Our privacy statement
Your privacy is really important to us, and we understand how important it is to you. Our aim is to be as clear and open as possible about what we do with your personal information and why we do it. The Gathering - Cardiff is committed to the privacy of all of it's congregation, members, former members, and those who have regular contact with us in connection with those purposes.
How do we process your personal information?
The Gathering - Cardiff complies with its obligations under the General Data Protection Regulation "GDPR" by keeping personal information up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts. of information; by protecting personal information from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal information.
In the interests of transparency and to be as clear as possible, you can read about the specific information we collect about you, how we keep your information confidential and secure, and how you can access your information.
This policy explains what we use information for...
- If we collect information about you
- If you make a financial donation to the church
- If you are an authorised user of the church's database
- If you sign up for one of our events
In summary, in each case we will only use your personal information for the following purposes:-
To enable us to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our constitution;
To administer membership records;
To fundraise and promote the interests of the charity;
To manage our employees and volunteers;
To maintain our own accounts and records (including the processing of Gift Aid);
To inform you of news, events, activities and services run by The Gathering - Cardiff
What is the legal basis for processing your data?
We have various scenarios under which we may use your information, and for each have identified a lawful basis, as described below:Legitimate interest
- Where we maintain and process information about our members, former members and those who are in regular contact with us.
- Where you sign up for an event or group run by the church and we communicate with you about that event or group.
- Where you have contacted us independently for information about the church. In this context we will only use your contact details to respond to your enquiry unless you explicitly consent for us to use your information for another purpose.
- Where we need to communicate with you about: -
- Church news, events, course, services and ministries
- A public-interest matter, for example to let you know if an event is cancelled due to bad weather
- A ministry or group that you are involved in as part of a serving team
- For good governance and accounting, for planning, analysis and developing new ministries.
- When you exercise your rights under data protection law and related disclosures.
- Where we are required to maintain and report financial/accounting information for up to six years from the end of the tax year in which a financial transaction was processed. This would typically be in respect of donations you may make to the church, or ticket payments for certain events or courses run by the church.
- Where we are required to maintain attendance records at groups or events for safeguarding purposes.
- Where you have voluntarily subscribed to The Gathering's various social media platforms or mailing list. You can remove yourself from any of these platforms or mailing lists at any time.
Sharing your personal information
The information we hold about you will be treated as strictly confidential and we will only share your data with third parties with your prior consent, or unless required to do so by law.
How secure is your information?
The Gathering - Cardiff uses a secure church management system that is only accessible by authorised church leaders, staff, ministry leaders and trustees. We have taken all practical and reasonable technical measures to ensure our administrative and processing activities are secure.
How long do we keep your personal information?
We keep data in accordance with the guidance set out by the GDPR. We endeavour to maintain only data that is relevant, accurate and up to date. We have internal processes to periodically review the data we hold and delete data that is no longer relevant to our purpose for processing. Specifically, we retain member and former member information while it is still current; Gift Aid declarations and financial data for up to 6 years after the calendar year to which they relate; and legal registers (baptisms etc) and safeguarding records permanently.
Your rights and your personal information
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal information: -
- Access to your information: You have the right to request a copy of the personal information about you that we hold.
- Correcting your information: We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
- Deletion of your information: You have the right to ask us to delete personal information about you where:
- you consider that we no longer require the information for the purposes for which it was obtained or that we no longer need to retain it in accordance with our statutory obligations;
- you have validly objected to our use of your personal information - see ‘Objecting to how we may use your information’ below;
- our use of your personal information is contrary to law or our other legal obligations.
- Objecting to how we may use your information: Where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
- Restricting how we may use your information: In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where there is no longer a basis for using your personal information but you do not want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
- Withdrawing consent using your information: Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given. Please contact us in any of the ways set out in the ‘Contact information and further advice’ section if you wish to exercise any of these rights.
- Lodging a complaint: If you feel we have used your information incorrectly or without lawful basis, or you dispute our lawful basis, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Our contact details
We can provide you with access to your personal data at any time. We ask that requests are made by email to email@example.com