Jubilee Church Bromley - Jubilee Church Privacy Notice

Jubilee Church Privacy Notice

Jubilee Church in Bromley is committed to ensuring that your personal information is treated with the respect and care you would want from a loving community of Christians. As such, we have written this Privacy Notice (in accordance with the General Data Protection Regulation - GDPR) to let you know what sort of information we have, why we have it and what we will do with your details.

Jubilee Church occasionally works with other churches or organisations to run group events and projects (including, but not limited to: Transform Bromley Borough, CAP Bromley Partnership, Healing on the Streets, youth events, children’s events, youth mentoring). In these situations, we would only share or process as little information as possible to ensure the event or project runs well and safely. We would also expect other organisations involved to have the same level of data protection.

Jubilee Church is the Data Controller and can be contacted by email: info@jubileechurch.co.uk, phone: 020 8249 2801 or post: Jubilee Centre, 157 Southlands Road, Bromley BR2 9QZ

Types of data we collect

Mailing lists As part of the sign up for our e-newsletters, we collect personal information including your name and email address. We use that information to tell you about the events, news, information or project that you’ve asked us to tell you about; to contact you if we need to obtain or provide additional information or to check our records are correct. We don't rent or trade email lists with other organisations and businesses.

We use MailChimp, to deliver our e-newsletters. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletters. This does allow us to see who has opened emails and clicked on links. For more information, please see MailChimp’s privacy notice. You can unsubscribe to mailings at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails or by contacting info@jubileechurch.co.uk

Jubilee directory If you are part of Jubilee Church and you give us your contact details, we will store them on a secure part of the church SharePoint site which is password protected and accessed only by church leaders and staff. Your contact details will be removed if you choose not to be part of the church going forward. If you gave consent, we will have added you to the printed 'Jubilee Directory' which is only given out to others in the directory. You will be contacted to check that the information we are holding is accurate and that you still agree to us holding it, and printing it each time the directory is reprinted. We will ask people who hold old versions of the directory to destroy them or return them for safe disposal.

Pastoral Information As a church, we are privileged that people trust us with their personal situations for prayer and pastoral support. We have a group of people who are part of Jubilee Church who will pray for situations which are emailed to them by our pastoral lead (or occasionally a church leader), situations can be anonymised and are only shared with the permission of those involved. Those who asked to be on the email list to pray can be removed by contacting the pastoral lead. These email addresses are stored in a password protected google group.

Leaders of the church may discuss pastoral needs in meetings. These would be anonymised in meeting minutes or deleted when no longer relevant. Meeting minutes are stored on a secure part of the church SharePoint site which is password protected and accessed only by current church leaders.

Records of events such as baptisms, weddings, funerals and dedications may be kept for church records, ensuring only minimal personal information is stored.

We also have a pastoral team who are encouraged to support and pray for those who are part of Jubilee church. Meeting minutes are stored by the pastoral lead on a password protected computer and shared with the team with anonymised names, the team are asked to delete old notes.

Hardship fund applications are discussed amongst the trustees and Pastoral lead. Their final decision is kept by the chair of trustees with other financial information for six years from the end of the financial year in which the transaction was made. Anonymised data may be kept by the pastoral lead or church leaders for records of church activity.

In the case of a safeguarding issue, we are required to keep that information for 75 years.

Donations, Regular Giving and Gift Aid We keep information on people who give regularly or use Gift Aid to Jubilee Church or to the CAP Bromley Partnership. This includes their name, address, tax status and church connection. This information is kept on password protected computers or stored on a secure part of the church SharePoint site which is password protected and accessed only by necessary finance leads. Paper records once processed by our financial volunteers are stored in a locked filing system. This information has to be kept for 6 years after the last financial year any transaction took place. We will then securely destroy the paperwork or delete the information.

Safer Recruitment and DBS (Disclosure and Barring Service) checks All volunteers and staff who work with children, young people or vulnerable adults in a group, project or activity that we run, will undergo a safer recruitment process including a DBS check. We will keep records of names, dates and reference numbers for 75 years. We will keep the full application forms, self-disclosure and references for up to 6 years after the role(s) ends. We may take copies of identification documents during the DBS check process, these will be deleted after we receive the DBS result.

Employee Information Employees of Jubilee Church will have information such as employment data, names, addresses, contact details, next of kin, bank details, ethnicity and references kept for 6 years after their employment ends. This information will be kept in a locked filing cabinet if it is paper-based or electronic data will be stored on a secure part of the church SharePoint site which is password protected and accessed only by the current church leader. The volunteer overseeing our IT systems will have access to email addresses and names of users of Jubilee Church IT systems. This information is kept in line with Limitations Act 1980 and Data Protection Act 1998.

