LAST UPDATED: AUGUST 02, 2021
ChurchSuite Ltd. is committed to the protection of the privacy of all our customers. Your privacy is really important to us and we understand how important it is to you. Our aim is to be as clear and open as possible about what we do with your personal data and why we do it.
Definitions we use in this privacy notice
"Data Protection Law" means all data protection laws and regulations applicable to the UK including (i) the UK Data Protection Act 2018; (ii) UK General Data Protection Regulation ("UK GDPR"); (iii) the Privacy & Electronic Communications Regulations 2003 ("the PECR") relating to electronic communications; (iv) In the event that the EU GDPR (as defined in the Data Protection Act 2018) applies to activities, we will comply with the EU GDPR; and applicable national implementations of (iii) and (iv).
"The Service" means our ChurchSuite software, which is accessed online through a web browser, or by using our mobile applications (Apps).
"you", "your Organisation" means your church, charity or other type of organisation that may have opened a ChurchSuite account. In the relationship between us as you use The Service, our website, and our customer support services, your Organisation is considered the Data Subject (our Customer) as defined within the context of Data Protection Law.
"us", "we" and "our" refer to ChurchSuite Ltd. In the relationship between us as you use The Service, our website, and our customer support services, ChurchSuite Ltd should be considered the Data Controller (the Service Provider) as defined within the context of General Data Protection Regulation Data Protection Law. This means we decide how your personal data is processed and for what purposes (explained below).
How do we use your information?
When you first sign up for a trial of The Service, you are required to provide basic contact information (about your Organisation, and about yourself as the organisation’s ‘account contact’) to enable us to create your trial account to access The Service. The contact details you provide are used solely to communicate with you throughout your trial experience. At the end of the trial period, if you wish to continue to access The Service on a paid subscription basis, those same account contact details are retained.
Within the administrator section of The Service you are able to update the account, billing and data protection contact details for your Organisation at any time; for example, if the account contact person changes within your Organisation.
We comply with our obligations under UK Data Protection Law by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
What is our lawful basis for using your information?
There are various scenarios within which we may use your information, and for each we have identified the lawful bases for processing, as described below:
If you/your Organisation has subscribed to use The Service (see our related Terms of Sevice), processing is necessary to perform and manage the contract.
Legitimate interest applies:
Where the contract between us has ended – either because you have closed your trial of ChurchSuite or you have cancelled your subscription to The Service. We will opt you out of all communication and not contact you after the contract has ended; unless you contact us or have requested we contact you at a later date. However, we will retain your basic contract contact details for internal statistical and reporting purposes.
Where you sign-up for a training event and we communicate with you about that event, both before the event, and in follow up after the event.
Where you have engaged with us at an exhibition or marketing event, or you have approached us independently for information about The Service. We will only use your contact details to respond to your enquiry.
Where we need to communicate with you about: -
A technical issue or bug within The Service that affects you,
Any security-related matter relating to The Service,
New features and functionality added to The Service, or changes to existing functionality that may affect your Organisation’s use of The Service,
Training events we are running designed to help train your users and maximise your Organisation’s use of The Service.
For good governance and accounting, for market research, analysis and developing statistics.
Legal obligation applies:
When you exercise your rights under Data Protection Law and related disclosures.
For maintaining and reporting financial accounting information for up to 6 years from the end of the tax year in which a financial transaction was processed. Financial information may be for use of The Service, support services provided outside of the scope of the support included in your monthly subscription, and for training.
Where you have voluntarily subscribed to our emailing list and explicitly consented to receiving our emails informing you about new features and functionality. You can unsubscribe from this list at any time using the unsubscribe link in the footer of those periodic emails.
Where you have explicitly consented for us to publish a “Review” that you or your Organisation has written about The Service for our website. Your name, Organisation name and website may be included in the review, along with any profile image you have supplied us. You may withdraw your consent at any time and we will remove your review from our website. We’ll remove your review if you cancel your subscription.
Sharing your information
The information we hold about you will be treated as strictly confidential and we will only share your data with third parties with your prior consent, or unless required to do so by law.
How secure is your information?
We take security very seriously and will do everything within our power to keep your information safe. Full details on the steps we have taken to manage your data securely can be found on our security page.
How long do we keep your information?
We keep data in accordance with the guidance set out by UK Data Protection Law. We endeavour to only maintain data that is necessary, relevant, accurate and up to date. If you subscribe to The Service you are responsible for keeping account contact, billing contact and data protection contact details up to date (managed in the Administrator section of The Service). We have internal processes to periodically review the data we hold and delete data that is no longer relevant to our purposes for processing.
