Church Army is committed to protecting your privacy. We aim to ensure that all information you give to us is held securely and is only used in a manner that you have consented to or would expect. Everything we do is underpinned by our values, one of which is that we are accountable to God and others, living reliably and responsibly to high professional standards.
This privacy notice applies to Church Army (Wilson Carlile Centre, 50 Cavendish Street, Sheffield, S3 7RZ) - the data controller with regards to the personal data you have disclosed to us. A data controller is the person or organisation who determines the purpose for which, and the way, any personal data is processed. The data controller is responsible for establishing practices and policies in line with the Regulations.
This notice explains how we collect, store and use your personal data. The websites referred to in this notice are www.churcharmy.org
The information in this notice is provided in accordance with the Data Protection Act 1998
and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR)
and considers the General Data Protection Regulations (GDPR)
which will be implemented on 25/5/2018.
What information do we collect?
We collect data from you when you interact with Church Army online, face to face, by post, over the phone or via SMS. Some of this information is personal data which can be used to identify you. Examples of personal data include your name, address, date of birth, telephone number, email address and sometimes bank details if you are making a donation. For access to some content you may be asked to register using your name and a password. We will only collect data which is relevant to the purpose for which you have given it.
However, we may amalgamate data given with publicly held data which may help us understand our supporters better, meaning we can target communications which are more appropriate to our supporters. Examples of publicly available data may include age, salutation, church relationship contact details, your interests and giving history. For those holding office in a church, business or trust we may use data obtained via websites or the host diocese to ensure our records are accurate.
How we use your personal data
The purpose of collecting personal data is to ensure you receive the materials/resources/service you may have requested. We may also use your personal data to keep you informed about our work if you have requested this or have not opted out of receiving such communications. Examples of such communications are our supporter magazine, Prayer Diary, newsletters and other paper based and electronic communications.
We may also ask you to financially support our work by sending you fundraising appeals. We may also use your data to process any donations you have given and any Gift Aid associated with that donation. All promotional and fundraising communications are classed as Direct Marketing.
How will we contact you?
We may contact you via post, email, telephone or SMS text. However, we will only contact you by the channel you have told us you wish to receive communications by and where we have received your consent to do so.
Some supporters may not have expressed their communication preferences to us. In those cases, we will conduct a balancing exercise to determine whether we have a legitimate interest in continuing to send Direct Marketing. This balancing exercise will include recent contact and donation history, any previous notification that we may send Direct Marketing, whether we have previously given you a clear opportunity to opt-out of Direct Marketing and, importantly, whether you would reasonably expect to receive information from us. We will also ensure you have not objected to receiving Direct Marketing. However, we will only use legitimate interest for sending mail through the post. For email, phone and SMS we require your specific opt-in consent.
If you are a new supporter we will aim to capture your consent for Direct Marketing purposes at the data collection point. You do not have to give consent – it is your decision. If you do consent, we will also aim to capture your contact channel preferences at the data collection point. Should you wish you can specify a time limit for your consent to remain valid for, after which time we will not be able to contact you unless you give further consent. As a default position we will consider consent to remain valid while you are financially supporting us or receiving our regular communications and have not objected to doing so.
You can give or withdraw consent to Direct Marketing, or change your contact channel preferences, at any time by writing to us at the address above, emailing email@example.com
or you can call us on 0300 123 2113. Please let us know if you change your contact details or if you believe any information we hold is incorrect.
Storing and sharing your data
Church Army stores your data on a secure cloud-based database hosted by a company called Blackbaud based in Boston, USA. Although this means that data is stored outside of the European Economic Area (EEA) they have been granted Privacy Shield Certification, guaranteeing adequate levels of data protection for data transferred outside of the EEA.
We will transfer data back within the EEA before the end of July 2017. If, for operational purposes, we are required to move your data back outside of the EEA, we will ensure that adequate levels of data protection are in place.
Your data will not be processed outside of Church Army and will not be disclosed to any parties outside of Church Army, except to trusted partners and affiliates with whom we work, or work for us, to fulfil orders, e.g. sending our supporter magazine and fundraising appeals, sending electronic mail, or to process donations and Gift Aid, e.g. our bank and HMRC.
As part of our responsibilities to ensure that data we hold is accurate and up to date, we may occasionally undertake a process of cleansing data and we will employ a specialist third party to carry out that process.
We only enter into relationships with third parties who have appropriate data protection policies and procedures in place. All data held by third parties is destroyed when it is no longer needed.
We will not disclose your data to any other third parties unless we have your explicit consent to do so. At no time, will your data be passed to a third party for marketing purposes.
How long do we hold your personal data?
Your personal data will be held on our database during the period of our active relationship. Once we no longer require your data it will remain on our database indefinitely but will be marked inactive and no further steps will be taken to process it. We will not keep your personal data for any longer than is necessary. Once it is no longer required we will take all reasonable steps to destroy it or erase it from our systems.
In relation to us processing your personal data you have the following rights, which can be exercised at any time:
To withdraw your consent for us to process your data.
To be forgotten – to request your data is no longer processed or quarantined.
Subject access requests – a right to request a copy of the data we hold about you.
To object to your data being used by us for the purposes of direct marketing.
What else you should know about privacy
Remember to close your browser when you have finished your session. This will help ensure others cannot access your personal information and correspondence if you share a computer with someone else or are using a computer in a public place like a library or internet café. You, as an individual, are responsible for the security of, and access to, your own computer.
Please be aware that whenever you voluntarily disclose personal information over the internet that this information can be collected and used by others. In short, if you post personal information in publicly accessible online forums, you may receive unsolicited messages from other parties in return. Ultimately, you are solely responsible for maintaining the secrecy of your usernames and passwords and any account information. Please be careful and responsible whenever you are using the internet.
Our pages may contain links to other websites, and you should be aware that we are not responsible for the privacy practices on other websites.
Contact us via email firstname.lastname@example.org
A copy of Church Army’s Data Protection Policy can be found here
or is available upon request. If you wish to receive further information regarding Church Army’s Data Protection Policy please contact Des Scott at Church Army, Wilson Carlile Centre, 50 Cavendish Street, Sheffield, S3 7RZ, 0300 123 2113 or email@example.com
Any issues, questions or concerns you may have in relation to the way Church Army process your data please do not hesitate to contact Des Scott.
If at any time you have any concerns about the way your data has been processed by Church Army and those concerns cannot be resolved by Church Army directly you have the right to take those concerns externally and raise them with the regulator, the Information Commissioner www.ico.org.uk
Changes to this Privacy Notice
This privacy notice was last updated on 20 July 2017.