top of page

Privacy Notice

 

IMPORTANT INFORMATION AND WHO WE ARE 

 

PURPOSE OF THIS PRIVACY NOTICE

This privacy notice aims to give you information on how Newport Christian Fellowship collect and processes your personal data which either you have provided to us or we obtain. 

CONTROLLER

This privacy notice is issued on behalf of Newport Christian Fellowship and when we mention, “we”, “us” or “our” in this privacy notice, we are referring to the relevant charity that is responsible for processing your data.

Trustees for Newport Christian Fellowship (NCF) is the controller and responsible for general data protection and matters concerning safeguarding and complaints arising in respect of day to day matters such as lists of members. 

We have appointed a data protection lead who is responsible for overseeing questions in relation to this privacy notice.

If you have any questions about this privacy notice, please see the contact details below

 

CONTACT DETAILS:

Email: dave@newportchristianfellowship.org

Web:www.newportchristianfellowship.org

 

THE DATA WE COLLECT ABOUT YOU  

 

Personal data, or personal information, means any information about a living individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about our members, church leaders, volunteers, employees, church attendees ,individuals who provide services to us and individuals who contact us.

We have grouped the different kinds of personal data together as follows:

  • Administrative Data includes details about you including Local Church notices; invoices; supplier and contractor details; and back-up files.

  • Image Data includes photographs taken of you where it is possible to identify you. 

  • Contact Data includes home address, email address and telephone numbers e.g. information used to contact you.

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.

  • Marketing and Communications Data includes your preferences in receiving information from us about church events and fundraising and our third parties and your communication preferences.

  • Member and Group Data membership of Church groups, rotas, registration for events, attendance information (e.g. Sunday School attendance).

  • Parental Contact Data includes details of parents (e.g. on parent contact forms).

  • Pastoral Data includes details and records of pastoral support and prayer requests.

  • Special Categories of Data includes your race or ethnicity, your religious beliefs, sex life, sexual orientation, information about your health, also information about criminal convictions and offences in keeping with the Safeguarding Policy of NCF.

  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access any websites or social media operated by NCF.

HOW YOUR PERSONAL DATA IS COLLECTED?

 

We use different methods to collect data from and about you including through:

  • Direct exchanges. You may choose to provide personal information to us directly, e.g. by speaking to us at NCF events, by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you: 

    • join and take part in NCF or groups;

 

HOW WE USE YOUR PERSONAL DATA

 

NCF takes its obligations under data protection law (including the General Data Protection Regulation (GDPR)) seriously. NCF will keep personal data as up to date as possible and take active steps to rectify any personal data we find to be incorrect.  NCF stores and destroys personal data securely and does not collect or retain personal data which is in excess of our processing activities. NCF takes steps to protect all personal data (including Special Category Data) from loss, misuse, unauthorised access and disclosure by ensuring that appropriate measures are in place to protect personal data.

NCF ensures that personal data is processed in accordance with the principles of the GDPR and is processed:

  • Lawfully, fairly and in a transparent manner;

  • For specified, explicit and legitimate purposes and not processed in a manner which is incompatible with those purposes;

  • Accurately, relevantly and limited to what is necessary in relation to the purposes for which it is processed;

  • Kept accurate and where necessary kept up to date, with all reasonable steps being taken to ensure that all inaccurate data is erased or rectified without delay;

  • Is not kept longer than is necessary for the purposes for which the personal data is processed; and

  • In a manner that ensures appropriate security of the Personal Data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage by using appropriate technical and organisational measures.

HOW WE USE YOUR DATA

 

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. 

    • Legitimate interests means the interests of NCF, supporting our members and the communities we work in and conducting and managing our missional activities to enable us to fulfil the calling of NCF. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting NCF as per the contact details in Section1.

  • Where we need to perform the contract we are about to enter into or have entered into with you. 

    • Performance of Contract means processing your personal data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract including employment contracts.

  • Where we need to comply with a legal or regulatory obligation. 

    • Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

In rare cases we may need to use your personal data in the following circumstances:

  • Where we need to protect your vital interests e.g. in an emergency life or death situation where the emergency services are called to treat you when you are with us. 

    • Vital interests means where it is necessary to use your personal data to protect your "vital interests" or those of another person (such as a child) in a life-or-death situation.

  • Where we need to perform a task carried out in the public interest e.g. in certain safeguarding situations.

We rely on consent as a legal basis for processing your personal data in relation to sharing your personal data with third parties, sending marketing communications to you via email or to legitimise dealing with Special Category Data. You have the right to withdraw consent at any time by contacting the Church Office, although this will not prevent processing where the law allows us to process for a different reason in addition to consent.

