A. Introduction
B. Who are we?
C. What personal data do we collect, why, and what is our lawful basis?
D. Who do we share your personal data with?
E. International transfers of personal data
F. How long do we keep your personal data for?
G. Your rights in relation to your personal data
H. Information about our use of cookies
I. How to contact us
This privacy notice (“Privacy Notice”) applies whenever the Church in London (“we”, “us” or “our”) processes any personal data about you, or when you visit churchinlondon.org.uk, children.churchinlondon.org.uk, safeguarding.churchinlondon.org.uk, lifetalks.org.uk and any related sites (“our Sites”). Please read this Privacy Notice carefully.
We are a registered charity (charity number 1093426). Our registered office is at Bower House, Orange Tree Hill, Romford, Essex, RM4 1PB.
We are also registered as a data controller with the Information Commissioner’s Office, and our registration number is Z2349662.
If you have any data protection concerns, our contact details are set out under the section “How to contact us?” in this Privacy Notice.
We collect and process the following categories of personal data for the following reasons:
| What personal data? | Why? | Lawful basis under GDPR / UK GDPR |
|
When you register for an event or request hospitality or transport | Legitimate interests: For the purpose of general administration, such as arranging hospitality or booking transportation, in relation to your registration |
| Consent: Where you have provided your consent | ||
| Legal obligation: For us to fulfil any legal obligations or insurance requirements | ||
| Explicit consent: Where we need to process special category data (such as health data, ethnic origin, religion beliefs, and criminal offence data), we will do so when you have provided your explicit consent | ||
| Legitimate interests of a not-for-profit: Where we need to process special category data (such as health data, ethnic origin, religion beliefs, and criminal offence data), we will do so for our legitimate interest of making necessary arrangements in relation to the registration | ||
|
When you create an account or comment publicly on any of our Sites | Legitimate interests: For the purposes of website administration, providing you with resources for serving with children, safeguarding recruitment, training and administration |
| Consent: Where you have provided your consent | ||
| Legal obligation: For us to fulfil any legal obligations, including health and safety compliance, or insurance requirements | ||
|
When you apply to serve as a volunteer with our children and young people | Legitimate interests: For the purposes of safeguarding recruitment, training and administration and for dealing with any legal claims made against us |
| Consent: Where you have provided your consent | ||
| Legal obligation: For us to fulfil any legal obligations or insurance requirements | ||
| Explicit consent: Where we need to process special category data (such as health data, ethnic origin, religion beliefs) or criminal offence data, we will do so when you have provided your explicit consent | ||
|
When you communicate with or contact us, including reporting an accident or incident (either generally or relating to safeguarding) | Legitimate interests: For the purposes of responding to your request |
| Legal obligation: For us to fulfil any legal obligations, including health and safety compliance, or insurance requirements | ||
| Consent: Where you have provided your consent | ||
| Vital interests: In order for us to protect the vital interests of the person / people affected | ||
| Explicit consent: Where we need to process special category data (such as health data, ethnic origin, religion beliefs) or criminal offence data, we will do so when you have provided your explicit consent | ||
| Legal claims: For the establishment, exercise or defence of legal claims | ||
|
When you make a donation or register for a gift aid | Legitimate interests: For the purposes of processing the donation or gift aid registration |
| Legal obligation: For us to fulfil any legal obligations or tax requirements | ||
| Consent: Where you have provided your consent | ||
|
When you subscribe to receive emails, such as announcements, from us | Consent: Where you have provided your consent |
| Legitimate interests: For the purposes of improving our emails based on your activity in relation to them | ||
|
When your details are included in any of our church records, such as contact, attendance, or any other related lists | Consent: Where you have provided your consent |
| Legitimate interests: For the purposes of creating an internal directory, compiling statistics and reports, or for general organisational and administrative needs | ||
|
When you send us an invoice | Legal obligation: For the purposes of fulfilling any accounting requirements |
|
When you participate in an online conference call | Consent: Where you have provided your consent, including the recording of online meetings |
| Legitimate interests: For the purposes of conducting online meetings and assessing the results of an online meeting for future improvements |
We may share your personal data in the following ways:
| Type of Service Provider | Name and Link to Privacy Notices |
| Payment providers | Stripe – stripe.com/gb/privacy |
| PayPal – paypal.com/uk/webapps/mpp/ua/privacy-prev | |
| Web form providers | Google – policies.google.com/privacy |
| JotForm – jotform.com/privacy | |
| Web host providers | 1&1 IONOS – ionos.co.uk/terms-gtc/terms-privacy/ |
| Wix – wix.com/about/privacy | |
| Email Provider | Mailchimp – mailchimp.com/legal/privacy |
| Google – policies.google.com/privacy | |
| Gift Aid provider | Fund Filer – fundfiler.com/terms.aspx#Privacy_Policy |
| Web Conferencing | Zoom – zoom.us/privacy |
| MS Teams – docs.microsoft.com/en-us/MicrosoftTeams/teams-privacy | |
| Google Meet – support.google.com/meet/answer/9852160 |
In certain cases, your personal data may be transferred, processed and stored by our service providers outside of the UK and EEA. Where this occurs, the transfer is made subject to approved or appropriate safeguards in accordance with applicable data protection legislation. These safeguards include, for example, the International Data Transfer Addendum or International Data Transfer Agreement (issued by the UK Information Commissioner) and the EU Standard Contractual Clauses (adopted by the European Commission).
Your personal data will be kept (1) for no longer than is necessary for the purposes of its use; (2) to the extent we have an ongoing legitimate interest to do so; or (3) for as long as it is required in accordance with applicable legislation. For example, we will retain details of donations for seven years to meet tax and accounting requirements, whereas we are only required to keep accident book records for three years from the date of last entry.
Any data that has passed its retention period will be destroyed securely in line with our data protection procedures.
We respect your rights under the applicable data protection legislation to access and control your personal data. Your available rights are set out below.
Please note that we do not make any automated decision-making or carry out profiling activities using your personal data.
To exercise any of these rights, please contact us using the details provided below. We may require some proof of identification. Some of the above rights may be refused in certain circumstances, to the extent permitted by applicable data protection legislation.
A cookie is a small text file that websites create and store on your computer containing data about websites that you visit. They are widely used to make websites work or work more efficiently, as well as to provide information to the owners of the site. The below table describes the cookies we use on our Sites and why:
| Cookie | Name | Purpose |
| PHP session cookie | PHPSESSID | Strictly necessary: This session cookie is set when a visitor first loads a page. The cookie is required by the underlying technology to power the website. It will last as long as the visitor is on the website and is removed when the visitor closes their browser. It does not store any user information; it is used to maintain a unique link between the browser and the website for the purposes of information requests and session data used by the website to manage user logins. This cookie is set without confirmation as it is crucial to the basic operation of the website. |
| WordPress Platform | wp-settings-[UID], wp-settings-time-[UID] | Strictly necessary: WordPress uses cookies to customise the registered user’s view of admin interface and possibly also the main site interface. |
If you have any questions or concerns about this Privacy Notice, our privacy practices, your personal data, or you would like to make a complaint, here are the ways you can contact us:
● Email – data@churchinlondon.org.uk
● Phone – 01708 380 330
We may update this Privacy Notice from time to time. If we change the way we are using your personal data, we may inform you in a way consistent with the significances of the changes we make, or seek your consent in accordance with applicable data protection laws.
Last updated: 5 March 2025