DATA PRIVACY NOTICE/POLICY for St John the Evangelist, Waterbeach, Cambridgeshire. Updated May 2018
St John the Evangelist is committed to protecting and respecting your privacy. This policy outlines how we collect, make use of,
communicate and disclose personal information. This statement outlines the ways in which we seek to be compliant with current data
protection legislation (General Data Protection Regulation – GDPR), and the rights each person has regarding the handling of their personal
• Data controller – determines the purpose and manner by which personal data is processed – St John the Evangelist, Waterbeach
• Data processor – responsible for processing personal data on behalf of the data controller and under their instruction
• Personal data – information relating to a living individual who can be identified from that data, whether held in electronic records or in paper
or manual filing systems
• Data subject – the living individual whose personal data we hold
3. What is personal data?
Personal information relates to a living individual who can be identified from that data. Identification can be by the information alone, or in
conjunction with any other information in the data controller’s possession or likely to come into their possession. This may be held in
electronic records or within structured manual filing systems, and also extends to ‘online identifiers’ such as computer IP addresses.
4. Our policy for processing your personal data
St John the Evangelist seeks to ensure that all data processing operations comply with its obligations under the General Data Protection
Regulations (GDPR), specifically by:
• keeping personal data up-to-date
• storing and destroying personal data securely
• not collecting or retaining excessive amounts of data
• protecting personal data from loss, misuse, unauthorised access and disclosure by ensuring that appropriate technical measures and
processes are in place to protect such data
5. How do we use/process your personal data?
St John the Evangelist uses your personal data for the following main purposes:
• to enable us to meet all legal and statutory obligations
• to maintain our church database of members, friends, trades people and regular attenders
• to deliver our church ministries and activities including but not limited to: Sunday services, special services, (including baptisms, weddings & funerals), special events (including teaching events & community events), children’s work, Seniors’ work, our craft group, groups for those exploring faith such as Pilgrim, Mothers’ Union, Waterbeach Wives, Living With Integrity, charitable events, home group activities, pastoral care and other ad hoc services &
• to enable us to provide community services for the benefit of the public (including Toddler Group, Community Lunch, Craft and Chatter)
• to provide news and information relating to events, activities and services running at St John the Evangelist
• to promote and include others in our services through photographs, sound recordings and video recordings of services and selected events
• to provide pastoral support for members and others connected with our church through contact with the church community or before and after life events such as baptisms, weddings or funerals
• to safeguard children, young people and adults at risk
• to recruit, support and manage our employees and volunteers
• to maintain our own accounts and records (including the processing of gift aid applications)
• to maintain and secure our property and premises
• to respond effectively to enquirers and handle any complaints
• to adhere to legal requirements e.g. for weddings
• in the renting out of church premises, and properties owned by the church
St John the Evangelist , Station Road, Waterbeach, Cambridgeshire. CB25 8HT • t: +44 (0) 1223 860 353 e: email@example.com w: www.stjohns-waterbeach.org.uk
6. What is the legal basis for processing your personal data?
The following legal grounds apply to personal data processed by St John the Evangelist, Waterbeach
• explicit consent of the data subject so that we can provide information about news, events, activities and services, can process visual
images, and can provide marketing / fundraising information
• where processing is necessary in order to fulfil a contract (e.g. with employee or supplier)
• where processing is necessary to carry out obligations under employment, social security or social protection law
• Processing is carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided:
– The processing relates only to members or former members (or those who have regular contact with St John the Evangelist, Waterbeach in connection with those purposes); and
– There is no disclosure to a third party without consent
7. Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members or for purposes connected with the church. We will only share your data with third parties outside of St John the Evangelist, Waterbeach with your consent.
8. How long do we keep your personal data?
We will keep data only as long as it is deemed necessary – taking into account legal obligations, accounting & tax obligations, and considering what would be reasonable for the activity concerned.
Specifically we retain membership data whilst it is still current, details of donations, gift aid and salary payments (and associated paperwork)
for 6 years after the tax year to which they relate to meet tax and accounting requirements, but will hold official registers (e.g. of marriages) permanently.
9. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
•the right to request a copy of the personal data which St John the Evangelist, Waterbeach holds about you
• the right to request that St John the Evangelist, Waterbeach corrects any personal data if it is found to be inaccurate or out-of-date
• the right to request your personal data is erased where it is no longer necessary for St John the Evangelist, Waterbeach to retain such data
•the right to withdraw consent to processing at any time
• the right to request that St John the Evangelist, Waterbeach provide you with your personal data and where possible to transmit that data directly to another organisation (the right to data portability) where applicable
• the right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing
• the right to object to the processing of personal data – only applies where processing is based on legitimate interests, for the performance of a task in the public interest/exercise of official authority, direct marketing & for the purposes of scientific/historical research & statistics.
• the right to lodge a complaint with the Information Commissioners Office (ICO)
10. Further processing
If St John the Evangelist, Waterbeach should wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining the new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
Where and whenever necessary, we will seek your prior consent to the new processing.
11. Use of our website
Information around usage of our website is collected in the form of cookies for Google Analytics tracking. Details of this may be found in the
Information which is input into the various contact forms on the site is stored in the website database for our records. This information may be removed if specifically requested and may also be deleted at various intervals.
Additional site security is provided through encryption with SSL via the WP Engine hosting platform, which is GDPR compliant. To find out
more please visit https://wpengine.co.uk/support/gdpr-compliance.
12. Contact details
To exercise all relevant rights, and lodge queries or complaints, please in the first instance contact the Data Protection Lead (Parish Administrator) at firstname.lastname@example.org, 01223 860 353, or St John The Evangelist, Station Road, Waterbeach, Cambridge, CB25 9HT
For the (ICO), 0303 123 1113, Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF, or contact via their website
13. Data Storage
In order to store and maintain data securely, we use cloud storage and software provided by a 3rd party Church Management System called Planning Center Online. We have entered into a Data Processing Agreement (DPA) with Planning Center. Planning Center is fully GDPR compliant and has self-certified with both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. Details of their participation status are available on the Privacy Shield website. (PCO’s registration is under their corporate name, Ministry Centered Technologies, Inc.).