"Your data” or “your information” means information volunteered by members of the congregation, visitors to the church, and church Partners / Directory Members. The information we capture may include, but is not limited to, the following:

• Your name
• Your address
• Your phone number/s
• Your email address
• Your gender
• Your marital status
• Your data of birth

You may also volunteer other information to the church through engaging with church activities – this may include details of a sensitive nature, such as medical information to ensure we can keep you safe.

Consent – for most visitors, Church Partners, and Church Directory members, the church offers you choice and control over the amount of personal data we hold and how we use that data.

Legal Obligation – In some cases we will process or refer to your personal data without consent because we have a legal obligation to do so. This would generally only apply:

• If you have been offered employment at Danbury Mission Church or City Church Chelmsford. In this case, we may require documentation relating to your right to work in the UK such as personal identification (your passport, for example).

• If you are involved in working directly with children or vulnerable adults, in which case we will periodically check your status with the Disclosure and Barring Service (DBS) and keep records relating to this procedure.

We collect your information for the following purposes:

• To enable us and Church Partners / Church Director Members to contact you and/or correspond with you.
• To enable us to communicate church news, encourage participation in and run church activities, projects and initiatives.
• To enable us to offer and effectively provide pastoral care.
• To enable us to monitor and assess the quality of our services.
• To comply with legislation and guidance
• For accounting purposes

Danbury Mission and City Church Chelmsford may use the details you provide to keep in touch with you and send you information about our events and activities by post, by hand, telephone, email and/or SMS (text message). You can control your preferences in respect of how and when we contact you.

Church Partners and members of the Church Directory have limited access to the contact details you provide and may use this to keep in touch with you.

If you use ChurchSuite, you can select your preferred contact method online and limit the amount of data that is visible to Church Partners and members of the Church Directory.

If you support the Danbury Mission or City Church Chelmsford financially, the information you volunteer in order for us to collect your donations will be held confidentially by the Church Treasurer to support mandated regular giving, to complete Gift Aid rebates, complete Church accounts and ensure compliance with financial regulations.

We are committed to safeguarding the privacy of your information.

Wherever practical to do so, we store your data electronically using the ChurchSuite platform. ChurchSuite is a secure web-based church database and management solution. To find out more about ChurchSuite’s approach to ensuring data integrity and security, please click here. Using the MyChurchSuite App, you have full control over how visible your information is to Church Partners and other members of the Church Directory via ChurchSuite.

Some of your data may also be stored electronically using the church’s IT infrastructure. If this is the case, appropriate security measures are taken to assure the integrity of data either via local security measures or by utilising third party solutions including, but not limited to Microsoft and Paperform.

Sometimes it is not practical to store or use your data electronically:

• From time-to-time, we may need to provide our activity leaders with paper copies of emergency contact details and Inclusive Risk Assessments if they are overseeing activities with young people away from the church site. Where this is the case, such information is issued from and returned to the church premises and stored securely within the Church Office.

• Where individuals are unable to use a computer and/or access the internet, we provide a small number of Church Partners and those listed in the Church Directory with hard copies of our Church Directory. Data that is shared in hard copy is limited to contact information and those receiving copies of the Directory are issued with clear guidance in respect of their responsibilities to keep and use the data responsibly.

We have a code of practice relating to the storage or sensitive information. The principles of this code include:-

• Secure storage
• Limited retention
• Restricted copying
• Restricted distribution
• Appropriate disposal

For more detailed information about this code of practice, please contact the church’s Operations Director.

Outside of ChurchSuite, we will only share your data:-

• Where it is appropriate to do so – for example, with your consent, we may share medical information or care plans with nominated first aiders.

• With appropriately appointed people – for example, some staff and those in voluntary church leadership roles may have appropriately limited access to information that you volunteer. For example, our Youth Leaders (volunteers) would ordinarily have access to parental consent forms and emergency contact details.

• With external agencies such as the Police, Social Care where it is appropriate to do so and in order to protect the safety, wellbeing or interests of individuals and/or Danbury Mission Church and City Church Chelmsford. In other words, we will not share your information with external agencies without your consent, unless the law requires us to do so or there is a credible reason for sharing information to assure safety or wellbeing.

You have the right to request access to the personal data we hold in relation to you. To make a request for your personal information you should contact the church’s Operations Director and may make your request verbally or in writing.

It is important that the information we hold is accurate. If you would like us to amend any of the information we hold because it is inaccurate, you should contact the church’s Operations Director and make your request verbally or in writing.

You also have the right to:

• object to processing of personal data that is likely to cause, or is causing, damage or distress

• prevent processing for the purpose of direct marketing

• object to decisions being taken by automated means

• have inaccurate personal data rectified, blocked, erased or destroyed (in some circumstances)

• claim compensation for damages caused by a breach of the Data Protection regulations.

The data we hold is reviewed periodically. The frequency of review is dependent upon the type of information in question. We also hold your data for varying lengths of time depending on the type of information in question, but in doing so we always comply with Data Protection legislation and strive to meet best practice guidelines. These processes are overseen by the church’s Operations Director.

If we store your data in hard copy, this will be regularly reviewed periodically by the member of staff with allocated responsibility for the data. The frequency of review is dependent upon the type of information in question. All data in hard copy is held and used in accordance with Data Protection legislation.

Standard data retention periods differ depending on the type of data in question. Retention periods are set out in the church’s Data Retention Schedule.

In most cases, you have control over how your data is used via the ChurchSuite app. Additionally, if you feel your information being processed in particular ways that you feel you have not agreed to, you can voice your objection. If you do not use ChurchSuite, you should contact the church’s Operations Director and make your request verbally or in writing.

The right to object is absolute in relation to direct marketing. Again, you have control via ChurchSuite over how we use your data and can stipulate that the church does not use your data for direct marketing (i.e. if you object to direct marketing, the church would not send you details relating to forthcoming church events). If you do not use ChurchSuite, you should contact the church’s Operations Director to discuss any concerns you have around direct marketing.

The only automated processing used by the church is the use of ‘smart tagging’ within ChurchSuite. This process enables us to attach dynamic ‘tags’ to your data based on fulfilment of predetermined parameters that may change, for example, your age. This process enables us to filter information within ChurchSuite more easily and thereby ensure that we send information to the most appropriate people. At time of writing, ‘smart tagging’ is not widely used and is unlikely to impact upon visitors, Church Partners or members of the Church Directory. If you would like to discuss our use of ‘smart tagging’, you should contact the church’s Operations Director.

In some circumstances, data generated by you (for example, your name, ChurchSuite username, email address etc) can be transmitted to another data controller on request. If this is something you would like to discuss further, you should contact the church’s Operations Director. The portability of data is limited - for example, we would not be able to directly share an Inclusive Risk Assessment relating to an individual with another data controller.

If you wish to have your data removed from the church records, you should contact the church’s Operations Director and make your request verbally or in writing. Action will be taken to remove your data from live systems within one month of request, however, it may take longer for data to be removed from back-up systems.

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance by contacting the church’s Operations Director. If you are dissatisfied with the church’s response to your concerns, you can speak directly to the Information Commissioner’s Office at https://ico.org.uk/concerns