Privacy Policy

Our Privacy Statement.


Let’s start with introductions.

Your personal information is collected and processed by City Church Preston. The protection and integrity of your personal data is very important to us.


Registration Details

City Church Preston is a UK based charitable church organisation.

We are a charity registered in England and Wales (number 1153061).

Our company number is 8522873 and our registered office is at: –


City Church Preston

St Thomas’ Centre

Lancaster Road North





City Church Preston (CCP) is a UK based charitable church organisation which operates in the North West of England.


CCP values everyone who engages with us by whatever means, and we do all we can to protect your privacy and to make sure the personal data you provide us is kept safe.


We’re protecting your data.


For the purposes of this Policy, ‘us’, ‘we’ and ‘our’ refer to CCP. This Policy has been adopted by City Church Preston (“CCP”).


We are committed to safeguarding your personal data. This Policy describes how we collect, use, disclose and process your personal data, and applies to personal data we collect about you. We treat all our participants and volunteers in line with our values and we welcome any feedback on any of our actions.


This Policy supplements but does not supersede or replace any other consents you may have provided to us, or any other agreements or arrangements that you may have with us, in respect of your personal data.


A culture of privacy and data security.


Data protection and privacy is ever changing and enhancing the rights of our participants, employees and partners. As such, we review our uses of personal data and may amend this Policy from time to time to reflect changes in applicable laws, improvements in data security or the way we handle personal data. Any updated Policy will supersede earlier versions and will apply to personal data provided to us previously.


You are encouraged to re-visit our Policy from time to time so that you are aware of our culture of privacy and relevant updates we have made to our Policy.


Personal data provided by you and others.


What is personal data?

Data protection legislation defines personal data as:

“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.


You can voluntarily provide us your personal data.

We collect personal data that you voluntarily provide to us. When you visit us, sign up as a volunteer, or register for services either directly or through our website, CCP will collect general information about you, such as your name, address, date of birth, contact details so that we can contact you.

We may also collect this and other types of personal information during the course of dealing with you, for example, when you participate in CCP’s activities or complete other forms.

You always have the choice not to provide us with personal data. If you have provided your consent for us to process your personal data, you also have the right to withdraw your consent by contacting our Data Protection Office.

However, if you do so, it may not be possible for us to fulfil the specific purposes for which we were given consent, including taking part in or receiving services offered by CCP.


You may choose to give us personal data belonging to others.

If you provide the personal data of anyone other than yourself (e.g. your family, friends, colleagues, associates, agents, partners), you are responsible for informing him/her of the specific purposes for which we are collecting his/her personal data and to ensure that he/she has provided valid consent, where appropriate, for your provision of his/her personal data to us. There may be instances where providing these personal data present a legitimate interest, in which case, consent may not be necessary.


Accuracy and completeness of personal data.

It is important that the personal data we hold about you is accurate and up to date. We would ask you to inform us if there are any inaccuracies with the personal data that we have recorded about you and we will act to update your personal data as required.

In some situations, you will have the ability to update your own information (e.g. when using a customer account on our website. We see it as your responsibility to ensure that all personal data that you provide is accurate and complete, and to inform us of relevant changes to your personal data.


Categories of personal data we may collect.

We may collect, use, store and transfer different kinds of personal data about you which we have categorised as follows:

Identity Data.

Data specifically related to identity may include, first name, maiden name, last name, marital status, title, date of birth, national insurance details and other recognised official identity documents.

Contact Data.

The contact information of you and others could include, email addresses and telephone numbers, postal address details and social media handles.

Financial Data.

Whether you are a participant, service user, supplier or an employee, we may process financial data including bank account information and payment details.

Technical Data.

In this technical age there’s quite a bit of technical data around, including internet protocol (IP) addresses, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

Usage Data.

Our website may give us information about how you use our website.


Marketing and Communications Data.

We make it our business to develop lasting relationships and to help with this we will not sell or distribute your personal information to any Third Party for marketing purposes without your prior consent or an appropriate legal basis.

We’re not interested in bombarding you with marketing content, just timely and relevant information about the services we care about and that are relevant to you.


Special Categories of Personal Data.

In the field of employment and for the purposes of assessing the working capabilities of our employees or partners, we will process special category personal data.


Where you provide the information, we may also collect further special category personal data, including, but not limited to, your religious beliefs, your sexual orientation and your physical or mental health.


