St. Mary's Church Privacy Policy

Introduction

This Privacy Policy outlines the practices of St. Mary's Church Atherstone ("we," "our," or "the Church") with respect to information collected from users who access our website at https://www.stmarysatherstone.co.uk/ ("Site"), or otherwise share personal information with us (collectively: "Users").

Grounds for data collection

Processing of your personal information (meaning, any information which may potentially allow your identification with reasonable means; hereinafter "Personal Information") is necessary for the performance of our contractual obligations towards you, providing you with our services, protecting our legitimate interests, and complying with legal and financial regulatory obligations to which we are subject.

When you use the Site, you consent to the collection, storage, use, disclosure, and other uses of your Personal Information as described in this Privacy Policy.

We encourage our Users to carefully read the Privacy Policy and use it to make informed decisions.

What information we collect?

We collect two types of data and information from Users.

1. Non-personal Information: This type of information is un-identified and non-identifiable information pertaining to a User(s), gathered via your use of the Site. Non-personal Information includes aggregated usage information and technical information transmitted by your device (e.g., browser type, operating system, language preference, access time, etc.) to enhance the functionality of our Site.

2. Personal Information: This type of information is individually identifiable information, such as device information (e.g., geolocation data, IP address, unique identifiers), registration information (e.g., full name, email, physical address), and other data voluntarily provided by Users.

How do we receive information about you?

We receive your Personal Information from various sources:

1. When you voluntarily provide us your personal details during Site registration.

2. When you use or access our Site in connection with our services.

3. From third-party providers, services, and public registers (e.g., traffic analytics vendors).

How we use your information?

We do not rent, sell, or share Users' information with third parties except as described in this Privacy Policy.

We may use the information for the following purposes:

- Communicating with you.

- Sending notices regarding our services and providing technical information.

- Keeping you informed of our latest updates and services.

- Serving advertisements.

- Marketing our websites and products.

- Conducting statistical and analytical purposes to improve the Site.

In addition to the purposes listed above, we may transfer or disclose Personal Information to our subsidiaries, affiliated companies, and subcontractors.

User Rights

You may request to:

- Receive confirmation of whether your Personal Information is being processed.

- Access your stored personal information.

- Receive a copy of personal information you directly volunteer in a machine-readable format.

- Request rectification or erasure of your personal information.

- Object to the processing of personal information by us.

- Request restrictions on processing of your personal information.

- Lodge a complaint with a supervisory authority.

Please note that these rights are subject to our legitimate interests and regulatory requirements.

Retention

We will retain your personal information for as long as necessary to provide our services and comply with legal obligations. Retention periods will be determined considering the type of information and applicable requirements.

Cookies

We and our partners use cookies and other technologies for various purposes. Cookies are used to enhance your online experience and provide relevant advertisements.

Third-party collection of information

This Privacy Policy does not apply to third parties or sites you may disclose information to. Please read the terms and privacy policy of each third party.

Safeguarding your information

We implement and maintain security measures to protect your information. [ explain about your security practices, such as: we employ industry standard procedures and policies to ensure the safety of the information we collect and retain, and prevent unauthorised use of any such information, and we require any third party to comply with similar security requirements, in accordance with this Privacy Policy] . Although we take reasonable steps to safeguard information, we cannot be responsible for unauthorised access.

Transfer of data outside the EEA

We transfer data outside the European Economic Area (EEA) only to countries approved by the European Commission or with legal agreements ensuring adequate data protection.

Advertisements

We use third-party advertising technology for serving advertisements when you access the Site.

Marketing

We may use your Personal Information for promotional materials concerning our services, with means to opt-out provided within marketing materials.

Corporate transaction

Information may be shared in the event of a corporate transaction (e.g., sale, merger).

Minors

The Site is not designed for or directed at children. We do not knowingly collect Personal Information from minors.

Updates to this Privacy Policy

We reserve the right to amend or revise the Privacy Policy. Your continued use of the Site constitutes acknowledgment and consent to such amendments.

Contact us

For general questions or information about our data practices, contact us at stmarysatherstone@gmail.com.

GDPR Compliance

St. Mary's Church Atherstone ("we," "our," or "the Church") is committed to complying with the General Data Protection Regulation (GDPR) to ensure that your personal information is handled in a secure, transparent, and lawful manner. This section outlines your rights under GDPR and how we meet these requirements:

1. Lawful Basis for Processing

We process your personal information on the following lawful bases:

• Performance of a Contract: We process your data as necessary for the performance of our contractual obligations when you use our services.
• Legitimate Interests: We process your data to protect our legitimate interests and provide you with the best possible service.
• Legal Obligations: We process your data to comply with legal and financial regulatory obligations.

2. Your Rights under GDPR

Under the GDPR, you have certain rights regarding your personal information:

• Access: You have the right to request access to your personal information and receive a copy of it.
• Rectification: You can request the correction of inaccurate or incomplete data we hold about you.
• Erasure: You have the right to request the deletion of your personal information when it is no longer necessary for the purposes for which it was collected.
• Restriction of Processing: You can request restrictions on the processing of your personal information under certain circumstances.
• Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format.
• Objection: You can object to the processing of your personal information based on legitimate interests.
• Withdrawal of Consent: If we rely on your consent to process your data, you have the right to withdraw that consent at any time.
• 
  

3. Data Security

We take data security seriously and have implemented appropriate technical and organisational measures to protect your personal information. Our security measures are designed to prevent unauthorised access, disclosure, alteration, or destruction of your data.

4. Data Transfers

Your personal information may be transferred to countries outside the European Economic Area (EEA) for the purposes stated in this Privacy Policy. We ensure that such transfers comply with GDPR requirements, either through the European Commission's adequacy decisions or the implementation of appropriate safeguards.

5. Data Protection Officer (DPO)

We have appointed a Data Protection Officer (DPO) to oversee our data protection efforts. You can contact our DPO at stmarysatherstone@gmail.com.

6. Complaints

If you believe that your data protection rights under GDPR have been violated, you have the right to lodge a complaint with a supervisory authority.

7. Updates to this Section

We may update this GDPR Compliance section to reflect changes in our data processing activities or legal requirements. Any changes will be reflected in the "Last Modified" date below.

Last Modified November 2023