to embed videos and you may be sent cookies from these websites. We do not control the setting of these cookies, so we suggest you check the third party website for more information about their cookies and how to manage them.

We also use third party suppliers such as Google Analytics and these providers may use cookies. They may also use tracking pixels, which are commonly found in advertising to track the effectiveness of adverts. As some of these services may be based outside of the UK and the European Union, they may not fall under the jurisdiction of UK courts. If you are concerned about this you can change your cookie settings (see above) and can find more information about this here.

Children

Families making use of the children’s groups during our services are required to provide personal data for their children. This data is provided with the consent of the parent or guardian and is securely held and stored as above. We require parental consent for any child under the age of 16.

Your choices and telling us when things change

Preferences

Updating your details

We do appreciate it if you keep your details up to date. You can do so in the same way as updating your preferences (above). We may use Post Office address search, postcode lists or other available sources to confirm data that you provide us with, where, for example, we are unsure of what you have completed on a form. We will not use these sources to create data that you have chosen not to provide, for example, if you have left a telephone number blank; nor will we automatically update changes of address, we will normally only update your address when you tell us it’s changed.

Telling us to stop processing

CCTV

The Hope Centre uses closed circuit television (CCTV) to collect visual images for:

• to protect the buildings and assets, ensuring that building rules are respected so that the site can be properly managed including management of building areas e.g. car parking
• to prevent the loss of or damage to contents and property.
• the prevention, identification and reduction of crime and anti-social behaviour (including theft and vandalism), supporting the Police to deter and detect crime, assisting in identifying, apprehending and prosecuting offenders
• to monitor the building in order to provide a safe and secure environment for staff, volunteers and visitors
• to respond to any safeguarding concerns or allegations.

The CCTV system is owned and managed by Hope Church Ipswich. Hope Church Ipswich is the system operator, and data controller, for the images produced by the CCTV system.

The CCTV system is operational and is capable of being monitored for 24 hours a day, every day. Monitoring will be operated by the Head of Operations and Operations Manager; this responsibility may be delegated to a competent trained person temporarily as required. All systems users with responsibility for accessing, recording, disclosing or processing CCTV images will have relevant skills and training.

The CCTV will be operated in a manner consistent with respect for the individual’s privacy.  Hope Church Ipswich complies with Information Commissioner’s Office (ICO) CCTV Code of Practice 2017 to ensure CCTV is used responsibly and safeguards both trust and confidence in its continued use.

The CCTV system will be used to observe any areas under surveillance in order to identify incidents requiring a response. Any response should be proportionate to the incident being witnessed.

Cameras will be positioned to only capture images relevant to the purposes for which they are installed. The equipment will be positioned to cover the specific area to be monitored, keep privacy intrusion to a minimum; ensure that recordings are fit for purpose and not in any way obstructed (e.g. by foliage); and to minimise risk of damage or theft of equipment.

Signs are placed around the building to inform staff, visitors and members of the public that CCTV is in operation.

Images are recorded on secure servers, using Cloud-based storage which is located in the European Economic Area (EEA), and all relevant security and data protection measures are in place.

All images recorded by the CCTV System remain the property and copyright of Hope Church Ipswich. Unless required for evidentiary purposes, the investigation of an offence or as required by law, CCTV images will be retained for no longer than 12 calendar days from the date of recording. Images are automatically overwritten or destroyed after this time.

Reviewing of CCTV images will usually be without sound unless there is a security concern or safeguarding concern which deems it necessary. When sound is used, this will be done with another person present and documented.

Images may be saved for identified safeguarding reasons and will be documented within the safeguarding minutes and stored on the secure safeguarding drive. These images are reviewed every 6 weeks to determine whether the images need to be retained for longer, this will be recorded in the safeguarding minutes.

Where an image is required to be held in excess of the retention period the Head of Operations will be responsible for authorising such a request, and recordings will be protected against loss or held on a secure drive, reviewed on no more than a three-monthly basis and deleted when no longer required.

Photography and video recording

Where Hope Church takes photographs to record events or to publicise future events and the photographs are such that they are classed as personal data (photographs of crowds or where individuals are not the primary focus are not classified as personal data), we will contact those individuals (or their parent or guardian in the case of minors) to explicitly request permission to store and/or use these photographs. In many cases, particularly large group settings where the distribution and completion of consent forms would be impractical, details of this data policy will be made available. If permission is not, or cannot be obtained, we will delete them within 2 months of the photograph being taken. Please note, we cannot manage photographs taken by private individuals at events run by Hope Church.

Storage

Photos and video will be stored securely and access to digital files is restricted to those who require access. Photos and videos will only be stored long enough to fulfil the purpose for which they were collected. When the need to use them has passed they will be deleted.

If an individual objects to the storage and sharing of a photo or video containing their image or that of a person they are legally responsible for then we will permanently delete, destroy or return all copies of the image.

Recording and Live Streaming

Hope Church may record or live-stream services and events to reach out to those who are unable to attend in person, or who wish to participate remotely.

Images will focus on the stage area and those presenting information and services, and will not include images of the general congregation where possible. Recorded or live-streamed services are shared with the general public by electronic newsletters and by uploading it to social media and other internet sites. Recordings will be reviewed regularly and removed from public view if no longer deemed relevant. If you have given explicit consent to use your data in video recordings, you have the right to withdraw consent at any time by contacting the data security manager.

Access to your information

You have the right to request details of the information we hold about you. To make this request, please write to us at the details above. For more information about your rights under the Data Protection Act (DPA) and General Data Protection Regulation (GDPR) you can visit the website of the Information Commissioner’s Office: ico.org.uk

Changes to this privacy notice

We may amend this policy from time to time to take account of changes to our processes or changes to data protection or other legislation. If we make any significant changes to this policy we will show this clearly on our website or in our communications. By continuing to use our website you will be deemed to have accepted these changes.

Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

Governing law

The Privacy Notice is subject to English law. All claims or disputes (including non-contractual disputes or claims) arising out of or in connection with the use of the websites shall be subject to the non-exclusive jurisdiction of the courts of England and Wales. If you have any queries please contact us at privacy@hopeipswich.co.uk