What is ChurchSuite?
ChurchSuite (“the Services”) is a web-based church management system that is designed to help us administer our church and provide elements of pastoral care to our members and the community. Our members may be provided with access to a profile, which they can use to provide us with information (including personal information), update preferences and access options to allow the booking of events and recording attendance. ChurchSuite should bring benefits to everyone as we can stay in touch with you much more easily and so you can provide us with information in a quick and efficient way.
In addition to ChurchSuite, we may also collect information from you in person, on paper forms or online forms within other systems. We have also included information about other forms of processing that we may carry out.
LifeSpring Ministries is a “data controller” which means we have to tell you certain information when processing your personal information. We may input personal information into ChurchSuite or may ask you to do so yourself. We may collect information from you in person or we may ask you to fill in paper forms or input information into other systems that the church uses.
LifeSpring Ministries, LifeSpring Centre, 34 Clifton Street, Wolverhampton WV3 0QT. You can reach us by email at email@example.com.
What information we process about you
We may collect the following information about you:
Sensitive Personal Information
We may also collect, store and use the following “special categories” of sensitive personal information (if you give us this information)
We may collect personal information from you when you attend church and speak to us in person. You may also fill in one of our paper forms or a form available in a different electronic system.
We collect personal information from you when you or we set up a profile in ChurchSuite. If we set up profile on your behalf, then we will input personal information from you that we collected from you in person, on paper forms and from contact forms on our website. We will also collect information from you when you update your profile on ChurchSuite.
Personal Information we collect automatically
When you use the Services, we may collect certain information automatically such as:
Cookies that we use
How to delete and control cookies
Most computers automatically accept cookies but you can change your settings so that you will not receive cookies and you can also delete existing cookies from your computer.
If you do change your settings, you may find that some parts of our website will not function properly. If you do not adjust your settings, you will accept cookies provided by this website.
To find out how to delete cookies or adjust their settings please visit http://www.allaboutcookies.org/.
Our legal basis for using your information
The law only allows us to use your personal information in certain limited circumstances. We have listed these below and what information they allow us to process.
1.) Where it is necessary for our legitimate interests
The GDPR specifically states that a charity may use legitimate interests to process personal information relating to its members or persons who have regular contact with the charity to administer their membership or regular contact to the ministry. We consider that this is the most appropriate condition for us to administer your membership or regular contact with our ministry as you would reasonably expect that we would have to process your personal information in order to provide you with membership or your regular contact with our ministry and so you can take full advantage of all our services. We have put safeguards into place to ensure that your personal information is protected and that your fundamental rights and freedoms are not overridden.
Examples of how we may use your information for administration purposes:
We may also use legitimate interests to send out our marketing materials but only where such materials relate directly to the ministry and its activities and you have not told us not to send you such information
2.) Where you have consented to us using your personal information
Examples of how we may use your information with consent
3.) Where we need to perform the contract we have entered into with you
Examples of how we may use your information in order to comply with a contract that we have entered into with you:
4.) Where we need to comply with a legal obligation
Examples of how we may use your information to fulfil a legal obligation
“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:
Less commonly, we may process this type of information where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public
What this means in practice
We may use your sensitive personal information in the following ways:
In all cases where we require consent, we will seek your written consent, record you consent in writing, or record your consent digitally to allow us to process certain sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
Information about Children
Whilst information relating to children is not considered to be special category information, it is information that is given specific protection. Where the child is under the age of 13 we will always ask for the consent of parents before allowing the child to set up profile in ChurchSuite and ensure that the parent are able to access and administer the profile.
Where a child is 13 or over then we will permit the child to have their own ChurchSuite profile, but we may (if we believe it to be appropriate in the circumstances) inform the parents. We will tell the child at the time of signing up that we may inform their parents and we will only do this where it is appropriate and lawful to do so.
Other third parties
We may share your information with certain third parties including:
We work with the following organisations:
Legal Requirements and Law Enforcement
We may also disclose your personal information to third parties:
Third Party Privacy Policies
The Services may contain links to websites owned by other organisations. If you follow a link to another website, these websites they will have their own privacy policies. We suggest that you check the policies of any other websites before giving them your personal information as we cannot accept responsibility for any other website.
How we store your personal information
The security of your personal information is important to us.
We use appropriate technical and organisational measures to safeguard personal information and encryption technology where appropriate to enhance privacy and help prevent information security breaches.
Any personal information that we provide to you will be held within the EEA.
All third parties who provide services to us or our software provider are required to sign a contract requiring them to have appropriate technical, administrative and physical procedures in place to ensure that your information is protected against loss or misuse.
All information you provide to us is stored on our secure servers or on secure servers operated by a third party. Information on our third-party providers can be found above.
Retention of information
We only hold your personal information for as long as necessary for the purposes for which we collected your information.
We have set these timescales in accordance with any applicable legislation and where none exists then we will keep your information for the duration of any contract that you have entered into with us and then for a period of 7 years after which time it will be deleted.
If you chose to send us information via email, we cannot guarantee the security of this information until it is delivered to us.
Access to information
You have the right to access information that we hold about you. If you wish to receive a copy of the information that we hold, please contact firstname.lastname@example.org or write to us at the address above.
Changing or deleting your information
You can ask us at any time to change, amend or delete the information that we hold about you or ask us not to contact you with any further marketing information. You can also ask us to restrict the information that we process about you.
You can request that we change, amend, delete your information or restrict our processing by emailing us at email@example.com.
Right to prevent automated decision making
You have a right to ask us to stop any automated decision making. We do not intentionally carry out such activities, but if you do have any questions or concerns, we would be happy to discuss them with you and you can contact us at firstname.lastname@example.org.
Transferring Personal Information
You have the right to request that your personal information is transferred by us to another organisation (this is called “data portability”). Please contact us at email@example.com with the details of what you would like us to do and we will try our best to comply with your request. If may not be technically feasible, but we will work with you to try and find a solution.
To exercise all relevant rights, queries of complaints, review of your request please contact us at firstname.lastname@example.org.
You can contact the Information Commissioners Office using the following:
Telephone: 0303 123 1113
Information Commissioner’s Office
How to Contact us
THIS POLICY WILL BE REVIEWED BI-ANNUALY.
Policy reviewed by: Andrew Custis
Last Updated: 11/09/19