Privacy Policy

This policy first adopted: October 2024

Summary

At Asha: A Community of Hope, we are committed to protecting and respecting your privacy. We use data you share with us to help us communicate with you, keep appropriate records, and serve our community. We keep your data secure and limit access to only those who need it for church business, sharing and storing it only with other secure services that we use (currently via Google). You are still in control of your data and can ask us at any time to change or remove your data from our system. If you have any questions, please ask one of our elders or Scott Burdsall, our Data Protection Compliance Coordinator.

1. Introduction

Welcome to Asha: A Community of Hope ("we", "our", "us"). We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (https://ashatowerhamlets.org), attend our meetings, or engage with us in other ways. Our data protection policy contains related helpful information. This is also available on our website.

2. Data Controller

Scott Burdsall
Data Protection Compliance Coordinator
Asha: A Community of Hope
Email: sburdsall@serge.org

Our main data processors include members of the church leadership and staff, and trustees. In some cases, volunteers support our work and may engage with your data as they support you in the services we provide. Our volunteers are aware of their responsibility regarding your data.

3. Data We Collect

We may collect and process the following types of personal data:

• Personal Identification Information: Name, address, email address, phone number.

• Attendance Data: Records of your attendance at our services and events.

• Donation Information: Details of your donations, including payment information (processed securely through third-party payment processors).

• Communication Data: Any correspondence with us, including emails and feedback.

4. Purpose and Legal Basis for Processing

We process your personal data for the following purposes:

• To Gather Information in Our Meetings: To administer and manage your attendance, participation, and donations in our meetings.

• To Communicate: To send you updates about our meetings, events, and other activities. You may opt-out of these updates at any time.

• To Improve Our Provision: To analyse attendance patterns and feedback to enhance our meetings and events.

• To Comply with Legal Obligations: To meet any legal or regulatory requirements (GDPR),¹ including financial audits and reporting.

5. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: Where you have given consent for us to process your personal data for specific purposes.

• Contractual Necessity: To fulfil our contractual obligations to you, such as managing your attendance or donations.

• Legitimate Interests: Where processing is necessary for our legitimate interests, provided your rights and freedoms do not override those interests.

• Legal Obligation: To comply with legal obligations.

6. Data Sharing

We do not sell, trade, or otherwise transfer your personal data to outside parties, except in the following circumstances:

• Service Providers: We may share your data with third-party service providers who perform services on our behalf, such as payment processors and IT service providers. These third parties are bound by confidentiality agreements and are only permitted to use your data as necessary to provide their services.

• Legal Requirements: We may disclose your data if required to do so by law or in response to a valid request from law enforcement or other government authorities.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, destruction, or alteration. However, no system is entirely secure, and we cannot guarantee the absolute security of your data.

8. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, and resolve disputes. Specific retention periods vary depending on the type of data and the purpose of processing. See our data protection policy on our website for further details.

9. Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right to Access: You can request access to the personal data we hold about you.

• Right to Rectification: You can request correction of any inaccurate or incomplete personal data.

• Right to Erasure: You can request the deletion of your personal data under certain conditions.

• Right to Restriction: You can request the restriction of processing your personal data in certain circumstances.

• Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, and machine-readable format.

• Right to Object: You can object to the processing of your personal data under certain conditions.

• Right to Withdraw Consent: Where processing is based on your consent, you can withdraw your consent at any time.

To exercise any of these rights, please contact us at info@ashatowerhamlets.org.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the updated policy on our website. Your continued use of our services after any changes constitutes your acceptance of the revised policy.

11. Contact Details

If you have any questions about this Privacy Policy or our data processing practices, please contact us at:

info@ashatowerhamlets.org , or

Scott Burdsall
Data Protection Compliance Coordinator
Asha: A Community of Hope
Email: sburdsall@serge.org

We are committed to resolving any concerns you may have regarding your personal data.

You can also contact the Information Commissioner’s Office on 0303 123 1113 or via email at ico.org.uk/global/contact-us/email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

¹ General Data Protection Regulation (GDPR) is a legal framework with guidelines for collecting and processing data from individuals. You can read more about UK GDPR at the Information Commissioner’s Office website.