Events at the Pavilion are hired through LifeSpring Church (referred to as “the Church“, “we“, “us” or “our” in this Privacy Policy) as the Pavilion is not a separate company (or other legal entity) from LifeSpring Church, the owner of the Pavilion building. We respect your privacy and are committed to protecting your personal data whether it is held on paper, on computer or other media. This Privacy Policy will inform you as to how we look after your personal data when you visit our website or that you have submitted to us in some other way. It will also tell you about your rights and how the law protects you.
From 25th May 2018, the processing of personal data will be governed by the General Data Protection Regulation (the “GDPR”), which has changed the previous laws applicable to the protection of data.
This Privacy Policy covers:
- What is personal data?
- Who is the ‘controller’ of personal data?
- How do we collect your personal data?
- What will we use your personal data for?
- How will we treat your personal data?
- How long do we keep your personal data?
- Your legal rights
- New purposes
- Changes to your personal data
- Rights to access your personal data
- Contact details
- Third party links
- Further information
How we use your personal data
-
What is personal data?
Personal data is data that relates to a living individual which identifies that individual, either directly or indirectly (eg name, address, date of birth, email address, telephone numbers, photographs etc).
-
Who is the ‘controller’ of personal data?
The Church is the controller of your personal data which means we are responsible for how it is processed and for what purposes.
LifeSpring Church is a charitable company limited by guarantee and registered in England and Wales; Company No. 8087254 and Charity No. 1148013; registered office: The Pavilion, 143-145 Oxford Road, Reading, RG1 7UY.
For details of our legal obligations, see Section 14.
-
How do we collect your personal data?
We use different methods to collect data from and about you including when you give us your data by filling in forms (either in hard copy or via our website) or by corresponding with us for example by email, phone or post.
-
What will we use your personal data for?
- We will only use your personal data when the law allows us to.
- We may use your personal data for when we consider this to be in our ‘legitimate interests’. This is the legal basis for us processing your personal data under the GDPR without us needing to obtain your consent.
- Our ‘legitimate interests’ are to facilitate the day-to-day administration and management of events bookings at the Pavilion including the following:
- management of our employees and volunteers;
- maintenance of our own accounts and records (including for invoicing, audit and tax purposes);
- administering and protecting our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
- We may also use your personal data where you have given your express consent (for example, by actively consenting to receive information from us about booking events or promotions at The Pavilion.
-
How will we treat your personal data?
- Except where permitted by law (for example where we are legally compelled to do so), we will treat all your personal data as private and confidential and will not disclose or share any of your personal data to or with anyone except as set out in this section or with your consent.
- We will not disclose any personal data about you to anyone other than those involved in the administration for or management of events bookings at the Pavilion and the Church Directors, the Senior Leadership Team and the Church’s other employees and volunteers on a need to know basis.
- We will ensure that all Pavilion staff and volunteers who have access to personal data are trained in data protection and will only process personal data in accordance with their duties as part of their role within the Pavilion.
- Any personal data supplied in paper form will be kept in a securely locked cabinet or cupboard in the Church office to which only those involved in the administration for or management of events bookings at the Pavilion and the Church Directors, the Senior Leadership Team and the Church’s other employees and volunteers on a need to know basis will have access.
- We will not transfer your personal data outside the European Economic Area (EEA) without your consent.
-
How long do we keep your personal data?
- Where you have given consent for example, for us to use your email address so you can receive information from us about booking events or promotions at The Pavilion, we will endeavour to refresh your consent at appropriate intervals.
- Otherwise, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including to satisfy any legal, accounting or reporting requirements.
-
New purposes
If we wish to use your personal data for a new purpose not covered by this Privacy Policy, we will notify you and we will explain the legal basis which allows us to do so.
-
Changes to your personal data
It is important that the personal data we hold about you is accurate and current. Please tell us if any of your personal data changes so that it can be amended.
-
Your legal rights
- Under certain circumstances, you have rights under data protection laws in relation to your personal data:
- to request access to your personal data;
- to request correction of your personal data;
- to request deletion of your personal data;
- to request transfer of your personal data;
- to request restriction of processing your personal data;
- to object to processing of your personal data;
- a right to withdraw your consent;
- a right to lodge a complaint with the Information Commissioner’s Office.
- Please see Section 13 to find out more about these rights.
- Under certain circumstances, you have rights under data protection laws in relation to your personal data:
-
Rights to access your personal data
- You can ask for one copy of the personal data we hold about you free of charge. (If you ask for more than one copy, we are entitled to charge a fee based on the administrative cost of providing the information.)
- If you wish to exercise this right, you should make the request in writing by sending us an email or a letter – see the Contact details below. A standard template for this should be available on the Information Commissioner’s Office website at https://ico.org.uk/.
- We will provide the information requested within 1 month of receipt of your request unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the individual making the request.
-
Contact details
- To exercise a legal right, raise a query or make a complaint, please email admin@lifespringchurch.org (reference: Data Protection Issue) or send a letter to Data Protection Administrator, LifeSpring Church, The Pavilion, 143-145 Oxford Road, Reading, RG1 7UY stating that your letter relates to use of your personal data in relation to a booking at The Pavilion.
- Although you have the right to make a complaint at any time to the Information Commissioner’s Office, we would appreciate the chance to deal with your concerns before you approach them, so please contact us in the first instance.
-
Third-party links
- This website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements.
- When you leave our website, we encourage you to read the privacy notice of every website you visit.
Further information
-
Your legal rights
- You have the following rights with respect to your personal data:
- the right to access or request a copy of your personal data which the Church holds about you (also known as a Subject Access Request);
- the right to request that the Church corrects any personal data if it is found to be inaccurate or out of date;
- the right to request your personal data is deleted where it is no longer necessary for the Church to retain such data;
- the right to request that the Church provides you or a third party with your personal data;
- the right, for example where there is a dispute in relation to the accuracy or use of your personal data, to request a restriction is placed on any further processing of your personal data by the Church;
- the right to object to the processing of your personal data, where the Church is relying on the ground of a legitimate interest where you feel processing on this ground impacts on your fundamental rights and freedoms;
- the right to withdraw your consent to the processing of your personal data at any time;
- the right to lodge a complaint about how we have handled your personal data with the Information Commissioner’s Office, the UK supervisory authority for data protection issues, (ico.org.uk).
- For further details on exercising these rights, see the Contact details above.
-
What are our legal obligations?
We will comply with our obligations under the GDPR including by processing personal data fairly and lawfully; by obtaining it for a specified and lawful purpose; by keeping it up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
This version of the Privacy Policy was last updated on 25th July 2018.