What information will we collect?
We will collect and use information about you to enable you to participate fully in the activities of the church enabling you to connect further into the life of the church and for Alive Church to offer enhanced pastoral care to you. The information we collect and store includes your contact details and date of birth, information about your family, information relating to your discipleship journey and your information regarding your connection points into the church.
Alive Church will always ask your permission for us to store this information. If you do not give us permission to store your information then Alive Church will be unable to effectively pastor you or inform you of activities that we believe will be of benefit to you.
In order to join some of our teams we collect further information in order for Alive Church to process a DBS check.
If you choose to give via standing order or through card payments to Alive Church, Rise and Build or Make A Difference we also collect additional information regarding your giving to Alive Church. This includes Account Number, Sort-Code, Bank Name, Branch, Account Holder’s Name, Card Number, expiry date and 3 digit security code.
If you apply to work for Alive Church we collect additional information as part of the application process, this includes: previous employment history (contact details, rate of pay), education history and hobbies.
If you are an employee of Alive Church we collect additional information to ensure our responsibilities as an employer can be met. This includes: National Insurance Number, information relating to any Student Loans you may hold.
How will your information be used?
Your information is collected by means of Alive Church forms and our Planning Center Database app. Our methods of collecting data include the use of:
- welcome cards
- electronic forms (on our website, Planning Center and at the Connection Area during services)
- directly into Planning Center through their website
- salvation cards
- forms and registers (Kids, Youth, Students, Teams and Events)
- standing order forms (Offering, Rise and Build, Make A Difference)
- giving envelopes
- job application forms
- DBS checking forms
Once we receive your information it is transferred onto password protected files and saved to our online cloud based database ‘Planning Center’ - www.planningcenter.com. Original paper copies are shredded. The information we collect comprises name, date of birth, address, telephone numbers, email address, family names and contact details, discipleship journey information (baptism date, growth track attendance dates), connect group details and team information.
The Planning Center system uses the following protocols to ensure all data is secure
Planning Center is a PCI Level One compliant merchant
The Payment Card Industry Data Security Standards (PCI DSS, or more commonly, PCI) are a set of standards set forth by the four major card associations to protect cardholder data. All merchants and processors need to have physical, electronic, and procedural controls in place to ensure that cardholder data is stored and handled securely at all times.
Technical Security and Encryption
Whenever your data is in transit between you and Planning Center, everything is sent encrypted over HTTPS, and their databases utilise encryption at rest. They limit brute force attacks with rate limiting, and all passwords are filtered from all their logs and are one-way encrypted using industry standard bcrypt.
Data Durability and Recovery
Planning Center employ a multilayered backup strategy that is designed to be resilient to hardware failure, regional disasters, and malicious acts. Both point in time backups and daily snapshots are available for use in recovery.
Security Bug Bounty
Planning Center run an ongoing bounty program through HackerOne to provide penetration testing across all of their products. These security researchers are some of the best in the world at finding vulnerabilities and responsibly disclosing them.
All of your data on Planning Center is stored in AWS data centers, which use industry leading practices in physical security, redundancy, and availability. You can learn more about Amazon's data centers here.
Local Equipment Security
At the most basic level, Planning Center’s main physical space is locked and alarmed during off hours. In the event of a break-in, since their servers don't reside in their buildings, they aren't vulnerable to smash-and-grab robberies. Local computers are password protected and encrypted. In the course of conducting customer support, employees access customer data using an encrypted connection and must invoke a time-based one-time password upon connection.
To protect company data, including customer data, all employees sign a non-disclosure agreement when hired.
Planning Center works on a permissions based structure. Only designated Alive Church staff and volunteers have access to the full data within Planning Center.
Alive Church uses the following for event tickets:
Alive Church also uses Google GSuite with all of its staff, team leaders, ministry leaders and key volunteers. Google GSuite acts as one of Alive Church’s Data Processors. All Alive Church Google Accounts are password protected by 2-step security.
Further information regarding how Google processes your information on our behalf can be found here: Data Processing and Security Terms (Customers)
Your information is sometimes used away from the registered office. Alive Church permit the access to Planning Center and Google Accounts outside of the office. Your information may be sent via email between alivechurch.org.uk email addresses. Your information will not be emailed outside of the alivechurch.org.uk domain.
Alive Church do permit the keeping of paper registers and some forms. Paper records are always stored in locked cabinets and are transported inside folders to ensure they can not be viewed by unauthorised persons.
Once we receive your information it is transferred onto password protected files and saved to an online cloud based Google Account. These password protected files can only be accessed by designated Alive Church staff. Original Paper copies are then sent to your bank in order to set-up the Standing Order.
Alive Church use Paypal for our online giving portal. Paypal acts as a Data Processor for Alive Church. Further information on how Paypal processes your information can be found here: Privacy Statement
Electronic Giving (payment by card using the envelope scheme)
Once we receive your information it is used to process your giving via our card payment machines. The card information on the original paper envelope copy is then cut out and shredded. Once processed your card details are not stored by Alive Church. The remaining information on the envelope is then transferred onto password protected files and saved to our online cloud based Google Account. These password protected files can only be accessed by designated Alive Church staff. In order to process Gift Aid your information is transferred to www.fundfiler.com.
Fundfiler acts as a Data Processor for Alive Church in regard to Gift Aid. For further information on how fundfiler process your information please visit: https://www.fundfiler.com/terms.aspx#Privacy_Policy
The remainder of the giving envelope is kept in a secure locked cupboard for 7 years in accordance with the requirements of HMRC.