 

SPECIAL CATEGORY DATA

 

Where data processing relates to Special Categories of Data (e.g. health information included in pastoral records or prayer requests) the following processing conditions apply

  • Explicit Consent has been given by the data subject;

  • Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement;

  • Processing is carried out by a not for profit body with a religious aim provided: 

    • the processing relates to member or former members (or those who have regular contact with it in connection with those purposes; and there is no disclosure to a third party without consent.

 

DISCLOSURES OF YOUR PERSONAL DATA

 

SHARING PERSONAL DATA

We treat all personal data as strictly confidential, except where consent has been provided for it to appear in publications available to general members of the public.

Personal data will not be shared with third parties, other than those listed below unless we are legally obliged to do so or:

  • with your explicit consent;

  • it is necessary for law enforcement purposes; or

  • it is necessary to protect our rights, property or safety of our members, church leaders, volunteers or staff.

We may have to share your personal data with the parties set out below.

  • Professional advisers including lawyers, surveyors, bankers, auditors and insurers based in the UK who provide legal, surveying, consultancy, banking, insurance and accounting services.

  • HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.

  • Payment processing service providers, such as Stewardship for online donations. If you would like to know how they process and store your data, please review their privacy notice www.stewardship.org.uk/transparency/privacy

 

We will ask all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow third-parties to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

 

TRANSFER of Personal Data outside of the European Economic Area (‘EEA’)

 

Your personal information may be transferred or stored outside. Please note that some countries outside of the UK have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals. 

 

Where your personal information is transferred, stored and/or otherwise processed outside the UK, we’ll take all reasonable steps necessary to make sure the recipient implements appropriate safeguards designed to protect your personal information and to ensure that your personal information is treated securely and in accordance with this Policy. 

 

Unfortunately, no transmission of your personal information over the internet can be guaranteed to be 100% secure. 

 

DATA SECURITY

 

We implement reasonable and appropriate security measures against unlawful or unauthorised Processing of personal data and against the accidental loss of, or damage to, personal data in accordance with our internal data security policy. In addition, we limit access to your personal data to those members, volunteers, church leaders and employees who have a need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place reasonable and appropriate procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

DATA RETENTION

 

HOW LONG WILL YOU USE MY PERSONAL DATA FOR?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

USE OF COOKIES

 

We may obtain information about your general internet usage by using cookie files stored on your computer or device (“cookies”). Cookies are text files containing small amounts of information which are downloaded to your computer or device when you visit a website. They help us to improve our site and to deliver a better and more personalised service. 

We may use both “session” cookie and “persistent” cookies on the website. Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date. 

We will use the session cookies to: keep track of you whilst you navigate the website; prevent fraud and increase website security; and other uses. We will use the persistent cookies to: enable our website to recognise you when you visit; keep track of your preferences in relation to your use of our website; and other uses. 

 

We use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google’s privacy policy is available at http://www.google.com/privacypolicy.html. Our payment services providers may also send you cookies. 

 

You can find more information about cookies and how to manage them at http://www.allaboutcookies.org/. You may disable cookies by changing the settings on your browser. However, if you do so, this will affect your enjoyment of our site and we will no longer be able to offer to you a personalised service. 

 

YOUR LEGAL RIGHTS

 

Unless personal data is subject to an exemption under GDPR, such as it is subject to the prevention, investigation, detection or prosecution of a criminal offence, you have the following rights with regards to your personal data:

  • Your right of access – You have the right to ask us for copies of your personal information.  

  • Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.  

  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.  

  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.  

  • Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances. 

  • Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances 

  • The right to lodge a complaint with the ICO. We would hope that you will always raise any issues with us first, and that we will be able to resolve them to your satisfaction. However, if this isn’t possible then you always have a right to complain directly to the Information Commissioner's Office (ICO) if you believe that any use of your personal information by us is in breach of applicable data protection laws and regulations. 

 

Please see below for contact details of the ICO: 

Information Commissioner’s Office 

Wycliffe House 

Water Lane, 

Wilmslow 

Cheshire 

SK9 5AF 

Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate) 

Email: icocasework@ico.org.uk 

Making a complaint will not affect any other legal rights or remedies that you have. 

 

WHAT WE MAY NEED FROM YOU

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

 

TIME LIMIT TO RESPOND

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

 

CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES

This version was last updated December 2022.

 

We have the right to update and amend the provisions of this notice to ensure continual compliance with data protection legislation.  We will provide you with copies of the new notice wherever it is practically possible to do so but please check online to see if any updates have been made.

bottom of page