Last updated 24 May 2018
Parish Pump Ltd takes your privacy very seriously. The information you provide to us through our website will be held under the General Data Protection Regulation (GDPR) which was adopted by the EU in April 2016 and came into force on 25th May 2018.
We know that your privacy is very important to you. We recognise the importance of protecting the information which you give to us when you join our website. Parish Pump Ltd will only use personal data in connection with its purpose in providing editorial and graphic resources to its subscribers. It does not make personal data available to any other organisation or individual. So, we will never pass on your details to any third party, unless required to by law. We will always notify you if this is the case.
2. How do we collect data on you?
We collect information from two key sources:
- Information you give us directly: such as when you take out a free trial with Parish Pump, become a registered subscriber, or request extra resources etc.
- Information from your use of our website: we collect non-personal data such as Internet protocol (IP) addresses, details of pages visited, and files downloaded. Website usage information is collected using cookies (see Section 16 below).
Parish Pump Ltd does not capture and store any personal information about individuals who access this website, except where you choose to give us any of your personal information, or where such information is necessary to deliver the website content (e.g. your IP address is necessary to send the web page back when you access the website).
These include you accepting cookies from our website, taking out a free trial with Parish Pump Ltd, going on to become a registered subscriber of Parish Pump Ltd, requesting extra resources such as our published booklets, or by sending us an email or payment via Paypal, bank transfer or cheque.
3. What data do we hold on you?
Parish Pump Ltd requires some data in order to provide a subscription service to its members on the website. This data is as follows:
- your name
- your password (encrypted)
- your email address
- your church’s name
- your church’s postcode
- your church’s parish (or area)
- your church’s diocese (or region) (optional)
- your church’s denomination
- your church’s country (optional)
- a contact phone number (optional)
If you order a copy of our booklet, we will need you to provide a street address to which we can post it. This could be your home address or your church address.
If you pay by Paypal, we will keep a record of the details required by Paypal in order to complete a transaction. This may include your registered Paypal email address and other information that you have chosen to allow Paypal to share.
If you pay by bank transfer, we will have whatever information you provided to our bank in order for us to connect your payment with your account.
If you pay by cheque, we will have whatever name and address details which you post to us alongside your cheque.
4. What is our basis for holding data on you?
The various lawful bases for processing data are set out in Article 6 of the GDPR. We have reviewed the purposes of our processing activities and selected the most appropriate lawful basis with regard to Parish Pump Ltd.
We hold your data under the lawful basis of contract. This is because subscribers to Parish Pump join by taking out and paying for a year’s subscription to Parish Pump Ltd. A paid subscription is a contract between subscribers and Parish Pump Ltd.
5. What is it used for?
We keep information that is necessary in order for us to:
- maintain an accurate record of all our subscriber
- provide our subscribers with access to our website
- inform a subscriber when their account has any problem with it, or that it is about to expire, or that it has just expired.
- to enhance or improve a subscriber’s experience on our website
6. Where is the data held?
When you take out a subscription to Parish Pump Ltd, your data is stored on our database. The database is stored on a server which is secured by firewall that employs access control to restrict unauthorised access to the data.
Software updates are monitored and applied to ensure that the latest secure versions are used. Backups of the website database are taken and stored on an encrypted off-site system.
When you email us, your email will be kept secure by the Parish Pump staff who have appropriate security measures on their devices.
When you write to us, your letter is kept in the Parish Pump office, which is locked.
7. Who can access it?
Only the following people have access to personal data kept digitally:
- employees of Parish Pump Ltd
- IT sub-contractor staff
- website hosting managers
Data stored in the Parish Pump office is accessible only to PP staff.
8. What security controls are in place?
The MySQL server: This is protected by authentication and firewall and is not accessible remotely other than via multi-layer password authenticated mechanisms. A daily backup of the database is taken which is stored on server and also backed-up through a daily backup process that stores a full system backup on an encrypted off-server system.
The PP website: As soon as a data security breach has been detected or is suspected, we will liaise with relevant suppliers (e.g. IT support or managed hosting company) who will determine the nature and extent of the breach and take immediate steps to stop the breach.
