GDPR and Cookies Policy

1. Introduction

Bedford Pentecostal Church is committed to protecting your personal data and respecting your privacy in accordance with GDPR regulations. We collect and use personal information only in ways that are lawful, transparent, and necessary for the work and mission of the church.

This policy explains:

  • What personal data we collect.
  • Why and how we process your personal data.
  • How long we keep your data.
  • Your rights under the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.
  • How we use cookies on our website.

By visiting or engaging with Bedford Pentecostal Church, you agree to the terms of this policy.

2. Who We Are

Bedford Pentecostal Church is the data controller, which means we are responsible for determining the purposes and means of processing personal data.

Contact details:

  • Address:1 Roise Street, Bedford, MK401JJ
  • Email: admin@bedfordpentecostalchurch.co.uk
  • Phone: 01234 210550

If you have questions about this policy or how your data is used, please contact our Data Protection Officer at the above details.

3. What Personal Data We Collect

We may collect and process the following categories of personal data:

  • Basic information: name, title, address, telephone numbers, email addresses.
  • Demographic information: date of birth, gender, marital status, family details.
  • Church-related information: attendance, membership, ministry groups, pastoral needs.
  • Employment/volunteer information: CVs, references, payroll details, tax and NI data, training records, safeguarding checks.
  • Financial information: bank details (for donations/standing orders), Gift Aid declarations.
  • Health and safeguarding data: medical conditions, dietary needs, DBS records, safeguarding notes.
  • Technical information: IP address, browser type/version, operating system, referral source, browsing activity (via cookies).

4. How We Collect Data

We collect data in several ways, including:

  • When you provide it directly (e.g., through forms, emails, phone calls, or during church events).
  • When you use our website (via cookies and analytics tools).
  • From third parties (e.g., when processing donations through PayPal or Stripe, or when receiving references for employment).
  • Through photographs, video, or livestreams taken at services/events (with consent where required).

5. Lawful Bases for Processing

We process personal data under one or more of the following legal bases:

  • Consent – where you have freely given clear permission (e.g., to receive newsletters).
  • Contract – where processing is necessary for a contract with you (e.g., employment, volunteering).
  • Legal obligation – where we must comply with the law (e.g., HMRC for Gift Aid, safeguarding regulations).
  • Vital interests – to protect someone’s life (e.g., medical emergencies at events).
  • Legitimate interests – where processing is necessary for the mission and administration of the church, provided your rights are not overridden.
  • Special categories of data – such as religion, health, or safeguarding data, processed under Article 9 GDPR (with explicit consent or where required for safeguarding or pastoral purposes).

6. How We Use Your Data

We may use your personal data to:

  • Communicate with you about services, events, and activities.
  • Provide pastoral support and care.
  • Administer membership, attendance, and volunteering records.
  • Process donations and manage Gift Aid.
  • Ensure the safety and safeguarding of children and vulnerable adults.
  • Manage employees and volunteers.
  • Comply with legal, financial, and safeguarding obligations.
  • Improve our website and digital communication.

7. Sharing Your Data

We will never sell or rent your data. Your personal data may be shared only with:

  • Church staff and authorised volunteers – where needed for ministry or administration.
  • Service providers – e.g., ChurchSuite, MailChimp, Google Apps, PayPal, Stripe, event registration tools (with confidentiality agreements in place).
  • Regulatory bodies – HMRC, Charity Commission, safeguarding authorities, or law enforcement if legally required.
  • Medical or emergency services – where vital interests are at stake.

We do not transfer your data outside the UK or EEA unless adequate safeguards are in place.

8. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, and in line with legal requirements. Typical retention periods include:

  • Employment and financial records: 6 years.
  • Gift Aid declarations: 6 years after the last donation.
  • Pastoral/safeguarding records: as long as required for safeguarding or pastoral purposes (then securely deleted).
  • General contact details: deleted within 24 months of your last engagement unless you request otherwise.

9. Data Security

We take appropriate technical and organisational measures to protect your data against loss, misuse, or unauthorised access, including:

  • Password-protected systems.
  • Secure storage of paper records.
  • Role-based access controls for staff/volunteers.
  • Regular training in data protection.

10. Your Rights

Under GDPR, you have the following rights:

  • Right to be informed – about how your data is used (this policy).
  • Right of access – to request a copy of your data.
  • Right to rectification – to correct inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data (where no lawful reason prevents this).
  • Right to restrict processing – to limit how your data is used.
  • Right to data portability – to transfer your data to another provider.
  • Right to object – to certain processing, such as direct marketing.
  • Rights regarding automated decision-making – Bedford Pentecostal Church does not use automated decisions or profiling.

To exercise your rights, please contact our Data Protection Officer. You may also complain to the Information Commissioner’s Office (ICO) if you believe your rights are not respected.

11. Data Breaches

If a data breach occurs that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals as required.

12. Cookies Policy

What Are Cookies?

Cookies are small text files placed on your device when you visit our website. They help the site function effectively and provide us with information about how visitors use the site.

Types of Cookies We Use

  • Strictly Necessary Cookies – required for basic site functionality (e.g., security, login).
  • Performance/Analytics Cookies – collect anonymous data about how visitors use the site (e.g., pages visited, time spent). We use Google Analytics for this purpose.
  • Functionality Cookies – remember your preferences (e.g., language, accessibility settings).
  • Third-Party Cookies – set by external services we use (e.g., YouTube for video embedding, MailChimp for newsletters, social media platforms).

Why We Use Cookies

  • To improve website performance and security.
  • To understand visitor behaviour and improve content.
  • To support multimedia features such as video or event registration.

Managing Cookies

When you first visit our website, you will see a cookie consent banner. You can accept or reject non-essential cookies.

You can also manage cookies through your browser settings:

  • Block all cookies.
  • Delete existing cookies.
  • Allow only certain types of cookies.

Please note: disabling cookies may affect functionality and your experience on our website.

13. Changes to This Policy

This GDPR and Cookies Policy was last updated in September 2025. We may update it periodically to reflect changes in law or church practices. Updated versions will always be published on our website.

14. Contact Us

If you have questions or concerns about this policy or your data, please contact:

Data Protection Officer
Bedford Pentecostal Church
1 Roise St, Bedford MK40 1JJ
admin@bedfordpentecostalchurch.co.uk
01234 210550