Grace London Privacy and Data Protection Policy
Last updated: 11 May 2025
1. Who We Are
Grace London is a Christian church based in London and registered as a Charitable Incorporated Organisation in England and Wales (Charity No. 1161147). We are committed to protecting the personal data of those involved in our community.
This policy explains how we collect, store, use, and share personal information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
Grace London is the data controller for the purposes of the UK GDPR and related legislation.
For more about Grace London, visit: https://grace.london
2. What Information We Collect
We may collect and process the following types of personal data:
Name
Contact details (e.g., email address, phone number, postal address)
Communication preferences
Participation in church activities and ministries
Donation records and Gift Aid declarations
Attendance at events
Demographic information (e.g., age, gender, family members)
For children and youth, we may collect:
Name and age
Parent or guardian contact details
Medical conditions, allergies, or additional needs, where necessary for safeguarding and ensuring appropriate care
We collect this information directly from parents or guardians, with their explicit consent, in accordance with our safeguarding policy.
3. How We Collect Your Data
We collect personal data in the following ways:
When you fill in a Welcome card
Through ChurchSuite (our church management software)
When you sign up for events or rotas
Through our website forms
When you make a donation or complete a Gift Aid form
When you opt in to receive communications
4. How We Use Your Data
We use your personal data for the following purposes:
To communicate with you about church life, events, ministries, and updates (with your consent)
To manage rotas, life groups, and other ministry-related activities
To process donations and manage Gift Aid claims
For safeguarding and pastoral care
To administer events and gatherings
We rely on the following legal bases:
Your consent (e.g., for email communications)
Our legitimate interests (e.g., managing rotas and groups)
Legal obligation (e.g., Gift Aid records)
Contractual necessity (e.g., for event registration)
5. Communication Preferences and Mailchimp
If you opt in to receive emails from us, your data may be shared with Mailchimp, our email marketing platform, via an integration with ChurchSuite.
Mailchimp may store and process data outside the UK, including in the USA. We ensure appropriate safeguards, including Standard Contractual Clauses or UK-specific transfer mechanisms where applicable.
You can unsubscribe or update your communication preferences at any time via:
The link in our emails
Your ChurchSuite profile
By contacting us directly
We will not send you email communications unless you have clearly opted in.
6. How We Store and Protect Your Data
Personal data is primarily stored in ChurchSuite and Mailchimp, both of which implement strong security and privacy protocols.
We use password-protected systems and limit access to trained staff, trustees, and ministry leaders.
Data is retained only as long as necessary:
Donation and Gift Aid data: 6 years in line with HMRC requirements
General contact data: Reviewed every 2 years
Children's data: Deleted when no longer necessary for safeguarding
7. Sharing Your Data
We only share your data:
With third-party providers like ChurchSuite and Mailchimp to deliver our services
When required by law (e.g., to HMRC for Gift Aid or to authorities for safeguarding)
With event organisers when necessary and with appropriate contracts in place
We will never sell your data.
8. Your Rights
You have the right to:
Access the personal data we hold about you
Correct or update your information
Withdraw consent for communications at any time
Request deletion of your personal data (unless legally required to retain it)
Object to how we are using your data
Lodge a complaint with the Information Commissioner's Office (ICO)
To exercise any of these rights, please contact us at info@grace.london. You can contact the Information Commissioner’s Office (ICO) via https://ico.org.uk
9. Cookie Use on Our Website
Our website (https://grace.london) uses only essential cookies to ensure it functions properly and securely. We do not use cookies for marketing, tracking, or analytics purposes.
What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They help websites operate effectively and provide core functionality such as page navigation and access to secure areas.
Types of Cookies We Use:
Strictly necessary cookies – These are required for the basic operation of our site, such as security, accessibility, and managing session preferences. Without these, the website would not function correctly.
We do not use:
Marketing cookies
Analytics or performance cookies
Cookies for personalisation or advertising
Managing Cookies:
Because we only use essential cookies, we do not require consent under the Privacy and Electronic Communications Regulations (PECR). However, you can still control or delete cookies through your browser settings if you wish. Please note that disabling necessary cookies may affect how the website functions.
10. Contact Us
If you have any questions or concerns about this policy or how we handle your data, contact us at info@grace.london.
11. Policy Updates
We may update this policy from time to time. Any significant changes will be communicated via email and published on our website.