Grace London Privacy and Data Protection Policy

Last updated: 11 May 2025



1. Who We Are

Grace London is a Christian church based in London and registered as a Charitable Incorporated Organisation in England and Wales (Charity No. 1161147). We are committed to protecting the personal data of those involved in our community.

This policy explains how we collect, store, use, and share personal information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

Grace London is the data controller for the purposes of the UK GDPR and related legislation.

For more about Grace London, visit: https://grace.london


2. What Information We Collect

We may collect and process the following types of personal data:

  • Name

  • Contact details (e.g., email address, phone number, postal address)

  • Communication preferences

  • Participation in church activities and ministries

  • Donation records and Gift Aid declarations

  • Attendance at events

  • Demographic information (e.g., age, gender, family members)

For children and youth, we may collect:

  • Name and age

  • Parent or guardian contact details

  • Medical conditions, allergies, or additional needs, where necessary for safeguarding and ensuring appropriate care

We collect this information directly from parents or guardians, with their explicit consent, in accordance with our safeguarding policy.


3. How We Collect Your Data

We collect personal data in the following ways:

  • When you fill in a Welcome card

  • Through ChurchSuite (our church management software)

  • When you sign up for events or rotas

  • Through our website forms

  • When you make a donation or complete a Gift Aid form

  • When you opt in to receive communications


4. How We Use Your Data

We use your personal data for the following purposes:

  • To communicate with you about church life, events, ministries, and updates (with your consent)

  • To manage rotas, life groups, and other ministry-related activities

  • To process donations and manage Gift Aid claims

  • For safeguarding and pastoral care

  • To administer events and gatherings

We rely on the following legal bases:

  • Your consent (e.g., for email communications)

  • Our legitimate interests (e.g., managing rotas and groups)

  • Legal obligation (e.g., Gift Aid records)

  • Contractual necessity (e.g., for event registration)


5. Communication Preferences and Mailchimp

If you opt in to receive emails from us, your data may be shared with Mailchimp, our email marketing platform, via an integration with ChurchSuite.

Mailchimp may store and process data outside the UK, including in the USA. We ensure appropriate safeguards, including Standard Contractual Clauses or UK-specific transfer mechanisms where applicable.

You can unsubscribe or update your communication preferences at any time via:

  • The link in our emails

  • Your ChurchSuite profile

  • By contacting us directly

We will not send you email communications unless you have clearly opted in.


6. How We Store and Protect Your Data

  • Personal data is primarily stored in ChurchSuite and Mailchimp, both of which implement strong security and privacy protocols.

  • We use password-protected systems and limit access to trained staff, trustees, and ministry leaders.

  • Data is retained only as long as necessary:

    • Donation and Gift Aid data: 6 years in line with HMRC requirements

    • General contact data: Reviewed every 2 years

    • Children's data: Deleted when no longer necessary for safeguarding


7. Sharing Your Data

We only share your data:

  • With third-party providers like ChurchSuite and Mailchimp to deliver our services

  • When required by law (e.g., to HMRC for Gift Aid or to authorities for safeguarding)

  • With event organisers when necessary and with appropriate contracts in place

We will never sell your data.


8. Your Rights

You have the right to:

  • Access the personal data we hold about you

  • Correct or update your information

  • Withdraw consent for communications at any time

  • Request deletion of your personal data (unless legally required to retain it)

  • Object to how we are using your data

  • Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise any of these rights, please contact us at info@grace.london. You can contact the Information Commissioner’s Office (ICO) via https://ico.org.uk


9. Cookie Use on Our Website

Our website (https://grace.london) uses only essential cookies to ensure it functions properly and securely. We do not use cookies for marketing, tracking, or analytics purposes.

What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help websites operate effectively and provide core functionality such as page navigation and access to secure areas.


Types of Cookies We Use:

  • Strictly necessary cookies – These are required for the basic operation of our site, such as security, accessibility, and managing session preferences. Without these, the website would not function correctly.

We do not use:

  • Marketing cookies

  • Analytics or performance cookies

  • Cookies for personalisation or advertising

Managing Cookies:

Because we only use essential cookies, we do not require consent under the Privacy and Electronic Communications Regulations (PECR). However, you can still control or delete cookies through your browser settings if you wish. Please note that disabling necessary cookies may affect how the website functions.


10. Contact Us

If you have any questions or concerns about this policy or how we handle your data, contact us at info@grace.london.


11. Policy Updates

We may update this policy from time to time. Any significant changes will be communicated via email and published on our website.