Your privacy is of the utmost importance to us.
We want to make sure you fully understand the terms and conditions surrounding the capture and use of your personal data. This privacy policy sets out when and how we use your personal data and describes what information we collect about you, how we use it and the rights you have in relation to the collection and usage.
If you have any questions about this privacy policy, please contact
[email protected] 1. Your Personal Data – what is it?
When we use the term Personal Data in this Privacy Notice we refer to data collected or held by Glow Church UK that identifies and relates to you as an individual. Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or which is likely to come into such possession. The processing of personal data is governed by the UK General Data Protection Regulation 2016/679 (the “UK GDPR and the Data Protection Act 2018, the ‘DPA 2018’”).
2. Who are we?
Glow Church UK is a registered charity with the UK Charity Commission. Registered address: Glow Church, Long Tens Way, Aycliffe Business Park DL5 6AP. Charity number: 1154239.
For the purposes of the UK General Data Protection Regulations and any other applicable data protection and privacy laws and regulations, Glow Church UK will be the ‘data controller’ for all Personal Information we determine the means and purpose of processing and has registered with the Information Commissioners Office under registration number ZA639020.
3. How do we process your personal data?
Glow Church UK complies with its obligations under the UK GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes:
To enable us to provide a voluntary service for the benefit of the public as specified in our constitution.
This includes activities undertaken as Glow Church UK as well as other initiatives organised by the church
To administer membership records.
To promote the interests of the charity.
To manage our employees and volunteers.
To maintain our own accounts and records (including the processing of gift aid).
To inform you of news, events, activities and services running at Glow Church UK.
To keep you informed about news, events, activities and services from other organisations that Glow Church UK recommends and in which you may be interested
4. What is the legal basis for processing your personal data?
The UK GDPR allows for something called 'legitimate interest'. This allows us to keep records on people who have an association with the church either because they come to church, are members, attend our events or courses or have asked to be kept in touch.
Legitimate interest means that it is in yours and our interest in conducting and managing our organisation to enable us to give you the best service we can.
We also process your data to comply with legal or regulatory obligations we are subject to.
Where personal data is collected for marketing purposes this is done with the consent of the data subject.
5. Financial Records and Card Details
All financial payments and records are held in accordance with The Payment Card Industry Data Security Standard (“PCI DSS”).
All credit/debit card donations made online or by phone, are made securely through third party service providers and payment gateways, which comply with the PCI DSS. Unredacted card details are not recorded and stored on our systems.
We do not store unredacted financial details (credit or debit card numbers) obtained through online transactions nor do we pass any information to third parties, except where we are legally required to do so, to assist fraud reduction, or to provide a service requested and minimise credit risks.
6. Marketing Purposes
Where we have your consent, we may also use your personal data for marketing purposes, which may include contacting you by phone, email, text message or post with information and news of services you may be interested in. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt out.
7. Sharing your personal data
Your personal data will be treated as confidential and will only be shared with other members of the church for purposes connected with the church. We do not share your information unless you have given us explicit instruction to do so.
The exception to this is where it is in the public interest and is necessary for the purposes of:
Protecting an individual from neglect or physical, mental or emotional harm; or
Protecting the physical, mental or emotional well-being of an individual where that individual is a child or is an adult at risk.
We do use third party processors to assist with our data processing. These include but are not limited to:
ChurchSuite (ChurchSuite.com)
Planning Center Online (planningcenteronline.com)
Thirtyone:eight – an independent Christian safeguarding charity, who conduct Disclosure and Barring Service (DBS) checks, as well as offering other safeguarding support services
Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents ('third parties') who perform services for us or on our behalf and require access to such information to do that work, when we have contracts in place with our third parties, which are designed to help safeguard your personal information. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organisation apart from us. We shall ensure they also commit to protect the data they hold on our behalf and to retain it for the period we instruct. The categories of third parties we may share personal information with are as follows:
Cloud Computing Services
Communication & Collaboration Tools
Data Analytics Services
Data Storage Service Providers
Finance & Accounting Tools
Order Fulfilment Service Providers
Payment Processors
Performance Monitoring Tools
Sales & Marketing Tools
Social Networks
User Account Registration & Authentication Services
Website Hosting Service Providers
Wherever data is used on a third-party processor system Glow Church UK is still the Data Controller of that data, and the data is not used for purposes unrelated to Glow Church UK nor may it be re-used or transferred by the third party processor.
We will not transfer your personal information to countries outside the United Kingdom, except where we use the services of a third party who host data outside the UK. We will only use third parties who ensure that data hosted outside the UK is held in accordance with UK GDPR. Where data transfer is required outside these third parties separate consent will be sought.
We also may need to share your personal information in the following situations:
When we use Google Maps Platform APIs. We may share your information with certain Google Maps Platform APIs (e.g. Google Maps API, Places API). To find out more about Google’s Privacy Policy, please refer to this link. We obtain and store on your device ('cache') your location. You may revoke your consent anytime by contacting us at the contact details provided at the end of this document.
Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honour this privacy notice. Affiliates include any international Glow Churches, subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.
8. Cookies
Cookies are small text files which are transferred to your computer or device when you visit a wesite.
We use cookies:
To remember information about you, so you don’t have to give it to us again
To keep you signed in, even on different devices
To help us understand how people are using our services, so we can make them better
To help us personalise our service to you by remembering your preferences and settings
To find out if our emails have been read and if you find them useful
The types of cookies we use are defined as:
Strictly necessary cookies
These cookies are always on and you can’t turn them off unless you change your browser settings. We use them to make sure our services work correctly.
Functional, performance and tracking cookies
These cookies are used to make your experience more enjoyable, you can switch these on or off at any time and you can always change your mind. We’ll only use them if you’ve agreed.
Third Party cookies
These might be present if you use a social media company's share option to share something on our website. You can turn them off but not through us, only through the originating company. Some cookes are only present for the time you are using our services and are erased when you close the browser. Others stay, sometimes forever and are saved onto your device so that they are available when you come back.
You can control these both through our settings, if we are currently using cookies where this is possible or by changing the settings on your own device.
9. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees or volunteers who have a business need to know.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any regulator of a breach where we are legally required to do so.
10. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting and reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
11. Your Rights
Unless subject to an exemption under the UK GDPR or DPA 2018, you have the following rights with respect to your personal data: -
The right to be informed – to know what information we collect about you and why. This Privacy Policy is in response to this right.
The right of access – to see what information we hold about you and to verify thelawfulness of our processing of your data.
The right to correction – to correct the information we hold if it is incomplete or inaccurate.
The right to erasure – “to be forgotten”; to have your information removed.
The right to restrict processing – to change the way in which we use your data.
The right to data portability – to obtain your information in order to transfer it to another service or organisation.
The right to object; and to object to the way in which we are using your data.
The right not to be subjected to automatic decision making including profiling – to have your information removed from any databases subject to automatic decision making processes.
The right to lodge a complaint with the Information Commissioners Office.
If you would like to exercise any of the rights set out above, then please contact us.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is repetitive or excessive.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
12. Further Processing
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
13. Changes to this Privacy Notice
We may change this Privacy Notice from time to time to reflect changes in best practice, security and control and to ensure compliance with any changes or amendments to the law or other applicable legislation in the United Kingdom. Any amended version will be available on this webpage. This privacy policy was last updated on 6 June 2024. We suggest you visit regularly to keep up to date with any changes.
14. Contact Details
To exercise all relevant rights, queries of complaints please in the first instance contact us by email at
[email protected], or by contacting Data Protection, Glow Church, Long Tens Way, DL5 6AP.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
