Grace Church Greenwich (“us”, “we”, “the church”) takes your right to privacy and the security of your information very seriously. This privacy statement explains what personal data Grace Church Greenwich collects and, as a Data Controller, how we use it.
1. Personal Data We Collect
1.1 Safeguarding our children
We collect personal data from volunteers who will have supervised contact with children for Sunday School and crèche for the following purposes:
- to carry out safeguarding checks (DBS) for volunteers
- to contact our volunteers about the Sunday School or creche
- to enable volunteers to contact each other to swap rota shifts
We also collect personal data from the children, provided to us by their parents or carers. We record the personal details of the children and any relevant medical conditions which may be relevant to our involvement with them in creche or Sunday School. We record these in order to facilitate the planning of whole-church and children-specific activities.
Please note that under Amendment 85 of the General Data Protection Regulation, we reserve the right to process personal data for safeguarding purposes lawfully without consent where that individual is a child or an adult at risk for the purposes of:
i. protecting an individual from neglect or physical, mental or emotional harm; or
ii. protecting the physical, mental or emotional well-being of an individual
1.2 Sustainable finance
For supporters of the church, the Treasurer collects a contact e-mail address and information about donations made by individuals to the church for the administration and processing of donations. The Treasurer may also use the information provided to giving to help forecast future income more accurately. This helps us to plan finances for the church in a more sustainable way.
1.3 Gift aid details
For any donor who completes a Gift Aid declaration, we process the residential address and implied tax status for statutory administration purposes.
1.4 Grace Church Directory
We record the following contact details of church members in our directory for the purpose of enabling the church administration to contact members about church activities, for members themselves to contact each other about church activities, and for planning church activities. The contact details we record are:
- Postal addresses
For more information see section 2.4 Directory contact details.
We also record the ages of children in order to facilitate the planning of whole-church and children-specific activities.
Specifically approved volunteer ‘webmasters’ have training and administrator access rights on the Grace Church website. Maximum admin access has to be specifically enabled by a webmaster when logging in, and this is only done for specific admin purposes e.g. fix rota errors for church members, create login profiles for church members, create new features on the website such as new pages and so on.
We occasionally send out surveys to church family members such that the data collected can be processed to help with church planning.
2. How We Use Personal Data
2.1 DBS information
Basic information about the completed DBS checks (i.e. name of person and date of as well as full name, address and email address) are saved in the Grace Church Google Drive. The Drive is only accessible by Trustees, the church administrator specifically approved by the Trustees. Completed volunteer forms are kept securely (e.g. password protected files) and treated confidentially, with a retention period of 2 years before reviewing if the volunteer is active.
2.2 Bank account details
The Treasurer, church administrator and one other volunteer approved by the Trustees will have access to the Grace Church Greenwich online bank account. Bank account details are processed as required in order to reimburse expenses incurred in line with the Expense Policy. The bank details of people to be reimbursed are stored in our online bank account once the recipient is set up as a payee, which is only visible to those with online account access. Bible-teaching staff will not have access to the online account or other person-specific financial information.
2.3 Gift Aid details
Electronic copies of Gift Aid declarations are saved on the Grace Church Google Drive per HMRC audit trail requirements. These forms are only accessible by trustees, the church administrator and specifically approved volunteers. We will keep these declarations for six years after the end of the tax year to which they relate, after which they will be destroyed.
2.4 Directory contact details
Those who sign up to the Grace Church Directory (see section 4.2 below) can create a login for our website. Only church members who have logins (not the general public) can search the church directory. Contact details on the Grace Church directory are used for the following purposes:
- Contacting individuals for church business
- The rota system – names are added to rotas and members receive emails telling them of dates assigned and giving them the option to swap
- Creating email distribution lists
- Directory search – for those who want to be searchable by other church members (see 4.2)
You have the right to withdraw your consent at any time, and further action would result in the removal of your contact details from our database and destruction of your consent form.
3. Reasons We Share Personal Data
3.1 DBS checks – CCPAS
Volunteers working with children and vulnerable adults will be subject to a Disclosure and Barring Service check as part of our safeguarding policy (see also supplement). In the course of running a DBS check, personal information required for the DBS check is shared with CCPAS, an independent Christian safeguarding charity who processes our DBS checks. For more information on how CCPAS handle our volunteer data, see the CCPAS privacy statement which is available here:
3.2 Financial accounting – Stewardship
Stewardship (Stewardship Services (UKET) Limited, a registered charity and guaranteed company who provides legal and financial services to charities) prepares Grace Church Greenwich’s year-end financial accounts. This involves the disclosure of bank statements and accounting data, meaning that Stewardship will be able to see the details of individuals’ financial donations for the purpose of preparing Grace Church Greenwich annual accounts only. Stewardship does not use Grace Church Greenwich data for their own marketing purposes. Stewardship’s data protection policy can be found here: https://secure.stewardship.org.uk/ancillary/Privacy.aspx
4. How to Access & Control Your Personal Data
4.1 Your access rights
If you would like to see what personal data belonging to you is processed by us, please contact our admin team at and we will respond to you as soon as possible, but in any event within 40 calendar days and as of 25 May 2018, within one calendar month. From 25 May we may also be able to extend the turnaround time by two months or more if your request is complex.
We do not make a charge for fulfilling your request.
Please note we must receive proof of identification before supplying any sensitive personal data back to you.
4.2 Controlling your data
We only make your personal details searchable our directory once you submit a Google form or written consent form, giving permission which is then submitted and imported to the website by our administrator. The directory contact form (accessed by login to the website and the menu option Admin → People Manager), enables members to choose what personal information is viewable e.g. phone, address, email. Viewable information can only be accessed by members with a registered Grace Church Account (who have also completed a directory contact form).
5. Cookies and other technologies
Our website uses temporary cookies for each time you visit our website www.greenwich.church. This cookie is a string of letters and numbers placed on your browser for the duration you have our web page open for. This ‘sessional’ cookie helps us to remember your session so that the system works consistently as you navigate the website. This is not stored on your device once you close the web page and it is not used in any way to identify you.