Privacy Statement

INTRODUCTION

Thetford Team Ministry is a group (benefice) of churches within the Diocese of Norwich. For more details about us see our website https://thetfordteamministry.org.uk

We value everyone who engages with us by whatever means, and we do all we can fully to protect your privacy and to make sure the personal data you provide us is kept safe.

This Privacy Statement is designed to comply with the General Data Protection Regulation (GDPR) and is issued in the interests of transparency over how we use (“Process”) the Personal Data we collect. We also have specific Terms of Conditions for the use of our websites, which you should read as well.

We treat all our members, supporters, and contacts in line with our values and ethos and we welcome any feedback about any of our actions.

YOUR INFORMATION

We collect personal information each time you deal with us, for example when you make a donation, request materials or information, sign up for an event, provide comments, complete surveys or otherwise provide your personal details.

When you visit our websites

We collect non-personal data such as IP addresses, details of pages visited, and files downloaded. Website usage information is collected using cookies (see the section on Cookies below).  If you provide us with any personal data while using our websites, we may use it to provide you with any information or services you have requested.

Information from social media

We may collect information that you make available on social media, for example, Twitter, Facebook, YouTube, and LinkedIn. You may wish to check their privacy policies to find out more about how they will process your data.

Information from third parties

We collect information from third parties such as event organisers or fundraising sites like Just Giving or the Diocese of Norwich, where you have agreed to support us and have given your consent. You may wish to check their privacy policy to find out more information on how they will process your data.

Other publicly available information

We may collect information from Companies House, Charity Commission and information published in articles, newspapers or blogs.

Sensitive Personal Data

Where you provide the information, we may collect Sensitive Personal Data, which includes your religious beliefs, or your physical or mental health.

WHAT DO WE DO WITH YOUR PERSONAL DATA?

We may use the personal data we collect to:

  • Keep you up to date on news and stories about our work.
  • Ask for financial and non-financial support, such as volunteering or prayer.
  • Process donations you give us, or to support your fundraising for us, including Gift Aid.
  • Provide information or resources, for example information on weddings and funerals.
  • Provide a personalised service, such as customised website content or personalised emails.
  • Keep records of your relationship with us e.g. questions you have asked or suggestions or complaints you have made.
  • Classify members and supporters by location.
  • Analyse the personal information we collect about you and use publicly available information to aid our understanding of our supporters, understand the level of potential donations, profile supporters into categories and to help provide the right information at the right time to the right supporters.
  • Conduct market research to aid our understanding of our supporters and their views.
  • We may use publicly available information such as newspaper articles, or information you have given permission to other organisations to share such as LinkedIn, to identify supporters and non-supporters, including trustees, who have expressed an interest in giving major gifts or having a public profile with churches.

If you make a major gift to our work, and where you agree to such a relationship with us, we will discuss and agree with you any sensitivities you may have about the personal data we hold and the methods of contact suitable for you. We will do this at the earliest convenient opportunity. Where you do not wish to pursue such a relationship with us, we will not retain any additional publicly sourced personal data about you we have used for this purpose.

OUR LEGAL BASIS FOR HOLDING AND PROCESSING YOUR PERSONAL DATA

Legitimate interest: Contacting you

We may contact you by post or telephone where we have a legitimate interest to do so. For example, where you have engaged with us through a life event such as baptism, wedding or funeral or made a donation to Thetford Team Ministry. Where you have previously asked us not to contact you in this way we will respect your contact preferences. You can change your preferences at any time or stop us processing your data by contacting us by telephone, post or email as shown in the section ‘Your rights and telling us when things change’ below.

Consent; Contacting you

We may contact you by email or text if you have given us your consent to do so. We will only communicate in accordance with your preferences and you are free to change your preferences at any time by contacting us by telephone, post or email as shown in the section ‘Your rights and telling us when things change’ below.

