1. Your personal data

At St Leonard’s Church we store contact details and other information about people who are connected with the church. This helps us to communicate well with you about church activities with which you are involved and new events that are coming up. It also helps the staff team with their oversight of what is happening in the church and who is involved. We may also record attendance information, for instance in children’s groups, to help us manage these groups effectively and for child protection requirements.

2. Storage and sharing of personal data

We use a computer system to keep all this data safe and to help us comply with data protection regulations. If you opt in to allowing your data to be shared with other church members on this system they will have access to read parts of your contact details at your discretion. Even if you opt not to share your details, they may still be visible to other people under limited circumstances — for example:

  • If you are involved in a church group or an area of service then the leader(s) of that group or ministry area may have access to your contact details.
  • If your name appears on a church rota then other people on that rota will be able to see your name.

3. Use of personal data

The information that we keep usually consists of your name, adult/child, gender and family connections. If you have provided them to us then we will also keep your address, telephone, email addresses, mobile number, occupation, website, company, allergies and date of birth.

If the church is involved in your pastoral care in any way then information relating to this may be stored. We will also store information regarding membership of groups or committees within the church, such as being an attendee of a congregation or small group. We may also process and store information on any invitations we have sent to you for activities or events, your attendance at any activities or events, details of any church-related subscriptions and all information we may have requested for the purposes of DBS checks. It will also be necessary to store information about ministries you are involved with and the dates and times of any duties associated with those ministries.

We may “profile” the information we collect about you and use automatic processing particularly for the purposes of choosing how relevant a church activity is to you based on group membership, age, gender or address.

If you are involved with a ministry at the church we may email or text you about this ministry, for instance with rota updates or information about what’s coming up. If you opt in to receiving emails about new ministries, events or products then we can keep you advised of those things that may interest you.

4. Processing your data

The General Data Protection Regulation provides several acceptable reasons for processing your information. If you are a regular attendee at the church or a recent new contact then we use the “Legitimate Interest” reason because keeping your contact details is important to running the church. If you are not a regular attendee then we use the “Consent” reason which requires us to obtain your opt-in consent allowing us to process your data. Under certain circumstances we may have a legal obligation to process your personal information (see section 5).

5. How long we keep your data

If you are a previous church attendee who has now left the church, we may keep your name on record, for historical or statistical purposes for a limited period of 3 years. We may keep more details and for longer periods if you have been involved in ministries that have legal record-keeping obligations such as child protection, employment or accident reporting. We retain electoral roll data while it is still current, gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate, and parish registers (baptisms, marriages, funerals) permanently. Details of retention policies for many different scenarios are published by the Church of England and could be more than 50 years.

6. Your rights and your personal data

You have various rights under the General Data Protection Regulation:

  • The right to request a copy of your personal data which we hold about you; however, if your request is manifestly unfounded or excessive then we can charge a reasonable fee for responding or we can refuse to respond.
  • The right to request that we correct any personal data if it is found to be inaccurate or out of date.
  • The right to request that your personal data is erased where it is no longer necessary for us to retain that data (i.e. where there is no legal requirement on us to retain it, and where it is not required for running the church).
  • The right to withdraw your consent to processing at any time, where the processing is of a kind which requires consent.
  • The right to request that we transmit your data directly to another church or organisation, where possible.
  • The right to request a restriction on further processing of your data, for example if you have lodged a formal complaint and are awaiting the outcome.
  • The right to lodge a complaint with the Information Commissioner’s Office (ICO) if you think we have been mishandling your data.

The full detail of your rights can be found on the ICO’s website at http://ico.org.uk

 7. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use, and we will seek your prior consent to the new processing wherever necessary.

8. Contact details

Requests regarding data protection should be sent to the Church Office, St Leonard’s Church, Topsham Road, Exeter, EX2 4NG or via email to office@stleonards.church or by telephoning the church office on 01392 286990.

You can contact the Information Commissioner’s Office on 0303 123 1113 or via email at https://ico.org.uk/global/contact-us/email/ or by post at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

9. Cookies

This site uses cookies — small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.

Cookie NameCookie CategoryDescriptionDuration
wordpress_2WordPress cookie for a logged in user.session
wordpress_logged_in_2WordPress cookie for a logged in usersession
wordpress_test_2WordPress cookie for a logged in usersession
wordpress_test_cookie2WordPress test cookiesession
wp-settings-1WordPress also sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface. 1 year
wp-settings-time-2WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface. 1 year
PHPSESSID1To identify your unique session on the websitesession
SESS1To ensure that you are recognised when you move from page to page within the site and that any information you have entered is remembered.session
__utma2This cookie keeps track of the number of times a visitor has been to the site pertaining to the cookie, when their first visit was, and when their last visit occurred. Google Analytics uses the information from this cookie to calculate things like Days and Visits to purchase.permanent
__utmb2__utmb is a Google Analytics cookie. It takes a timestamp of the exact moment in time when a visitor enters a site.session
__utmc2__utmc takes a timestamp of the exact moment in time when a visitor leaves a site.30 mins
__utmz2Keeps track of where the visitor came from, what search engine you used, what link you clicked on, what keyword you used, and where they were in the world when you accessed a website. This cookie is how Google Analytics knows to whom and to what source / medium / keyword to assign the credit for a Goal Conversion or an Ecommerce Transaction. 6 months

Links to other websites

Our website contains links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

The PCC of St Leonard’s Church, Exeter is a registered charity, number 1128060.

Download a PDF version of this policy.