Privacy Policy.

Central Vineyard, Northampton ('the Church") has adopted this Privacy Policy as we recognise the right of people to keep their personal information private. This Privacy Policy covers the Church's use of personally identifiable information that you provide and we collect or hold, including when you continue to browse and use this website centralvineyard.co.uk

If you continue to browse and use this website, you are agreeing to comply with and be bound by the following terms and conditions of use, which govern the Church's relationship with you. If you disagree with any part of this policy please do not provide personal information and do not use our website.

DATA PROTECTION

This policy explains how the Church and the website comply with the DPA (Data Protection Act), the General Data Protection Regulation (GDPR) which came into effect on 28 May 2018, and the Privacy and Electronic Communications Regulations. 

By providing your personal details you agree to allow the Church to contact you by post, email, telephone or telephonic and electronic text messages (and other messaging tools including Facebook, WhatsApp etc) in connection with its charitable purposes. either on the basis of the consents you have given us or for our legitimate interests in accordance with current data protection regulations.

HOW WE COLLECT INFORMATION ABOUT YOU

We collect personal information each time you are in contact with us. For example, when you:

  • Visit our website and/or register on MyChurchSuite.

  • Register your details and your family details (e.g. Vineyard Kids).

  • Register for a conference or other Church event.

  • Provide your contact details, in writing or orally, to Church staff or volunteers.

  • Purchase goods or services, including when you provide credit or debit card details.

  • When you attend particular Church activities (e.g. training events).

  • Communicate with the Church by means such as email, letter or telephone

  • Face to face meetings with staff and volunteers.

  • Access social media platforms such as Facebook, Twitter, or Instagram.

The Church does not hold any debit or credit card details for donations/payments made via our websites. All card payments are handled by service providers who encrypt card information sent from this website.

HOW WE USE YOUR INFORMATION

The Church will use the personal information we collect for the purpose disclosed at the time of collection, or otherwise as set out in this Privacy Policy. We will not use your personal information for any other purpose without first seeking your consent, unless authorised or required by law. Generally, we will only use and disclose your personal information as follows:

  • To keep you informed by text and/or email as to church services, activities, resources and conferences plus prayer requests, news and encouragements.

  • To provide pastoral care and support to you and your family.

  • To establish and maintain your involvement with the Church (e.g. serving rotas), events you have attended, what areas and activities of the Church you have supported, record and acknowledge any donation, to provide the products you have requested.

  • To answer an inquiry or request for further information or complaint about the Church, its services, activities and events.

  • To register you and/or your family members for activities, events, conferences.

  • To assist us to make the Church's services and products more valuable to our community.

  • For promotion of products or services and to keep you informed of new developments we believe may be of interest to you.

  • To improve our general ability to assist Church attendees and the wider community.

WHO SEES YOUR INFORMATION

The information you provide to us will be held on our Church database, ChurchSuite. The ChurchSuite data centre is in Manchester (UK Fast) and also AVVS, in London.

This information may be accessed by or given to our team at the Church, and our service providers who act for us for the purposes set out in this policy or for other purposes approved by you. Those parties may process information, fulfil and deliver orders, process credit card payments and provide support services on our behalf.

We do not sell or pass any of your personal information to any other organisations and/or individuals without your express consent, with the following exceptions:

  • By providing us with your details, you are giving the Church your express permission to transfer your data to our service providers including mailing houses, such as MailChimp, to enable fulfilment of the purpose for collection.

  • Where such details are shared we ensure that there are clear restrictions in place for the use of your information to the purpose for which it is provided and ensure it is stored securely and kept no longer than necessary.

  • We do not intend to store or currently store financial details (credit or debit card numbers) obtained through online transactions. We do not store details online nor do we pass any information to third parties, except where we are legally required to do so, to assist fraud reduction, or to provide a service requested and minimise credit risks.

Sensitive Personal Information: The Church mav collect and store sensitive personal information such as health information (for pastoral support). Your personal information will be kept strictly confidential. It is never sold, given away, or otherwise shared with anyone, unless required, by law.

KEEPING DETAILS UP TO DATE

Please tell us as soon as any of your contact details change so that we can keep our records up to date. You can change the way we contact you, or the kind of material we send you, at any time by contacting us by mail or email using the contact details above. You can unsubscribe from our regular emails or texts at any time by using the ‘unsubscribe' or 'change preferences' links on the email or texts you have received.

If you register with MyChurchSuite you can personally log-on and update your contact details.

ACCESS TO YOUR INFORMATION

You can request access to the personal information that the Church holds about you by contacting the Church's Privacy Officer as set out below. We will provide you with access to your personal information within one month, unless we are legally authorised to refuse your request or if your request is deemed manifestly unfounded or excessive. In the rare event that we do refuse a request, we will inform you why and let know that you have the right to complain to our Privacy Officer and the statutory supervisory bodies.

If you wish to change personal information that is out of date or inaccurate at any time please contact us. The Church will take reasonable steps to correct any of your information which is inaccurate, incomplete or out of date. If you wish to have your personal information deleted please let us know and we will delete that information wherever practicable.

We may refuse your request to access, amend or delete your personal information in certain circumstances. If we do refuse your request, we will provide you with a reason for our decision and, in the case of an amendment, we will note with your personal information that you have disputed its accuracy.

SECURITY

The Church will take reasonable steps to keep secure any personal information, which we hold and to keep this information accurate and up to date. Personal information, held electronically, is stored in a secure server or secure files.

The Internet is not a secure method of transmitting information. Accordingly, the Church cannot accept responsibility for the security of information you send to or receive from us over the Internet or for any unauthorised access or use of that information. We take security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. Your information will be held for a reasonable period or as long as the law requires or permits.

DATA BREACH POLICY

In the event that a Data Breach has been discovered the Church Privacy Officer will be notified immediately. A Data Breach, confirmed or suspected, is any incident that may compromise the confidentiality, integrity or availability of systems or data either accidentally or deliberately.

Such incidents could include:

  • Loss or theft of confidential or sensitive data or equipment on which such data is stored (e.g. loss of laptop, USB stick, iPad/tablet device, or paper record).

  • Equipment theft or failure.

  • Unauthorised use of, access to or modification of data or information systems.

  • Attempts (failed or successful) to gain unauthorised access to information or IT system(s).

  • Unauthorised disclosure of sensitive/confidential data.

  • Website defacement.

  • Hacking attack.

The Church Privacy Officer will investigate the breach and determine any corrective measures that need to be implemented, with appropriate levels of urgency. The Church Privacy Officer will notify the Information Commissioner's Office if it is likely to result in a risk to the rights and freedoms of individuals e.g. if it could result in discrimination, damage to reputation, financial loss. loss of confidentiality or any other significant economic or social disadvantage. The Church Privacy Officer would also notify those directly concerned if the breach is likely to result in a high risk to the rights and freedoms of individuals.

The Church Privacy Officer will maintain a record of all Data breaches.