Castlefields Church Data Privacy Notice

Your personal data – what is it? 

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (hereinafter the “GDPR”). 

Who are we? 

Castlefields Church is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes. 

Contact Details:

Mailing address: Castlefields Church, Traffic Street, Derby, DE1 2NL

Email address: 

Telephone number: 01332 550 879

How do we process your personal data? 

Castlefields Church complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. 

We use your personal data for the following purposes: – 

  1. To maintain the membership list
  2. To respond to your request for information
  3. To provide pastoral support
  4. To inform you of activities of the church
  5. To enable emergency contact to be made
  6. To communicate with preachers and organisations about specific meetings
  7. To operate the Castlefields Church web site and deliver the services that individuals have requested

The type of information we will collect includes:

  • name and title
  • home address
  • email address
  • land line and/or mobile number
  • Date of Birth (if under 16)

In addition the following may be necessary:

  • emergency contact details (if appropriate)
  • the youth leaders may record additional information to ensure a child’s safety
  • the treasurer will record bank details (if an individual asks him and only if it is necessary)
  • the pastor and elders may record other details with an individual’s permission
  • the safeguarding officer will record information necessary for DBS checks through CCPAS

We will never collect additional information about an individual without informing them of this beforehand.

What is the legal basis for processing your personal data? 

Our use of personal data is lawful where it is with your consent or is necessary for:

  • The performance of a contract that we have with you
  • Compliance with a legal obligation to which we are subject
  • The purposes of legitimate interests that we pursue, except where such interests are overridden by your interests or fundamental rights and freedoms
  • The protection of your vital interests

Some special categories of personal data may only be processed lawfully where certain additional conditions are satisfied.  As a not-for-profit body with a religious aim we process such categories of data in the course of our legitimate activities and solely in relation to our members, former members or persons who have regular contact with us. We may also process certain special category data in exceptional circumstances in your vital interests – see Sharing Your Personal Data below.

Sharing your personal data 

Your personal data will be treated as strictly confidential, and will not be shared with any external third party except:

  • With your consent, or
  • For the purposes of processing any payments made by you, or
  • Where we are required to do so by law, or
  • In the exceptional circumstances described immediately below

If we are helping to provide care for you and we have important information about your health, we may disclose it if it is in your vital interests to do so in an emergency in which you are unable to give consent for yourself.

How long do we keep your personal data? 

We will retain your personal data for as long as is reasonably necessary for the relevant purpose set out in this notice and in order to comply with legal requirements for the retention of certain data.

We retain indefinitely records of those who are or have been members of the Church.  Otherwise, unless we have specific consent, and subject to any legal requirements for the retention of data, we delete special category data (including data relating to health conditions) that we hold for any person who no longer has regular contact with us.

Debit or credit card details provided to us for the purposes of making a payment are deleted or destroyed as soon as the payment has been processed, unless a standing order has been set up.  In this instance, payment details are retained for the duration of the standing order.

In some circumstances you can ask us to delete your data.

In addition to your legal right to request erasure you can ask us to delete information we hold about you (other than membership information) at any time.  We will review any such request and unless there is some legal reason for us to retain the information, we will delete it.

Your rights and your personal data 

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: – 

  • The right to request a copy of your personal data which Castlefields Church holds about you; 
  • The right to request that Castlefields Church corrects any personal data if it is found to be inaccurate or out of date; 
  • The right to request your personal data is erased where it is no longer necessary for Castlefields Church to retain such data; 
  • The right to withdraw your consent to the processing at any time; 
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing; 
  • The right to lodge a complaint with the Information Commissioners Office. 

Further processing 

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing. 

Contact Details 

To exercise all relevant rights, queries of complaints please in the first instance contact us at:

Mailing address: Castlefields Church, Traffic Street, Derby, DE1 2NL

Email address: 

Telephone number: 01332 550 879. 

You can contact the Information Commissioners Office on 0303 123 1113 or via email or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.