GDPR PRIVACY POLICY

We are committed to respecting your privacy

Everyone has the right to privacy, and this also applies to online activities.

The European Union has brought in a regulation that governs how online personal details are used.

It is called the General Data Protection Regulation (GDPR) and it gives you control of your personal information.

This page sets out howYapton Free Church, and its associated charities, complieswith the GDPR.

Our promise to you

We are committed to protecting and respecting your privacy and other rights.

We have always valued people’s personal information and privacy rights as part of our commitment to treating people with respect.

The GDPR means we will continue to comply with all relevant laws and adopt good practice.

The “small print”

The GDPR says we must provide a written Privacy Policy. This appears below.

Defined terms

The terms “‘We” applies to Yapton Free Church. 

The words “you” and “your” apply to anyone reading this document, and anyone who may later provide us with information, also known as “Data Subjects”.

The term “Consent” means your voluntary agreement.

This policy describes:

This policy also applies to:

PRIVACY POLICY

1.   Who is in charge?

The GDPR requires us to appoint someone, a Data Controller, to oversee our data operations.

Our Data Controller is Jo Jeffers

2.   The personal data We collect

a. What is personal data?

Personal data includes things like your name, address, and email addresses. This might be recorded on paper, or it could be an electronic version that is saved on a computer or cloud-based storage systems.

The GDPR says your personal data is your private property.

So, if We wrongly pass on your data, or misuse it, We may have breached your privacy if it identifies you, directly or indirectly.

For example, you can probably be identified through your postal address.

The GDPR says that personal data includes:

b. Who do We collect personal data from?


c. Information We collect automatically 

We may automatically collect the following information each time someone visits our website:

d. Information We receive from other sources

We may receive information about individuals who use any of the other websites We operate or the other services We provide including Soup from Heaven and Nepal. 

In this case, We would have informed you, when We collected your data, of the fact that it might be shared internally and combined with data collected on this website.

We also work closely with charity partners, subcontractors in technical, payment and delivery services, analytics providers, and search information providers, who may receive information about you.

e.Special category data

Special category data is personal data which the GDPR says is more sensitive, and so needs more protection. 

If We process special category data, We must meet an extra condition for processing. 

The GDPR defines special category data as:

f. Who do We collect sensitive personal data from?


g. Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a positive experience when you browse our website and allows us to improve our website. For detailed information on the cookies We use and why We use them, see our Cookie policy

h. Categories of Data Subjects

Our Data Subjects typically fall under one of the following categories:

3. Our lawful basis for processing personal data

4. Processing personal data for under-18s 

Some of the services we offer are aimed specifically at children- for example, our children's and young people's activities, and our holiday club. 
To deliver these services safely it is necessary for us to collect data and store it.

Before We collect data from anyone under 18,We will always ask them to obtain the permission of a parent or guardian before registering with us.

5.   Our intended purposes for processing personal data

We use information held about our Data Subjects in the following ways:

  1. Information given to us by Data Subjects 

We will use this information to:

                                               i.     Fulfil requests for:

                                             ii.     Process payments and verify financial transactions.

                                            iii.     Identify visitors, learners, and enquirers.

                                            iv.     Provide a personalised service to people who visit our websites – this could include customising the content or layout of our webpages for individual users.

                                              v.     Record any contact We have with people.

                                            vi.     Prevent or detect fraud or abuses of our websites and enable third parties to carry out technical, logistical or other functions on our behalf.

                                           vii.     Carry out research on the demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them, and to enable us to improve our service.

                                         viii.    Communicate with our supporters and service users.

                                            ix.     If consent is obtained, provide people with information, that We think may be of interest to them. 

                                              x.     Provide online courses, as described, to people who purchase them.

  1. Information We collect automatically

We will use this information to:

  1. Information We receive from other sources

We may combine this information with information given to us and information We collect automatically. We may use this information and the combined information for the purposes set out above (depending on the types of information We receive).

6.   Who We share personal data with

We may share your personal information with any member of our group, which includes our subsidiaries, and our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

  1. We may share your information with selected third parties:
  1. We may disclose your personal information to third parties:

7.   How We protect personal data

We will use appropriate measures to keep personal data secure at all points of the processing. Keeping data secure includes protecting it from unauthorised or unlawful processing, or from accidental loss, destruction or damage.

We will implement security measures which provide a level of security that is appropriate to the risks involved in the processing. 

Measures will include technical and organisational security measures. In assessing which measures are the most appropriate, We will consider the following and anything else that is relevant:

Measures may include:

If stored electronically, information is stored by us on computers located in the UK and on reputable cloud-based storage systems. We may transfer the information to other offices and to other reputable third-party organisations for the purposes of back-up and mobile working. These offices and third-party organisations may be situated inside or outside the European Economic Area.

If We have given you (or where you have chosen) a password that enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your personal data, We cannot guarantee the security of your data transmitted to our website: any transmission is at your own risk.

Once We have received your information, We will use strict procedures and security features to try to prevent unauthorised access.

We may also store information in non-electronic forms, for which We have security procedures in place to protect it, in line with the GDPR.

Our Information Security Policy contains further details on the measures We have in place to protect personal data and prevent a data breach.

8.   How We erase data upon expiry of retention period

We will not keep personal data longer than necessary for the purposes for which it was collected. We will comply with official guidance issued to our sector on retention periods for specific records. Further information can be found in our Data Retention Schedule.

Personal data stored electronically will be permanently deleted from our local files, and from the Cloud. 

Documentation containing personal data stored or archived in physical files will be shredded upon expiry of the retention period.

