C7 DATA PROTECTION & PRIVACY POLICY
updated June 2022

C7 Church (“C7”) has adopted this Privacy Policy as we recognise the right of people to keep their personal information private. This privacy policy covers C7’s use of personally identifiable information that you provide and we collect or hold, including when you complete forms on the website, www.c7church.com.

If you disagree with any part of this policy please do not provide us with your personal information.

C7 Church uses personal data about living individuals for the purpose of general church administration and communication.

C7 Church recognises the importance of the correct and lawful treatment of personal data. All personal data, whether it is held on paper, on computer or other media, will be subject to the appropriate legal safeguards as specified in the General Data Protection Regulation 2018. This policy explains how C7 and the website comply with the General Data Protection Regulation (GDPR) which came into effect on 28 May 2018.

C7 Church fully endorses and adheres to the eight principles of the GDPR. These principles specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation and storage of personal data. Employees and any others who obtain, handle, process, transport and store personal data for C7 Church must adhere to these principles.

THE PRINCIPLES
The principles require that personal data shall:

1. Be processed fairly and lawfully and shall not be processed unless certain conditions are met.
2. Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose.
3. Be adequate, relevant and not excessive for those purposes.
4. Be accurate and where necessary, kept up to date.
5. Not be kept for longer than is necessary for that purpose.
6. Be processed in accordance with the data subject’s rights.
7. Be kept secure from unauthorised or unlawful processing and protected against accidental loss, destruction or damage by using the appropriate technical and organisational measures.
8. Not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

MAINTAINING CONFIDENTIALITY
C7 Church will treat all your personal information as private and confidential and not disclose any data about you to anyone other than the leadership and ministry overseers/co-coordinators of the church in order to facilitate the administration and day-to-day ministry of the church.

All C7 Church staff and volunteers who have access to Personal Data will be required to agree to sign a Confidentiality Policy and a Data Protection Policy.

There are four exceptional circumstances to the above permitted by law:
1. Where we are legally compelled to do so.
2. Where there is a duty to the public to disclose.
3. Where disclosure is required to protect your interest.
4. Where disclosure is made at your request or with your consent.

HOW WE COLLECT INFORMATION ABOUT YOU
We collect personal information each time you are in contact with us. For example, when you:
• register your details and your family details at a C7 service or event using our Connection Cards
• make a donation, by completion of Giving cards, via our website or through other electronic means;
• register for a conference or other Church event;
• provide your contact details, in writing or orally, to Church staff or volunteers;
• purchase goods or services, including when you provide credit or debit card details;
• when you attend church services or participate in other Church activities;
• communicate with the Church by means such as email, letter, telephone;
• face to face meetings with staff and volunteers;
• access social media platforms such as Facebook, YouTube, Twitter and Instagram

C7 does not hold any debit or credit card details for donations/payments made via our websites. All card payments are handled by service providers who encrypt card information.

HOW WE USE YOUR INFORMATION
By providing your personal details you agree to allow C7 to contact you by any of the means you provide (which include mail, email, telephone or SMS text message) for three main purposes:
1. The day-to-day administration of the church; e.g. pastoral care and oversight including calls and visits, preparation of ministry rotas, maintaining financial records of giving for audit and tax purposes.
2. Contacting you to keep you informed of church activities and events.
3. Statistical analysis; gaining a better understanding of church demographics.

THE DATABASE
Information contained on the database will not be used for any other purposes than set out in this section. The database is accessed through the cloud and therefore, can be accessed through any computer or smart device with internet access. The server for the database is hosted by Tithe.ly.

1. Access to the database is strictly controlled through the use of specific passwords, which are controlled and given by the Database Admin.

2. Those authorised to use the database only have access to their specific area of use within the database. This is controlled by the Database Admins. These are the only people who can access and set these security parameters.

3. People who will have secure and authorised access to the database include C7 Church Staff and Pastors, data in-putters, Team Leaders, Group Leaders and C7 Church Directors and Elders.

4. The database will NOT be accessed by any unauthorised users outside of the EU, in accordance with the Data Protection Act, unless prior consent has been obtained from the individual whose data is to be viewed.

