Skip to content

Data Privacy Notice

St Mary’s Church, Fetcham (Charity No. 1128915)

Data Controller: The Parochial Church Council (PCC) and Rector of St Mary’s Church, Fetcham.
Date of Notice: updated in October 2024

This is the Data Privacy Policy for St Mary’s Church, Fetcham. It covers how we will process (store and use) your data, what data we hold, your individual rights and how you can interact with us about your data.

Who are we?

This Privacy Policy is provided to you by the PCC of St Mary’s Church, Fetcham which, together with the Rector are the Data Controller for your data. St Mary’s has appointed responsible people for the control and processing of personal data that we hold. These individuals have been trained in GDPR requirements.

What is the purpose of this Privacy Policy?

St. Mary’s Church as a “data controller” means we have to tell you certain information when processing your personal information. We may input personal information into ChurchSuite or may ask you to do so yourself. We may collect information from you in person or we may ask you to fill in
paper forms or input information into other online systems that the church uses. We have also included information about other forms of processing that we may carry out.

What is ChurchSuite?

ChurchSuite is a cloud hosted, web-based church management system which is designed to help us administer our church and provide all elements of pastoral care to our members and the community. Our members may be provided with access to a user account, which they can use to provide us with information (including personal information), update preferences and access options to allow the booking of events and recording attendance. ChurchSuite should bring benefits to everyone as we can stay in touch with you much more easily and you can provide us with information in a quick and efficient way.

The type of personal information we collect

We currently may collect, store and process the following information:

  • your name and contact information, such postal address, email address and telephone number/s
  • your marital status, age and gender, birthdays
  • information about your family
  • your role(s) within the church and/ or any teams or groups you are involved with (if appropriate)
  • dates and times that you are on a rota or any unavailability
  • attendance at meetings, events and training
  • information required to carry out a DBS check (if required) and the results of the DBS check
  • information about your use of ChurchSuite (e.g. when you have logged in, what pages you visited)
  • payment details when booking events
  • donations to the church via Parish Giving
  • employee information such as contracts, education and employment, references and salary information
  • information we collect and record as part of pastoral care (this may include anything you tell us, unless you tell us not to record it)
  • signed role descriptions for the staff / volunteer roles you are undertaking
  • any other information you provide to us.

In limited circumstances, we may also collect, store and process “special categories” of sensitive personal information (if you give us this information), such as:

  • Information about your health, including any mental or physical conditions that you notify us about – for the purposes of support and pastoral care requested by you.
  • Your religious beliefs – for the purpose of administrating your membership of the church.
  • Your racial origin – for the purposes of support and pastoral care requested by you.
  • Your sexual orientation – for the purposes of support and pastoral care requested by you.
  • Any criminal record – to determine your suitability for roles in the church.

How we get the personal information and why we have it:

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You have completed a Connect Form or have spoken to us directly on a Sunday or at a church event
  • You want to get involved with mid-week church activities
  • You are receiving pastoral care and/or prayer support
  • You have set up a user account on ChurchSuite
  • You wish to become a member of the church
  • You are employed by the church
  • You volunteer at the church

Less commonly, we may process information where it is needed to protect your interests (or someone else’s interests), if you are not capable of giving your consent, or where you have already made the information public.

We also receive personal information automatically, from the following sources in the following scenarios:

  • ChurchSuite – such as IP address, time and date of visits, location data, webpages visited.
  • Cookies – such as on our website, relating to website visits, tracked usage, “seenChat” to determine usage (To find out how to delete cookies or adjust their settings please visit http://www.allaboutcookies.org/ – please note that amending cookie settings may affect website functionality)
  • Google Analytics – cookies to help us analyse how users use the website. The information generated by these cookies (including your truncated IP address) is transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your, and other users’, use of our website, compiling reports for us on website activity and providing other services relating to website activity and Internet usage. Please note that Google only receives your truncated IP address. This is sufficient for Google to identify (approximately) the country from which you are visiting our site, but is not sufficient to identify you, or your computer or mobile device, individually. Google cookies are “_ga” and “_gat”. You can find more information here, including a link to Google’s privacy policy.

