COM Church Privacy Policy

Purpose of the Privacy Policy

COM Church is a data controller and as such, we need to tell you certain information when we process personal information.

This information may be collected automatically or this may be given to us directly in a paper form, a form on our website or when you make a donation.

The privacy policy states:

●  What personal information we collect

●  How we collect that information

●  How we use personal information

●  Who we share personal information with

●  Any transfer of personal information outside EEA

●  Retention of personal information

●  How we protect personal information

●  Your legal rights in relation to personal data

Personal information we collect about you

We may collect the following personal information about you

●  Name and address

●  Telephone number

●  Email address

●  Marital status

●  Age and gender

●  Education and employment

●  Roles and responsibilities within COM Church

●  Permission to perform a DBS check

●  Result of a DBS check

●  Details of donations

●  Gift Aid information

●  Teams you are involved in

●  Dates and time when on a rota

How we collect personal information

Information we collect automatically

Like most websites, the COM Church website uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.

Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google does not grant us access to this. We consider Google to be a third party data processor.

Our meetings system RingCentral uses tracking information for tracking and logging purposes; it will record information such as IP address and location information. RingCentral is considered as a third party data processor.

Personal information that you provide to us

We may collect personal information when you fill in a paper form or a form on our website. We also collect personal information when we set up an account for you on Planning Center.

How we use personal information

Our legal basis for collecting personal information

The law only allows us to use your personal information in certain limited circumstances. We have listed these below and what information they allow us to process.

Where it is necessary for our legitimate interests

The GDPR specifically states that a church may use legitimate interests to process personal information relating to its members to administer your membership to the church. We consider that this is the most appropriate condition for us to administer your membership of our Church, as you would reasonably expect that we would have to process your personal information in order to provide you with membership of our Church, and so you can take full advantage of all our services. We have put safeguards into place to ensure that your personal information is protected and that your fundamental rights and freedoms are not overridden.

Examples of how we may use your information for administration purposes: ● to set up your Planning Center account

● to provide you with Pastoral Care and other support that you have requested and we believe would be helpful to you

● to organise volunteers and schedule rotas

Where you have consented to us using your personal information

Examples of how we may use your information with your consent:

● We may ask for your consent to send marketing communications out to you, including information about our events and other marketing materials

● We may also ask for consent where you have given us information as part of our Pastoral Care and asked us to use it for a certain purpose

Where we need to perform the contract we have entered into with you

Examples of how we may use your information in order to comply with a contract that we have entered into with you:

● to buy tickets for events
● to administer Planning Center (such as troubleshooting, data analysis, research)

● to tell you about changes to our website, software that will affect your use of Planning Center

● to help us (or the software developers) improve the systems we use

Where we need to comply with a legal obligation

Examples of how we may use your information to fulfil a legal obligation: ● keeping records for Gift Aid purposes
● to prevent and detect fraud
● to protect children and vulnerable adults

● to get your feedback on the services

Information relating to children

Whilst information relating to children is not considered to be special category information, it is information that is given specific protection. When the child is under the age of 13, we will always ask for the consent of parents before allowing the child to set up an account in Planning Center and ensure that the parents are able to access and administer the account.

Where a child is 13 or over, then we will permit the child to have their own Planning Center account, but we may (if we believe it to be appropriate in the circumstances) inform the parents. We will tell the child at the time of signing up that we may inform their parents and we will only do this where it is appropriate and lawful to do so.

Sharing your personal information

We work with the following organisations.

Planning Center
HMRC ( for claiming Gift Aid)
Elim International Centre
Google Analytics – website tracking RingCentral – online meetings Eventbrite – Event booking
Donr – Text donation

Legal requirement

We may disclose your personal information if required by law.

Retaining your personal information

We only hold your personal information for as long as necessary for the purposes for which we collected your information.

We have set timescales in accordance with any applicable legislation, and where none exists, then we will keep your information for the duration of any contract that you have entered into with us, and then for a period of seven years after which time it will be deleted.

How we store your personal information

The security of your personal information is important to us.

We use appropriate technical and organisational measures to safeguard personal information, and encryption technology where appropriate to enhance privacy and help prevent information security breaches.

Any personal information that we provide to you will be held within the EEA.

All third parties who provide services to us or our software provider are required to have appropriate technical, administrative and physical procedures in place to ensure that your information is protected against loss or misuse.

All information you provide to us is stored on our secure servers or on secure servers operated by a third party.

Retention of personal information

We only hold your personal information for as long as necessary for the purposes for which we collected your information.

We have set timescales in accordance with any applicable legislation, and where none exists, then we will keep your information for the duration of any contract that you have entered into with us, and then for a period of seven years after which time it will be deleted.


If you choose to send us information via email, we cannot guarantee the security of this information until it is delivered to us.

Your rights

Access to personal information

You have the right to access information that we hold about you. If you wish to receive a copy of the information that we hold, please contact the Church Administrator at

Changing or deleting personal information

You can ask us at any time to change, amend or delete the information that we hold about you or ask us not to contact you with any further marketing information. You can also ask us to restrict the information that we process about you. You can request that we change, amend, delete your information or restrict our processing by emailing us at

Transferring personal information

You have the right to request that your personal information is transferred by us to another organisation (this is called “data portability”). Please contact us at with the details of what you would like us to do, and we will try our best to comply with your request.


If you make a request under this privacy policy and are unhappy with the outcome, you may request this to be reviewed. Please contact us at: COM Church, 51 High St North, Dunstable, Beds LU6 1JF.

How to contact us

Any questions, comments about our privacy policy should be sent to

Appendix A – CCTV Fair Processing Policy

This notice tells you (the data subject) about the processing of your data by COM Church (the data controller).

What personal data do we need and why do we need it?

COM Church has CCTV in operation at our location. CCTV will capture footage of you whilst entering our premises. Cameras are located inside and outside of our premises .

We collect CCTV footage for the following reasons

●  Ensure the health and safety of employees and visitors to the sites.

●  Public safety

●  Prevention and detection for crime

●  Prosecution of offenders

●  Exercise of criminal proceedings

Where do we get your personal data from?

Personal data is obtained from individuals who are filmed by CCTV cameras which are located both inside and outside our building.

What do we use your information for?

CCTV recordings are processed in the interests of public safety and for the prevention and detection of crime. Recordings also provide enforcement agencies with evidence of criminal activity, for formal actions including prosecutions in court and identification of offenders in investigations.

Do we transfer the information overseas?

We are not permitted to transfer information overseas unless there is adequate protection in place.

Who else do we pass this information on to?

●  Police forces

●  Other law enforcement agencies or emergency services

●  Requesters who make requests under Data Protection or Freedom of Informationlegislation

How long do we keep this information for?

CCTV footage is retained for 30 days. Footage which has been saved off the system for evidentiary purposes, at the request of the police for example, will be retained for six years.

What are your rights as a data subject?

As a person whose personal data we are processing, you have certain rights in respect of that personal data. You have the right:

●  To access your personal data that we process

●  To rectify inaccuracies in personal data that we hold about you if it is inaccurate orincomplete

●  To request the deletion or removal of your personal data where there is nocompelling reason for its continued processing

●  To restrict the processing of your personal data in certain ways

●  To obtain your personal data for reuse

●  To object certain processing of your personal data

Where can I get more information?

For more information please contact the data protection team: