Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (GDPR).

How do we process your personal data?

In compliance with GDPR the data you (the ‘Data Subject’) provide will be held by Exeter Vineyard Church (EVC), the ‘Data Controller’.  This means that EVC decides how your personal data is processed and for what purposes. EVC complies with its obligations under the GDPR by keeping personal data up-to-date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We process personal data to enable us to:

• Communicate with church members

• Help people get involved in the church community

• Help us serve the church community effectively

• Manage/support staff and maintain accurate, up-to-date records or our employees and volunteers

• Process donations and Gift Aid Claims.

• Run Disclosure and Barring Service checks on employees and volunteers in accordance with our safeguarding and employment policies

What is the Legal basis for processing your personal data?

• Explicit consent of the data subject so that we can keep you informed about news, events, activities and services

• Fulfilment of contract - Processing is necessary for carrying out legal obligations in relation to Gift Aid or under employment law.

• Legitimate interests - Processing is carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided: -

• the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and

• there is no disclosure to a third party without consent.

How long do we keep your personal data?

The data will be held during the time of your involvement (for as long as you have links with EVC), after which the data will be removed from our records except where there are financial or legal requirements to keep the data. We will only use the information you have provided in relation to activities associated with EVC. Records will be bi-annually reviewed to ensure we only hold details for those still involved or linked to the church community.

Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -

Obtain a copy, rectify any mistakes, request erasure, restrict processing (on further processing where there is a dispute in relation to the accuracy or processing of your personal data), request data portability (only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means), lodge a complaint with the ICO, or object to processing (only applies where processing is based on legitimate interests) and automated decision-making or profiling. For more information about your rights please visit: www.ico.org.uk.  Individuals can update, view, or remove their records at any time by contacting the church office via phone (01392 426060) or email (GDPR@exe.vin). Please check our website for future updates and changes.

Sharing Information and Third Parties

Some of our data is held externally by third-party processors in-line with EU Data Regulations, or where applicable The US Privacy Shield.  We will not share the personal Information we hold with another organisation for their own purposes and we will never sell personal information for any reason.  In order to ensure the smooth running of the organisation there are certain functions that require us to use some service providers whom we have contracted to fulfil specific services for us - from our email accounts to processing payroll.  These providers process data on our behalf, but we remain in control of the data stored (the service provider is not allowed to do anything with the information other than what we have requested).