Data Protection and Privacy

We will never sell, rent or give away your personal details to anyone.
We will only use the information you provide through this website or other means specifically to conduct business with you that you have requested.

If you decide to cease a business relationship with UK Churches, we will provide you with a copy of your intellectual property as well as destroy all data you have provided to us.

During the course of our activities we have cause to collect, store and process personal information, which we treat in an appropriate and lawful manner.

The types of information that we may be required to handle include details of suppliers, customers, clients and others that we have to communicate with from time to time.

The information, which may be held on paper, computer or other media, is subject to certain legal safeguards specified in the Data Protection Act 1998 (the Act).

This policy sets out our rules on data protection and the conditions to be satisfied relating to the obtaining, handling, processing, storage, transportation and destruction of personal information.

Our senior management team is responsible for ensuring ongoing compliance with the Data Protection Act and updates to our  policy.

Data Handling

Data is information which is stored digitally, cloud based, electronically, on a computer, or in paper-based filing systems.

Data subjects for the purpose of this policy include all  individuals about whom we hold personal data, and all data subjects have legal rights in relation to their personal data.

Personal data means data relating to an individual who can be identified from that data by name, address, telephone and or other contact information.

Data Managers are the people or organisations who determine the purposes for which, and the manner in which, any personal data is processed. They have a responsibility to establish practices and policies in line with the Act. We are the data managers of all personal data used to conduct our business, and our clients are the data managers and owners of any data they instruct us to collect on their behalf and how they would like such data to be processed.

Data users include employees whose work involves using personal data. Data users have a duty to protect the information they handle by following our data protection and security policies at all times.

Processing is any activity that involves use of the data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it.

Best Practice

The processing of personal data must comply with the 8 enforceable principles of good practice. These provide that personal data must be:

  1. Processed fairly and lawfully.
  2. Processed for limited purposes and in an appropriate way.
  3. Adequate, relevant and not excessive for the purpose.
  4. Accurate.
  5. Not kept longer than necessary for the purpose.
  6. Processed in line with data subjects’ rights.
  7. Secure.
  8. Not transferred to people or organisations situated in countries without adequate protection.

Data Processing

The Act is intended not to prevent the processing of personal data, but to ensure that it is done fairly and without adversely affecting the rights of the data subject. The data subject must be told of the purpose for which the data is to be processed by us, and the identities of anyone to whom the data may be disclosed or transferred.

For personal data to be processed lawfully, certain conditions have to be met. These may include, among other things, requirements that the data subject has consented to the processing, or that the processing is necessary for the legitimate interest of  the party to whom the data is disclosed.

Personal data may only be processed for the specific purposes notified to the data subject when the data was first collected or for any other purposes specifically permitted by the Act.
This means that personal data must not be collected for one purpose and then used for another. If it becomes necessary to change the purpose for which the data is processed, the data subject must be informed of the new purpose before any processing occurs.

Personal data is not be kept longer than is necessary for the purpose.
This means that data is destroyed or erased from our systems when it is no longer required.

Data Collection

Personal data should only be collected to the extent that it is required for the specific purpose and notified to the data subject. Any data which is not necessary for that purpose will not be collected.

Accuracy

Personal data must be accurate and kept up to date, and steps are taken to ensure the accuracy of  personal data at the point of collection and at regular intervals afterwards.

Inaccurate or out-of-date data is destroyed.

Rights

Data owners or subjects have the right to:
(a) Request access to any data held about them by a data controller or data manager.
(b) Prevent the processing of their data for direct-marketing purposes.
(c) Ask to have inaccurate data amended.
(d) Prevent processing that is likely to cause damage or distress to themselves or anyone else.

Security

We ensure that appropriate security measures are taken against unlawful or unauthorised accessing, processing  the accidental loss of, or damage to personal data.

The Act requires us to put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data may only be transferred to a third-party data processors if they agrees to comply with these procedures and policies, or if they put adequate measures in place.

Maintaining data security means guaranteeing the confidentiality, integrity and availability of the personal data, defined as follows:
(a) Confidentiality means that only people who are authorised to use the data can access it.
(b) Integrity means that personal data should be accurate and suitable for the purpose for which it is processed.
(c) Availability means that authorised users should be able to access the data if they need it for authorised purposes.
(d) Regularity of data backups
(e) Access controls. (username and password information).

Policy review

This policy is reviewed annually to ensure it is achieving its stated objectives.
Recommendations, updates and amendments are reported to our team and clients.

Cookies

We use cookies on this site or any other site we control in the following ways:

  • To track how our site is used through Google Analytics (this doesn’t collect personal data)
  • For shopping cart contents
  • For login and logout functions
  • For some commenting functions
  • Any user preferences that you may have set.
In this way we use cookies for essential functions that you request in the use of our site and services.

We don’t use cookies to collect personal data.

A notice appears at the bottom of our site upon first visit to inform users that we use cookies. If you click ‘Accept’ to dismiss this message, you consent to the use of cookies by this site. If you don’t want to allow this site to use cookies, you can leave the site at this point and no cookies will be stored on your computer.