1.0 Your rights, this notice & our approach
Under the General Data Protection Regulation (GDPR) 2018, you have rights as an individual which you can exercise in relation to the information we hold about you. Your rights are detailed on the Datainspektionen website.
This privacy notice tells you what to expect when Grace Church Stockholm collects personal information.
We are committed to safeguarding the privacy of your information. We do all that we can to ensure that your data is processed fairly and lawfully and used for the intended purpose. We aim to ensure that the data we hold is accurate, adequate, relevant, not excessive and is not kept longer than is necessary in relation to the purpose it is held.
We will store your information securely on our systems, we restrict access to employees and volunteers and contractors who have a ‘need to know’ (i.e. if they can directly help, information is required for them to fulfil their role or if they have a legal responsibility) and we direct them in handling the information securely and appropriately in line with our policies.
While some of the third-party providers we use are based in countries outside of the European economic area, all of our providers have the appropriate level of protection in terms of rights & freedoms of data subjects. For example, those providers in the US are EU-U.S. Privacy Shield Framework compliant.
Further information about the privacy approaches of the third-party providers we use are shown via webpage links found in this notice.
We keep our privacy notice under regular review. This privacy notice may change from time to time. If we make a change to it that we believe materially reduces your rights, we will provide you with notice (for example, by email). We may also provide notice of changes in other circumstances as well.
By continuing to engage with Grace Church after those changes become effective, you agree to be bound by the revised privacy notice. This privacy notice was last updated on 30 August 2021.
2.0 Queries, concerns & subject access
You can contact us to find out if we hold any personal information about you, to update or change your personal details, to request a copy of any personal information held, or to request that your data is erased (unless data retention is required for legal purposes).
To make a request to Grace Church for any of the above, or to find out more about our privacy notice or related queries, email us at: [email protected]
If you have a concern or complaint about the way we are collecting or using your personal data, you should raise your concern with us (using the contact info above) in the first instance or directly to Datainspektionen.
3.0 Connecting with Grace Church
3.1 Direct communications
We send out a regular newsletter for which specific consent is given at the point of subscription. You can unsubscribe from our emails at any time; directions on how to do this will be contained within the email.
We use third-party providers GSuite & Google Cloud and Mailchimp to store contact information, record consent and to deliver these communications. Information is stored until the data subject removes their data or unsubscribes. More information about these providers and GDPR can be found here: GSuite & Google Cloud GDPR . Mailchimp Privacy Policy.
Alongside this, there are groups of people (e.g. Team leaders, team members, small group members) where a legitimate interest is shared with Grace Church. Contact information is held on these groups to facilitate communication but again can be unsubscribed from and information removed at any time at your request. Contact [email protected] for more information or to make a request.
Personal information may also be shared through our notices slideshow at our Sunday gatherings. This will however only be shown if consent has been received from the individuals involved.
3.2 Connecting via our website
Grace Church uses its website to inform people as well as to enable visitors to make contact with us. Our website uses GoDaddy to host and facilitate activity. All content on the site (e.g. words, photos) is only published if consent has been received. If links are provided to other websites (on our website), they are not covered by this privacy notice. Please review the privacy notices /policies on the sites you visit. GoDaddy Privacy Policy
3.3 Connecting via social media / video channels / whatsapp
We use a number of social media channels and YouTube to connect with those who are part of, or interested in, Grace Church. As with our website, we will only publish ‘new’ content if we have the consent from those people the content refers to. Please refer to the privacy policies of our third-party providers for more information: Twitter, Facebook (inc Messenger), Instagram, YouTube, WhatsApp
3.4 Connecting via email
Grace Church uses Gmail for email communication, which has built-in security measures. We will use your email address to correspond with you over the content of your inquiry until a conclusion is reached. The nature of the content of your email will determine how long it is kept for. We will not add your address to any direct communications list (see section 3.3) unless you have given your consent for us to do so. If at any time you wish to remove your email address from our systems then please contact us as per section 2.0. Google Privacy Policy.
3.5 Events
We use Facebook, Doodle and Eventbrite (third party providers) to facilitate our event booking process and communications. Event planning documents are stored on Google Drive. These privacy statements can be found in section 3.3 or here: Doodle, Eventbrite, GSuite & Google Cloud GDPR. We will ask you for contact information and your preferences according to the type of event being run. The information we collect is only used to facilitate the contract between us (by you attending the event). This information will not be used for any other purposes or passed onto any other third parties unless you have consented for us to do so. We will hold any data you provide us, which is specific to the event, until all aspects of the event are completed.
3.6 Financial transactions & management
Grace Church uses Swish, bank giro and bank transfers to help facilitate its financial transactions, donations and financial management. This will involve in the main names, addresses and debit/credit card and bank details depending on the nature of the transaction.
We bank with Swedbank who process all payments. Records are kept as a minimum for the period required to meet statutory compliance or until the contract is completed. Financial reports are stored on Google Drive with restricted access. Please refer to these privacy policies for more information: Swedbank. Swish. Bankgirot.
In order to maintain statutory compliance, certain information is shared with Skatteverket (the Swedish tax authority).
4.0 Day to day running
4.1 General operation & systems
In order to facilitate the operation of Grace Church, third party providers Trello (project management) and Google Drive are used. The third-party privacy policies can be found here: Trello, GSuite & Google Cloud GDPR.
Certain documents are required for the daily running and administration of church activities and volunteers, as well as tracking numbers attending and demographics. These include our attendee contact list, volunteer lists and rotas. These are stored on Google Drive and access is limited to team leaders and volunteers on a need to know basis as per section 1.0.
If paper documentation containing personal information is required to carry out general operations, it is securely stored and securely destroyed when no longer needed. As with the online/electronic systems, access is restricted according to the ‘need to know’ principle as outlined in section 1.0.
Any physical promotional literature produced involving personal information (including photos) will always require the consent of the individual involved.
4.2 Employment & HR
Recruitment documents (e.g. CV) and employment documents (e.g. contracts and payslips) will contain / require personal information to be held. This information is held because of a statutory and legal responsibility to do so, and to carry out contractual requirements.
Personal information will also need to be held for volunteers, especially those with specific responsibilities. All of this information is held in line with principles outlined in section 1.0 and is held until all statutory responsibilities have been fulfilled.
Employment and HR documentation are stored in Google Drive. In addition, MaxPA is used to facilitate payroll. Where applicable to the role, criminal record bureau requests may be carried out with the individual’s consent. MaxPA.
5.0 Acknowledgements
Our thanks to Relational Mission, on whose Privacy Notice this is based.
6.0 Contact information
Grace Church Stockholm
Organisation number 802476-1200
Jyllandsgatan 215, Kista
[email protected]
NOTICE END
