Who We Are
RCCG Living Seed Church Derby is the data controller for personal data processed through this website for church communication, ministry operations, event registration, safeguarding duties, and pastoral care.
Legal
Last updated: March 10, 2026. This policy explains how RCCG Living Seed Church Derby collects, uses, stores, and protects personal data in line with UK GDPR, EU GDPR principles, and the Data Protection Act 2018.
RCCG Living Seed Church Derby is the data controller for personal data processed through this website for church communication, ministry operations, event registration, safeguarding duties, and pastoral care.
We may maintain a central People record so authorised church administrators can connect contact details, ministry roles, attendance, first-timer follow-up, cell group membership, worker records, birthdays, anniversaries, and communication consent without creating unnecessary duplicate records. Finance, Gift Aid, store, testimony, and pastoral details remain in their own systems and are not broadly exposed through a general People profile.
We also keep audit logs, duplicate review notes, privacy action records, and retention review records to help us correct data, respond to privacy requests, and demonstrate responsible administration.
Where we provide a secure update link, it is time-limited and intended only for the person it was sent to. We record profile update submissions, processing outcomes, and review flags so authorised administrators can correct records and resolve conflicts without requiring member accounts or passwords.
Profile photos are optional. If you upload one, we store a reference to it on your central People record and record whether you consent to church use of the photo for internal administration and celebration purposes. Profile photos are not used to create a public member directory.
Card payments on this website are processed by Stripe. We do not store full card details on our servers. Where you place a store order, register for a paid event, or make a donation, we keep the transaction details needed to fulfil the request, reconcile payments, respond to support queries, and maintain accounting records.
If you submit a Gift Aid declaration, we collect the donor information required to support that declaration, including your name and home address. We retain Gift Aid records as required for charity and tax compliance.
If you complete the first-timer form, we use your details to welcome you, understand which service you attended, and contact you only through the channels you agree to. Prayer requests are optional and are treated as sensitive church-context information, visible only to authorised church administrators. Follow-up notes and contact history are kept separate from general people profile fields and are used for care and administration.
Where someone serves as a church worker, we may keep operational records about their department assignments, worker status, onboarding, and leadership roles. These records are separate from finance, Gift Aid, testimony, and pastoral follow-up notes.
Where birthday or anniversary information is provided, we use it for church care reminders and optional greetings. General celebration views use day and month rather than broadly exposing full dates of birth. Automated birthday or anniversary messages are only sent where the relevant communication consent has been recorded, and you can ask us to update or withdraw that consent at any time.
When you submit a cell group form, we use your details to assign you to a suitable group, keep a record of current or historical membership, and maintain the original submission for administration. Birthday day and month collected through cell group forms may also be used for church care reminders, but conflicting details are not automatically overwritten.
We keep personal data only as long as necessary for operational, legal, financial, and safeguarding purposes. Data is periodically reviewed and removed or anonymized when no longer required. Some records, such as finance, Gift Aid, safeguarding, and audit records, may need to be retained for legal or accountability reasons even if other contact or profile information is corrected, restricted, archived, or anonymized.
Subject to applicable law, you may request to:
We use trusted service providers for hosting, data storage, payment processing, newsletter delivery, and email communications, including Supabase, Stripe, Mailchimp, and our SMTP email provider. We do not sell personal data. Where processors are used, appropriate contractual and security controls are applied.
Some of our service providers may process data outside the UK. Where that happens, we rely on lawful transfer mechanisms and provider safeguards designed to protect personal data to UK GDPR standards.
For privacy requests, contact the church office at info@rccglscderby.org or by phone on 07979 592862. You also have the right to raise concerns with the UK Information Commissioner's Office (ICO).