Your rights and your information
Unless subject to an exemption under UK Data Protection Law, you have the following rights with respect to your personal data: -
Access to your information: You have the right to request a copy of the personal information that we hold about you.
Correcting your information: We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
Deletion of your information: You have the right to ask us to delete personal information about you where:
you consider that we no longer require the information for the purposes for which it was obtained or that we no longer need to retain it in accordance with our statutory obligations under UK Data Protection Law;
you have validly objected to our use of your personal information - see ‘Objecting to how we may use your information’ below;
our use of your personal information is contrary to law or our other legal obligations.
Objecting to how we may use your information: Where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
Restricting how we may use your information: In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where there is no longer a basis for using your personal information but you do not want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Withdrawing consent using your information: Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given. Please contact us in any of the ways set out in the ‘Contact information and further advice’ section if you wish to exercise any of these rights.
Lodging a complaint: If you feel we have used your information incorrectly or without lawful basis, or you dispute our lawful basis, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).
If we wish to use your information for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining the new use prior to starting the processing and setting out the relevant purposes and legal basis for processing. Where and whenever necessary, we will seek your prior consent to the new processing.
Our contact details
We can provide you with access to your personal data at any time. We ask that requests are made in writing to The Data Protection Officer, ChurchSuite Ltd, Floor 2, 1 Broadway, Nottingham, NG1 1PR, UK, or by email to firstname.lastname@example.org.
If you have a data protection, security or privacy-related question or complaint, please contact ChurchSuite by email in the first instance, where we will do our best to assist you or resolve an issue.
Information we may collect about you/your organisation:
What we use this information for
Used to create an account for The Service for your named Organisation
Used by us to verify the existence of your Organisation when a trial account is opened for The Service. Your Organisation’s domain name is also used to match support emails received from your Organisation’s domain name to your account.
Account contact first and last name
Each organisation will designate a named individual who will serve as our point of contact for matters relating to The Service. The account contact will also be our initial billing contact and data protection contact; however, you can update any of these at any time from within the Administrator section of The Service.
Account contact email address
An email address is required in order for us to communicate with you about your account and account-related matters. Communications will also include information about ChurchSuite training events, periodic updates about new features and functionality, and to confirm certain changes you may request to your account.
Account contact telephone number
Either a landline or mobile/cell number is required. We don’t usually communicate by telephone unless you have requested a call back, or if we need to contact you quickly about your account for any reason.
So that we know how to thank for referring you to ChurchSuite.
Other information we may derive or obtain from third parties
Job title within your Organisation
This may be stated on your organisation’s website, in your email signature, or where you have made this known to us. It’s helpful to know if we are dealing with an Organisation’s leader, an operational/office admin, a finance admin, an officer of the Organisation (such as a trustee, director, elder or churchwarden), someone with another role within your Organisation, or a data subject member.
Your organisation address, including postcode/zip code and country
This may be taken from your website, or you may add/update this information in the Administrator section of your account. This is primarily used to correctly configure your account with the appropriate time zone, currency, tax-deductible donation or Gift Aid functionality, date/time format settings, and local school grade/year structure for your country.
Organisation Twitter handle
As a customer, we’ll follow you on Twitter. You can follow us too if you wish @churchsuite
We produce internal reporting about the different types of organisations in our customer base (e.g. church, independent charity, other; and for churches, if applicable, your denomination).
Organisation ‘known by’ names
Where your Organisation is known by more than one name, or by an abbreviation of your Organisation name, we’ll note these to help us better match email support enquiries to the correct customer account, and to make it easier for your data subject members to find their church/charity when they log in to their member-facing side of The Service.
Where applicable, we use your charity number to obtain basic information about your charity for internal reporting purposes.
Other information we maintain about your organisation
We maintain a financial history with audit trail of invoices raised and payments made for The Service, including payment method, and correspondence relating to due, overdue and unpaid accounts.
Statistics about your account
We maintain a record of the modules on your account and statistical information about module usage. This is used to calculate your monthly billing and internal statistical reporting.
We maintain a record of the third party integrations that you’ve completed for your account.
If you sign up for a training event
When you sign-up for a training event, your sign-up details are used solely to communicate with you about the event, both before and in follow up to the event. Sign-up details are retained for financial accounting and audit purposes. We do not use your event sign-up details for any other marketing purpose.