Privacy Policy
About this policy
My Church is a project built for God's glory and is based on Christian values.
Therefore, your privacy is very important to us. This policy is designed to let you know
what data we collect from our users, how we use it and why we use it. This notice is
applicable to our website and the software and service we provide.
We urge you to read this privacy notice so you are fully aware of how we collect and process
personal data. Equally, if after reading this policy you have any questions, please do not
hesitate to contact us. We will be more than happy to answer any queries.
Please also be aware that this privacy notice is a brief summary of our data protection practices. Please read our data protection policy if you're looking for a more in-depth explanation of our data protection policies and procedures.
Who are we?
The author behind the My Church project is Edan Joseph Brooke. Edan works as an IT support technician but is also experienced as a web developer.
My Church is a registered as a data controller with the ICO (registration reference
ZA349020).
The project was founded out of a passion to see youth ministry develop and to make lives
easier for youth and for leaders in the church.
You can contact the My Church team by sending an e-mail to hello@my-church.org, or by calling 0330 010 9335. If you would like to contact our data protection compliance manager or if you have a data protection enquiry, you can send an e-mail to data@my-church.org. You may also phone the data protection compliance manager on 0161 738 1165 or write to them at the following address:
Data Protection Compliance Manager
My Church
Armadillo MUMB #10232
Parkway Avenue
Sheffield
West Yorkshire
S9 4WA
GB
What information do we collect? How is it used?
We collect several pieces of personal information from users. As the My Church system is very complex and has a lot of functionality, we collect data in many ways.
Registration of interest in the serviceWhen a user registers their interest in the platform, we collect, store and process the following pieces of information about them. This information is collected and processed to allow us to follow up on enquiries about the service and to deliver requested information.
- Full name
- E-mail address
- Telephone number
- Place of worship (name, location and figures relating to attendees)
If a user registers as a volunteer with us or expresses that they may be interested in doing so, we collect and process the following pieces of information. This is done so that we have sufficient information to enter into a contract with the individual.
- Full name
- E-mail address
- Telephone number
If a user generates an invite to another individual and the individual chooses to accept the invite, the following information will be requested, stored and processed in order to allow the individual to use the service.
- Full name
- Nickname
- E-mail address
- Chosen password
- Date of birth
This personal information is used to:
- Provide access to the My Church service
- Provide a customised user experience
- Enable us to protect all data inputted into the system with user authentication
- Provide marketing information to users where the user has opted in to receive marketing communications
- Communicate with users to fulfil provision of our service (e.g. session reminder e-mails)
- Allow generation of session registration sheets
- Carry out polls and / or surveys where a user has opted in to the development program
- Aid internal research and product development
- Enable us to meet internal audit requirements
- Allow us to fulfil our legal obligations, such as fraud prevention or co-operation with law enforcement agencies
- Notify you of an update to our privacy policy
Measures in place to protect sensitive personal information
The My Church project uses multiple levels of security to protect the information our users entrust us with. We recognise that some information we store is sensitive and have procedures in place to deal with this.
- We have a strict data protection policy that we strive to follow at all times.
- All sensitive data in our database is secured using bank-grade encryption.
- A high level of digital security is in place on our network infrastructure and on the third-party services we use.
- All data transmissions to and from our website are conducted via a secure connection with HSTS headers to prevent cyber attacks. We cannot guarantee the security of these network technologies but once we receive your data in our infrastructure, we use our internal policies and procedures to store and process your data securely and legally.
- Any paper based record we receive that we do not need a physical copy of is scanned in to an encrypted digital file store and the original is destroyed. If we need to keep the original, it will be kept in a locked filing cabinet.
- We constantly audit our internal policies and procedures to ensure that they are fair and in line with legislation.
Our legal basis for processing your personal data
For the most part, the service uses consent as a legal basis for processing personal data as it is registration based, though we do process personal data under other basis.
Please see the table below for an explanation of the basis we may process personal data under. We endeavour to process your personal data under the most appropriate basis at all times.
| Explanation | Right to erasure | Right to portability | Right to object | |
|---|---|---|---|---|
| Consent |
The data subject has given clear and explicit consent for their personal data to be processed. |
but right to withdraw consent |
||
| Contract |
Processing is necessary to fulfil a contract between My Church and the data subject, or to take steps to enter into a contract. |
|||
| Legal obligation |
We are required to process personal data to fulfil a legal obligation. |
|||
| Vital interests |
Processing is mandatory to protect the vital interests of either the data subject, or another person, in a life or death situation. |
|||
| Public tasks |
Processing is necessary to perform a task carried out in the public interest that is set out in law, or in the exercise of official authority. |
|||
| Legitimate interests |
Processing is necessary for purposes of legitimate interests pursued by My Church or by a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject. |
Dependant on circumstance |
The basis on which we hold and process personal data differs. The My Church system and project is very extensive so we cannot process under just one basis for everything.
