top of page

Privacy Policy

Commencing 25th May 2018, the “General Data Protection Regulation” (GDPR) law gives people in the UK more rights regarding how information about them is stored and used.


1. Definitions


'Personal data' is any information relating to a living individual who can be identified by that data directly or indirectly. 

'Processing' is anything done with personal data, including how it is stored, managed, used, updated and kept secure.

'Data subject' is the person about whom personal data is processed.

'Data controller' is the person or organisation who determines how and what data is processed.


2. Who We Are

City Church St Albans (CCSA) is the data controller described in this privacy notice. This means that we decide how your personal data is processed and for what purposes, and that we explain how we do that openly, clearly and fairly.


CCSA can be contacted by phone on 01727 846080 or by email at


The designated data controller at CCSA is Phil Griffiths.


3. How we collect information about you 


We may collect personal information each time you are in contact with us. For example, when you:

  1. Provide your contact details, in writing or orally, to CCSA staff or volunteers;

  2. Register your details and your family details using the website or the ChurchSuite service (via the web or through the mobile and tablet application)

  3. Communicate with the CCSA by means such as email, letter, telephone;

  4. Face-to-face meetings with staff and volunteers;

  5. Visit or subscribe to our website;

  6. Make a donation by the completion of gift envelopes or electronic means;

  7. Register for a conference or other CCSA event;

  8. When you attend church services or participate in other CCSA activities;

  9. Purchase goods or services, including when you provide credit or debit card details (although these details are not retained);

  10. Access social media platforms such as Facebook, YouTube, Instagram and Twitter.

4. How We Process Your Personal Data


CCSA complies with it’s obligations under GDPR.

CCSA does this by obtaining active consent from people about whom it holds information so that it can perform the following functions with the data:

  1. Keep personal data up to date.

  2. Store and destroy personal data securely.

  3. Not collect or retain excessive amounts of data.

  4. Protect personal data from loss, misuse, unauthorised access and disclosure.

  5. Make sure that appropriate technical measures are in place to protect personal data.


5. How We Use Your Personal Data


We use your personal data for the following purposes:

  1. To achieve the objectives of the national constitution of the Elim Pentecostal Church and the local constitution of CCSA.

  2. To enable us to provide spiritual, ministerial, professional and voluntary services for the benefit of the public.

  3. To permit us to provide pastoral care to people attending the church.

  4. To administer membership, attendance and participation records.

  5. To fundraise and promote the interests of CCSA.

  6. To manage and administer the function of our office holders, employees and volunteers.

  7. To maintain the accounts and records that permit the effective purpose, mission, function and operation of the church.

  8. To operate our church database, email, website and social media platforms.

  9. To inform individuals of news, events, activities or services running at CCSA.

  10. To deliver services that individuals have requested.

  11. To process financial donations and gift aid applications.

  12. To process DBS checks as part of child protection compliance.

  13. To contact individuals in order to research their opinions of current services or of potential new services that may be offered.

  14. To protect our church property through the use of CCTV systems for the prevention of crime.


6. The Legal Basis For Processing Your Data


There are two parts to the legal basis for CCSA to process your data.

  1. Article 6 GDPR specifies that the data subject is to provide their consent to this processing. This consent gives CCSA permission to meet the charitable objectives it has towards people (the data subjects).

  2. Article 9 GDPR specifies that processing is carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes) and there is no disclosure to a third party without consent.


7. Sharing your personal data


Your personal data will be treated as strictly confidential and will not be shared with anyone outside of CCSA. In practice this means that the only people who will have direct access to your personal information would be the pastoral team, the core leadership team and CCSA employees.

In the event that data about you is requested by someone else in CCSA, we would only share that data with your prior consent.

In the event that data about you is requested by a third party, we would only share that data with your prior consent.

Your information will be stored on electronic data systems (computers). This will be through a secure contracted service using ChurchSuite™ who provide a fully GDPR compliant service. This information is encrypted and is only used by CCSA and it’s officers. In some cases some information in paper format stored securely within CCSA.


8. How long we keep your personal data


We keep your personal data in line with statutory obligations and for no longer than is reasonably necessary. Practically this means:

  1. Membership while it is still current and for one calendar year upon leaving CCSA;

  2. Gift Aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate (Required by HMRC);

  3. Registers (baptisms, marriages, funerals) will be retained permanently;

  4. Employment records and volunteer records are kept for the legal requirement of 6 years (Guidance from ICO and CIPD);

  5. Safeguarding records, both for children and vulnerable adults, are retained in line with current safeguarding regulations;

  6. Health and Safety records are kept for 40 years (Required by HSE).


9. Your rights and your personal data


Unless subject to an exemption under GDPR, you have the following rights with respect to your personal data:

  1. The right to request a copy of any personal data that CCSA holds about you. This will be provided free of charge within 30 days of your request (This may be extended to 60 days in some circumstances).

  2. The right to request that CCSA corrects any personal data if it is found to be inaccurate or out of date.

  3. The right to request your personal data is erased where it is no longer necessary for CCSA to retain such data.

  4. The right to withdraw your consent to the processing of your information at any time.

  5. The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.

  6. The right to lodge a complaint with the Information Commissioners Office.


Please note: Whilst you have the right to withdraw your consent to the processing of your information and to its complete erasion, the processing of your information is a necessary aspect of church membership for the provision of pastoral care and ongoing communication. Therefore, if you do choose to exercise your rights to be forgotten, please be aware that this will annul your church membership status. You will still be welcome to worship with us as part of the broader community, but you will no longer be consider a CCSA church member.

10. Further processing


If we wish to use your personal data for any new purpose that is not covered by this Data Protection Notice we will provide you with a new notice.

This will explain the new use prior to commencing the processing and setting out the relevant purposes and processing conditions.

Where and whenever necessary, we will seek your prior consent to the new processing.


11. Contact Details


To exercise all relevant rights, queries or complaints please in the first instance contact the CCSA Office at 01727 846080. Alternatively, you can email our Operations Manager at:


You can also contact the Information Commissioners Office:

• by phone: 0303 123 1113

• by email:

• by post at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF


12. Consent


Your personal data is stored and processed electronically through ChurchSuite™. Consent is collected through the ChurchSuite™ database upon registration and periodically when it is necessary to send out consent requests via an email or through other suitable means.

bottom of page