We are CHURCH YOUTH MINISTRY based in Winchester, Hampshire, UK
If you have a data protection enquiry, you can contact us by email to firstname.lastname@example.org
The information we process
We process the following information about you:
a) Information you give us. This is information about you that you provide to us by filling in forms on our website and within the CHURCH YOUTH MINISTRY platform, emailing us, writing to us, or speaking to us over the phone or in person. The information you give us might include your name, address, email address, phone number, date of birth and payment information. It may also include information about your job role or business.
c) Information we receive from third parties. If you are an employee or representative of one of our suppliers or customers then your organisation might share your information with us. The information we receive about you may include your name, job title, postal address, email address, phone number, date of birth and payment information.
Why we process your information and on what grounds
The reasons for processing your personal information depends on your relationship to us:
a) For website visitors, we process your information using cookies for analytics purposes on the basis of your consent.
b) For customers, we process your information to perform the contract between us by providing you with our services. This includes where we take pre-contractual steps using your personal information, such as sending you pricing information.
We also process your information because we have legitimate interests in using it to efficiently operate our business, to coordinate our marketing activities and to respond to your enquiries. We also keep certain member records because we have a legal obligation to do so.
We process all customers’ information for marketing purposes on the basis of your consent, which we collect when you register with us. You can opt out of receiving future marketing materials from us by following the 'opt-out' link in the marketing emails we send to you, or by contacting us at email@example.com.
c) For suppliers, we process your information to perform the contract between us, including where we take pre-contractual steps. We also process your information because we have a legitimate interest in using it to efficiently operate our business (e.g. keeping lists of trusted suppliers, historic contracts) and to approach you with enquiries. We also keep certain supplier records because we have a legal obligation to do so.
d) For employees and representatives of our customers and suppliers, we process your information because we have a legitimate interest in processing your information in order to administer the business relationship between your organisation and us.
e) For all other third parties, we have a legitimate interest in processing your information in order to administer our business. We may also send you marketing communications if you have opted in to receiving them, in which case we process your information on the basis of your consent.
f) If you share information with us about your allergies, dietary requirements or accessibility needs then we process that information on the basis of your explicit consent.
How long we keep information for
We only keep your information for as long as it reasonably takes to achieve the purpose we collected it for. Generally speaking, we keep your information for the following periods of time:
a) for customers and their employees and representatives, for the duration of your contract with us plus seven years from the date that contract ends. This may be extended, for example, if a dispute arises;
b) for suppliers, and their employees and representatives, for the duration of your contract with us plus seven years from the date the relevant contract ends. This may be extended, for example, if a dispute arises; and
c) for business records, such as financial and compliance records, for as long as we are required to do so by law. These time periods will vary depending on the type of information.
Who your information is shared with
Your personal information is not shared with anyone except where we are required to do so to comply with the law, to protect our rights, or to effectively operate our business.
We may share your information with the following people or groups of people:
a) Outsourced service providers. Our service providers (including IT providers) may be granted access to your information as part of the service they provide to us. Our service providers are subject to strict contractual obligations to treat your personal information confidentially and to comply with data protection law at all times.
We may transfer personal information outside of the European Economic Area (EEA) to the following service providers. For each recipient we have identified the legal safeguard in place to ensure your information is protected:
i. WWix.com is certified under the EU-US Privacy Shield Framework and the Swiss-US privacy Shield Framework as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, and therefore adheres to the Privacy Shield Principles.
Your data protection rights
Under data protection law you have the following rights:
a) if we are processing your personal information on the basis of your consent then you have the right to withdraw that consent at any time. Consent can be withdrawn by contacting us using the details set out at the top of the Policy. Please note that the lawfulness of our historic processing based on your consent will not be retrospectively affected by your withdrawal of consent;
b) the right to access a copy of your information which we hold. This is sometimes called a 'subject access request'. Additional details on how to exercise this right are set out in the 'Access to Information' section below;
c) the right to prevent us processing your information for direct marketing purposes. We will inform you (before collecting your data) if we intend to use your personal information for this purpose or if we intend to disclose your information to any third party for this purpose. You can also exercise this right at any time by contacting us;
d) the right to object to decisions being made about you by automated means;
e) the right to object to us processing your personal information in certain other situations;
f) the right, in certain circumstances, to have your information rectified, blocked, erased or destroyed if it is inaccurate;
g) the right, in certain circumstances, to claim compensation for damages caused by us breaching data protection law; and
h) the right, in certain circumstances, to request that we erase, rectify, cease processing and/or delete your information.
You also have the general right to complain to us (in the first instance) and to the Information Commissioner's Office (if you are not satisfied by our response) if you have any concerns about how we hold and process your information. The Information Commissioner's Office website is www.ico.org.uk.
For further information on your rights under data protection law and how to exercise them, you can contact the Information Commissioner's Office (www.ico.org.uk).
Access to information
Under data protection law you can exercise your right of access (also known as a 'subject access request') by making a written request to receive copies of some of the information we hold about you. We may request proof of your identity, or proof of your authority if making the request on behalf of someone else, before we can supply the information to you. Requests should be sent to us using the contact details set out at the top of this Policy.
You do not need to pay a fee to exercise this right unless you are requesting copies of documents you already hold, in which case we may charge our reasonable administrative costs. We are also allowed to charge you for our reasonable administrative costs in collating and providing you with details of the requested information which we hold about you if your request is clearly unfounded or excessive.
In very limited circumstances, data protection law permits us to refuse to comply with your request. If we refuse to comply then we will notify you of that fact and the grounds for our refusal.
In certain circumstances, you are entitled to receive the information in a structured, commonly used and machine-readable form.
These cookies are required to support on website analytics and functionality of the website.
We will always store your digital information on secure servers. Nevertheless, the transmission of information via the internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your information transmitted to our site or otherwise to our servers (such as by email). Any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Third party sites
Our site may contain links to and from partners', advertisers', affiliates' and social networking sites. If you follow a link to any of these websites, please note that these sites have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check their privacy policies before you submit any personal information to those websites as they may not be on the same terms as ours.