Privacy Policy

The Principles

The principles of the regulation require that personal data shall:

1. Be processed fairly and lawfully and shall not be processed unless certain conditions are met.
2. Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose.
3. Be adequate, relevant and not excessive for those purposes.
4. Be accurate and where necessary, kept up to date.
5. Not be kept for longer than is necessary for that purpose.
6. Be processed in accordance with the data subject’s rights.
7. Be kept secure from unauthorised or unlawful processing and protected against accidental loss, destruction or damage by using the appropriate technical and organisational measures.
8. Not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Policy

We are committed to conducting our [church] business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained.

1. Data Collection

We collect personal information when you are in contact with Ipswich International Church. For example, when you:

• Register details via embedded forms on our website or social media
• Make a donation using our offering envelopes or electronic means
• Provide your contact details in writing or orally to Church staff and volunteers
• Purchase goods or services, including when you provide credit or debit card details
• Communicate with the Church through means such as email, letter, telephone

2. Confidentiality

Ipswich International Church will treat all of your personal information as private and confidential, not to be disclosed with anyone other than the church leadership and ministry overseers/co-ordinators within the church, in order to facilitate the administration and day-to-day ministry of the church. When shared for this purpose only the necessary information will be disclosed to facilitate the specific purpose (for example if specific individuals request to be telephoned to pray with a leader, only their names and contact numbers will be passed onto the leader, and the leader will not be given home addresses or the names and numbers of those not requesting telephone prayers). Ipswich International Church will not share your personal information with other members of the church, who are not fulfilling a relevant and specific leadership, overseeing or co-ordinating role, without your consent.

We do not sell or pass any of your personal information to any other organisations, third parties and/or individuals, including associated organisations (for example, the Oasis Centre is an associated organisation) without your express consent, with the following exceptions:

• In emergency situations we may pass on your personal information securely to relevant authorities or organisations (e.g. local councils) to provide you with the appropriate help and support. The data shared will be the minimal required for the external party to initiate the correct response.
• By providing us with your details you are giving the Church your express permission to transfer your data to service providers including mailing houses, such as MailChimp, to enable fulfilment of the purpose for collection.

There are four exceptions to the above permitted by law:

1. Where we are legally compelled to do so.
2. Where there is a duty to the public to disclose.
3. Where disclosure is required to protect your interest.
4. Where disclosure is made at your request or with your consent.

3. Use of Data

Ipswich International Church will use your personal information for three main purposes:

1. The day-to-day administration of the church e.g. pastoral care, including calls and visits, coordinating team rotas, keeping financial records for audit and tax purposes.
2. Making contact with you to keep you informed of what is happening at the church.
   • Ipswich International Church will use your personal details to keep you informed of major developments in relation to the function and operation of the church.
   • You may opt in to receive general communication about church activities and resources, and reminders on rotas.
3. Statistical analysis; gaining a better understanding of church demographics. N.B. although collated church data may be passed to a third party, such as number of small groups or small group’s attendance, no personal data will be disclosed.

Sensitive Personal Information: The Church may collect and store sensitive personal information such as health information, religious information (church attendance) when you and/or your family attend, register for church events and conferences. Your personal information will be kept strictly confidential. Sensitive Personal Information is never sold, given away, or otherwise shared with anyone, unless required by law as mentioned in section 2 above.

4. Access to, updating and deleting of personal information

1. It is important the personal information we hold is accurate and up to date. Please keep us informed of any changes using ChurchSuite or by direct communication.
2. Under data protection legislation you have the right to object to your data being processed by Ipswich International Church in certain circumstances or withdraw your consent to the processing of your personal data where this has been provided. Doing so may limit your ability to receive the services provided and updates about Ipswich International Church.
3. You can ask us to perform the following tasks using ChurchSuite, or where applicable by direct contact:
   1. Personal information if you believe this is incorrect.
   2. Remove your personal information entirely from our records (e.g. on paper, electronic on secure databases or ChurchSuite).
   3. Restrict the use of your personal data.
4. Subject Access: all individuals who are the subject of personal data held by Ipswich International Church are entitled to:
   1. Ask what information the church holds about them and why.
   2. Ask how to gain access to it.
   3. Be informed how to keep it up to date.
   4. Be informed what Ipswich International Church is doing to comply with its obligations under the General Data Protection Regulations.
5. To help us confirm your identity and right to access (including providing personal information and making changes), we may request you confirm specific information.
6. Data protection legislation may allow or require us to refuse to provide you with access to some or all the personal information that we hold about you or to comply with any requests made in accordance with your rights referred to above. If we cannot provide you with access to your personal data, or process any other request we receive, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
7. Please send any requests relating to the above to our Data Protection Officer at data@iicelim.uk specifying your name and the action you would like us to undertake.

5. ChurchSuite Database

Information contained on the database will not be used for any other purposes than the above in section 3. The database is accessed through the Cloud and therefore, can be accessed through any computer or device with Internet access. The server for the database is in the UK and hosted by ChurchSuite.

1. Access to the database is strictly controlled through the use of name specific passwords, which are selected by the individual.
   1. The individual has the ability to select their contact preferences and consent to sharing personal information with other members of the church. By default an individual’s personal details will not be visible to other members of the church unless they elect to share this information on My ChurchSuite.
   2. By default an individual will not receive general communication unless they opt in via My ChurchSuite.
2. Those authorised to use the database only have access to their specific area of use within the database. This is controlled by the Data Controller and other specified administrators. These are the only people who can access and set these security parameters.
3. People who will have secure and authorised access to the database include Ipswich International Church staff, elders, data in-putters, ministry team leaders, Relational Cell leaders or any other specifically designated volunteer.
4. All access and activity on the database are logged and can be viewed by the Database Controller.

6. What else you should know about privacy

Remember to close your browser when you have finished your user session. This is to ensure that others cannot access your personal information and correspondence if you share a computer with someone else or are using a computer in a public place like a library or internet cafe. You as an individual are responsible for the security of, and access to, your own computer.

Please be aware that whenever you voluntarily disclose personal information over the internet that this information can be collected and used by others. In short, if you post personal information in publicly accessible online forums, you may receive unsolicited messages from other parties in return. Ultimately, you are solely responsible for maintaining the secrecy of your usernames and passwords and any account information. Please be careful and responsible whenever you are using the internet.

Our pages may contain links to other websites, and you should be aware that we are not responsible for the privacy practices on other websites.

7. Changes to our Privacy Policy

We reserve the right to update this privacy policy at any time, and any changes we make to our privacy policy will be posted on this page (https://ipswichinternational.church/privacy-policy). We will notify you if there are any changes to this policy that materially affect how we collect, store or process your personal data. If we would like to use your previously collected personal data for different purposes than those we notified you about at the time of collection, we will provide you with notice and, where required by law, seek your consent, before using your personal data for a new or unrelated purpose. We may process your personal without your knowledge or consent where required by applicable law or regulation.