KingsGate General Data Privacy Notice

KingsGate Church respects your privacy and is committed to protecting your data. We value the personal information entrusted to us and we respect that trust by complying with all relevant laws and adopting good practices.

Our aim is to be as clear and open as possible about what we do with your personal data and why we do it.

This privacy notice will inform you of how we look after your personal data and tell you about your privacy rights and how the law protects you.

Your personal data – what is it?

Personal data is any information about a living individual who can be identified from that data (for example a name, photograph, email or address). Identification can be by the information alone or in conjunction with any other information in our possession.

The processing of personal data is governed by the UK General Data Protection Regulation (GDPR) and other legislation relating to personal data and rights such as the Human Rights Act 1998.

Who are we?

KingsGate Church is the data controller. This means that we decide how your personal data is processed and for what purpose. Jacqueline ​Aslêt has been appointed as the Data Protection Officer (DPO) for KingsGate Church.

How do we use your personal data?

KingsGate Church complies with its obligations under the General Data Protection Regulation (GDPR) by keeping personal information up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of information; by protecting personal information from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data

We use your personal data for some or all of the following purposes:

• Maintain our list of church members and enable you to access other members;
• Inform you of news, events and activities, and notify you of changes to services, events and role holders;
• Provide pastoral care and organise pastoral services, such as a meal train or baptisms;
• Enable children ministry leaders to manage classes, record attendance and collection from Sunday school;
• Enable parents to consent to their children attending the Youth Social on Sunday’s from 4:30-5:30pm, Connect groups and other Youth related activities within the Worship team (after which time KingsGate will no longer responsible for your children);
• To enable Youth leaders to communicate via WhatsApp and add children to the Youth WhatsApp group;
• Manage ministry volunteers and add them to rota’s;
• Safeguard children, young people and adults at risk;
• Process a donation that you have made (including Gift Aid information);
• To fundraise and promote our services and interests and send you communications, you requested, and that may be of interest to you;
• Maintain our own accounts and records, and enable us to meet all our legal and statutory obligations;
• Recruit, support and manage staff and volunteers;
• Process a grant or application for a role;
• Facilitate the renting out of part or all of our premises;
• Maintain the security of property and premises;
• To collect and use information about our suppliers;
• Respond effectively to enquirers and handle any complaints.
• Deliver our mission to our local community, and to carry out any other voluntary or charitable activities for the benefit of the public;

What personal data do we process?

We may collect, use, store and transfer the following personal data about you, where necessary to perform our tasks:

• Identity Data includes first name, maiden name, last name, username (or similar identifier), marital status, title, date of birth, gender, photograph, video footage and any other biographical information you may provide us.

• Contact Data includes your address, email address and telephone numbers.

• Demographic information such as gender, age, date of birth, marital status, nationality, education/work histories, academic/professional qualifications, hobbies, family composition, and dependants; where they are relevant to our church, or you provide them to us.

• Financial Data such as bank account numbers, payment card numbers, payment/transaction identifiers and claim numbers, where you make donations, pay for activities/events or hiring part or all of our venue.

• Usage Data includes information about how you use our website, events, products and services.

• The data we process is likely to constitute sensitive personal data because, as a church, the fact that we process your data at all may be suggestive of your religious beliefs. Where you provide this information, we may also process other categories of sensitive personal data, namely:

• racial or ethnic origin, sex life, mental and physical health, details of injuries, medication/treatment received, political beliefs, labour union affiliation, genetic data, biometric data, data concerning sexual orientation and criminal records, fines and other similar judicial records.

We will always make it clear to you when we collect this information and why.

What is our lawful basis for using your information?

Most of our church data is processed on the lawful basis of consent. Consent offers you real choice and control over your data. Your consent can be withdrawn at any time.

Explicit consent requires a clear and specific statement of consent, since it deals with sensitive data such as health data. Health data falls under Special Category data because it requires additional protection. By providing explicit consent for your child(rens) health data, we can make Ministry leaders aware of any relevant health and dietary data and ensure that the necessary precautions are taken.

Some of our processing is necessary for compliance with a legal obligation. For example,  If you make a donation and want to include Gift Aid, we are required to collect your title and full postal address in order to provide that information to HMRC. We are required to retain financial transactions and records for a minimum of six years.

We may also process data for our legitimate interests. An example of this would be our safeguarding work to protect children and adults at risk. We will always take into account your interests, rights and freedoms.

We may also process data for the performance of a contract, or to take steps to enter into a contract with you. An example of this would be processing your data in connection with the hire of church facilities or the supply of a service.

Religious organisations are also permitted to process information about your religious beliefs to administer membership or contact details.

Where your information is used other than in accordance with one of these legal bases, we will first obtain your consent to use that.

Sharing your personal data

Your personal data will be treated as strictly confidential and will only be shared with other members of the church or for purposes connected with the church. We will only share your data with third parties with your prior consent, or unless required to do so by law.

How long do we keep your personal data?

We will retain:

• ChurchSuite contact information for up to 2 years after ongoing Consent has been provided (although we will aim to review annually).
• Gift Aid declarations and associated data, for up to 6 years for audit purposes,on.annually).
• Children’s information for up to 2 years after ongoing Consent has been provided by a parent/guardian, or until the child turns 18 years old.
• Information from visitors checking children into children’s ministries for up to 3 months.
• Event registrations information from people not registered to ChurchSuite, for up to 24 months so that we can inform you of similar events.
• Visiting childrens registration information, for up to 3 months.
• Venue Hire data relating to your booking, for up to 6 years due to the HMRC financial regulations surrounding the corresponding payment transaction.

Your rights and your personal data

Unless subject to an exemption under GDPR, you have the following rights:

• The right to be informed about the personal data KingsGate Church collects and uses about you.

• The right to access and receive a copy of your personal data which KingsGate Church holds about you;
• The right to request that KingsGate Church corrects any personal data if it is inaccurate or incomplete;
• The right to request your personal data is erased where it is no longer necessary for KingsGate Church to retain such data;
• The right to restrict or suppress the use of the personal data we hold for you.
• The right to data portability, which allows you to obtain and reuse your personal data for your own purposes across different services in a safe and secure way.
• The right to object to the processing of your personal data.
• The right to lodge a complaint with the Information Commissioner’s Office.

Further processing

If we wish to use your personal data for a new purpose not covered by this Data Protection Notice, we will provide you with a new notice explaining the new use before the processing starts and we will set out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

Contact Details

KingsGate Church (charity reg no 1095489) 161a Clarence Street, Kingston, KT1 1QT.

To exercise all relevant rights, queries or complaints, in the first instance, please contact our Data Officer, Jacqueline ​Aslêt, by email at office@kingsgatechurch.org.uk or phone on 02089 483 355.

You can contact the Information Commissioner’s Office on 0303 123 1113 or via email or Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.