Applying for a job or volunteering with us

Where you provide personal data and sensitive personal data when applying to volunteer or apply for a job with us, such as the information on your CV we will process, store and disclose the personal data we collect to:

  • Support the recruitment process.
  • Enable you to submit your CV, apply online for jobs and to subscribe for alerts about job types of interest to you.
  • Answer any questions you may have.
  • Use third parties to provide services such as references, qualifications, criminal referencing, checking services, verification of information you have provided, health screening and psychometric evaluation or skills tests.
  • Provide anonymised data to monitor compliance with our equal opportunities policy.
  • Where you provide personal or sensitive personal data, such as religious beliefs, dietary, mobility requirements or health information, to volunteer attend an event or travel on a trip with us we will store, process and disclose the personal information we collect to:
  • Deliver the volunteering opportunity, including the disclosure of sensitive data, such as medical information, to our partner(s) where necessary to deliver a safe trip or event for all involved.
  • Provide relevant information including fundraising materials and the volunteer role description.
  • Provide the administration of these events or opportunities to serve.
  • Monitor the quality of the volunteering opportunity or trip provided.
  • Answer any questions or feedback you may have.
  • Provide anonymised data to monitor compliance with our equal opportunities policy.
  • Support the recruitment process where a Christian commitment is necessary for the role.

HOW AND WHERE WE STORE YOUR INFORMATION

How long?

We will keep your personal information only for as long as we consider it necessary to carry out each activity.

We have a data retention policy to implement this. We take account of legal obligations and accounting and tax considerations as well as considering what would be reasonable for the activity concerned.

For example, we will retain details of donations for 7 years to meet tax and accounting requirements, and we will retain any safeguarding records indefinitely. We will only hold sensitive medical personal information provided to participate in events until two years after the event is completed.

Legacy income is an important source of income for our beneficiaries. We may keep data you provide indefinitely to carry out the administration of legacies and to communicate with the families of those leaving us legacies.

If you have any questions about our Data Retention Policy, please contact our Data Protection Officer,

HOW SAFE IS THE PERSONAL INFORMATION WE HOLD?

We ensure that we have appropriate technical controls in place to protect all the personal data you provide. For example, we ensure that any online forms are encrypted to ensure they can only be read by people permitted to do so.  Our network is robustly protected from unauthorized access and is routinely monitored.

We ensure that access to personal data is restricted only to those staff members or volunteers whose job roles require such access and that suitable training is provided for these staff members and volunteers.

We may make limited use from time to time of external companies to collect or process personal data on our behalf. When we do so, we carry out checks on these companies, put in place contracts to make sure our requirements are clear, and carry out periodic reviews. When we do use external companies, we remain responsible for the storing and processing of your personal data.

However, we need to remind you that despite all our efforts, the internet cannot be guaranteed to be 100% secure, and that you submit data at your own risk.

Credit / debit card security

We may use a third party to process donations or purchases using cards but will ask them to process your information in line with the GDPR and the Payment Card Industry Data Standard.

If you use your debit or credit card to donate to us, purchase something or pay for an event or activity, whether online, over the phone or by mail, we will process your information securely in accordance with the Payment Card Industry Standard.

We do not store your debit or credit card details once your transaction has completed. All card details are securely destroyed once your donation or payment has completed.

We hold bank account details for the purpose of collecting direct debits in accordance with direct debit mandate rules.

Where we store your personal information

We use cloud-based systems to process data and therefore data may be processed outside of the European Economic Area (EEA). We adopt the Information Commissioners approved measures and therefore ensure that personal data is held in compliance with relevant data protection regulations. We take all reasonable steps to ensure that your data is stored and processed securely in accordance with this policy. By submitting your personal data, you agree to this transfer, storing and processing of your information.

WHEN WE SHARE YOUR INFORMATION

In line with our beliefs, we do not share or swap your information with any other charities without first seeking your express permission.

Legal duty

We may need to pass on information if required by law or by a regulatory body. For example, a Gift Aid audit by the HMRC, or if asked for details by a law enforcement agency.

Our service providers and third parties

Occasionally we may employ agents to carry out tasks on our behalf, such as fulfilling orders or processing donations. These agents are bound by contract to protect your data and we remain responsible for their actions.

