This policy was last updated on 22nd May 2018
As a regular worshipper or someone in an employer / employee relationship with Glory House Churches International there are many ways you can use the services we offer, some of which requires you to share your personal data with us. In these instances, we act as the data controller, making us responsible for deciding the purpose and means for dealing with your personal data.
Glory House Churches International is a Christian charity organisation with Registration number: 1016583 and we are very mindful of the privacy of your personal data.
- What personal data we collect about you in the course of your engagement with our services, why we collect it, who it goes to and for how long we retain it.
- How we use your personal data.
- How we protect your personal data.
- Your legal rights in respect of your personal data, including how to access and update the
Information we hold about you.
About Our policy
Our policy provides you with information on how we will use your information and the actions we take to protect your privacy.
On specific occasions, we may provide you with additional information when we collect your personal data. This policy is designed to supplement any specific notices and they should always be read in conjunction with each other, so you are fully aware of how and why we are using your data.
It’s important that your personal data is accurate and up to date, so we can effectively provide our services to you. You can check and update your details by contacting us using the details provided along with this policy.
What data do you collect about me?
- Your name and contact details.
- Personal details like your date of birth, gender and ethnic background.
- Your education information, such as qualification records, level of education and English language ability.
- Giving information, including your bank, card or direct debit details.
- Certain health information you may disclose in respect of your personal circumstances, such as details of disabilities/learning difficulties requiring reasonable adjustments for assessments.
- Any other relevant personal information contained in your application forms, supporting documents uploaded (such as your photo ID) with your application, or that you may provide to us with consent (e.g. responses to surveys and personal stories for marketing material).
What do you do with my data and on what grounds?
We can only process your personal data if we have a basis to do so which is permitted by law.
Outlined below are the lawful basis for data processing and what they mean.
- Performance of contract with you: We process your personal data where necessary to fulfil a contract with you or to take steps, at your request, before entering into such a contract.
- legitimate interests Necessary for our: We process your personal data as and when necessary to do so in order to conduct and manage our business to provide you with the best service and experience.
- We make sure we consider and balance any potential impact on you and your rights before we process your personal data for our legitimate interests. We don’t use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
- Necessary to meet our legal obligations: We process your personal data where it’s necessary for compliance with legal or regulatory obligations.
- Consent: As may be required from time to time, we would seek your clear and unambiguous consent to further process any of your personal data.
Purpose/activity Lawful basis for processing including basis of legitimate interest, Notice of upcoming events and programme and for important communications relevant to your worship experience.
Necessary for our legitimate interests
(for running our business)
Managing payment, including:
- Receiving your giving to the church
- processing invoices and payments, including card and direct debit payments
- Performance of a contract with you
- Necessary for our legitimate interests
- (meeting our financial obligation)
- Customer support in relation to sale of books and other ministry materials
- addressing enquiries and resolving issues
- Promotions in social media
- communicate non-essential information and send relevant promotional information
Legitimate interests (to improve our business offerings)
Your consent (if received)
GHCI including to:
- send essential communications about the training and
- future training opportunities
- produce your statement of result
- verify your level of education
Who will you share my personal data with?
- Our third-party service providers of payment, user testing, IT, career management consultancy, benefits and rewards and mailing services
- Our pages on social media platforms, such as Facebook, Instagram, Twitter and You tube.
- Supervisory/regulatory bodies, law enforcement and independent investigators relating to disciplinary investigations, complaints and regulatory reporting requirements (including the Police, Safeguarding authorities, Charity Commission, HMRC and the Council).
Where do you get my data from?
Other than directly from you, we may also receive personal data from the following third party sources:
- Employers for the purpose of references.
- Publicly available sources, such as returned post.
- Our payment providers, such as BACS.
- Our third-party service providers of IT and other support services.
How long will you keep my data?
We will retain most of your data for as long as you remain a worshipper with us or in the employment of the church otherwise our data retention policy will apply. This may cover any correspondence between you and the church. Below are exceptions to this:
- If you have submitted any medical evidence to support Reasonable Adjustment and Special Consideration requests, this will be retained for 7 years from the end of the adjustment period.
- Credit card details will be managed in line with the industry best practises
- Direct Debit instructions will be retained for two years from the last payment receipt.
What data are you collecting?
Why are you collecting my data?
We can only process your personal data if we have a legal reason to do so. In addition to the specific instances that you’ve provided your consent, we may also process your personal data when it’s necessary for:
- Meeting our legal obligations
- Our legitimate interest
- Performing our contract with you.
To find out what we mean by lawful basis, and to see which purposes and lawful basis concern you, select the relevant category from the “Specific information about my data” section.
On occasions, it may be necessary to process your data for reasons unrelated to those outlined in this policy. On these occasions, we will notify you and explain the legal basis on which we are doing so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Will my personal data be shared with anyone?
In general, we never sell or share your personal data with third parties. However, it might be necessary for us to do so on occasion, to deliver the required service to you or to comply with our legal obligations if so we’ll always tell you first.
For more information on who we might share your data with select the relevant category from the “Specific information about my data” section.
When we do share your personal data with third parties, they will be required to follow our privacy
policy and to process your data in accordance with our instructions and to adhere to the technical
requirements and other regulations required by law, to ensure your personal data is only used and
processed for the specified purposes.
