The Oak Community Church

Impacting our community with God's love

Privacy Policy - July 2020

This page tells you how The Oak Community Church (The Oak) uses personal data. Personal data means information about you from which you can be identified such as your name and address. 

The Oak respects your privacy and is committed to protecting your personal data. This privacy policy will inform you how we look after your personal data and tell you about your privacy rights and how the law protects you.


The Oak Community Church is a Charitable Incorporated Organisation registered in England and Wales with charity number 1174870 whose registered address is 345 Chipperfield Road, Orpington, Kent, BR5 2LJ.


This policy has been approved by the church’s Charity Trustees who are responsible for ensuring that we comply with all our legal obligations. It sets out the legal rules that apply whenever we obtain, store or use personal data.



Why is my data being collected?


We use your personal data to provide you with information about our current and future program of activities and to facilitate administration of the church. If you have given us personal data about your children, we use this to help run our children’s activities. These are known as The Oak’s ‘legitimate interests’. With consent, we use your data to tell you about new church activities and products (e.g. tickets to events).


The Oak has a Church Address List which allows adult members to search for one another’s contact details. Your data will only be included in the Church Address List if you gave consent for this. You can withdraw your consent at any time and we will remove you from the Church Address List.


With your consent we may use your personal data to maintain our own accounts and records, including processing of gift aid. We have a legal obligation to process certain categories of personal data, such as data relating to employment contracts and safeguarding. With consent, we may include personal data on our website (e.g. leaders’ biographies) to help publicise The Oak.


How is my data collected?


In most cases, you have given us your personal data. For example, you may have filled in a ‘Response Card’ or a ‘Contact Details’ form with information such as your name, email and telephone number.  You may also have given us personal data about your children, for example on a Children’s Church registration form. You may have provided us with financial data, for example to purchase items, facilitate gift-aid or receive salary payments. You may have provided us with photographs or video clips to use in our online services, on our website or on our social media pages.


Data relating to safeguarding, including children’s church registers, will be collected by group leaders or safeguarding coordinators. Pastoral information may be recorded by individuals providing pastoral care.



Who is my data shared with?


In general, your data is shared with individuals providing leadership, administrative and/or church support. This includes the Trustees, the Leadership Team, The Elders, our safeguarding team, those appointed to run teams or ministries and (for children’s data) Junior Church leaders. Sensitive data such as financial, safeguarding or pastoral data is shared on a need-to-know basis. Where we use a third-party service provider to process payments, they have access only to information needed to perform their function and can use it only for this specific purpose.


If you gave your consent to being included in the Church Address List then your name, address, telephone and email can be found by others in the directory. You can choose to hide some of this information.

If you help on the church rotas your name will be visible to members of The Oak’s congregation. With consent, information about you may be visible to the public via our website and social media (e.g. leaders’ biographies, photographs). Your data will not be shared with other third parties unless you give consent or unless required by law.


Where you access church resources using Social Media (such as Facebook) or the church online system any details you provide to these websites will be available to the organisations hosting these platforms. You should review their data privacy policy where appropriate.


External Third Parties Privacy Policies:



How long will my data be held?


We keep different categories of personal data for different lengths of time. These are summarised below.


If you filled in a Response Card (an A5 post-card), booked onto one of our events or completed a feedback form, the data you gave us will be held for up to 2 years. It will then be destroyed unless you consent to us keeping your data to contact you again.


If your child or children joined any of our children’s activities, information from registration and consent forms will be held for up to 2 years after they leave the group or finish the activity. For safeguarding, we will keep their name and date of birth indefinitely and these will be included in any attendance registers used.


For staff and volunteers involved in children’s work, your contact details and a minimum data set relating to DBS checks will be retained indefinitely. If you gave consent for us to use photographs, videos and film clips of you, these will be retained indefinitely.


Finance-related personal data will be retained for up to 8 years.


Pastoral data will be retained for up to 4 years. Safeguarding data and staff personnel records will be retained indefinitely.





Can I see my data?


You can ask to see your personal data held by The Oak and if there are any mistakes you can ask to have these corrected. Please speak to our Pastor or the chair of the Trustees who will be able to arrange this for you.



Can I ask for my data to be deleted?


You can ask for your personal data held by The Oak to be destroyed.  Unless there are legal reasons why we need to keep your data we will destroy all paper and electronic copies of your data. You can also ask for corrections to be made, or for us to stop using your data. Please speak to our Pastor or the chair of the Trustees.



How is my data secured?


We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an

unauthorised way, altered or disclosed. Any IT equipment where your data is stored is password protected with access only provided to those with legitimate purposes. Where these files are stored on shared equipment individual files or folders are encrypted and password protected. Where data is stored on cloud services these are not in shared or public areas of the cloud filing system.


In addition, we limit access to your personal data to those with legitimate need to access your data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.



What if there is a problem?


If you think there is a problem with the way we are handling your data you can lodge a complaint with the Information Commissioner’s Office. We encourage you to come and talk to us about the problem first so we can try and resolve it.



Who can I speak to for more information?


If you would like more information about data protection, please speak to our Pastor, Trevor Hall, 0208 302 8381,