RISE is a part of GODFIRST CHRISTCHURCH.

DATA PROTECTION/PRIVACY POLICY

GodFirst is committed to protecting and respecting your privacy.

This policy and any other documents referred to in it, together with any other forms for collecting data, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

We will take all reasonable measures to protect any information you provide to us in accordance with the Data Protection Act 2018 and the General Data Protection Regulations 2018 (“GDPR”) which states that personal data shall be:

·        processed lawfully;

·        collected for specified, explicit and legitimate purposes;

·        adequate, relevant and limited to the purposes of collecting the data;

·        accurate and kept up to date and that inaccurate data is erased or rectified (with your permission);

·        kept for no longer than is necessary;

·        processed in manner that ensures security of such data; and

·        that the Data Controller shall be able to demonstrate compliance with the regulations.

For this purpose of this privacy policy, the Data Controller is GodFirst Christchurch Limited.

We collect and process the following information from you:

·        Information that you provide by completing one of our written and electronic forms.

·        People who use our services, e.g. who attend an event, subscribe to our newsletter, purchase resources or attend our training

·        Additional or renewed information which you provide to us in writing, by email or by telephone.

·        Information that you provide by using the church management software – ChurchSuite.

·        When you contact us on the telephone, we will require you to answer questions in order to verify your identity and we may keep a record of any communication.

·        Details of financial transactions which we process for you.

·        For Employees: Employment information for the payment of salaries, pensions, PAYE and National Insurance Contributions

·        Historical data for compliance, the Giving Statement and Gift Aid audit purposes.

·        Other data which is reasonably and fairly obtained to assist us in operating events and safeguarding children and vulnerable adults.

We rely on the information which you provide to us. It is your responsibility to ensure that we are kept advised of any changes to your personal information.

Your privacy is important to us. We are committed to safeguarding the privacy of your information. We do all that we can to ensure that the data we hold is accurate, adequate, relevant and not excessive.

Where we store your personal data

All information you provide to us is stored on our secure servers based in the UK or in locked filing cabinets, at our registered office.

We use third party software Churchsuite, and Mailchimp for communications of activities within and connected to GodFirst.

Financial Data

GodFirst uses a number of third party companies as part of financial management. These are kept to a minimum and all comply with strict industry standards. We therefore do not store any donor debit/credit card information. With your permission we store your account details for purposes of processing expenses on behalf of GodFirst. These organisations are as follows; privacy policies for each may be found by clicking on the organisation name:

Xero is the finance management application used by GodFirst.

Paypal is used is used in certain circumstances for debit/credit card transactions. Paypal provide us with the online e-commerce functions that allows us to sell our products and services to you via the GodFirst website. PayPal may store your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

Stripe is used for all of our Events bookings to process orders and refund processing. Their privacy policy is here.

Infoodle integrates gift aid claims with our finance application Xero and links directly with HMRC.

We bank with Lloyds who process all supplier, staff, expenses and contract payments

For pledges with Gift Aid your details are shared with HMRC for processing

ChurchSuite

Microsoft Office 365

Stewardship

E-Newsletter

As GodFirst is a charity committed to good stewardship we are constantly looking for ways to use the resources we have more effectively. E-mail is a very effective way of communicating with our attendees. We will not send large e-mails and where we use images in the e-mail we will host them elsewhere saving space in your inbox. We send out a newsletters for which specific consent is given at the point of subscription. You can unsubscribe from our e-mails at any time; directions on how to do this will be contained within the email. We use third party providers, ChurchSuite, and Mailchimp, to deliver our e-newsletters. For more information, please see ChurchSuite’s and Mailchimp’s privacy notice.

Visitors to our websites

When someone visits www.godfirst.church or www.astgodfirst.org we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

Use of Cookies

Use of cookies by GodFirst Like many websites, GodFirst uses tiny computer files called ‘cookies’ to enhance your browsing experience. We do not identify you through the use of cookies or information sent by your computer except where you have asked us to remember your details.

How We Use Cookies

We use cookies for a variety of reasons detailed below. Unfortunately in most cases there are no industry standard options for disabling cookies without completely disabling the functionality and features they add our website. It is recommended that you leave on all cookies if you are not sure whether you need them or not in case they are used to provide a service that you use.

Disabling Cookies

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of our website. Therefore it is recommended that you do not disable cookies.

The Cookies We Set

When you submit data to through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence. Third Party Cookies In some special cases we also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through this site. This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.

For more information on Google Analytics cookies, see the official Google Analytics page. Third party analytics are used to track and measure usage of this site so that we can continue to produce engaging content. These cookies may track things such as how long you spend on the site or pages you visit which helps us to understand how we can improve the site for you. From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most. As we sell products it's important for us to understand statistics about how many of the visitors to our site actually make a purchase and as such this is the kind of data that these cookies will track.

People who contact us via social media We use a third party provider, Hootsuite to manage our social media interactions. If you send us a private or direct message via social media the message will be stored by Hootsuite for three months. It will not be shared with any other organisations. People who email us We will monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law. If people who make a complaint to us Commission tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. We are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below. When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint. We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle. Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide. Job applicants, current and former Commission employees Commission is the data controller for the information you provide during the recruitment process unless otherwise stated. If you have any queries about the process or how we handle your information please contact us at office@commission-together.org for the Commission Recruitment privacy notice.

Lawful uses made of personal information

We may process information held about you in the following ways:

·        Consent: Where you have given written or online consent.

·        Contract: where there is a specific contract between you and GodFirst e.g. employment contract

·        Legal obligation: when processing data is necessary for GodFirst to comply with the law. E.g. Gift Aid or Safeguarding.

·        Vital interests: to protect someone’s life

·        Public task: to perform a task that is in the public interest and the task has a clear basis in law.

Disclosure of your information

We will not sell or make available personal data to third parties for any marketing purposes.

Confidential information

If, in the course of carrying out our normal activities your personal data maybe visible to other individuals from with GodFirst via ChurchSuite, In line with ChurchSuites and GodFirst Privacy Policy. For example Connect Group Membership, and serving rota’s. Via ChurchSuite you confirm that you will take all reasonable steps to protect and update your personal information in accordance with the Data Protection Act 2018and GDPR.  

Right to have data erased

Anyone who has personal information stored by GodFirst, has the right to have that data erased from our records at any time. However we will maintain personal data held for audit, regulatory and legal compliance purposes or subsequent follow up.

Access to information

The  Data Protection Act 2018 and GDPR gives you the right to access personal information held about you. Your right of access can be exercised (data subject request) in accordance with the Data Protection Act 2018. Any access request will be provided within the timescale set out in the regulations.

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/

Your rights Under the GDPR 2018 and Data Protection Act 2018, you have rights as an individual which you can exercise in relation to the information we hold about you. You have the right to: · object to processing of personal data that is likely to cause, or is causing, damage or distress · prevent processing for the purpose of direct marketing · object to decisions being taken by automated means · in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and · claim compensation for damages caused by a breach of the Data Protection regulations. You can also get further information on: · agreements we have with other organisations for sharing information; · circumstances where we can pass on personal data without consent for example, to prevent and detect crime; · our instructions to staff on how to collect, use and delete personal data; and · how we check that the information we hold is accurate and up to date. For further information on how your information is used, how we maintain the security of your information and your rights to access information we hold on you please contact our Data Protection Compliance Manager as above.

Jurisdiction

All our Terms and Policies are governed by English law and subject to the exclusive jurisdiction of the English Courts.