We may also hold data provided by statutory organisations that is relevant to your use of CCP services, for example, probation service, Social Services, NHS, Mental Health teams etc. There may be instances where other special categories of personal data are disclosed to us, but this is incidental and not part of an organised processing activity.

Data requiring special protection.


There may be instances where we process special category data for the specific purpose of safeguarding and our legal obligations to undertake criminal record checks through the Disclosure & Barring Service where we are working to safeguard children and / or vulnerable adults.


How we may collect personal data.


Personal data you voluntarily provide to us.

CCP will use the personal information we collect for the purpose disclosed at the time of collection, or otherwise as set out in this Privacy Policy. We will not use your personal information for any other purpose without first seeking your consent, unless authorised or required by law.


We will only use your personal information as follows: –


Your personal information will be kept strictly confidential. It will not be sold, given away, or shared with anyone unless we have received your prior permission, or we are required to by law.


Personal data that has been provided by others.

Depending on your relationship with us, we may also collect your personal data from third party sources, for example: –



Personal data that can be collected automatically.

As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. We’ve structured our website in a way that asks for your consent for certain cookies, we value your privacy and data rights. For more information about our use of cookies, please see our Cookie Policy.


External links on our website.

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.


Specific purposes and legal basis for processing your information.

Legal basis.

We will always have a legal basis for processing personal data and we have methodically assessed our purposes and legal bases.

Processing type Data category Our legal basis Specific purpose, safeguarding and the respect of individual’s data rights
Individual or small-group communication via email, post or telephone calls & SMS messages Contact data Consent As part of our community we conduct events, services, and otherwise communicate with those that consider themselves a volunteer, a visitor, a participant or a member of the congregation/community. We have taken the view that consent is the most appropriate basis with which to communicate with our community.
Training and other corporate events Identity, Contact, Special category health data Contractual Obligation / Consent The information you provide will be used to communicate with you about your attendance to an event and to follow-up on your experience post-event. The personal information we may process could include your name, address and phone number, email address, dietary requirements, access requirements. We will ask for your consent to process health related data.
Postal marketing Identity & Contact data Legitimate Interest We may from time to time distribute printed material that is relevant to the activities of our community and similar in nature to the reasonable expectations you would have of our community. We’re not fans of spam, so we won’t be spamming anyone with lots of unnecessary material. You’re able to ‘opt-out’ of receiving postal material via contact details provided. In any case we will make it our business to check the Mail Preference Services before distributing any postal marketing materials.
Promotional Images and film footage Identity Consent Participants are actively engaged in activities connected with our work. We will always notify participants when a photographer or filmmaker is present at a session or event. Written consent will always be obtained for young people under 18-years and we will respect the wishes of anyone who signals their desire not to have their image taken and will always ask for consent where photos are to be published alongside a name or other personal identifier. Our stance on taking photographs and video footage is also supported by our Safeguarding Policy which restricts such activities.
Sharing information with the Charity Commission, Accountants, legal advisors, HMRC and Statutory authorities Identity, Contact, Financial & Special category data Legitimate Interest / Legal Obligation As a registered UK charity, we are subject to charity law and therefore have specific legal obligations. We process our accounts in accordance with UK law and therefore use external accountants, which is our legitimate interest, to submit our statutory accounting records. We provide services and open our community to both children of all ages and adults at risk, as such, we are governed by our Safeguarding Policy and therefore are legally obligated to submit case details to the statutory authorities.
Sharing information with Assemblies of God and other faith-based groups Identity data Legitimate Interest As a member of Assemblies of God Great Britain, we may report or share statistical information about our community groups, services and participants. We will only take great care to minimise the amount of personal information we share, and in most circumstances, we may not need to share any personal information.
Hope for Life Food parcels Identity, Contact data & data deserving special protection data Public Interest Our Hope for Life food parcel service is conducted in cooperation with public authorities and other relevant third parties that direct referrals to us. We consider it to be in the public interest to ensure that families within our community are able to eat and not go without regular meals.
Undertaking DBS checks Identity, Contact data & data deserving special protection data Legal Obligation Where a member of our community applies to work with either children or adults at risk, we will undertake checks with the Disclosure Barring Service as is our legal obligation.
Administrative purposes Identity, Contact & Financial data Legitimate Interest Within the aims and objective of our charity and in a way that respects the rights and freedoms of others, we will undertake administrative activities including finance, IT and HR purposes, quality assurance and staff training.