We take your email and communication privacy seriously and will not pass your contact details to third parties for marketing purposes, without your prior consent.
How long will you keep my data?
We keep your data for as long as it’s necessary to meet the relevant purposes for which we’ve collected the data, including for the purpose of satisfying any legal, accounting or reporting requirements.
To determine the appropriate length of time to hold your data, we consider the amount, nature, and Sensitivity of the personal data, the potential risk of harm, from unauthorised use or disclosure of your personal data, the purpose for which we process your data and whether we can achieve those purposes through other means, along with the applicable legal requirements, which may dictate the length of time we are required to hold certain types of data for.
Where do you get my data from?
In general, you provide your personal data directly, when you communicate with us through various channels, such as our website, phone, email or face to face meetings with our representatives.
Instances, when you might provide us with your personal data, include when you:
- make an application for employment
- Contact us for counselling
- Contact us to resolve an enquiry.
We may also receive your personal data from various third parties, such as your training provider or accredited employer. For more details on how else we might receive your personal data, select the relevant category from the “Specific information about my data” section.
Specific information about my data
The reasons and methods of collecting, using and transferring your personal data varies depending on why and how you’re using our services. Please select the relevant category from the below list to see what services you receive from us and the specific information relating to how we process your personal data.
- A Worshipper
- An Employee
- Applying for a service such as counselling or Glory House Academy
Will my personal data be sent abroad?
No. GH is an international church with her headquarters is in the UK. This means all workers and member’s data collected within the EU will only be process within the EU in accordance with GDPR.
How do you protect my data?
We are committed to protecting the security of your personal data, and as such we have put in place
appropriate measures to:
- Prevent your data from being accidentally lost, used or accessed in any unauthorised way, altered or disclosed.
- Deal with, and notify you and any applicable regulators, of any suspected personal data breaches where we’re legally required to do so.
- Limit access to your personal details to only those employees, agents, contractors and other third parties who have a business need. They will only be able to process your personal data on our instructions and will be subject to a duty of confidentiality.
What are my rights?
You may have the right to:
- Request access to your personal data. You will be able to request a copy of the personal data we hold about you and check that we are processing it legally.
- Request correction of your data. You will be able to correct and update any incomplete or inaccurate data we hold about you, however, we may need to verify the accuracy of the new data you provide.
- Request erasure of your personal data. You will be able to ask that we delete or remove your personal data where there is no good reason for continued processing. You will also have the right to ask that we delete or remove your personal data where an objection to processing has been successful, where we may have processed your data unlawfully or where we are required to delete data to comply with local law.
- object to processing of your data. You will be able to request that we stop using your personal data:
– for any direct marketing purposes
– which is being processed on the basis of legitimate interest (see your relevant section in
the ‘Specific information about my data’, when you feel the processing impacts on your
fundamental rights and freedom. In some cases, we may demonstrate that we have
compelling legitimate grounds to process your information which would override your
- Request restriction of processing your personal data. This enables you to ask us to suspend processing your personal data in the following scenarios:
– if you want us to establish the data’s accuracy
– where our use of the data is unlawful but you don’t want us to delete it
– where you need us to hold the data even if we no longer require it as you need it to
establish, exercise or defend a legal claim
– you’ve objected to our use of your data, but we need to verify whether we have overriding
legitimate grounds to use it.
- Request transfer of your personal data to you or a third party. You can request that we transfer your data in a suitably accessible format to you and or a third party, where the data was provided with your consent.
- Right to withdraw consent. Where we are relying on consent to process your personal data. This will not affect the lawfulness of any processing carried out prior to your request. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case when you request to withdraw your consent.
What are the requirements and consequences of making a request? Requests relating to changes to our handling of your personal data will generally be free of charge, and we will aim to respond to all requests within one month. However, please note:
- We may need you to supply additional information to confirm your identity and ensure your right to access your personal data (or exercise your rights). This is to ensure that personal data is not disclosed unlawfully.
- We may need to contact you to help speed up the resolution of your request.
- An administrative fee may be charged for any unfounded, repetitive or excessive requests, or for additional copies of Personal Data you request.
- Occasionally, it may take longer than one month to resolve your request, in these cases we will notify you and keep you updated on timing.
- Any requests to restrict or delete your data will limit your ability to access our services and products, and/or result in ending your relationship with us.
Please note that these rights apply by law, only to certain types of Personal Data and processing, and may not be applicable to your circumstance.
If you have any concerns about how we handle your data, please contact us using the details provided in this privacy notice. If you are not satisfied after we’ve tried to resolve your issue, you will be entitled to lodge a complaint with our Data Protection regulator, the Information Commissioner’s Office (ICO). Please see the ICO website for further details, www.ico.org.uk
If you wish to exercise any of the above rights, you will need to contact us in writing using the details provided in this policy.
Third party websites
Our website includes links to external, third party websites. Clicking on these links may allow the
collection or sharing of your personal data in ways which will differ to those detailed in our Privacy
Policy. We would encourage you to read the privacy policies of the external websites you visit from our website.
or by writing to:
The Data Security Manager
Glory House Churches International,
2 Tabernacle Avenue,
We reserve the right to make changes to or update the terms of this policy from time to time.