RBC is committed to the privacy of the personal information that is entrusted to us and we want to ensure you can exercise your privacy rights. This Notice tells you what personal information we collect, how we use it, who we might share it with, steps we take to keep it secure, your rights under data protection law and finally, how you can contact us with questions or concerns.
1. Our contact details
Name: Rhiwbina Baptist Church
Address: Lon Ucha, Rhiwbina, Cardiff CF14 6HL
Phone no.: 029 2062 3791
2. What type of personal information we hold
RBC currently collects and uses the following kinds of personal information:
- Contact – Information we use to make contact with you. We also keep a register of church members.
- Financial – Information relating to payments, etc. This includes giving and gift aid data relating to money you give to RBC, and where relevant our engagement with the HMRC to claim back tax via the gift aid process.
- Consents – Information relating to permissions, consents and contact preferences, for example, whether members’ details appear in the Members’ Directory, and whether parents are happy for photographs to be taken of their children attending activities.
- Management of events and activities – Information relating to you or your child’s attendance at events and activities organised by the church. It may include attendance registers, and photos or videos such as those recorded for service live-streaming on Facebook or our website.
- Health information – Such as allergies and medical conditions, where this is required primarily in the context of our Nursery and our children’s clubs and activities.
- Disclosure and Barring Service (DBS) checks – Information relating to checks completed on individuals within the church who work with children and vulnerable adults.
- Employment information – Information relating to members of staff, required for their employment at RBC.
- Online usage data – relating to our online services and accounts, for example cookies.
3. Lawful basis for holding information
Under the General Data Protection Regulation (GDPR), we have to have a lawful basis for holding your information. The bases we rely on are:
(a) Your consent.
(b) Legitimate interest.
(c) Contractual obligation.
(d) Legal obligation.
(e) Article 9(2) GDPR (Special categories of data)
Much of the information is held on the basis of your consent, which you have the right to withdraw at any time by contacting the Church Office at email@example.com or on 029 2062 3791. We rely on legitimate interest in order to run the Church effectively and to manage events, and on our contractual obligation in relation to those we employ. Legal obligation is the basis we rely on for processing safeguarding information such as DBS checks, and also for some financial data. Article 9(2) of the GDPR is relied on for health data such as allergies, medical conditions and dietary needs. Our Personal Information Processing Register gives further information on which lawful basis applies to which specific category of information. If you would like a copy of this, please contact the church office.
4. How we get this information
Most of this personal information is provided to us directly by you, either face to face, correspondence via post, phone or email, or completing a form. However, we also receive personal information indirectly from the DBS, as required by law for those who work with children or vulnerable adults; and in relation to RBC employees, from HMRC and from those who may have supplied work references.
5. What we do with the information we have
We use the information that you have given us in order to:
- Manage our relationship with you, including maintaining membership records
- Run the church and all its various activities effectively, safely and lawfully
- Inform you of news, events, activities and church services via our newsletter and other communications
- Maintain our financial accounts and records (including the processing of gift aid)
- Manage our website and social media accounts, such as Facebook live-streaming
- Facilitate contact between members via the Members’ Directory
- Manage our employees and volunteers
- Comply with legal obligations such as the safeguarding of children and vulnerable adults
We will only share your information where we are required to do so by law, or with third parties who are under contract to us, such as our accountants, payroll providers and IT support team. We will never share your information with or sell it to other third parties.
6. How we store your information
Your information is held securely. Most is held electronically, is password protected and with access on a need-to-know basis only. Some is also held on our website and Facebook page, for example, where services have been recorded. Where hard copies are held, these are stored in locked cabinets, again, with access only by those who need to know. How long we keep information depends on what it is, and whether there are any legal requirements to keep it for a set period, as with for example some financial data and safeguarding (DBS) information. We keep most information until we no longer need it, for example, if you have left the Church, or if an event you or your child has attended is now in the past. Further information on how long we keep information can be found in our Personal Information Processing Register, available from the Church Office. We dispose of information we no longer need by shredding (hard copies) or deletion (electronic files).
7. Your data protection rights
Under data protection law you have rights, including the following:-
- Your right to withdraw consent – You have the right to withdraw your consent, where we are relying on that in order to handle your information.
- Your right of access – You have the right to ask us for copies of your personal information.
- Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure – You have the right to ask us to erase or delete your personal information in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
- Your right to object to processing – You have the the right to object to the processing of your personal data in certain circumstances.
You are not required to pay any charge for exercising any of your rights, and we will have one month to respond to you.
Please contact us at firstname.lastname@example.org or 029 2062 3791 if you wish to make a request, or if you would like a copy of our Data Protection Policy.
8. How to complain
Please contact us at the Church Office in the first instance. You can also complain to the ICO if you are unhappy with how we have used your data:-
Information Commissioner’s Office
Helpline number: 0303 123 1113
Last updated 19th October 2022 – version 3