Hope Church Huddersfield
1) Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the ‘GDPR’).
2) Who are we?
Hope Church Huddersfield is an excepted charity, affiliated to the Fellowship of Evangelical Churches (FIEC), registered number 1168037. Hope Church Huddersfield is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
3) How do we process your personal data?
Hope Church Huddersfield complies with our obligations under the ‘GDPR’ by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect personal data.
Hope Church Huddersfield is a not-for-profit body with a religious aim. Our processing relates only to members or former members (or those who have regular contact with us in connection with our stated purposes); there is no disclosure to a third party without consent. We are a membership organisation and good communication with our membership is an essential part of being a church.
We use your personal data for the following purposes:-
- To enable us to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our constitution;
- To comply with and facilitate our comprehensive safeguarding procedures (including due diligence and complaints handling) in accordance with best safeguarding practice from time to time, with the aim of ensuring that all children and adults-at-risk are provided with safe environments (please see our safeguarding policy and procedure);
- To provide pastoral support;
- To administer membership records
- To fundraise and promote the interests of the charity;
- To manage our employees and volunteers;
- To maintain our own accounts and records, and to record and process financial donations you have made (including the processing of Gift Aid applications);
- To inform you of news, events, activities and services running at Hope Church Huddersfield;
- To share your contact details with other church members and regular attenders, to facilitate fellowship amongst and between our regular attenders.
- Especially (but not exclusively) for all children and young people under 16 years of age who use our Sunday School, Crèche, and Youth Group services, we need to collect ‘sensitive personal information’ (specifically health data relating to allergies) to allow us to fulfil our duty of care when our volunteers are responsible for supervising your children, or on other occasions where we meet together.
If you provide personal information to us about other individuals (for example, members of your family) you agree that you will inform them about the contents of this notice and obtain any required consent in accordance with this notice, or you agree that you are acting in the capacity of parent or legal guardian for children of 16 years or younger.
4) What is the legal basis for processing your personal data?
Most of the personal data we collect (via contact forms or directly in Tithe.ly) is collected by your explicit consent from you the individual (or from parents or legal guardians where the individual is under 16 years of age) to allow us to continue to store or process your data.
Certain data we have a legal obligation to process and keep in accordance with the appropriate legislation, for example to process Gift Aid claims and manage the charity finances, maintaining a register of charity members, safeguarding our children and young people, operating team rotas for the effective functioning of Sunday Services and other ministries, or under employment, social security or social protection law or a collective agreement.
Other data we have to keep for contractual reasons, such as venue hire, supplier contract or other agreements between you and us.
As a faith-based charitable body we may also process special category data (ie sensitive personal data) in accordance with Article 9 in relation to church members, trustees, volunteers or employees by explicit consent.
We may also process your special category data as required by law, in particular in accordance with the Safeguarding Vulnerable Groups Act 2006.
Where your personal information is used other than in accordance with one of these legal bases, we will obtain your consent to that use.
5) Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with other members of the church in order to carry out a service to other church members and regular attenders, or for purposes connected with the church. We will only share your data with third parties outside of the church with your consent, or if required under our legal obligations (eg Gift Aid requires us to pass your donation details to HMRC), or where we use a third-party data processor to deliver our services (please see the next section for specific details).
We do not sell your data to third party organisations, and other than our data processing partners, we will not share it with any third party organisations unless required to do so by law.
6) Third-Party Data Processors
We use third-party data processors to deliver some of our services, external organisations that processes personally identifiable information on our behalf. GDPR rules apply to all organisations who process personal data, and we have satisfied ourselves that the third-parties we use are fully compliant with GDPR rules. The list of third-parties we use is:
Tithe.ly.com (formally known as Elvanto): We use the Church Management System (ChMS) service from Tithe.ly, this is the main place we store your personal information, including the church directory, rota management, and our people workflows. Through a logon to your own account you can view (and in some cases update) your personal information, or ask a Managing Trustee if you would like a printed copy. You can also provide or withdraw consent for our email lists through this account.
MailChimp: We use MailChimp for sending communication emails to groups of recipients. MailChimp stores your email address, first name and last name. MailChimp and Tithe.ly are securely linked, so you can update your MailChimp email preferences through your Tith.ly logon, or via the MailChimp website directly (every email we send has links at the bottom to help you do this).
Libib.com: We operate a lending library of theological books that is hosted by Libib.com. If you request the use of this service we create a Libib patron account for you with your name and email address.
Survey Monkey: We occasionally use Survey Money for gathering input from members and regular attenders about topics related to the services and ministries that we run. When you access or are sent a link to a survey on this site, very little of your personal data is stored or used, and many of the survey options we use are anonymous.
7) How long do we keep your personal data?
Our data retention principle is to keep data only as long as we need or are required to, and always in accordance with the Church Confidentiality and Data Protection policy. We operate an annual process of review for general data related to individuals, by which we assess who is actively engaging in church membership or regular attendance, and where this is not the case we will remove your data, subject to any restrictions stated below.
We retain gift aid declarations and associated paperwork for up to six years after the calendar year to which they relate.
We retain records related to safeguarding permanently.
We retain records of current and past Charity members and officers for the lifetime of the charity.
For other specific data retention periods, please ask to see a copy of our Data Retention policy.
8) Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:-
- The right to request a copy of the personal data which Hope Church Huddersfield holds about you;
- The right to request that Hope Church Huddersfield corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for Hope Church Huddersfield to retain such data;
- The right to withdraw your consent to the processing at any time;
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to lodge a complaint with the Information Commissioners Office.
In some circumstances exercising some of these rights (such as the right to erasure or the right to restrict processing) may mean we are unable to continue providing you with access to some of our ministries. If such a circumstance arises we will explain the issue, and if you still wish to withdraw your consent you will lose your ability to benefit from the relevant ministry.
9) Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
10) Contact Details
To exercise all relevant rights, queries or complaints please contact any of the Charity Trustees, or email
or by post to: 6 Burn Road, Huddersfield, HD3 3BT
You can contact the Information Commissioners Office on 0303 123 1113 or via their website at:
or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.