9.   Data Subject rights

The GDPR brings new legal rights for individuals whose personal data is processed. We will process personal data in line with these rights to:

On receiving any request from a Data Subject that relates or could relate to their data protection rights, We will forward this to Jo Jeffers immediately, who will follow the Subject Access Request procedures accordingly.

We will act on all valid requests as soon as possible and at the latest within one calendar month unless We have reason to and can lawfully extend the timescale. This can be extended by up to two months in some circumstances. 

Any information provided to Data Subjects will be concise and transparent, with the use of clear and plain language.

10.Social media websites 

We operate a social media page on Facebook. Although this policy covers how We will use any data collected from those pages, it does not cover how the providers of social media websites will use your information.

Please ensure that you read the privacy policy of any social media website before sharing data and make use of the privacy settings and reporting mechanisms to control how your data is used.

Before providing anyone else’s data (for example, tagging photos), please ensure they are happy for you to do so.

Under no circumstances must you make public another person’s home address, email address, or phone number. We take no responsibility, and are in no way liable, morally or legally, for any outcomes that arise from you ignoring this instruction.

11.Social media platforms

Communication, engagement and actions taken through external social media platforms in which We participate are bound by the Website Terms of Use as well as the privacy policies held with each social media platform respectively.

You are advised to use social media platforms wisely and communicate or engage with them with due care and caution regarding your own privacy and personal details.

We will never ask for personal or sensitive information through social media platforms, and We will encourage users wishing to discuss sensitive details to contact us through primary communication channels, such as by telephone or email.

We may use social sharing buttons on our websites, which help to share web content directly from webpages to the social media platforms in question.

You are advised, before using such social sharing buttons, that you do so at your own discretion and note that the social media platform may track and save your request to share a webpage respectively through your social media platform account.

Shortened links in social media

Through our social media platform accounts, We may share web links to relevant webpages. By default, some social media platforms shorten lengthy URLs.

You are advised to use caution and good judgement before clicking on any shortened URLs published by us on social media platforms.

Despite the best efforts to ensure that only genuine URLs are published, many social media platforms are prone to spam and hacking. Therefore, We cannot be held liable for any damages or implications caused by your visiting any shortened links.

12.Links to third-party websites

Our website may, from time to time, contain links to and from the websites of our partner charities, advertisers and affiliates.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that We do not accept any responsibility or liability for these policies.  Please check these policies before you submit any personal data to these websites.

13.Email newsletters

This website provides an email newsletter programme, used to inform subscribers of information about our activities.

You can subscribe through an online automated process should you wish to do so, but you do so at your own discretion.

Some subscriptions may be manually processed through prior written agreement with the user.

The following information explains our legal position regarding email newsletters. If you do not agree with any or all of them, you should not sign to subscribe to an email newsletter.

Subscriptions are taken in compliance with UK Spam Laws detailed in the Privacy and Electronic Communications Regulations 2003.

All personal details relating to subscriptions are held securely and in accordance with the Data Protection Act.

No personal details are passed on to third parties or shared with companies or people outside of the company that operates this website.

Under the Data Protection Act, you may request a copy of personal information held about you by this website’s email newsletter program. A small fee will be payable.

If you would like a copy of the information We hold about you, please write to: 

Jo Jeffers, Yapton Free Church Administrator, 2 Culimore Road, West Wittering, West Sussex, PO20 8HB

In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003, subscribers are given the opportunity to unsubscribe at any time through an automated system. This process is detailed at the footer of each email campaign.

Some subscriptions may be manually processed. By subscribing to a newsletter, you are giving your consent to manual processing.

14.Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to:

Jo Jeffers at admin@yaptonfreechurch.net

 

The processing of the personal data may involve us in disclosing your details to regulatory bodies or other third parties.

If you do not wish your personal data to be disclosed in this manner, you should make this clear by sending us an appropriately worded email.

Frequently asked questions

Is it possible to access the website without disclosing personal data?

Yes. You can visit the website without identifying yourself or revealing any personal information.

Once you choose to provide us with any information by which you can be identified, it will only be used in accordance with this Privacy and Data Protection Policy and our Cookie policy

You do not have to provide personal information to use the website.

What information do you collect?

We collect the personal data that you volunteer on forms that you submit to us (for example in registering for our newsletter), and in emails that you send to us.

What do you do with the information you gather?

We use this information to understand your needs and to provide you with a better service.

We also use it to send you any information you have requested (for example, our newsletters and other updates).

You will only be contacted if you have given us authority to do so.

Do you disclose our personal data to third parties?

We will ensure that your personal data will not be disclosed to third parties, except insofar as you have consented to such disclosure, or We are required to do so by law.

Can I see the information you hold about me? And, can I amend it?

You may request details of personal information We hold about you under the Data Protection Act.

If you would like a copy of the information, please write to: 

Jo Jeffers, Yapton Free Church Administrator, 2 Culimore Road, West Wittering, West Sussex, PO20 8HBIf you believe that any information We are holding on you is incorrect, please write to us or email us.

We will correct any information which was found to be incorrect within 28 days and without charge.

If you have agreed to the disclosure of personal information and to receiving marketing and promotional information, but no longer wish to do so, please contact us.

If you are unhappy with our response, you can ask the Information Commissioner to assess whether the requirements of the Data Protection Act have been met. Write to: The Information Commissioner at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, UK.

Is the information you hold secure?

We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, We have put in place physical, electronic and managerial procedures to safeguard and secure the information We collect online. These comply with the requirements of the General Data Protection Regulation, and the Data Protection Act.

All employees who have access to your personal data are contractually obliged to respect your confidentiality.

We have put in place technology measures and security policies and procedures to protect personal information from unauthorised access, improper use, alteration, unlawful or accidental destruction, or accidental loss.