Data Protection & Privacy Notice 2018-05-23T13:45:13+00:00

What personal data we collect and why we collect it

Data we may hold on the congregation and visitors:

  • personal information (e.g. name, address, email, phone, date of birth, family names);
  • next of kin, medication, allergy, emergency contact details for activities and events;
  • details of donations, and bank sort code (not account number), whether UK tax-payers;
  • attendance at church;
  • confidential prayer requests;
  • images of church activities;
  • for voluntary roles that require DBS Data & Barring Service checks to be completed.

Why we collect and use this information:

  • to keep congregation informed of news, groups, events and activities;
  • to make contact if their absence is of concern or their well-being;
  • to send statements of donations for tax returns and our accounts records;
  • to reclaim gift aid from HM Revenue;
  • to promote the church activities on our website and other publications;
  • to protect children and vulnerable adults under our supervision;

Collecting this information:

Whilst some information provided may be mandatory, some is provided on a voluntary basis.   We hold data for the legal number of years that we are required to do so i.e. at least 6 years for donation information and indefinitely for staff and volunteers, or if required to do so by law.

Sharing information:

We do not share your information with anyone without your consent, apart from those authorities listed above, where we may be required to do so by law.   Images may be used of church activities on our website and other publications.  We do not share your personal details for other direct marketing purposes.

Storing information:

We store some information electronically on secure cloud-based databases within the UK and EU (e.g. ChurchSuite and MailChimp).  Access to these databases are password protected and is restricted to staff or some team leaders only.  Our cloud-based databases have implemented strong privacy protections to handle our data appropriately and in line with UK and EU legal requirements of GDPR;

We store some information in files within locked cabinets at the ICC office;

We store some details on-site at halls for next-of-kin contact in case of an emergency;

Old information that is no longer required will be deleted or shredded securely.

Requesting access to your personal data:

You have the right to request access to information about you that we hold.  To make a request for your personal information, contact the Data Manager at the ICC Church Office.

You also have the right to:

  • object to processing of personal data that is likely to cause damage or distress;
  • unsubscribe or opt-out from our emails (email the Data Manager or churchoffice@icc-uk.org);
  • have inaccurate personal data rectified, erased or destroyed;

If you have a concern about us using your data, we ask that you raise your concern with us immediately.

Data we may hold on staff and trustees:

  • personal information (e.g. name, address, phone, email, date of birth, national insurance number, image);
  • contract information (e.g. start dates, hours worked, post, roles, salary, bank information);
  • passport, biometric residence permit (if applicable), CV, application for job;
  • work absence information (such as number of holidays, absences);
  • data and barring service information;

Why we collect and use this information:

  • to ensure staff or trustees have suitable background history, are qualified for their position and are not prevented from working with children and vulnerable adults;
  • to enable staff to be paid properly and fairly, are legally entitled to work in the UK, and to retain some of this information for historical, UK Border Agency and DBS (child & vulnerable adult protection) purposes.

We may share this information:

  • with our accountants for payroll; and with the HM Revenue for payroll and tax return preparation;
  • with UK Border Agency for overseas employees;
  • with CCPAS (Churches Child Protection Advisory Service) DBS processing for child protection;
  • (for Trustees*) with our bankers, Companies House and Charities Commission in UK;
  • (for Trustees*) with State of Delaware, IRS, Guidestar and CSC, our US filing service.

* Outline Trustee information is a matter of public record as directors of ICCF Ltd and ICC Inc.

Collecting this information:

Whilst some of the information provided to us is mandatory, some of it is provided to us on a voluntary basis.   We hold data for the legal number of years that we are required to do so i.e. at least 6 years for donation information and indefinitely for staff and volunteers, or if required to do so by law.

Sharing information:

We do not share your information with anyone without your consent, apart from those authorities listed above, where we may be required to do so by law.   Images may be used of church activities on our website and other publications.  We do not share your personal details for other direct marketing purposes.

Storing information:

We store some information electronically on secure cloud-based databases within the UK and EU (e.g. ChurchSuite and MailChimp).  Access to these databases are password protected and is restricted to staff or some team leaders only.  Our cloud-based databases have implemented strong privacy protections to handle our data appropriately and in line with UK and EU legal requirements of GDPR;

We store some information in files within locked cabinets at the ICC office;

We store some details on-site at halls for next-of-kin contact in case of an emergency;

Old information that is no longer required to be stored will be deleted or shredded securely.

Requesting access to your personal data:

Under data protection legislation, you have the right to request access to information about you that we hold.  To make a request for your personal information, contact the Data Manager at the ICC Church Office.

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress;
  • unsubscribe or opt-out from our emails (email the Data Manager or churchoffice@icc-uk.org);
  • have inaccurate personal data rectified, erased or destroyed;

If you have a concern about us using your data, we ask that you raise your concern with us straight away.

Data Retention Periods

For many types of personnel records, there is no definitive retention period: it is up to the employer to decide how long to keep these records. This advice is based on the time limits for potential tribunal or civil claims.  Where the recommended retention period given is 6 years, this is based on the 6-year time limit within which legal proceedings must be commenced as laid down under the Limitation Act 1980.

Accident reports                     A minimum of 3 years from the date of the last entry (or, if the accident involves a child/ young adult, then until that person reaches the age of 21). (See below for accidents involving chemicals or asbestos.

The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995 (RIDDOR)(SI 1995/3163) as amended, and Limitation Act 1980. Special rules apply concerning incidents involving hazardous substances (see below).

Accounting records                 A minimum of 6 year (Section 221 of the Companies Act 1985 as modified by the Companies Acts 1989 and 2006)

Bylaws                                       Permanently

Committee minutes                Indefinitely

Congregational minutes        Indefinitely

Council minutes                      Indefinitely

Health and safety records     Indefinitely

Inland Revenue records        Indefinitely (a minimum of 6 years under the Taxes Management Act 1970)

Personnel records                   Indefinitely (including Medical and all related Salary records, Income tax and NI returns, income tax records and correspondence with HMRC (requiring a minimum of 6 years under the Taxes Management Act 1970)

Trustee Minutes                      Indefinitely

Trustee Records                       Indefinitely

Data Breach

Should there be a data breach, we undertake to notify the Information Commissioner’s Office within 72 hours of becoming aware of a data breach.

Contact us:

International Community Church  &  International Community Church Foundation Ltd

ICC Church Office                                              Data Manager:  Vicky Cannings
13 London Street                                                direct:  vicky@icc-uk.org
Chertsey                                                               churchoffice@icc-uk.org
Surrey   KT16 8AP                                              01932 571820