Farm Street Church Privacy Policy
1. Introduction
1.1 We are Farm Street Church (“FSC”) and we operate from 114 Mount Street, London, W1K 3AH. The terms “we”, “us” or “our”, when used throughout this policy, refer to Farm Street Church. We are committed to protecting and respecting your privacy.
1.2 This Privacy Policy (and any other documents referred to in it) sets out the basis on which we will process and use any personal data about our donors, potential donors, event attendees, patrons, volunteers, interested parties, and visitors (together “individuals”) to our website https://www.farmstreet.org.uk (”website”) that we collect from them, that they provide to us, or that we collect from third parties. Please read this Privacy Policy carefully to understand our practices regarding these individuals’ personal data and how we will treat it.
1.3 For the purpose of the Data Protection Act 1998, (the “DPA”) and the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, (the “GDPR”), we are the data controllers and are located at114 Mount Street, London, W1K 3AH.
1.4 We comply with the DPA and with the GDPR in respect of the collection, holding, storage, use, and processing of personal data about our individuals (such personal data is held in both manual and electronic records).
1.5 We may make changes to this Privacy Policy from time to time. If we do so, we will post the changes on the privacy policy page on our website and they will apply from the time we post them. Individuals should check back frequently to see any updates or changes to this Policy. This Privacy Policy was last updated on 29th Oct 2019.
2. What we collect
2.1 Personal data
(a) We collect and use the following types of personal data about our individuals:
(i) personal information such as
name;
postal address;
phone numbers (home, work and mobiles as applicable);
email address(es);
contact preferences;
information given when registering to use or completing forms on our website;
information given when registering for any FSC event;
information on donations made;
information that our individuals give us – for example when making donations, such as bank account details for setting up regular direct debits, credit card details for processing credit card payments, employer details for processing a payroll gift, or taxpayer status for gift aid purposes;
information given when using our website; and
information given when taking part in FSC’s social media functions or on our website.
(ii) the marketing preferences of our individuals and whether and when consent to receive marketing communications has been given or withdrawn.
(iii) correspondence between individuals and ourselves (whether by telephone, e-mail or otherwise).
(b) We also collect and use certain technical information about our individuals’ visits to our website which may include, for example, internet protocol (“IP”) addresses, login information, browser type and version, pages accessed, files downloaded, full Uniform Resource Locators, (“URLs”), clickstream to, through and from the website (including date and time), products viewed or searched for, page response times, download errors, length of visits to certain pages and page interaction information (such as scrolling, clicks and mouse-overs).
(c) We collect some of the personal information set out above directly from individuals and some from third parties (for example, we may receive personal information from individuals when they make a donation to us through a third-party website, such as Stripe, and the individual has given the third-party website permission to share information with us).
(d) We collect some of the personal information set out above directly from event attendees and some from third parties (for example, we may receive personal information from event attendees when they register to attend an event through a third-party website, such as Eventbrite, and the event attendee has given the third-party website permission to share information with us).
(e) Individuals do not have to disclose personal data to us to browse the website or to use our social media sites, but individuals do need to provide us with certain personal data in order for us to provide them with certain services.
(f) The safety of children is very important to us. We do not knowingly collect the personal data of those who are under 16 years old without the consent of their parent or guardian.
3. Website Cookies
3.1 Our website uses cookies to distinguish an individual from other users of the website and to help us to provide individuals with a good experience when they browse our website. Cookies also allow us to improve our website. For detailed information on the cookies we use and why we use them see our Cookie Policy on our website: https://www.farmstreet.org.uk/privacy
4. How we use information
4.1 We obtain, collect, record, hold, store, organise, adapt, alter, retrieve, consult, disclose, destroy and otherwise use personal data of individuals, as set out in this Privacy Policy, for the following purposes:
(a) providing individuals with the products, services and information that they ask us for;
(b) corresponding with individuals and recording any relevant communications;
(c) sending marketing information to our individuals;
(d) keeping records of donations made and actions taken by our individuals;
(e) claiming gift aid on donations;
(f) supporting volunteers;
(g) recording campaigning activities by individuals;
(h) performing our obligations under any contracts that we enter into with individuals;
(i) telling individuals about changes to our services;
(j) ensuring that content from our website is presented effectively for individuals and for their computers;
(k) administering our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
(l) improving our website to ensure that content is presented most effectively for individuals and their computers;
(m) allowing individuals to choose to take part in interactive features of our services; and
(n) keeping our website safe and secure.
5. How we share information
5.1 We will only share individuals’ personal data if:
(a) we are working with partners whom we have carefully selected to carry out work on our behalf, such as service providers and sub-contractors (for example, IT services providers and providers of technical, payment and delivery services) to perform any contract we enter into with them. The kind of work we may ask them to do includes processing, packaging, mailing and delivering purchases, answering questions about us and any services we provide, carrying out research or analysis to assist us in our mission and processing credit card payments. We only choose partners we trust and only pass personal data to them where they have undertaken to keep your personal data secure. We do not allow these partners to use your data for their own purposes or disclose it to other third parties and we will take all reasonable care to ensure that such partners keep your data secure; or
(b) we are legally required to do so e.g. by law or by an order of a court of competent jurisdiction; or
(c) there is a medical emergency in which an individual’s personal information must be shared for benefit of their health and/or wellbeing.
We will not sell individuals’ information. We will not share individuals’ information with other organisations other than as stated above.
6. Legal basis for processing information
We rely on various legal bases to justify our processing of individuals’ personal data. Further details of these are set out below.
