Clevedon Christadelphian Church is committed to all aspects of the Data Protection Act 2018 and takes its duties regarding how personal information is used seriously.
The trustees are responsible for the implementation of this policy. If you have any queries, please direct them to email@example.com or write to: Clevedon Christadelphians, Coleridge Vale Road North, Clevedon, BS21 6NL.
Data Protection overview
The Data Protection Act describes how organisations must handle and store personal data. To comply with the law, personal information must be stored safely, processed fairly and not disclosed unlawfully.
Further information can be found at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
Personal data that you provide to us
When you (or a child for which you are the parent or guardian) participates in or registers for one of our activities, we may require your name, contact details, health information, date of birth and name and contact details of family members. Some of our activities allow you to create an online account which require you to provide a username and password or provide additional information directly related to the activity.
If you contact us to request information we may store contact details you provide such as name, address, email address and telephone number.
Information provided by others
Personal data we hold about you may have been provided by a family member or guardian.
Information we collect or create during your participation in activities
When you participate in or register for an activity we may record attendance and a record of financial transactions where applicable.
Purposes for which we use and process your information and the lawful basis for doing so
We hold a number of activities during the year and it is helpful or required that we know who is planning to attend in advance, either for logistical purposes, providing facilities, catering or for collecting payment in advance. This is either done as a legitimate interest to make preparations for an activity or contractual where payment to participate is required.
We process your contact details for a number of purposes. In an emergency we may use your data to contact you or family member and is done under vital interest. We may contact you under a contractual basis to provide you with information about the activity (including safety information) or changes to an upcoming activity for which you have registered. We may contact you to notify you about future occurrences of activities you have participated in previously as we feel you may be interested in attending the same activity on another occasion. This is done under legitimate interest. If you have requested information to be sent to you, we will use your contact details so you can receive that information, but only with your consent.
We keep a record of attendance for some of our activities to allow us check all participants are present at any given time. This is done under a vital interest to make sure participants are safe in an emergency or are not left behind during activities that take place away from our premises.
Safeguarding records and attendance records for all our public services and activities are kept for the purposes of safeguarding vulnerable groups. This is done under the lawful basis of performance of a task carried out in the public interest and obligations to social protection law.
For some activities, we ask for a date of birth to help us assign children to a suitable age group, identify where parental consent is required, or make appropriate preparations for an activity. This is processed under legitimate interest as we feel it helps provide the best experience and allows us to check that a parent or guardian is happy for a child to participate in an activity.
We process health information, such as medical conditions and dietary information, for your safety. This information may be disclosed to the medical services in an emergency and allows us to be aware of any allergies, particularly when providing food. This information is processed under the legal basis of vital interest.
Some information we process is directly related to the activity such as skill level or individual preferences. This is processed under legitimate interest to help us provide the necessary support and facilities during an activity.
Financial information is stored for the purpose of identifying payments made for activity participate or your name and address where Gift Aid is being claimed on a donation you have made. This is done under a contractual and legal obligation to provide a historical record of financial transactions for preparing accounts, claiming Gift Aid and in case of investigation.
Sharing of your information
We may share your data with third parties when we are legally obliged to do so, or when there is a vital interest such as a medical emergency. Otherwise we will not disclose your data without your explicit consent.
None of the data we process is transferred outside of the EEA.
Using our websites
A cookie is a small text file that is downloaded onto ‘terminal equipment’ (eg a computer or smartphone) when a user accesses a website. It allows the website to recognise that user’s device and store some information about the user’s preferences or past actions. All browsers allow you to disable the storage of cookies should you not wish to use them. Please refer to the documentation for your browser for guidance on how to disable cookies.
We use session cookies to determine how sessions are handled within the cPanel environment and provide a continuous, secure experience. No personal data is stored.
We use session cookies on this site to track a registered user's session to allow your browser to be identified and create a continuous and secure session to protect your data. No personal data is stored within the cookie.
All our sites store the IP address of users who visit a site along with some technical data including operating system, browser and screen resolution being used. This is stored in the server logs and is standard for all Apache Web servers. This allows us to identify attempts to gain unauthorised access to data on our servers. We can't identify you from an IP address ourselves, but the authorities can identify a device used by issuing your ISP with a court order.
How long we keep your data
We only keep personal data as long as necessary and for the purposes it was collected.
Attendance records and safeguarding reports will be held for 75 years after the point of last contact.
Contact details may be kept after an activity to notify you of future activities, unless you ask us not to upon which your data will be deleted. If you have asked us to send you information or literature on a regular basis we will retain your details until you withdraw consent.
Personal data relating to financial transactions will be retained for seven years for our tax records.
Personal data is stored for Cycle For Uganda accounts until the user deletes their account. Other registration data for activities is deleted after each event.
Managing and updating your information – your rights
You have the right to request a copy of the information we hold about you. If you would like a copy of some or all of the information we hold, please write to the address above or email firstname.lastname@example.org.
We want to ensure that your information is correct and up to date, so you are also entitled to ask us to update or remove information which you think is inaccurate.
You have the right to request that we remove your information from our records, or stop using it for particular purposes. We will do this wherever possible unless:
It would prevent us providing a service to you and you still wish to receive the service
Where we have a legal obligation to retain the information
It is in the public interest to retain the information
Where you have outstanding balances to be paid
Other technical reasons that do not allow us to remove your data entirely
Where our purpose for processing the information is done under the legal basis of legitimate interest you have an automatic right to opt out of your data being used for that purpose. Where a purpose is permitted through consent you have the right to either give or remove your consent at any time.
If you wish to register a complaint about how your data is being processed please contact email@example.com in the first instance.
Keeping your personal data safe
We take the security of your data very seriously and employ several technical and organisational measures to protect your data from being accidentally lost, altered, or accessed in an unauthorised way.
We take steps to ensure data is stored securely and restrict the distribution and display of your data to that which is only absolutely necessary and use data minimisation and pseudonymisation where appropriate.
Data that is no longer required is destroyed securely in a way that means the data cannot be retrieved.
Changes to the Policy
We review and update our policies regularly, and any update will be made available on our websites.