- Data collected when a user registers their interest in the platform is held on the basis of consent.
- Data collected when a user registers as a volunteer with us is held on the basis of legitimate interests.
- Data that is collected from a user when they accept an invite to register for a My Church account is held on the basis of consent, unless the data subject accepts an invite for a leadership role in a church. In this instance, data is held and processed under the basis of legitimate interests. This includes maintaining historic data and representing historic records appropriately.
To learn how we process data relating to children please read §5.4 of our full data protection policy.
For more information about our legal basis for processing data, please contact our data protection compliance officer by sending an e-mail to data@my-church.org or by calling 0161 738 1165.
How long do we retain your personal data for? How can I stop my data from being processed?
The length of time for which we hold personal data depends on the purpose it was collected for.
Data that is collected solely on the basis of consent is kept only for as long as we
have your consent to process your personal data.
If you have registered your interest in the My Church platform and now wish to withdraw your consent for us to process this data, you can unsubscribe by following the link in the e-mail that was sent to you when you registered your interest. If you no longer have this e-mail, please contact the data protection compliance officer. Opting out will withdraw the consent that you gave to us to store and process your personal data. Your personal information will be permanently deleted from our records.
If you registered as a volunteer with us but never undertook any responsibilities or work with us, you can have us delete your personal data by following the link in the e-mail that was sent to you when you registered as a volunteer. If you no longer have this e-mail, please contact the data protection compliance officer to be removed from our records.
Volunteers who have undertaken work on the project have their information held on the basis of legitimate interests.
If you have an account with us, you can close your account permanently and withdraw your consent to data processing by logging into your account online. This only applies if legitimate interests conditions do not apply. If you wish to object to processing under the basis of legitimate interests, please contact our data protection compliance officer.
If you have any questions regarding data retention, such as additional data retention periods information, please contact our data protection compliance officer using the aforementioned contact details.
What are my rights?
My Church does its best to be compliant with General Data Protection Regulation 2018 and
Data Protection Act 2018. This legislation gives you as a data subject several rights in
regards to collection and processing of your personal data.
You can:
- Ask us to provide you with all the data we hold about you by initiating a subject access request.
- Request that we delete the personal data we have stored about you unless we are required to process the personal data to fulfil a legal obligation (see the legal basis explanation table) or otherwise required to hold the data by law.
- Have any inaccurate or incorrect data stored about you corrected.
- Restrict the processing of your personal data in some situations.
- Withdraw your consent to data processing by contacting our data protection compliance officer, or, where possible, by withdrawing your consent on our website.
Cookies
A "cookie" is a small file that is stored on your computer. Cookies are regulated by your web browser and will not intentionally cause harm to your computer or device. My Church uses cookies to provide a customised user experience, to ensure correct operation of our service, and to collect data to produce reports that allow us to monitor website traffic and to improve our website by getting an overview of how users interact with it.
If you do not wish for us to store cookies on your computer, you can object to this by changing cookie settings in your web browser. Please be aware that by doing this your experience on our website will be suboptimal as the website is designed with cookies playing a key part in enabling full functionality.
Cookies are used to identify your device so we can provide a tailored experience even when you leave the website and come back later. Cookies do not contain any personal information about you.
External websites
The My Church system integrates with and links to third party websites and services. If you click through to the third party website or service, it is not operating under our policies or procedures and may be operating under an entirely different legal jurisdiction. Therefore, please consider this before providing any personal data to these third party websites or services.
Updates to our privacy policy
When our privacy policy is updated, it will be published on our website. If you have an account with My Church and have not opted out for privacy policy update notifications, you will be notified of any updates to our privacy policy by e-mail if the changes to the policy are anything other than correctional modifications that do not change the principles of the policy in any way.
Questions or concerns?
If you have any questions or concerns you'd like to raise in regards to any of our policies or procedures or anything on this page, please contact our data protection compliance officer by e-mail at data@my-church.org. Alternatively, you can reach the data protection compliance officer by phone (0161 738 1165).
This policy was last updated Mon 4 June 2018 by Edan Brooke.