Christ Church Cambridge Privacy Policy

How Christ Church Cambridge (“we”) use your information

Your privacy is important to us.  We are committed to safeguarding the privacy of your information.

Who is the ‘Data Controller’?

Christ Church Cambridge (represented by the Parochial Church Council of St Andrew the Less) is the ‘Data Controller’.

Why are we collecting your data?

We use your personal data for some or all of the following purposes:

  • To enable us to meet all legal and statutory obligations (which include maintaining and publishing our electoral roll in accordance with the Church Representation Rules);

  • To carry out comprehensive safeguarding procedures (including due diligence and complaints handling) in accordance with best safeguarding practice from time to time with the aim of ensuring that all children and adults-at-risk are provided with safe environments;

  • To minister to you and provide you with pastoral and spiritual care and to organise and perform ecclesiastical services for you, such as baptisms, confirmations, weddings and funerals;

  • To deliver the church’s mission to our community, and to carry out any other voluntary or charitable activities for the benefit of the public as provided for in the constitution and statutory framework of each data controller;

  • To administer the parish membership records;

  • To fundraise and promote the interests of the church and charity;

  • To maintain our own accounts and records;

  • To process a donation that you have made (including Gift Aid information);

  • To seek your views or comments;

  • To notify you of changes to our services, events and role holders;

  • To send you communications which you have requested and that may be of interest to you. These may include information about campaigns, appeals, other fundraising activities;

  • To process a grant or application for a role;

  • To enable us to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our constitution.

The categories of information that we may collect, hold and share include:

  • Personal information (such as name, telephone number, address and email address) - this is collected on the basis of consent.

  • Characteristics or ‘special category data’ (such as gender, ethnicity, language, nationality, religion, health, sexual orientation) - this is collected on the basis of legitimate interest and explicit consent. Staff will ask you for explicit verbal consent ahead of any note-taking in a pastoral meeting to ensure you are happy for them to record the information you tell them - these notes are primarily to aid their memory if they are meeting with you over a period of time and will be stored securely. We will endeavour to keep data only for as long as we need it and will look to delete it when it is no longer needed.

Storing your data

We hold your data for varying lengths of time depending on the type of information in question. Our Record Retention Policy is available on request from the Operations Manager. As a general rule we seek to securely destroy or delete personal data of church members three years after they cease to regularly attend our church (however there are exceptions to this which are detailed in the Record Retention Policy, e.g. information regarding a safeguarding incident). We will retain any information relating to a formal complaint for ten years from the date of the complaint. We will retain any financial records for a minimum of seven years to support HMRC audits. We will contact you annually to check that the personal information we are holding within ChurchSuite (which is synchronised with MailChimp) is accurate and that you agree to us holding it.

Any electronic personal data transferred to countries or territories outside the UK will only be placed on systems complying with measures giving equivalent protection of personal rights through international agreements.

Who do we share your information with?

We do not share your information with those outside of Christ Church Cambridge unless we have a legal duty to do so, or we have received your consent to share the information.

Requesting access to your personal data

Under Data Protection legislation, you have the right to request access to information about you that we hold. To make a request for your personal information contact the Operations Manager.

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress

  • prevent processing for the purpose of direct marketing

  • object to decisions being taken by automated means

  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and

  • claim compensation for damages caused by a breach of the Data Protection regulations.

For further information on how your information is used, how we maintain the security of your information and your rights to access information we hold on you please contact the Operations Manager.

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/

Contact

If you would like to discuss anything in this privacy notice, please contact the Operations Manager, 01223 750450 or email office@cccam.org.uk.