Church Finance Supplies Limited is the data controller and
we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
This privacy notice provides you with details of how we collect and process your personal data
by your interaction with us, and your use of our site www.churchfinancesupplies.co.uk
We have a duty to maintain accurate information. Therefore, it is very important that the information
we hold about you is accurate and up to date. Please let us know should your personal information change
by emailing us at firstname.lastname@example.org
Under the General Data Protection Regulation (GDPR), the main responsibilities for an organisation
are highlighted by the data protection principles regarding personal data in Article (5).
These state that personal data must be:
a) processed lawfully, fairly and in a transparent manner in relation to individuals;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and, where necessary, kept up to date;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Simply put, you have:
(i) the right to be informed,
(ii) the right to request access by using a subject access request (identification will be required),
(iii) the right to correct inaccurate information,
(iv) the right of erasure provided that the data is not required by law or it is not required for the original purpose,
(v) the right to restriction,
(vi) the right to transfer to another data controller,
(vii) the right to object to processing using your personal data for direct marketing.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.
We aim to respond to requests within a calendar month.
You can see more about these rights at the Information Commissioner’s Office website:
Please email us at email@example.com if you wish to exercise any of these rights.
You will be an existing or previous customer, or contacted us for information about our products.
We do not collect or process any sensitive data about you.
Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
We may process the following categories of personal data about you:
We maintain records that include data relating to any purchases of goods and/or services such as your name, title, billing address, delivery address, phone number, email address, any other contact details provided, purchase details and amount paid details. We process this data to fulfil any order for goods and/or services you have purchased and to maintain a record of your transactions. Our lawful ground for this processing is the performance of a contract between you and us.
We note personal data whenever you contact us whether it is by phone, e-mail, website form, letter, completed paper form or any other method. We do so in order to respond to your queries, fulfil orders and to maintain accurate records. Our lawful ground for this processing is our legitimate interests, namely to respond to communications sent to us, fulfil orders and to maintain accurate records.
We record your preference for receiving marketing material and your consent or otherwise. Our lawful ground for this processing is our legitimate interest, whereby we are required to record your consent for direct marketing to comply with our responsibility under the data protection law and GDPR.
The only marketing communications you will receive from us are the reminders to notify you that it is time to re-order.
Our lawful ground of processing your personal data to send you marketing communications is either your consent or our legitimate interests (that is to grow our business by assuring your continued stock of envelopes).
Privacy and Electronic Communications Regulations allow that we may send you marketing communications provided you have:
· purchased from us, or asked for information from us about our goods or services; or,
· agreed to receive marketing communications
· and, you have not opted out of receiving such communications since.
We will not share your personal data with any third party for marketing purposes.
You can ask us to stop sending you marketing messages at any time by emailing us at firstname.lastname@example.org
If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as purchases, which we must maintain as a legal requirement.
We may have to share your personal data with the parties listed below:
We will not use or disclose your personal information for any other purpose which is not related to the above purposes without your consent, unless otherwise authorised, required or permitted under the laws of England and Wales.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law.
We do not transfer your data out of the European Economic Area (EAA).
We have secured our systems to prevent your personal data from being accessed without authorisation, unlawfully processed and against accidental loss, use, damage or disclosure. Only employees who have a business need are allowed access to your personal data. They may only process your personal data as required and must keep it confidential.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
The law requires us to maintain details of our customers for tax purposes for six years after they stop being customers.
We have a data retention policy that is available upon request.
This website may include links to third-party websites. Clicking on such links may allow third parties to collect or share data about you. We have no control over these third-party websites and are not responsible for their privacy statements. It is advisable that you to read the privacy notice of every website you visit.
If you have any queries please contact us by e-mail at email@example.com
If you are unhappy with how we collect and process you data please contact us so that we can try to resolve the issue.
However, you have the right to complain to the Information Commissioner’s Office (ICO), which oversees data protection issues (www.ico.org.uk).