5. All access and activity on the database is logged and can be viewed by the Data Privacy Officer.

6. Subject Access – all individuals who are the subject of personal data held by C7 Church are entitled to:
• Ask what information the church holds about them and why.
• Ask how to gain access to it.
• Be informed how to keep it up to date.
• Be informed what C7 Church is doing to comply with its obligations under the 1988 Data Protection Act.

7. Personal information will not be passed onto any third parties outside of the church environment.

8. Subject Consent – The need to process data for normal purposes has been communicated to all data subjects. In some cases. If the data is sensitive, for example, information about health, race or gender, express consent to process the data must be obtained.

ACCESS TO YOUR INFORMATION
You can request access to the personal information that the church holds about you by contacting the C7’s Privacy Officer as set out below.

If you wish to change personal information that is out of date or inaccurate at any time please contact us. C7 will take reasonable steps to correct any of your information which is inaccurate, incomplete or out of date. If you wish to have your personal information deleted please let us know and we will delete that information wherever practicable.

C7 Church aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within 30 days of receipt of a completed form unless there is good reason for delay. We may refuse your request to access, amend or delete your personal information in certain circumstances. If we do refuse your request, we will provide you with a reason for our decision and, in the case of amendment, we will note with your personal information that you have disputed its accuracy.

In such cases, the reason for delay will be explained in writing to the individual making the request.

KEEPING DETAILS UP TO DATE
Please tell us as soon as any of your contact details change so that we can keep our records up to date.

You can change the way we contact you, or the kind of material we send you, at any time by contacting us by email at info@c7church.com.

You can unsubscribe from our regular emails or texts at any time by using the 'unsubscribe' or 'change preferences' links on the email or texts you have received.

If you register with C7’s Member Area of Tithe.ly you should be able to personally log-on and update your contact details.

SECURITY
C7 Church will take reasonable steps to keep secure any personal information, which we hold and to keep this information accurate and up to date. Personal information, held electronically, is stored in a secure server or secure files.

The Internet is not a secure method of transmitting information. Accordingly, C7 cannot accept responsibility for the security of information you send to or receive from us over the Internet or for any unauthorised access or use of that information. We take security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. Your information will be held for a reasonable period or as long as the law requires or permits.

LINKS
This website may also include links to other websites. Links provided by C7 are for your convenience to provide further information.

We use websites such as Vimeo and YouTube to embed videos on our website, service providers such as MailChimp and Google Analytics and you may be sent cookies from them via our site. Please look at the cookie and privacy policies on these third-party sites if you want more information about this.

SOCIAL MEDIA.
C7 Church uses social media such as Facebook, Twitter, Instagram and YouTube. Users must verify authenticity of sites before posting or providing personal information on such sites.

Our website may provide social media buttons, permitting sharing our web content directly to a social media, platform. Use of such buttons is at your own risk.

Unless it is material supplied or officially posted by C7, or affiliated C7 pages (such as C7 Extreme), we do not endorse social media website(s) and have no responsibility for the content nor for the cookies they may contain.

C7 Church does not ask for passwords or personal details on social media.

DOWNLOADS
Any documents or files made available to download from our website are provided at users own risk.

CHANGES TO THIS POLICY
C7 Church may amend this privacy policy from time to time to ensure compliance with changes or amendments to the law of the UK. Any amended version will be available on our website at www.c7church.com. We suggest that you visit our website regularly to keep up to date with any changes.

CONTACT DETAILS
If you would like any further information, or have any queries, problems or complaints relating to C7 Church’s Privacy Policy or our information handling practices in general, please contact our Privacy Officer by

Telephoning: +44 (0)141 231 1559,
Emailing: comms@c7church.com or
Writing to: The Privacy Officer, C7 Church, 100 High Craighall Road, Glasgow, G4 9UD

Company Details:
C7 Church is a registered charity. Company No: SC297771. Scottish Charity No: SC037276
Registered Office:  C7 Church, 100 High Craighall Road, Glasgow, G4 9UD

Updated June 2022