We use the information that you have given us in order to help us administer the church and provide all elements of midweek and Sunday activities, and pastoral care to our members and the community, for example:

Therefore, we will hold and process your data to:

  • Enable us to meet all legal and statutory obligations which include maintaining and publishing
    our electoral roll in accordance with the Church Representation Rules.
  • Comply with and facilitate our comprehensive safeguarding procedures (including due diligence and complaints handling) in accordance with best safeguarding practice with the aim of ensuring that all children and adults-at-risk are provided with safe environments (please see our safeguarding procedure).
  • To set up your ChurchSuite account.
  • Provide you with pastoral care and other support that you have requested and we believe would be helpful to you.
  • Help you grow as a disciple and to minister to you and provide you with pastoral and spiritual care (such as visiting you when you are gravely ill or bereaved) and to organise and perform ecclesiastical services for you, such as baptisms, confirmations, weddings and funerals.
  • Deliver our Church’s mission to our community, and to carry out any other voluntary or charitable activities for the benefit of the public as provided for in the constitution and statutory framework of our charitable organisation.
  • Administer our membership records of adult and child members.
  • Enable us to follow up membership, course and event enquiries.
  • Process and record financial donations that you have made (including Gift Aid information).
  • Communicate with you about your views or comments.
  • Update you about changes to our services, events, role holders and any matters of interest related to the church community.
  • Send you communications which you have requested and that may be of interest to you. These may include information about services, campaigns, appeals, other fundraising activities.
  • Process a grant or application for a role.
  • Enable us to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our constitution.
  • To fundraise and promote the interests of St. Mary’s Church and charity.
  • To manage our employees and volunteers and put together rotas and WhatsApp groups related to various ministry areas
  • To enable us to provide a voluntary service for the benefit of the public.
  • To inform you of events, news and meetings at St. Mary’s Church.

We may share information with:

  • ChurchSuite
  • HMRC (for claiming of Gift Aid).
  • Stripe / Paypal / Sumup (for processing of Card payments).
  • TextLocal (sending of text messages).
  • GoogleDrive.
  • OneDrive.
  • Other church members for integration or pastoral care/support purposes.
  • Other churches – if you request us to pass on your information either to them or from them (if you move).
  • Support services and benefits providers (e.g. local authorities, your doctor).
  • Our suppliers for the performance of any contract we enter into with them or you.
  • Our software providers in order to keep our website functioning.
  • Analytics and search engine providers who analyse information about your use of our website and help us to tailor the product and offers that we offer to you and other users.
  • Law enforcement agencies, if required, for example in order to enforce or apply our terms of use.

Under the UK General Data Protection Regulation (UK GDPR),

the lawful bases we rely on for processing this information are:

a) Your consent, for example:

  • to send you information including church news or events and other marketing materials from St. Mary’s Church.
  • to use your images on our website or social media.
  • to facilitate pastoral care and support you have requested or agreed to.

In all cases where we require consent, we will seek your written consent or record your consent in writing to allow us to process certain sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us. You are able to remove your consent at any time. You can do this by contacting admin@stmarysfetcham.org.uk

b) We have a contractual obligation, for example:

  • with those employed by the church.
  • to buy tickets for events.
  • to administer ChurchSuite (such as troubleshooting, data analysis, research).
  • to tell you about changes to our website, software or services that will affect your use of ChurchSuite.
  • to help us (or the software developers) improve ChurchSuite through feedback.

c) We have a legal obligation, for example:

  • to keep records for gift aid purposes.
  • to prevent and detect fraud.
  • to protect children and vulnerable adults.
  • ensuring DBS checks are done where appropriate.

d) We have a vital interest, for example:

Recording allergy or medical information for children or young people in our care.

e) We have a legitimate interest to administer all elements of the church, including church attendance, membership, staff, volunteers, midweek groups, Sunday meetings and pastoral care to our church members, attendees and the community.

How we store your personal information

Your information is securely stored.

We use appropriate technical and organisational measures to safeguard personal information and encryption technology where appropriate to enhance privacy and help prevent information security breaches.

If you choose to send us information via email, we cannot guarantee the security of this information until it is delivered to us.

All information you provide to us is stored on our secure servers or on secure servers operated by a third party. Information on our third-party providers can be found above.

We only hold your personal information for as long as necessary for the purposes for which we collected your information.

We have set these timescales in accordance with any applicable legislation and where none exists then we will keep your information for the duration of any contract that you have entered into with us and then for a period of 7 years after which time it will be deleted.

Your data protection rights Under data protection law, you have rights including:

  • Your right of access – You have the right to ask us for copies of your personal information.
  • Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances. (You can withdraw your consent easily by telephone, email, or by post. See Contact Details below).
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
  • You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
  • The right to lodge a complaint with the Information Commissioner’s Office. Please see contact Information at the end of this policy.

Please contact us at admin@stmarysfetcham.org.uk if you wish to make a request.

Our contact details

Name: St. Mary’s Church
Parish Administrator: Karen Jordan
Address: 10A The Ridgeway, Fetcham, Leatherhead KT22 9AZ
Phone Number: 01372 375000
E-mail: office@stmarysfetcham.org.uk

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us:

Data Protection Lead: Jo Evans
Address: St. Mary’s Church, 10A The Ridgeway, Fetcham, Leatherhead KT22 9AZ
Phone Number: 01372 375000
E-mail: jo@stmarysfetcham.org.uk

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk