Privacy POLICY

The Parochial Church Council of The Ecclesiastical Parish of St Philip And St Jacob, Bristol

Purpose

The law in the UK requires us to manage personal information in accordance with data protection principles. This notice tells you what personal information we collect, how we use it, who we may share it with, steps we take to protect and secure it, your rights under data protection law, and how you can contact us with questions or concerns.

Our Contact Details 

Name: St Philip and St Jacob PCC (Central Church)

Address: Central Church, Tower Hill, Bristol, BS2 0ET
Email: admin@centralchurchbristol.org

Website: www.centralchurchbristol.org 

This document applies to all ministries and activities within Central Church.

Policy

The Types of Personal Information We Collect 

We collect and process information relating to:

  • Identity Data – name, marital status, title, date of birth, gender, photograph, video footage, CCTV images, etc.

  • Contact Data – postal address, email address, and telephone numbers.

  • Financial Data – bank account details, payment card details, donation records (including Gift Aid information).

  • Transaction Data – details of payments, events, products, or services you have purchased or donations made.

  • Usage Data – information about how you engage with our website, events, and services.

  • Marketing and Communications Data – your preferences for receiving communications from us.

  • Disclosure & Barring Service (DBS) Data – checks conducted on individuals working with children and vulnerable adults.

  • Employment Details – data related to employees and volunteers of Central Church.

  • Pastoral Care Data – limited information recorded for pastoral care purposes, stored securely and only accessible to designated staff.

Children’s Data

We collect and process personal data relating to children who participate in our ministries, groups, and events (e.g. Sunday Club, Tower Tots, holiday clubs, youth activities). Because religious belief is considered special category data under UK GDPR, we rely on explicit consent from a parent or legal guardian before collecting or using any child’s personal data.

This may include consent for:

  • Registering a child for an activity or group,

  • Recording medical or safeguarding information,

  • Taking and using photos or videos,

  • Communicating about relevant children’s events.

We will only collect the minimum necessary information to deliver our services safely and effectively. Children's data is stored securely, only accessed by authorised team members, and never shared externally without consent unless legally required (e.g. safeguarding concerns).

Parents or guardians can withdraw consent or request deletion of their child’s data at any time by contacting: admin@centralchurchbristol.org

How We Obtain and Use Your Personal Information 

Most of the personal information we process is provided directly by you via forms (electronic or paper) or email correspondence. We may also collect photos and video footage at church services and events. This is done in accordance with our Photo and Video Policy, which outlines how consent is obtained and how such media is used, particularly in relation to children and vulnerable individuals.

Where images or recordings include children, we will only use them with explicit parental or guardian consent. CCTV cameras may be in operation at our premises and is done so to ensure the safety of our site and events.

We use this information to:

  • Manage our relationship with you, including administration and membership records.

  • Operate the church efficiently, including financial management, planning, audits, and governance.

  • Keep our records accurate and up to date.

  • Inform you of news, events, courses, and church involvement opportunities.

  • Provide pastoral care and prayer support.

  • Advertise the church and it’s events

  • Respond to enquiries and complaints.

  • Provide services and notify you about significant changes.

  • Manage volunteers and employees.

  • Assess suitability for working with vulnerable groups.

  • Organise events, conferences, and courses.

  • Comply with legal obligations (e.g., responding to authorities, legal claims, or court orders).

  • Prevent and detect crime.

  • Provide a Members Platform:

For those engaged in church ministry activities we use MyChurchsuite, a members facing platform of our database, members are able to securely log-in and search a directory of other church members, find out details of any groups they are involved in, view recent communications, and manage your own contact details, including how much information is visible to others. 

MyChurchSuite provides individuals with privacy options to manage how their information is shared. By agreeing to this privacy policy, you consent to your name being visible on the MyChurchSuite platform by default. You can manage your privacy settings within MyChurchSuite to control what additional details are visible to others.

Who We Share Your Personal Information With 

When necessary, we may share your personal information with:

  • HM Revenue & Customs or other lawful authorities.

  • Agents, service providers, and contractors assisting with church activities.

  • Banks and payment providers for processing transactions.

  • The Police or other authorities where legally required.

We will never sell your personal information to third parties.

Lawful Basis for Processing Your Data

Under the UK General Data Protection Regulation (UK GDPR), we process your data based on:

  • Legitimate interests of the church (the primary basis for most operations). If you are  a member of the church or attend church ministry activities at least once a month, we assume a legitimate interest in communicating with you about church-related activities, including rotas and internal events. This also applies to business contacts where ongoing engagement is expected.

  • Your consent -  If you sign up for a community or outreach event and are not a member of the church or attending church ministry activities at least once a month, we will process your  data based on consent. However, if you become a member of the church or begin attending church ministry activities at least once a month, we will transfer our legal basis from consent to legitimate interest (as above).

  • A contractual obligation - Applied to staff, volunteers, and external contractors where data processing is required to fulfil agreements.

  • A legal obligation - Used for Gift Aid processing, safeguarding compliance, employment records, and financial transactions with external contractors.

  • Vital interests - In rare circumstances, we may process personal data where it is necessary to protect someone’s life or prevent serious harm, such as in medical emergencies or safeguarding situations.

  • Public interest - We may process personal data where required to fulfil legal obligations in the public interest, such as safeguarding reporting or cooperating with law enforcement where necessary.

We generally do not rely on consent except for special category data or marketing communications, which you can withdraw at any time by emailing admin@centralchurchbristol.org or updating your preferences in MyChurchSuite.

How We Store Your Personal Information 

Your data is stored securely in ChurchSuite, a UK-based database. More details are available at https://churchsuite.com/security/. You can access and update your information via MyChurchSuite or by contacting admin@centralchurchbristol.org.

Additional storage systems include:

  • Giving / Gift Aid records – stored in ChurchSuite, Expense Plus, and G-Suite.

  • Payment details – stored in ChurchSuite, CAF Bank, SumUp, Stripe, and GoCardless.

  • DBS Checks – processed via Thirtyone:eight (https://thirtyoneeight.org/), with records kept in ChurchSuite and securely in G-Suite.

  • Electronic marketing and surveys – processed via MailChimp (unsubscribe links included in emails).

  • Website interactions – processed via Squarespace.

  • Event and volunteer planning – processed via Planning Centre, ChurchSuite and Multitracks.

  • Communication – WhatsApp and social media  may be used for certain groups or volunteer coordination.

We retain personal data for as long as necessary to maintain our relationship with you, in accordance with our Data Protection Policy. You can request deletion of your data by emailing admin@centralchurchbristol.org, though legal obligations may require us to retain certain records.

Your Data Protection Rights

Under data protection law, you have rights including:

  • Right of access – Request copies of your personal information.

  • Right to rectification – Request correction of inaccurate or incomplete data.

  • Right to erasure – Request deletion of your personal information in certain circumstances.

  • Right to restrict processing – Request limits on data processing in specific situations.

  • Right to object – Object to certain uses of your data.

  • Right to data portability – Request data transfer to another organisation or yourself.

Requests can be made via admin@centralchurchbristol.org or by post to Central Church, Tower Hill, Bristol, BS2 0ET. We will respond within one month.

How to Complain

If you have concerns about how we handle your data, you can contact us at:

  • Email: admin@centralchurchbristol.org

  • Address: Central Church, Tower Hill, Bristol, BS2 0ET

You can also complain to the Information Commissioner's Office (ICO):

  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

  • Helpline: 0303 123 1113

  • Website: https://www.ico.org.uk

Review

The PCC will undertake to review this policy and its implementation annually. This policy was updated and reviewed in July 2025.