Privacy Policy

Grace Church Guildford and Chertsey Street Baptist Church Trust

Grace Church Guildford, previously known as Chertsey Street Baptist Church (this name is still used in some contexts) and Chertsey Street Baptist Church Trust (together “GCG”), Chertsey Street, Guildford, Surrey GU1 4HL.

GCG only collects personal information for the purposes set out below and will not sell that personal information nor provide it to third parties without your consent unless required by law to do so. This policy sets out how we deal with the personal information we collect.

How we collect information

Personal information is collected through our website, from social media, the internet, CCTV, by photographic and video cameras (subject to our Social Media Policy) which you can request by contacting us at office@gracechurchguildford.org.uk and from individuals, organisations, the parents or guardians of minors and from the carers of vulnerable adults. We do not use commercial databases.

The information we collect

GCG collects personal information about its members, staff, those attending its activities, those who seek counsel or assistance from us and the parents, guardians and carers of such persons, persons and organisations we support or work with, our suppliers and persons who we believe may be interested in our activities or ministry. This personal information includes contact details, and date of birth. We may also collect Special Category Data, data about criminal convictions etc.(see note 1) and information required so that we can provide suitable counsel, advice, assistance, services and facilities. We will only collect information that is needed for the purposes set out in the next paragraph.

Our use of the information

We use personal information for the present and future

• promotion of the purposes of our organisation
• the promotion and administration of our organisation and its activities and persons, organisations and activities which we support, including distribution of information about our activities and the persons and organisations we support by post, email, telephone, SMS, our website or other technology whether or not currently known or in use;
• monitoring and assessing the quality of our activities and services;
• welfare of our employees, members and other persons attending our premises or activities or receiving counsel or assistance from us, and co-operation with and support of other persons and organisations.
• security of our premises, assets, employees and persons attending our premises or activities.
• We may share personal information with your parents, guardians or carer and other persons or agencies providing you with counsel, advice, assistance, services or facilities. Information provided in respect of a particular activity may be used by us in connection with any of our other activities.

Information provided by the parents or guardians of minors etc.

Personal information about a person who is under the age of 18 years (“a minor”) or incapable of managing their own affairs (“vulnerable adult”) must be provided by that person’s parents, guardians or carer who shall, where appropriate, inform the minor or vulnerable adult that the information has been provided on the basis of this Privacy Policy and be responsible for keeping the personal information up to date.

Special Category Data (see note 1) relating to a minor or vulnerable adult shall be given on a form provided by GCG.

Safeguarding Personal Information

We are committed to protecting the security of your personal information. We use a variety of technological, physical and organisational protections and procedures, such as encryption, passwords and physical security measures, to help protect your personal information from being accidentally lost and unauthorised access, use, alteration or disclosure. We will take particular care of Special Category Data and data relating to matters of a criminal nature (see note 1) and security measures will reflect the importance of keeping this data secure.

In addition, we limit access to your personal data to those employees, church officers and volunteers who need to know. They will only process your personal data on our instructions. We will ensure that staff and members who handle personal data are adequately trained and monitored. Any agent employed to process data on our behalf will be bound to comply with this Privacy Policy by a written contract.

We have put in place procedures to deal with any suspected data breach and will notify you and the Information Commissioner’s Office where we are legally required to do so.

Retention

We will not keep your personal information for longer than is necessary for the purposes for which we use it. We will hold your data for varying lengths of time depending on the type of information in question but in doing so we will always comply with Data Protection legislation. Details of retention periods are available in our retention policy which you can request by contacting us at office@gracechurchguildford.org.uk

Where personal data needs to be deleted or destroyed adequate measures will be taken to ensure that data is properly and securely disposed of and particular care will be taken over the destruction of manual Special Category Data and data relating to matters of a criminal nature.

Keeping personal information up to date

Please inform us if you think any of the personal information we hold about you or a minor or vulnerable adult whose information you supplied to us is not up to date or is incorrect so that we can amend it. If you are a member of GCG you can do this through ChurchSuite.

We will contact you annually to check that the information we are holding is accurate and that you agree to us holding it.

Access to your personal information

You have a right to request access and rectification of your personal information by contacting us. In all cases we will treat requests to access information or change information in accordance with the applicable legal requirements, however safeguarding the welfare and interests of minors and vulnerable adults will always take priority over such access. We will reply to your request within 30 days.

Your rights

You also have the right to:

• object to processing of personal data that is likely to cause, or is causing, damage or distress;
• prevent processing for the purpose of direct marketing;
• object to decisions being taken by automated means;
• in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
• claim compensation for damages caused by a breach of the Data Protection regulations.

Transferring personal information overseas

We may transfer some personal information to countries outside the European Economic Area if this is necessary for the uses of the personal information set out above.

Information from your use of our website

We may collect standard Internet log information about how and when you use our website. This information may include but, not be limited to your IP address and location personal information, weblogs, time, date, browser used, referring web addresses, other communication personal information, searches conducted, pages visited.

Cookies and similar technologies and IP addresses

To ensure that our website is optimised for ease of use, we or our service provider(s) may use cookies to collect standard information about when you visit our website, your browser type and version, and other similar information. These cookies are intended to optimise your experience of our website.

Cookies in use on this site

Public information and third-parties

Social Media Widgets

Our website may include social media features, such as the Facebook Like button and widgets, such as the “Share This” button or interactive mini-programs that run on our website. These features may collect your IP address, which page you are visiting on our website, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy policy of the company providing it.

Links to Third-Party Sites

Our website includes links to other websites whose privacy practices may differ from ours. If you submit personal information to any of those sites, your information is governed by their privacy policies and we do not accept any responsibility or liability in respect of third-party sites. Please check the privacy policies published on any third-party sites which you may access through our website before submitting personal information to them.

Contacts

For further information on how your information is used, how we maintain the security of your information and your rights to access information we hold on you or to discuss anything in this privacy notice, please contact office@gracechurchguildford.org.uk

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/

Note 1 The General Data Protection Regulation 2016 defines ‘Special Category Data’ as racial or ethnic origin, political opinions, religious or other beliefs, trade union membership, genetics, biometrics used for identification purposes, health, sexual life, sexual orientation. but does not include information about financial matters.

The processing of data about criminal offences, criminal convictions, criminal proceedings, disposal or sentence and any Barring decisions made against the Children’s or Adults Barred Lists under the terms of the Safeguarding Vulnerable Adults Act (2006), (as amended by the Protection of Freedoms Act 2012) is dealt with under the Data Protection Act 2018.

© Copyright 2023 Grace Church Guildford (formerly Chertsey Street Baptist Church) Registered Charity No. 1071401