Church Society treats the privacy of its members and others very seriously and we take appropriate security measures to safeguard their personal data*. This notice explains how we collect, use, protect and share personal data.
*Personal data means any information that may be used to identify an individual, including, but not limited to, a first and last name, a home or other physical address and an email address or other contact information.
Church Society is a charity which upholds the doctrine of the Church of England and assists clergy, parishes, schools and the like in their work and mission.
Church Society is the data controller and processor for the purposes of data shared with us. Church Society is a registered charity in England and Wales (no 249574) and a company limited by guarantee (No 213142). The company is registered in England with its registered office at Ground Floor, Centre Block, Hille Business Estate, 132 St Albans Road, Watford, Uk, WD24 4AE.
We collect personal information from:
- our members
- our conference delegates
- our donors when they make a donation
- subscribers to our print and email publications
- those who contact us directly
We use personal information to:
- keep in touch with our members
- carry out reasonable administration of our mailings, donations, conferences and other services
- manage enquiries from supporters and others, and provide advice to those who seek it
- improve our communications and develop our work
We also collect data relating to use of our website.
How we obtain personal information
Information provided by the data subject
Members have provided us with their personal data on their membership forms. Members have been asked for their consent to receive regular communications from us, including email communications.
Conference delegates have provided us with their personal data on their booking forms.
Subscribers have provided us with their personal data when making their subscription.
Donors have usually provided us with their personal data when making a donation.
Those who contact us directly will usually provide their personal data when contacting us.
The information provided may include:
- name and title
- address including postcode, and/or
- email address
- telephone number
- the name of their church, college, or diocese
- an indication of their current role
- bank details from those making donations or payments.
We also collect the following information:
- amount and frequency (if giving regularly) of donations, gift aid status, and partial bank details (but not sufficient to effect a transaction)
- information about our relationship with supporters
- information provided by those who contact us for advice or with enquiries
Information we get from other sources
We sometimes use legal publicly available sources to obtain information. For example:
- a church website to obtain the contact details for a minister who we may wish to contact with an invitation to speak at a conference
- obtain from public directories the telephone number for a member if we have cause to contact them and do not already have a number
- to ensure that a member’s contact details are up to date
- to conduct appropriate due diligence to ensure there is no reputational or financial risk to accepting a particular donation or approving an application for membership
How we use personal information
We use personal information to:
- administer mailings to our members and subscribers with information, news, and prayer requests
- manage enquiries from those who contact us, and keep a record of contact and correspondence
- administer our conferences
- administer donations, thank donors, and maintain our own accounts and records
- improve our communications, campaigns and services
We endeavour to keep personal information up to date. This includes monitoring returned mail to let us know if a person no longer lives at the address we hold for them. We also use public sources to make sure we do not send communications to the wrong place or person.
If a person has applied to work for us, their personal information will only be used for the purposes of recruitment and processing their application. Applicant information is kept for six months after completion of the recruitment process.
We only send email newsletters to those who have given their consent to us to do so. However, a person can change their mind at any time and withdraw their consent. Every email has a link to help the recipient unsubscribe if they wish to stop receiving emails.
In all other cases the law allows us to hold and process the personal information of members and others if it is in our legitimate interests to do so. We rely on our legitimate interests to keep our supporters’ details and maintain our mailing list, to write to those who have indicated their wish to receive our postal mailings, to process and administer our donations, to administer our conferences, and to keep appropriate records. Relying on our legitimate interests mean that we carry out an exercise to check that we will not cause harm to the data subject by processing their data, that the processing is not overly intrusive and that we will only process data in a way which is described in this privacy notice. Our legitimate interests involve furthering our charitable objects of upholding the doctrine of the Church of England and assisting clergy, parishes, schools and the like in their work and mission by providing the service our members might reasonably expect.
We also rely upon our legitimate interests to telephone our members if necessary. This may occasionally involve obtaining a telephone number from publicly available sources in the terms set out above. We will not telephone anyone who subscribes to the Telephone Preference Service (TPS) unless they have consented. We never ask for donations on the phone.
We keep personal information secure with appropriate measures in place to attempt to protect against the loss, misuse, and alteration of personal information.
We use secure server software to encrypt financial and personal information we collect online. However, the transmission of data across the internet is not completely secure. We cannot guarantee that loss, misuse or alteration of data will not occur whilst data is being transferred.
We will not share the personal information we hold with another organisation for their own purposes and we will never sell personal information for any reason whatsoever.
There may be occasions where it is necessary to share personal information where it is required by law or to respond to any legal or regulatory action. We will provide information to HMRC on gift aided donations since we have a legal obligation to provide this information.
There are also a few situations where our legitimate interests involve us sharing some personal information with service providers who are contracted to fulfil specific services for us. For example, we use the email service MailChimp to deliver to our members and subscribers the emails they have signed up to receive. However, we remain in control of the information and the company is not allowed to do anything with the information other than what we have requested. The service also enables us to gather statistics around email opening and clicks using industry standard technologies including gifs to help us monitor and improve our mailings (see: https://mailchimp.com/legal/cookies/).
Worldwide transfer of data
If it is ever desirable to transfer data outside of the EEA, we ensure that robust data-sharing agreements are in place. For example, MailChimp hosts its data in the US, but it has certified its compliance with the EU-US Privacy Shield Framework.
How long we keep data
We keep information in line with our data retention policy.
Our relationship with our members is generally long term, so we keep their personal information for as long as we need it to maintain that relationship or keeping the information is otherwise necessary. We take into account our need to meet any legal, statutory and regulatory obligations. These reasons vary from one piece of information to another. For example, we keep information relating to donations and gift aid for seven years.
Our need to use personal information is assessed on a regular basis and we dispose of data securely, using specialist companies to do this work for us if necessary.
Subject Access Rights
A person has certain rights under existing data protection law including the right to request in writing a copy in of the personal information we hold about them. From 25 May 2018 a person will have the following rights unless an exemption applies:
Right to access
The right to access the personal information that we hold about them. We shall respond promptly, and certainly within one month from the point of receiving a subject access request and all necessary information.
Right to correct
The right to obtain from us, without undue delay, the rectification of inaccurate or incomplete personal information we hold concerning them.
Right to erase
The right to ask us to erase their personal information without undue delay.
Right to restriction of processing
In certain circumstances, the right to restrict us from processing their personal information.
Right to object
The right to object to our use of their personal information including where we use it on the basis of our legitimate interests. We shall no longer process a person’s personal information unless we can demonstrate compelling legitimate grounds for the processing.
Accuracy of personal information
We aim to keep our information about our supporters and those who contact us accurate as possible. If a person wishes to access, review or change the information supplied to us, they can contact us as set out below.
To make enquiries in relation to this privacy notice please direct your enquiry to our Administrator at admin at churchsociety dot org, or write to: Church Society, Ground Floor, Centre Block, Hille Business Estate, 132 St Albans Road, Watford, Uk, WD24 4AE.
If a person is not satisfied with the way we deal with any complaint in relation to the use of their personal information they may be able to refer their complaint to the relevant data protection regulator which in the UK is the Information Commissioner’s Office.
We keep our privacy and cookies notice under regular review. This notice was last updated on 08 May 2018.