We will review and update this policy from time to time and the latest version will be published here.
Our Privacy Promise
You and your personal data are very important to us and we promise to take the privacy and security of your data seriously.
The principles of how we treat your privacy are:
We will be open, honest and clear about how we handle your data. We will try to explain clearly what you need to know without being long-winded or overly complex. We won’t hide anything. If you need to know more, please ask. We will also be open and honest if we make mistakes.
You are in control of your data. We will always give you the choice of what data you give us and what communication you receive from us.
We want you to trust us with your data. We will store it securely and only process it in accordance with this policy. We won’t sell it or share it with other organisations. We accept responsibility for the security of your data.
Who is SPCC?
SPCC is Santa Ponsa Community Church – a registered church.
Our address is: SPCC Calle Huguet de Mataplana 22 A, Santa Ponsa, Calvià, Baleares, 07180
We can be contacted at:
+34 971 69 03 94
Our website is: www.santaponsacommunitychurch.com
What data do we collect and why do we use it?
We will only ask for your data if we have a good reason to ask and we won’t ask for information we don’t need. We collect this data when you regularly attend SPCC, when you register for one of our activities or when you choose to subscribe to our mailing list.
We use this information to:
- organise and run the church
- manage activities and courses run by the church
- publicise and manage events
- keep you informed of what’s going on at SPCC
- manage SPCC room hire
- meet statutory and legal obligations (eg. financial and gift aid records)
- analyse the effectiveness of our communications
Where is this data stored?
We use several ‘cloud-based’ systems. This is where your data is stored. Access to the cloudbased systems we use is granted only to SPCC people and only when there is a need. When that need no longer exists, access is revoked. The cloud-based systems we use are:
- ChurchSuite, for church administration, management and communication
- Microsoft Office 365, mainly for email communications
- MailChimp, for mailing list communication
- GoCardless, for payment processing
How secure is my data?
Our main data storage system, ChurchSuite, has SSL encryption, encryption at rest and state- of-the-art physical security at their data centres, keeping your data locked away from prying eyes.
More information can be found here: https://churchsuite.com/tour/gdpr/security
How long do we keep your data?
We will only keep your data for as long as we believe there is a legitimate reason to store it. If you ask us to delete it, we will. However, when there is a legal or statutory reason to keep data then we will store it for as long as we are required. For example, certain financial records must be stored for 7 years. We will store this information securely.
Who do we share your data with?
We will not share your data with other organisations or individuals, with the exception of HMRC relating to Gift Aid, and we certainly will not sell your data to anyone.
What rights do you have over your data?
You are in control of your data. We give you the choice over how much or how little data you share with us.
- You also have certain rights over your personal data that we store.
- You have the right to see what data we hold and to know how we use it
- You have the right to amend and update your data
- You have the right to control or restrict how we process your data
- You have the right to stop us using your personal data
- You have the right to have your data deleted (the ‘right to be forgotten’)
- If you wish to exercise any of these rights, please email us.
Members of our church family can control access to their data by using My ChurchSuite
Please be aware that there are some situations where you may not be able to exercise these rights. For example, we cannot delete data we are legally required to store; we cannot reveal, update or delete personal data if you are unable to prove your identity; we cannot meet requests that would impact the rights or privacy of others; and we aren’t required to comply with requests which we genuinely feel are unreasonable or excessive.
If we are unable to comply with a request about your data we will always explain why.
When will we contact you?
If you are part of the SPCC church family we will contact you, usually by email, to keep you informed about what’s going on at SPCC and to organise areas of church life in which you are involved. We will do this because both you and SPCC have a legitimate interest in this communication.
If you aren’t part of the church family we will contact you:
- when you sign up for something we offer, whether it is free or not. Again, we do this
- because there is a legitimate interest in this communication.
- when you subscribe to our mailing list. We do this because you have given consent
- for this communication in the preferences you set when subscribing. We will only contact you according to the preferences you’ve set and you can update your preferences or unsubscribe from the mailing list at any time.
What we ask of you
We aim to give you control over what personal data you provide and how it is used. Where possible, we give you access to these controls. For example, if you wish to update your email address or amend your mailing list preferences you can do so by following the links in the footer of mailing list emails. Giving you access to, and responsibility for, your own data is by far the best way of keeping everything accurate and up to date. So please don’t be offended if we ask you to manage your own data wherever this is possible; it’s in your best interests.
Likewise, if you contact us regarding your personal data we will need to verify your identity before we do anything. Depending on your request, we may simply need to ask you to provide some information over the phone or, in some situations, we may need you to provide certain documents. Again, please don’t be offended; we do this to protect your data.