(a) The individuals have given their consent to the processing of their personal data for the specific purposes mentioned above. The individuals may withdraw their consent to this processing at any time by contacting us using the contact details set out in the “Contact and complaints” section of this Privacy Policy below, but this will not affect the lawfulness of any processing of their personal data which was carried out before they withdrew their consent.
(b) The processing is necessary for our legitimate interests. These legitimate interests include processing, packaging, mailing and delivering purchases, answering questions about us and any services we provide, carrying out research or analysis to assist us in our mission and processing credit card payments.
(c) The processing is necessary to perform a contract to which the relevant individuals are parties or to take steps that they have asked us to take before entering into a contract, such as registering for an event which we are hosting or purchasing a FSC media resource, information pack, or merchandise.
(d) The processing is necessary for us, as the data controller, to comply with our legal obligations, such as sharing personal data where we are legally required to do so e.g. by law or by order of a court.
7. Where we transfer and store information
7.1 The personal data that we collect from individuals may be transferred to and/or stored at destinations outside the UK, but within the European Economic Area, (the “EEA”). As such, adequate protection for such personal and sensitive personal data will be ensured. We will take all steps reasonably necessary to ensure that individuals’ personal data is treated securely and in accordance with this Privacy Policy and applicable law.
7.2 All information that individuals provide to us is stored on our secure servers and/or on the servers of our suppliers who we have engaged to host various IT systems for us. Any payment transactions will be encrypted using TLS technology. Where we have given individuals (or where they have chosen) a password which enables them to access certain parts of our website, they are responsible for keeping this password confidential. We ask them not to share this password with anyone.
7.3 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect individuals’ personal data, we cannot guarantee the security of data transmitted to our website; any transmission is at individuals’ own risk. Once we have received personal information, we will use strict procedures and security features to try to prevent unauthorised access.
7.4 Our mission is is to be a welcoming community, where all can encounter the transforming love of Jesus and grow as disciples who share God’s love. We will keep individuals’ information only for as long as they engage with us in any way which could be justified as being a part of the above mission, and only as long as we need it:
(a) to administer their relationship with us;
(b) to comply with the law; or
(c) to ensure we do not communicate with individuals who have asked us not to.
To assist us in this process we will review on a regular basis the personal data of individuals that we collect and hold to ensure that such data is only kept for an appropriate length of time. This does not affect individuals’ right to withdraw their consent to process at any time by contacting us using the contact details set out in the “Contact and complaints” section of this Privacy Policy.
8. Individuals’ rights
8.1 Individuals have certain rights in respect of the personal data that we hold about them. To exercise any of the rights set out below, please contact us using the contact details set out in the “Contact and complaints” section of this Privacy Policy below:
(a) Access. We will confirm to individuals whether or not we are processing and using personal data about them, at their request and, if so, provide them with access to and a copy of such personal data and the other details to which they are entitled.
(b) Rectification. We will correct any inaccurate personal data and complete any incomplete personal data (including by providing a supplementary statement) that we hold about individuals without undue delay at their request.
(c) Prevention of processing likely to cause damage or distress. We will respect our individuals’ rights to require us to cease or not to begin processing their personal data for a specific purpose, or in a specific way, that is likely to cause unwarranted damage or distress, either to the relevant individual or a third party.
(d) Erasure. We will erase personal data concerning an individual at their request without undue delay in certain circumstances, (for example, among other things, if their personal data is no longer needed for the purposes for which it was collected or otherwise used).
(e) Restriction. We will restrict the processing of individuals’ personal data in certain circumstances (for example, among other things, if they believe that their personal data held by us is inaccurate), if requested by them to do so.
(f) Data portability. We will respect the rights of individuals to receive personal data about them that they have provided to us in a structured, commonly used and machine-readable format and to transmit such personal data to another data controller without hindrance from us in certain circumstances.
(g) Right to object. We will respect the general rights of individuals to object to the processing of their personal data in certain circumstances.
(h) Right to object to marketing. We will respect individuals’ rights regarding use of their personal data for direct marketing purposes. In particular, we will not begin or we will cease processing any personal data of individuals for direct marketing purposes if at any time individuals ask us not to do so.
(i) Automated individual decision-making, including profiling. Where requested, we will not make decisions based on automated processing, including profiling and we will ensure that you can always obtain a review by one of our staff members of any automated decisions and are able to express your point of view and contest any such decisions.
We will not make any automated decisions based on sensitive personal information unless we have obtained your explicit consent to do so, or this is otherwise necessary for substantial public interest reasons based on applicable law.
8.2 We will process all personal data in line with individuals’ rights in each case to the extent required by and in accordance with applicable law only (including, without limitation, in accordance with any applicable time limits and requirements regarding fees and charges).
8.3 We will respect individuals’ rights regarding use of their personal data for direct marketing purposes. In particular, we will not begin or we will cease processing any personal data of individuals for direct marketing purposes if at any time an individual asks us to stop.
8.4 individuals can exercise their rights by contacting us using the contact details set out below in the “Contacts and complaints” section of this Privacy Policy.
9. Contact and complaints
9.1 Questions, comments, requests or complaints regarding this Privacy Policy and/or our use of individuals’ personal data should be addressed to the Parish Administrator at farmstreetoffice@rcdow.org.uk or 114 Mount Street, London, W1K 3AH
9.2 If individuals have any complaints regarding this Privacy Policy, they may also contact the UK Information Commissioner by telephone on 0303 123 1113 or at www.ico.org.uk/
9.3 We are not a ‘public authority’ as defined under the Freedom of Information Act 2000 and we will not therefore respond to requests for information made under that Act.