DBS status, where applicable, is stored on Google Drives administered by Alive’s Safeguarding Officers. These password protected files can only be accessed by designated Alive Church staff. The records of DBS searches are recorded simply as status, viz. submitted, clear etc. Original paper DBS disclosures are destroyed.
DBS applications are processed through Groundlevel. Groundlevel acts as a Data Processor for Alive Church in regard to DBS applications. To view how Groundlevel will handle your information please visit: https://www.groundlevel.org.uk/privacy-policy
All job applications to Alive Church are received through the email email@example.com. Once we receive your information it is stored on a password protected Google Account. These password protected files can only be accessed by designated Alive Church staff.
All information regarding those who are employed by Alive Church is stored on a password protected Google Account and with www.brighthr.com. These password protected files can only be accessed by designated Alive Church staff. Alive Church shares employee information with Smethurst and Buckton Accountants, as one of our Data Processors in regard to Payroll.
You can find further information about how brighthr process your information by visiting: https://www.brighthr.com/terms/?tab=privacy
You can find out further information about how Smethurst and Buckton process your information by visiting: https://www.smethurstllp.com/
Photos and Videos
Here at Alive we categorise Photos and Videos into 2 categories:
1: Photos of activities and human interaction:
Photos that show activities of the church that could not be deemed as revealing ‘religious beliefs’. Photos such as shots in social spaces, conversations, community groups, connect group socials etc.
In this instance Alive Church do not seek to gain explicit consent from you. We will never publish or use your photo with any other data that can identify you (such as your name) without your explicit consent
2: Photos of ‘Religious Beliefs’ and photos of Children, young people and vulnerable adults:
Photos that show activities such as worship, prayer, baptism, dedication etc. or photos of Children, young people or vulnerable adults:
In this instance…
Alive Church will only ever take, store and use your photo having ensured you (or your parent / guardian) have given explicit permission for us to do so.
That consent will be a written record, signed and dated.
We will never take, store, share or use a photo or video of you without your (or your parent / guardian) explicit permission.
You (or your parent / guardian) can decide not to grant us explicit permission to take, store, share or use a photo or video of you.
You (or your parent / guardian) can withdraw your explicit permission at any time and ask us to delete any photos or videos that we hold.
When we can use your information
We collect and use your information in the following situations:
Where we believe it is necessary to use your information to comply with a legal obligation to which we are subject
Where our use of your information is for the purposes of our legitimate interests and we have made sure that your information, and your rights in relation to that information, are protected.
Where we have your consent. We will rely on your consent to:
Use of your information to send you prayer requests and information updates on the following organisations:
Dave Bell Music
Use your information for marketing to you by email, text message and other methods of electronic communication from time to time in accordance with your data choices.
Where we rely on consent to use your information, you have the right to withdraw that consent at any time. Please see the ‘Your choices and rights’ section of this policy for more details.
Who will we share your information with?
Acts Trust is a Lincoln-based charity (charity number 1119911) founded by Alive Church in 2006, with the aspirational goal of poverty elimination in the City. Alive Church work in close partnership with Acts Trust and therefore will share your information with Acts Trust for the purposes of keeping you up to date with the work of Acts Trust and providing opportunities for you to serve the work of the charity.
You can object to us using your information in this way by writing to firstname.lastname@example.org or FAO Data Protection Lead, Alive Church, Newland, Lincoln, LN1 1XG
FACEBOOK MESSENGER + GROUPS
A number of the Teams and Connect Groups across Alive use Facebook Messenger and Facebook Groups / Pages to communicate with team and connect group members. You can find more information on how Facebook handle your information here: https://www.facebook.com/about/privacy/update
Alive Church uses Mailchimp to send emails regarding upcoming events, newsletters, team and connect group updates. Alive Church treat Mailchimp as one of our Data Processors. You can find more information on how mailchimp handle your information here: https://mailchimp.com/legal/privacy/
We promise we will never share your information with anyone else.
The period for which we will keep your information
We will keep your information for as long as is necessary for us to fulfill the purposes that we describe in this policy.
Your information is automatically made anonymous or destroyed at your request, on your death or once you have left the church following a period of 6 months of non-attendance.
Your Choices and Rights
You have a number of rights in relation to your information, and can make a number of choices about how we collect and use it. For example, you can decide not to receive marketing material from us, tell us how you want to receive communication from us, and object to some of the ways in which we use your information.
Please note that some of the choices or changes you make may impact our ability to communicate with you, pastor you and connect you to groups and teams that may benefit you.
You can log into Planning Center at www.planningcenter.com to:
Access and update the contact and personal details we hold about you
Opt-out of receiving communications to your device and/or telephone including calls to your mobile or other number, SMS, post and emails from us.
You can contact us using the details below to:
Request access to your information if you cannot locate it in Planning Center, www.planningcenter.com
Ask that we update, complete or correct your information if you are unable to do so in Planning Center, www.planningcenter.com
Ask that we erase or restrict our use of your information
Request that we provide your information to you in a commonly used electronic format and to have that information transmitted directly to another organisation (this is known as the right to data portability)
Object to Alive Church using your information in certain circumstances.
If you are concerned about how your information is used, please contact us at email@example.com or FAO Data Protection Lead, Alive Church, Lincoln, LN1 1XG. Alternatively, you have the right to complain to the Information Commissioner’s Officer.
Who We Are
We are Alive Church Lincoln Limited, Registered Charity No: 1140435. Registered Company No: 7494717. A company limited by guarantee having no share capital. A member of the Evangelical Alliance. Part of the Groundlevel Network of churches.
Our registered office is Alive Church, Lincoln, LN1 1XG. We are the Data Controller. Get in touch by contacting the Data Protection Lead at the above address, or you can contact the church on 01522 542166 to raise any questions or concerns.