Last Updated: 7 Apr 26

1. Introduction

Darlington Church is committed to protecting your personal data and your privacy. This policy explains how we collect, use, and protect your information across our website and our dedicated web application (**app.darlington.church**).

2. How We Collect Your Information

We collect personal information that you provide to us directly through our website, paper 'Connect' cards, and our web application hosted at **app.darlington.church**. This may include your name, contact details, demographic information, and any communication preferences you select.

3. Our Data Processor (ChurchSuite)

To manage our church records and stay in touch with our community, we use ChurchSuite, a church management system provided by ChurchSuite Ltd.

Integration: When you sign up via our website or our web application, your data is securely transferred to and stored within our ChurchSuite account.

Compliance: ChurchSuite acts as a Data Processor on our behalf. They are a UK-based company committed to high standards of security and GDPR compliance. They process your data only in accordance with our instructions.

4. Special Category Data

As a religious organization, some of the information we process is classified as "Special Category Data" (specifically, your religious affiliation by virtue of being on our church database). We process this data under **Legitimate Interest** for the administration of church membership, and where you provide explicit consent by signing up for our app or mailing lists.

5. Safeguarding and Prevention of Harm

We take our duty of care to protect our community seriously. If a comment, message, or "cause for concern" is flagged through our web application:

Retention: We may preserve a record of that specific communication even if you subsequently delete your account or request the erasure of your data.

Legal Basis: We retain this data under the legal basis of Legal Obligation and Public Interest to ensure the protection of children and at-risk adults.

Security: Safeguarding records are moved to a restricted, high-security environment and are accessible only by our designated Safeguarding Officers.

6. Data Retention Periods

We keep your personal data only for as long as necessary:

General Membership:Data is kept while you are an active part of our community. If you leave, your records are removed from ChurchSuite within 30 days of your request.

Financial Records: Donation and Gift Aid records are kept for 6 years as required by HMRC.

Safeguarding Records:** Records relating to significant safeguarding concerns are retained in line with national church guidelines (typically 75 years) to ensure long-term accountability and legal protection.

7. Your Rights

Under GDPR, you have the right to access, update, or request the deletion of your personal data.

Self-Management: If you use our app, you can manage your own data and privacy settings by logging into My ChurchSuite.

Right to Erasure: To have your entire record removed, please contact us at info@darlingtonvineyars.church.

Exceptions: Please note that the "Right to be Forgotten" is not absolute; we will fulfil your request except where data must be retained for legal, financial, or safeguarding reasons as outlined above.

8. Camera Usage: Our application requests permission to use your device's camera. This access is used solely to capture images of receipts and invoices. These images are uploaded to our secure database and may be transmitted to Xero (our accounting provider) to facilitate financial record-keeping. We do not use the camera for any other purpose and do not capture video or background images.

Data Security: All captured images are encrypted during transmission and stored on secure infrastructure provided by Base44.

User Control: You may opt-out of camera access at any time through your device's operating system settings, though this will disable the receipt-scanning feature.

We collect device IDs to provide push notifications and account authentication via Google/Firebase.

9. Contact Us

If you have any questions regarding this policy or how your data is handled, or you need an account or information deleting please contact our Data Protection Officer at info@darlington.church