Children & young people While a child or young person is part of a group or activity we run or co-run, we will request and store information about the child which may include date of birth, address, contact details parent/carer details, ethnicity, medical or additional needs. Paper copies will be stored in a locked filing system and electronic databases or spreadsheets will be stored on a secure part of the church SharePoint site which is password protected and accessed only by Jubilee staff. Where children or young people attend a group or activity without their parent/carers, registers are taken that include name and attendance. As these registers form part of our safeguarding procedures, they are kept for up to 75 years unless guidance changes. Other than the name on registers, contact details, medical information etc., will be deleted after the child or young person has not attended the group or activity for a year or has specifically stated they will not attend going forward.
Where an activity or event, that a Jubilee group attends, is hosted by another organisation or group of organisations, the only information the other organisations will have access to is the register. Where further information is required (e.g. Soul survivor), we will seek further permission.

Website Cookies / Google Analytics Cookies are small data files which are placed on your computer or other devices (such as smart ‘phones or ‘tablets’) as you browse websites. We only use cookies for helping us know how many people visit or re-visit our website and which sites are useful. We use Google Analytics to collect standard internet log information and details of visitor behaviour patterns. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

Wifi If you are given access to the Wifi at the Jubilee Centre, we will have access to a password protected list of devices that have logged in. We do not process this information in any way.

Ticketing Data If you book a ticket (or tickets) through Jubilee Church (who may be organising an event on behalf of project or organisation) your name, address data, email, dietary requirements etc. will be collected and stored through Eventbrite. Please see their privacy notice here.

Hall hirers/suppliers/contractors If you are a contractor, supplier or hirer of room(s) in the Jubilee Centre, we will store your contact details for the purposes of carrying out the contract agreed. We will store your details for six years.

Photographs and audio recordings Many of our events are public and as such, photography is permitted. At closed events or events for children and young people, specific consent is sought for photographs where any individual is identifiable. Parent/carers give consent for children under 13. Our safeguarding policy includes more detailed information about limiting photographs of children.

Any photographs taken on behalf of Jubilee Church or it's groups, would be stored on a secure part of the church SharePoint site which is password protected. We do not identify the names of individuals in photographs. Photographs on our website, printed materials or social media that include individuals are there with the consent of the individuals and could be removed from digital media at the request of the individual or parent/carer (of children under 13) by contacting info@jubileechurch.co.uk.

We record our services for sharing speakers' 'talks' with those who could not attend. Only the speaker's talk is shared with their permission. All audio data is stored on a password protected computer in the church building.

We will ask for specific permission to store or process information where appropriate e.g. for sign ups to mailing lists, before printing the church directory, as you sign up to events and groups.

Where we have a legitimate interest to store and process data to ensure the safe running of the church and church activities and would be within a reasonable expectation of those involved, we will do that in line with GDPR principles of keeping as little information for as short a time as possible. Examples of this include: rotas, housegroup email lists, health and safety/ emergency information, safeguarding, contact information to send out important church information or for pastoral support.

There are some instances where we have a legal obligation to store information. This can include accident records, financial records and Gift Aid information.

Where we have a contract in place, we have a contractual obligation to process and store information. This includes for HR, suppliers and contractors.

Who we share data with

The only instances where any data would be shared with another organisation would be where an event or project is organised by a group of churches or organisations. In this instance, minimal information will be shared, usually limited to names for registers/attendee lists etc. We will request confirmation the other organisations comply with GDPR or delete information after the event.

Where a group activity requires more information to be provided, we will request permission.

Some of the tools we use to hold data or process it, e.g. Mailchimp, SharePoint and Eventbrite are hosted in the USA. Any 'processor' we use outside of the EU has to abide by the EU-US Privacy shield which is GDPR compliant, as confirmed in our contracts with them.

Your Rights under the General Data Protection Regulation (GDPR)

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -

  • The right to request a copy of your personal data which Jubilee Church, Bromley holds about you;

  • The right to request that Jubilee Church, Bromley corrects any personal data if it is found to be inaccurate or out of date;

  • The right to request your personal data is erased where it is no longer necessary for the Jubilee Church, Bromley to retain such data;

  • The right to withdraw your consent to the processing at any time

  • The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) - Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means.

  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;

  • The right to object to the processing of personal data, (where applicable) -Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics

  • The right to lodge a complaint with the Information Commissioners Office.

To exercise any of those rights, please contact our Data Protection Champion by email at info@jubileechurch.co.uk or write to Jubilee Church, Jubilee Centre, 157 Southlands Road, Bromley BR2 9QZ.

If you have a concern about the way we are collecting or using your personal data, please raise your concern with us or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/

Changes to this Privacy Notice

We will review this policy at least every 2 years. This was last updated on 23/5/2018