We may provide third parties with general information about users of our site, but this information is both aggregate and anonymous. However, we may use IP address information to identify a user if we feel that there are or may be safety and/or security issues or to comply with legal requirements.

COOKIES

What are Cookies?

We collect data using cookies. A cookie is a text file that is sent from our website as soon as you visit the site. It is stored on your computer’s hard drive and helps us to identify your computer (not you) and collects information in an aggregate, anonymous way.

Cookies may be used to collect information about your visit to our website, for example, traffic data, location data, device information, the date and time of your visit and the pages that you visit.

The use of cookies is an industry standard for most major websites. You can find more information about cookies by following this link.

Use of cookies on our websites

To enjoy our websites to the full, we recommend that you leave cookies turned on. If you turn off cookies, then you may not be able to enter parts of the sites.

The cookie data that we collect we may use to:

  • Customise the content on our website and to help to understand visitor’s current and future needs.
  • Process any requests, applications, or transactions you may make.
  • Aid internal administration and analysis.

Managing cookies

Most browsers allow you to turn off the cookie function. To do this you can look at the help function on your browser.

Third party cookies

We use websites such as YouTube and Vimeo to embed videos and you may be sent cookies from these websites. We do not control the setting of these cookies, so we suggest you check the third-party website for more information about their cookies and how to manage them.

Thetford Team Ministry also uses third party suppliers such as Facebook, Twitter, and Google Analytics and these providers may use cookies. They may also use tracking pixels, which are commonly found in advertising to track the effectiveness of adverts. As some of these services may be based outside of the UK and the European Union, they may not fall under the jurisdiction of UK courts. If you are concerned about this, you can change your cookie settings (see above).

HOW WE TREAT CHILDREN AND VULNERABLE PERSONS

Aged under 13 years

If at any time we create any materials or run events which may lead to someone aged under 13 years providing their details, we make it clear that we will need their parent’s /guardian’s permission before giving us their personal information.

Supporters in vulnerable circumstances

We recognise the importance of identifying and supporting people in vulnerable circumstances. Staff who send or respond to supporter emails, mailings or calls are trained to be aware of, to identify signs of vulnerable circumstances and to deal with people appropriately in accordance with our policies.

YOUR RIGHTS AND TELLING US WHEN THINGS CHANGE

We fully recognise your right to have your data removed, to be forgotten, to opt out of communications or withdraw consent and to have a copy of your personal data. You also have the right to lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk

Preferences

You can change your preferences at any time about what you receive from us, or how we contact you, by mail, phone or email. You can do so by using the contact details at the end of this policy.

Updating your details

We do appreciate it if you keep your details up to date. You can do so in the same way as updating your preferences (above).

We may use Royal Mail’s Postcode Address File or other available sources to confirm data that you provide us with, where, for example, we are unsure of what you have completed on a form.

Telling us to stop processing

You have the right to ask us to erase your personal data, to ask us to restrict our processing or to object to our processing of your personal data. You can do so by using the contact details at the end of this policy.

ACCESS TO YOUR INFORMATION

You have the right to request details of the information we hold about you. To receive a copy of the personal information we hold please write to our Data Controller at the address given below. We will respond within one month of receiving your letter.

For more information about your rights please visit the website of the Information Commissioner’s Office (https://ico.org.uk/for-the-public/personal-information/)

CHANGES TO THETFORD TEAM MINISTRY’S PRIVACY & SECURITY POLICY

Changes to this Policy

This policy was last updated in March 2021. We may amend this policy from time to time to take account of changes to our processes or changes to data protection or other legislation. If we make any significant changes to this policy we will show this clearly on our website, in our publications or by writing to you directly. By continuing to use our website you will be deemed to have accepted these changes.

Feedback

We welcome feedback or questions on this policy or on any of our actions by

  • Calling us on: 01842 763579
  • Email us on: revpeterherbert@gmail.com
  • Write to us at: Thetford Team Ministry, The Rectory,6 Redcastle Road, Thetford, IP24 3NF