The information contained in this website is for general information purposes only. The information is provided by Dunstable Christadelphians and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.
Through this website you are able to link to other websites which are not under the control of Dunstable Christadelphians. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, Dunstable Christadelphians take no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.
Members of our church have access to a version of this policy that includes additional clauses relating to our use of their personal data.
1.1 We are committed to safeguarding the privacy of our members, friends and website visitors.
1.2 This policy applies where we are acting as a data controller with respect to personal data in other words, where we determine the purposes and means of the processing of that personal data.
1.3 We collect and store personal data in the course of our normal church activities including emails, events and services, personal contacts, outreach as well as correspondence relating to our church work with individuals, other churches, suppliers and financial transactions.
1.5 In this policy, "we", "us" and "our" refer to Dunstable Christadelphian Ecclesia. For more information about us, see Section 20.
2. How we use your personal data
2.1 In this Section 2 we have set out:
(a) the general categories of personal data that we may process;
(b) the purposes for which we may process personal data; and
(c) the legal bases of the processing.
2.2 We may process information data relating to visits to our services or events, ("visitor data"). The visitor data may include your name, information about when you visited us, your religious preferences and sometimes medical records. You will have provided this information to us when you arrived for a service or registered to attend an event. The visitor data may be processed for the purposes of managing our church, including keeping records and statistics about our visitors, organizing events and ensuring your health and well-being. The legal basis for this processing is the explicit consent you have given us. You will always have the ability to simply unsubscribe from our communications.
2.3 We may process data in relation to our outreach activities, via the third party Mailchimp, (“outreach data”). This data may include your name, email address, telephone numbers and address as well as some records of our contacts and communications with you, including information about your religious preferences. You will originally have provided this information when meeting one of our members personally, enquiring about, registering for or attending events, responding to offers of Christian materials by us other parts of our wider church community, or sending us a message by email, telephone, our website or social media channels. This data may be processed to send you invites to events or meetups, newsletters, calendars or other Christian materials you may find interesting or to contact you directly to respond to your interest in our faith. The legal basis for this processing is the explicit consent you have given us. You will always have the ability to simply unsubscribe from our communications.
2.4 We may process data about suppliers to our charity ("supplier data"). The supplier data may include your name, email address, phone numbers and company as well as information contained in communications between us and you including invoices, receipts and bank transfer details. You or your company will normally have originally provided this information in relation to our enquiries about or purchase of your services. Exceptionally your information will have been passed to us by recommendation or via your website or other marketing channels. The supplier data may be processed for the purposes of maintaining our charity premises, activities and membership. The legal basis for this processing is our contract with you, namely the negotiation or sale of your services.
2.5 We may process data related to our charitable donations (“donations data”). This data may include your name, email address, phone numbers and charity details, as well as information contained in communications between us and you, including bank account and transfer details. You will have provided us with your data when you appealed for our help or we enquired about your charity, or exceptionally it may have been provided to us through recommendation or directly from your website or marketing channels. This data may be processed for sending you donations from our church members.. The legal basis for this processing is our contract with you, namely the donating of funds to your charity.
2.6 We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
2.7 We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our charity against risks.
2.8 In addition to the specific purposes for which we may process your personal data set out in this Section 2, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
2.9 Please do not supply any other person's personal data to us, unless we prompt you to do so.
3. Providing your personal data to others
3.1 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
3.2 In addition to the specific disclosures of personal data set out in Section 3, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
4. International transfers of your personal data
4.1 In this Section 5, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).
4.2 We may transfer “outreach data” to third party Mailchimp (Rocket Science Group), which organization is GDPR complaint and based in the US for which the European Commission has made an "adequacy decision" with respect to data protection laws, limited to the Privacy Shield framework for which Mailchimp is registered, insofar as reasonably necessary for the purposes and on the legal bases set out in this policy under Section 2.4. Information about Mailchimp can be found at https://mailchimp.com
5. Retaining and deleting personal data
5.1 This Section 5 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
5.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
5.3 We will retain your personal data as follows:
(a) “visitor data” will be retained a maximum of six years after the last service or event you visited.
(b) “outreach data” will be retained until you ask us to unsubscribe or to delete your personal data, or deleted a maximum of six years after the last response we received from you.
(c) “supplier data” will be retained for a maximum period of six years after our last contact from you unless there are specific legal reasons for us to retain it for longer.
(d) “donations data” will be retained for a maximum period of three years after our last donation made to you.
5.4 Notwithstanding the other provisions of this Section 5, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
6. Security of personal data
6.1 We will take appropriate technical and organisational precautions to secure your personal data and to prevent the loss, misuse or alteration of your personal data.
6.2 We will store all your personal data on secure laptops and computers, secure cloud hosted services accessed by personal computers and mobile devices, and in secure manual record-keeping systems.
6.3 Electronic personal data stored on laptops and computers will be secured in password protected accounts and where relevant password protected Excel spreadsheets in identified locations.
6.4 Electronic personal data stored in the cloud will be secured in password protected accounts for third party processors identified in Section 2 with restricted access using security measures detailed in their privacy policies available online.
6.5 Manual record-keeping systems will be stored in locked cabinets in identified locations with restricted access
6.6 You acknowledge that the transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
7.1 We may update this policy from time to time by publishing a new version on our website.
7.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
7.3 We may notify you of significant changes to this policy by email.
8. Your rights
8.1 In this Section 8, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
8.2 Your principal rights under data protection law are:
(a) the right to access;
(b) the right to rectification;
(c) the right to erasure;
(d) the right to restrict processing;
(e) the right to object to processing;
(f) the right to data portability;
(g) the right to complain to a supervisory authority; and
(h) the right to withdraw consent.
8.3 You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee
8.4 You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
8.5 In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: [for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims].
8.6 In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
8.7 You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
8.8 You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
8.9 You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
8.10 To the extent that the legal basis for our processing of your personal data is:
(a) consent; or
(b) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
8.11 If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
8.12 To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
8.13 You may exercise any of your rights in relation to your personal data by written notice to us contacting our GDPR compliance officer whose details are given in Section 16.1 below.
9. Third party websites
9.1 Our website includes hyperlinks to, and details of, third party websites.
9.2 We have no control over, and are not responsible for, the privacy policies and practices of third parties.
10. Updating information
10.1 Please let us know if the personal information that we hold about you needs to be corrected or updated.
11. About cookies
11.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
11.2 Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
11.3 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
12. Cookies used by our service providers
The relevant cookies are: _ga, _gat_gtag_UA_112700842_1 & _gid
13. Managing cookies
13.1 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);
(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
(c) http://www.opera.com/help/tutorials/security/cookies/ (Opera);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
14. Our details
14.1 Our charity is owned and operated by Dunstable Christadelphian Ecclesia
14.2 We are registered in England and Wales under registration number 1163925 and our registered premises is at 17 Kirby Rd, Dunstable, Bedfordshire, LU6 3JH, UK
14.3 Our principal place of business is at the address given in Section 14.2
14.4 You can contact us:
(a) by post, to the postal address given above;
(b) using our website contact form
(c) by telephone, on +44 (0)1582 672791; or
(d) by email, firstname.lastname@example.org
15. Data protection registration
15.1 As a non-profit organisation we are not required to register as a data controller with the UK Information Commissioner's Office.
16. GDPR compliance officer
16.1 Our GDPR compliance officer's contact details are:
+44 (0)1582 672791
17 Kirby Rd