Use permitted under applicable laws.

We may also collect, use, disclose and process your personal data, without your knowledge or consent, where this is required or permitted by law.


When we might have to disclose your personal data to third parties.

During the course of providing the services that you request from us, we may share your information with our processing partners, known as recipients, data processors and sub-processors.

When disclosing personal data to third parties, we will (where appropriate and permissible) enter into contracts with these third parties to protect your personal data in a manner that is consistent with all applicable laws and/or ensure that they only process your personal data in accordance with our instructions.

We commonly conduct due diligence with third party recipients around the areas of their data security protocols and data protection policies.


Recipients of your personal data

We may disclose your personal data for the purposes described in this Policy or as required or permitted by law, for example, to:





Data being transferred outside of the EEA

In the provision of our services to you we use data processors that are outside of the European Economic Area (EEA). Specifically, we use data processors based in the USA.

Data protection legislation has strict rules about data transfers to international organisations and we use approved data transfer mechanisms, including the EU–US Privacy Shield and employ data sharing agreements that utilise model clauses.

We take extra steps to ensure comprehensive due diligence of organisations that may receive your personal data.

If you would like any more information, please get in touch by contacting our Data Protection Office, details can be found at the start of this Privacy Notice.


The security of your personal data.

Unauthorised access.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.


Specific access.

We limit access to your personal data to those employees, volunteers, participants, contractors and other third parties who have been authorised to access your personal data

While precautions will be taken to ensure that the personal data you provide is protected against unauthorised or unintended access, we cannot be held responsible for unauthorised or unintended access that is beyond our control.



We have put in place procedures to deal with any suspected personal data breach and will notify you and the supervisory authority of a breach where we are legally required to do so.

However, we cannot guarantee that our systems or applications are invulnerable to security breaches, nor do we make any warranty, guarantee, or representation that your use of our systems or applications is safe and protected from viruses, worms, Trojan horses, and other vulnerabilities.

We also cannot guarantee the security of data that you choose to send us electronically. Sending such data is entirely at your own risk.


Credit / debit card security

If you use your debit or credit to donate to us, or purchase something, whether online, over the phone or by mail, we will process your information securely in accordance with the Payment Card Industry Data Standard best practises.

We do not store your debit or credit card details once your transaction has completed. All card details are securely destroyed once your donation or payment has completed.

We hold bank account details for the purpose of collecting direct debits in accordance with direct debit mandate rules.


We only keep data for as long as necessary.

Our retention schedules.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We consider our retention schedules to be appropriate and fair, for example, we may keep hold of your CV for 3 months if we weren’t able to find you a role within our team, but after that time your circumstances may have changed, and it wouldn’t be appropriate for us to keep it. We are legally obliged to keep certain elements of personal data relating to transactions, donations and gift aid records, these are for tax and accounting purposes, so we’d keep hold of that data for 7 years.

Any safeguarding data will be securely held for 25 years. We retain general emails and other correspondence for 2 years.

Details of retention periods for different aspects of your personal data are available and you can request more details of that by contacting our Data Protection Office.

By law we may have to keep certain information about our customers and this data will be held solely and securely for those legal purposes.


You have rights when it comes to your personal data.

As an employee, participant, visitor or member of our community, you may at any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:


All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.


You can request access to your personal data.

At your request, we can confirm what information we hold about you and how it is processed. If we hold personal data about you, you can request the following information:


What forms of ID will I need to provide to access my data?

We accept the following forms of ID when details of your personal data are requested:

Passport, driving licence, birth certificate, utility bill from last 3 months.


What to do when things don’t go as planned.

Our Data Protection Office.

City Church Preston

St Thomas’ Centre

Lancaster Road North







UK’s Supervisory Authority.

The UK’s supervisory authority is the Information Commissioners Office.


Postal Address:

Information Commissioner

Information Commissioners Office

Wycliffe House

Water Lane






Telephone: 0303 123 1113


Do get in touch if you’d like more information about this privacy policy.

If you have any queries about this Policy, please feel free to get in touch with our Data Protection Office and we will do our best to answer your questions.

This Privacy Policy is effective from the January 2019.