If individual’s data has been compromised, we will take appropriate steps to notify them where necessary and report any relevant breaches to the ICO.
The Parish Pump office is accessible only to PP staff. It is kept securely locked at all other times.
Parish Pump Ltd does not receive or hold any credit card details for payments made via this website. All on-line payments are handled by Paypal. We do not hold any bank details for any payments made to us.
9. How long is your data kept for?
How long we keep your information collected through our website depends on the context in which you provided it. As a general rule we will keep the time to the minimum necessary for the purpose.
Free Trial Subscribers: A free trial lasts for one month, and then expires. If it is not upgraded into a full membership, we will delete the data provided for the free trial six months after its expiry. The delay is because many churches join for the Free Trial, let the account lapse for several months, and then return to take out a full Subscription.
Full Subscribers: A full membership lasts for one year, and then expires. If it is not renewed, we will delete the data provided for the full membership six months after its expiry. The delay is in order to give churches, whose editors have left, time to find a new editor and for that editor to take over the Parish Pump subscription for that church.
We will keep records of any financial transactions you enter into with us for no less than six years, and no more than seven years. This will enable us to meet with accounting requirements and respond to any questions from you that arise during that period.
Records of subscription orders (not containing financial information) will be kept for the lifetime of the Parish Pump website. The subscription order does not include any identifying information aside from the User’s ID (which is replaced by ‘Deleted’ when the user is removed from the database).
Emails sent to us – these are kept for up to two years, and then deleted.
Postal correspondence – this is kept for 13 months and then shredded.
10. How is your data destroyed?
By electronic erasure on the database and emails, and shredding of written documents.
11. Who sees your data?
The information we collect through our website is used exclusively within Parish Pump Ltd for the purposes of your subscription. We do not pass any of your personal information on to any outside organisation and/or individuals for their own purposes.
We do share information with organisations who provide a service to us (for example, Paypal, which processes payments on our behalf).
We do share data if we are under a legal obligation to do so or in order to enforce or apply our rights.
Only Parish Pump staff and Parish Pump’s contracted IT support and website management staff will see your data. It is a condition for anyone who works with Parish Pump Ltd that they shall not divulge or copy any confidential information concerning the business of Parish Pump Ltd, its suppliers, clients, and customers. To minimise the risk of unauthorised disclosure of your information, we will use some of your information to verify who you are when you contact us.
12. Your right to view the information we hold about you
You may see all the electronically stored information that Parish Pump Ltd holds about you at any time, simply by logging into your account. This is a free service.
You may amend this information at any time, by updating your details on your account.
If you wish to have a copy of all information that Parish Pump holds about you including emails and any paperwork (i.e. letters that you have sent to the Parish Pump office) then you must request this in writing. We will provide this within one month. This is a free service.
13. Your right to ask us to ‘forget’ you
You may ask us at any time to delete all your details (and thus terminate your subscription to Parish Pump Ltd). We will do this as soon as possible, usually on the same day, or, if the office is closed for any reason, within a week. This is a free service.
If you have any questions, please contact us [email protected]
14. How do we keep our data on you up to date?
It is your responsibility to make sure that the data we hold for you on your account is up to date and correct. Parish Pump Ltd cannot be responsible for what data you choose to provide to us. We do provide you with regular reminders to review and update your account with us, usually when renewing your subscription.
15. Your right of data portability
GDPR states that business must have processes in place to allow individuals to move, copy or transfer their personal data from one IT environment to another in a safe and secure way, without hindrance to usability. You may access the data that you have given us by logging in to your account on our website from any digital device that is connected to the internet.
16. Links to other sites
This website includes links to other sites. Parish Pump Ltd cannot be held responsible for their GDPR compliance or privacy policies or the way in which they handle personal information.
17. Cookies on Parish Pump
This website is owned and operated by Parish Pump Ltd. When someone visits old.parishpump.co.uk (or any alias that redirects here) we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site.
We collect this information in a way which does not personally identify anyone. Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.