King’s Cross Church Privacy Statement
KXC is committed to protecting and respecting your privacy.
This statement explains when and why we collect personal information about people who visit us, our website, or connect with us on social media, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
We may change this statement from time to time and a fuller version of our data protection policy can be found below. Both this statement and our policy are kept under regular review, so please check this page occasionally to ensure that you’re happy with any changes. By using our website, or connecting with us on any other available touchpoint you’re agreeing to be bound by this statement and our data protection policy.
Any questions regarding this Policy and our privacy practices should be sent by email to Rich Spens at email@example.com or by writing to 237 Pentonville Road, London, N1 9NG.
Who are we?
We’re KXC, a Registered Charity (no. 1141658) and Company Limited by Guarantee (no. 7416629). KXC is also a member of the Church of England, in the Diocese of London.
How do we collect information from you?
We obtain information about you when you use our website, sign up for any of our events or groups on ChurchSuite, register a child with us for a kids group, fill in a Connect Card, Serve, Give or Welcome flyers, or apply for a paid or volunteer position with the church.
What type of information is collected from you?
The personal information we collect might include your name, address, email address, phone number, attendance information at events, groups and meetings, IP address, and information regarding what pages are accessed and when. If you make a purchase from us, for example for the purpose of purchasing event tickets, your card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions, as explained below.
How is your information used?
We may use your information to:
- Process a donation that you have made, and claim gift aid on it, with your written permission.
- Process transactions that you have requested, i.e. registering you for groups and events run by the church, or supplying you with tickets for events or products where that is applicable
- Ensure that children attending a KXC group or event are safely registered and accounted for.
- Send you communications which falls within the scope of the charitable objectives of the church, and for the purpose of developing the congregation at KXC . This would be with your
written permission, via our Connect Card, welcome pack, or through a Newcomers event.
- To seek your views or comments;
- To notify you of changes to our services, events and role holders;
- To carry out comprehensive safeguarding procedures (including due diligence and
complaints handling) in accordance with best safeguarding practice from time to time with
the aim of ensuring that all children and adults-at-risk are provided with safe environments.
- To enable us to meet all legal and statutory obligations (which include maintaining and
publishing our electoral roll in accordance with the Church Representation Rules).
- Process an application for a job or a volunteer position
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations (for example the collection of Gift Aid, or children’s registration and attendance). We will hold your personal information on our systems for as long as is necessary for the relevant activity.
Who has access to your information?
We will not sell your information to third parties.
Third Party Service Providers working on our behalf
We may pass your information to a third party associated organisation for the purposes of completing tasks and providing services to you on our behalf (for example to register you with an external event like New Wine). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service. Please be reassured that we will not release your information to third parties beyond KXC, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
When you are using our secure online donation pages, your donation is processed by a third party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us.
You have a choice about whether or not you wish to receive information from us. We will collect your contact information via our Connect Card or welcome pack, and store it on ChurchSuite from where we send you details of church life, events and groups. If you do not want to receive these communications, you have the right to remove your information from ChurchSuite, or you can request such a preference via the church office at any time.
How you can access and update your information?
KXC uses ChurchSuite to host and process all personal information of guests and members of the church, upon receipt of a completed Connect Card. Members of the congregation are invited to download and access ChurchSuite for the purpose of staying in contact with the rest of the church and for adapting their communication preferences.
Alternatively, you can contact the church office at firstname.lastname@example.org or by post at 237 Pentonville Road, N1 9NG at any time with such a request.
You have the right to ask for a copy of the information KXC holds about you (we may charge £10 for information requests) to cover our costs in providing you with details of the information we hold about you.
Security precautions in place to protect the loss, misuse or alteration of your information When you give us personal information, we take steps to ensure that it’s treated securely.
KXC uses ChurchSuite as its data management system. ChurchSuite is a cloud hosted, web based management system which complies with the principles of the GDPR.
“Maintaining the security of your data is one of our highest priorities, and to this end, all access to ChurchSuite is over an SSL (https://) connection, which provides 256-bit military grade encryption to ensure that all data in transit between your web browser and ChurchSuite is fully encrypted.
Where we are required to store any usernames or passwords for third-party integrations, such as social media or communication channels, we will always encrypt these details before they are stored on our servers.
Once we have received any data and stored it on our servers, we make commercially reasonable efforts to ensure its security on our system. To this end, we have chosen to host our ChurchSuite servers in a data centre that meets some of the strictest of industry security requirements, and is classified as a Tier 2 data centre.
Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure, so whilst we strive to protect your personal information, unfortunately we cannot warrant the security of any information you transmit to us.”
This final paragraph applies to the transmission of data over the internet from any KXC email account too.
Using management information tools on ChurchSuite, we may analyse your personal information to understand demographics of those within the church, including address information. We do this to ensure that the charitable objectives of the church are being met and that what we provide is relevant for all types of people.
Use of ‘cookies’
It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies on your computer, visit our full cookies policy. Turning cookies of may result in a loss of functionality when using our website.
For the purpose of keeping webstats and analysing how people interact with our website – for the purpose of improving it and making it fit for purpose, we may use software that allows us to track IP addresses and ‘click’ interaction with the website.
16 or Under
We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.
Review of this Policy
We keep this statement under regular review. This statement was last updated in May 2018.