Data Retention Policy
Introduction
Hope Church Wellingborough Elim is committed to protecting your personal data in compliance with UK GDPR and the Data Protection Act 2018. This Data Retention Policy explains how long we retain personal data collected through our website and how it is securely managed and deleted.
This policy applies to all personal data collected via our website, including data from website visitors, customers, and other users.
Principles of Data Retention
We adhere to the following principles:
Lawfulness, Fairness, and Transparency: Data is processed lawfully, fairly, and transparently.
Purpose Limitation: Data is retained only for specified and legitimate purposes.
Data Minimisation: We retain only the data necessary for those purposes.
Accuracy: Data is kept accurate and up-to-date.
Storage Limitation: Data is stored only as long as necessary.
Security: Data is stored securely to prevent unauthorized access.
How long we keep your personal data?
We will retain your Personal Data for as long as is necessary to provide you with our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints.
At the end of the retention period, your Personal Data will be securely deleted or anonymised, for example by aggregation with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning.
We take the following into account determining retention periods for Personal Data;
whether we are retaining Personal Data for archiving, scientific or statistical purposes;
relevant guidance from the Information Commissioners Office (ICO) or the National Archives;
whether we have a legal or regulatory requirement to retain your Personal Data once your relationship with us has ended.
We implement appropriate technical and organisational measures to protect Personal Data that we process from unauthorised disclosure, use, alteration or destruction.
The purposes, lawful bases and retention periods
Contact Information
It is in our legitimate interest to respond to enquiries made via our website, by email, through our social channels or any other means.
(Likely personal data collected: name, email address, your query)
Retention Period: 3 years following our last meaningful contact.
Interested parties
If you are an existing member or have expressed an interest in our services, we may rely on legitimate interests to contact you to send information on events that may interest you. You may object to the processing for this purpose by emailing admin@hopechurchwellingboroughelim.com
If we have captured your consent for the purposes of advertising, we will rely on consent as our lawful basis for this processing.
You may withdraw your consent at any time by emailing admin@hopechurchwellingboroughelim.com
(Likely personal data collected: name, email address)
Retention Period: For as long as you are a member and, thereafter, for 3 years following our last meaningful contact.
Membership Registrations and Database
It is in our legitimate interest to request your personal details for your membership registration, and to manage and maintain the records of our members within our membership database.
(Likely personal data collected: name, email address, family details, medical information, etc.)
Retention Period: For as long as you are a member and for 6 years from the date your membership ceases.
Browsing Data
We use cookies on our websites with your consent, to improve our websites and the overall website visitor and user experience.
For further information please refer to our cookie policy.
Your Personal Data Regarding Gift Aid
We collect your personal data provided on Gift Aid forms, whether collected in paper or electronic formats.
(Likely personal data collected: Donor’s full name, Donor’s address (including postcode), Declaration of Gift Aid eligibility, Donation details (e.g., amounts and dates).
Retention Period: HMRC requires that Gift Aid records, including declarations and donation details, be retained for a minimum of six years after the end of the accounting period in which the last donation was made.
Legal Basis for Retention
We retain data based on the following legal grounds:
a) Consent: Where users have provided explicit consent.
b) Contractual Obligations: To fulfil contracts or agreements.
c) Legal Obligations: For compliance with tax, legal, and regulatory requirements.
d) Legitimate Interests: Where retention is necessary for business or security purposes.
User Rights
Under UK GDPR, users have the following rights regarding their personal data:
a) Access: Request access to the data we hold.
b) Correction: Request corrections to inaccurate or incomplete data.
c) Erasure: Request deletion of personal data (“Right to be Forgotten”).
d) Objection: Object to data processing in certain circumstances.
To exercise any of these rights, please contact our Data Protection Lead - William Sam-Aggrey via this link.
Data Deletion and Disposal
Upon reaching the end of the retention period, or upon user request (where applicable), personal data will be securely deleted or anonymised to prevent re-identification.
Security Measures
We implement robust technical and organisational measures to safeguard personal data, including encryption, firewalls, and secure access protocols.
Updates to this Policy
This Data Retention policy was last updated in November 2024.
We may update this policy to reflect changes in legal or regulatory requirements. The most recent version will always be available on our website.