This version: 3rd May 2025
Renewal Term: Annual
Written By: Jen Edwards
This policy should not be reproduced in any way without prior permission.
Revision
Date
Details
1
3rd May 2025
Initial Draft
1. Who We Are
The Bridge Church, Chepstow is a registered church affiliated with Assemblies of God Great Britain (AoG GB). We are committed to protecting your personal data and handling it with care, transparency, and in accordance with UK data protection legislation.
Our contact details are: Email: Admin@thebridgechurch.online Data Protection Officer: Lis Nicholas
Data Protection Trustee: Keith Brews
2. What Personal Data We Collect
We collect and store the following types of personal data:
● Basic contact details – name, address, telephone, email
● Family information – household members, children (for pastoral and safeguarding purposes)
● Age of children – to help us manage age-specific ministry
● Safeguarding records – where relevant, in line with our safeguarding policies
● DBS check information – for volunteers working with children and vulnerable adults
● Financial giving records – names, amounts given, Gift Aid declarations
● Training registers – participation in training events of volunteering, and staff
● Photographs/videos – with consent, for church use (e.g., social media, newsletters)
3. Why We Collect Your Data (Legal Basis)
We collect your data for the following purposes and under the following lawful bases:
| Purpose | Lawful Basis |
| Church administration and communication | Legitimate interest |
| Pastoral care and safeguarding | Legal obligation and vital interests |
| DBS checks and safer recruitment | Legal obligation |
| Managing volunteers and ministry teams | Legitimate interest |
| Financial donations and Gift Aid claims | obligation |
| Providing age-appropriate ministry | Legitimate interest |
| Training records | Legitimate interest |
| Use of images or stories in communication | Consent |
4. How We Store and Protect Your Data
● Your data is stored securely using password-protected digital systems and locked filing cabinets for paper records.
● Access is limited to authorised staff, leaders, or trustees.
● Data is only kept for as long as necessary for the purpose it was collected.
Examples of retention:
● DBS and safeguarding: kept in line with safeguarding policy and legal requirements
● Financial records: 6 years (HMRC)
● General contact information: reviewed annually and removed if no longer needed
5. Sharing Your Data
We do not sell or trade your data. We may share your data with:
● Assemblies of God GB (as part of affiliation or safeguarding concerns)
● Service providers (e.g. cloud storage, email systems – under data processing agreements)
● Government agencies (e.g. HMRC for Gift Aid, DBS services for checks)
● Safeguarding authorities (if legally required)
All third parties must adhere to data protection standards.
6. Your Rights
Under UK General Data Protection Regulation (UK GDPR), you have the right to:
● Access your personal data (Subject Access Request)
● Rectify inaccurate or incomplete data
● Request erasure (“right to be forgotten”) in some circumstances
● Restrict or object to processing in some situations
● Withdraw consent (where consent was the lawful basis)
● Lodge a complaint with the Information Commissioner’s Office (ICO)
To exercise your rights, contact: Admin@thebridgechurch.online
7. Consent and Updates
Where we rely on consent (e.g. photos, email newsletters), you can withdraw consent at any time by contacting us. This Privacy Notice is reviewed annually and may be updated. The latest version will always be available at www.thebridgechurch.online or on request from Admin@thebridgechurch.online
8. Data Retention and Disposal
We keep personal data only for as long as is necessary for the purpose it was collected, in line with UK GDPR.
| Type of Record | Retention Period | Disposal Method |
| Contact information (members/attenders) | Reviewed annually | Secure deletion or shredding |
| Safeguarding records | 75 years (per AoG GB guidance) | Secure destruction after retention ends |
| DBS check dates/references | 6 years after role ends | Secure deletion |
| Recruitment information and HR information for staff | 6 years after role ends | Secure deletion |
| Right to work information of staff | 2 years after role ends | Secure deletion |
| Gift Aid and donation records | 6 years (HMRC requirement) | Secure deletion/shredding |
| Volunteer records | 6 years after role ends | Secure deletion |
| Children's attendance registers | 3 years | Secure deletion |
| Photos/videos (with consent) | Until consent withdrawn or use ends | Deleted from all platforms |
We securely delete or destroy data when no longer required, using password-protected deletion for digital files and shredding for paper records.
9. Subject Access Requests (SARs)
Under UK data protection law, you have the right to request a copy of the personal data we hold about you. This is called a Subject Access Request (SAR).
A request can be made by:
● Emailing: Admin@thebridgechurch.online, Keithbrews@thebridgechurch.online or writing to us at the church address.
● Please include your name, contact details, and the data you are requesting.
We may need to verify your identity before releasing data. We will respond within one month of receiving your request, unless staff are on Annual Leave. In complex cases, we may extend this by up to two more months, but we will inform you if so. There is normally no fee, but we may charge for excessive or repetitive requests.
What We Will Provide
● A copy of your personal data
● The purposes for which we use it
● Who we share it with
● How long we keep it
● Your rights under data protection law
10. Contacting Us
If you have questions or concerns about this Privacy Notice or how your data is handled:
The Bridge Church, Chepstow Email: Admin@thebridgechurch.online Website: www.thebridgechurch.online