This information sheet tells you how Grace Church Brockley (GCB) uses personal data. Personal data means information about you from which you can be identified such as your name and address.

Why is my data being collected?

We use your personal data to provide you with information about our current and future program of activities and to facilitate administration of the church and the Debt Centre that we run. If you have given us personal data about your children, we use this to help run our children’s activities. These are known as GCB’s ‘legitimate interests’.We use your data for the reasons below if you give us your consent:

  • to tell you about new church activities and products (e.g. tickets to events).
  • to maintain our own accounts and records, including processing of gift aid.
  • to include you in GCB’s Church Directory, which allows adult members of GCB to search for one another’s contact details.
  • to include you in the Debt Centre’s volunteer contact list. This list allows volunteers and staff to find each other’s contact details.
  • to tell you about news, events and activities from other local churches involved with the Debt Centre.
  • to help publicise the work of GCB and the Debt Centre by sharing photos, films or personal stories on our website or social media sites.

We have a legal obligation to process certain categories of personal data, such as data relating to employment contracts and safeguarding. Our Partnership Roll includes your name if you have agreed to become a partner of GCB.

How is my data collected?

In most cases, you have given us your personal data. For example, you may have filled in a ‘Response Card’ or a ‘Contact Details’ form with information such as your name, email and telephone number. You may also have given us personal data about your children, for example on a Children’s Church registration form. You may have provided us with financial data, for example to purchase items, facilitate gift-aid or receive salary payments.

We may have taken photographs or film clips of you (or your children) if you gave your consent.
If you (or your children) are part of any church groups such as fellowship groups we will record this information. Data relating to safeguarding, (e.g. safeguarding checks for our team, children’s church registers), will be collected by staff, group leaders or safeguarding coordinators. Pastoral information may be recorded by individuals providing pastoral care.

Who is my data shared with?

In general, your data is shared with the staff team and individuals providing leadership, administrative and/or organisational support to the staff team. This includes the Church Council, Fellowship Group leaders, Debt Coaches, our safeguarding team and (for children’s data) Children’s Church leaders. Sensitive data such as financial, safeguarding or pastoral data is shared on a need-to-know basis. If you help on the church rotas your name will be visible to members of GCB’s congregation. If you gave your consent to being included in the Church Directory or the Debt Centre’s volunteer contact list then your name, address, telephone and email can be found by others in the directory or list. You can choose to hide some of this information.

With consent, information about you may be visible to the public via our website and social media (e.g. photographs, film clips, biographies). Please be aware that we have no control over subsequent storage, copying and sharing of information once it is in the public domain.

Your data will be shared with third parties only when necessary. Your data may be accessed by Concordant Systems Ltd., the company that runs our church website and database. If you volunteer at the Debt Centre some of your data is shared with Christian’s Against Poverty (CAP) head office. Where we use a third-party service provider to process payments, they have access only to information needed to perform their function and can use it only for this specific purpose. Your data will not be shared with other third parties unless you give consent or unless required by law.

How long will my data be held?

We keep different categories of personal data for different lengths of time. These are summarised below.

If you filled in a Response Card, booked onto one of our events or completed a feedback form, the data you gave us will be held for up to 2 years. It will then be destroyed unless you consent to us keeping your data to contact you again.

If you filled in a Debt Centre volunteering form (online or paper) the data from this will be held until you leave our team of volunteers and will then be destroyed within 1 year unless you have opted-in to staying in touch.

If you filled in a church Contact Details form (A4 page) the data from this will be held until you leave GCB and will then be destroyed within 1 year unless you have opted-in to staying in touch.

You can choose to stay in touch, for example, you can join our prayer supporters or asked to be informed of future guest events. We will then keep your name, email and mobile number until you ask us not to contact you anymore.

If your child or children joined any of our children’s activities, information from registration and consent forms will be held for up to 2 years after they leave the group or finish the activity. For safeguarding, we will keep their name and date of birth indefinitely and these will be included on our attendance registers.

For staff and volunteers involved in children’s work, your contact details and a minimum data set relating to DBS checks will be retained indefinitely.

If you gave consent for us to use photographs and film clips of you, these will be retained indefinitely.

Finance-related personal data will be retained for up to 8 years. Pastoral data will be retained for up to 4 years. Safeguarding data and staff personnel records will be retained indefinitely.

Can I see my data?

You can ask to see your personal data held by GCB and if there are any mistakes you can ask to have these corrected. Please speak to our minister who will be able to arrange this for you.

Can I ask for my data to be deleted?

You can ask for your personal data held by GCB to be destroyed.  Unless there are legal reasons why we need to keep your data we will destroy all paper and electronic copies of your data. You can also ask for corrections to be made, or for us to stop using your data. Please speak to our minister.

Debt Centre data

Personal data relating to Debt Centre clients is covered by CAP Head Office Data Protection policies and procedures. GCB does not process Debt Centre client data. Please refer to CAP policies for permitted temporary exceptions to this rule.

What if there is a problem?

If you think there is a problem with the way we are handling your data you can lodge a complaint with the Information Commissioner’s Office. We encourage you to come and talk to us about the problem first so we can try and resolve it.

Who can I speak to for more information?

If you would like more information about data protection, please speak to our assistant minister, Glen Burns,, tel. 07596 092663.

Last updated February 2022