Privacy Policy

Version 4
27th November 2023

What is this Privacy Policy?

This Privacy Policy tells you how and why we collect, store and process your personal information. It also tells you about your rights concerning this information and how to go about exercising those rights. It has been updated to reflect the changes made to EU data protection laws by ‘GDPR’ (General Data Protection Regulation) which came into force in May 2018. GDPR is a large and complex law but we don’t want this policy to be lengthy and complex. We’ve tried to explain things as simply as possible while still giving you the information you need. If you want further clarification please ask.

This policy only deals with the data collected by Eastgate, it doesn’t cover other organisations we deal with. These organisations, which are detailed below, will have their own privacy policies. Certain areas of Eastgate, such as the Healing Centre and Transformation Centre, will have very specific needs regarding personal data and you will need to refer to their privacy policies if you want to know how they handle personal data.

We will review and update this policy from time to time and the latest version will be published here.

Our Privacy Promise
You and your personal data are very important to us and we promise to take the privacy and security of your data seriously. The principles of how we treat your privacy are:

  • Transparency We will be open, honest and clear about how we handle your data. We will try to explain clearly what you need to know without being long-winded or overly complex. We won’t hide anything. If you need to know more, please ask. We will also be open and honest if we make mistakes.
  • Choice You are in control of your data. We will always give you the choice of what data you give us and what communication you receive from us.
  • Trust We want you to trust us with your data. We will store it securely and only process it in accordance with this policy. We won’t sell it or share it with other organisations. We accept responsibility for the security of your data.
Who is Eastgate and what does it do?

You are trusting Eastgate with your personal data so let’s be clear about who or what Eastgate is and what it does.

Eastgate (which used to be known as ‘North Kent Community Church’) is a church, a registered charity and the organisation which owns and operates the building called Eastgate. We use our building as a home for the church and its activities, a community centre and an events venue.

Our address is:
Eastgate
141 Springhead Parkway
Northfleet
Gravesend
Kent
DA11 8AD

We can be contacted at:
01474 873040
office@eastgate.org.uk

Our website is:
www.eastgate.org.uk

What data do we collect and why do we collect it?

We will only ask for your data if we have a good reason to ask and we won’t ask for information we don’t need. We collect this data when you express an interest in joining Eastgate, when you register for one of our activities or when you choose to subscribe to our mailing list. We use this information to:

  • organise and run the church

  • manage activities and courses run by the church

  • publicise and manage conferences and events

  • keep you informed of what’s going on at Eastgate

  • provide Healing Centre and Transformation Centre services

  • manage Eastgate room hire

  • meet statutory and legal obligations (e.g. financial and gift aid records)

  • analyse the effectiveness of email communications

  • analyse the use of our website

Where is this data stored?

We operate our own servers and make use of several ‘cloud-based’ systems. This is where your data is stored. Our own servers are secure, up to date, and well maintained. Access to our servers and the cloud-based systems we use is granted only to Eastgate people and only when there is a need. When that need no longer exists, access is revoked. The cloud-based systems we use are:

  • ChurchSuite, for church administration, management, communication, event management and ticketing
  • Microsoft Office 365, mainly for email communications and calendaring
  • MailChimp, for mailing list communication
  • UpCloud and Hetzner, for website hosting
  • Zettle, PayPal, Stripe and GoCardless, for payment processing
  • Google, for website usage analysis
  • CAF Bank and Barclays, for banking
  • Thirtyone:eight, for safeguarding services
How long do we keep your data?

We will only keep your data for as long as we believe there is a legitimate reason to store it. If you ask us to delete it, we will. However, when there is a legal or statutory reason to keep data then we will store it for as long as we are required. For example, certain financial records must be stored for 6 years. We will store this information securely.

Who do we share your data with?

We will not share your data with other organisations or individuals and we certainly will not sell your data to anyone. If we believe you might be interested in something that another organisation or individual has to offer we may tell you about it but we wouldn’t share your information without your permission.

What rights do you have over your data?

You are in control of your data. We give you the choice over how much or how little data you share with us. You also have certain rights over your personal data that we store.

  • You have the right to see what data we hold and to know how we use it

  • You have the right to amend and update your data

  • You have the right to control or restrict how we process your data

  • You have the right to stop us using your personal data

  • You have the right to have your data deleted (the ‘right to be forgotten’)

If you wish to exercise any of these rights all you have to do is ask.

Please be aware that there are some situations where you may not be able to exercise these rights. For example, we cannot delete data we are legally required to store; we cannot reveal, update or delete personal data if you are unable to prove your identity; we cannot meet requests that would impact the rights or privacy of others; and we aren’t required to comply with requests which we genuinely feel are unreasonable or excessive. If we are unable to comply with a request about your data we will always explain why.

When will we contact you?

If you are part of the Eastgate church family we will contact you, usually be email, to keep you informed about what’s going on at Eastgate and to organise areas of church life in which you are involved. We will do this because both you and Eastgate have a legitimate interest in this communication.

If you aren’t part of the church family we will contact you:

  • when you sign up for something we offer, whether it is free or not. Again, we do this because there is a legitimate interest in this communication.

  • when you purchase something from us (e.g. conference tickets). We have a contractual obligation to communicate regarding the transaction.

  • when you subscribe to our mailing list. We do this because you have given consent for this communication in the preferences you set when subscribing. We will only contact you according to the preferences you’ve set and you can update your preferences or unsubscribe from the mailing list at any time by using the links in the footers of mailing list emails.

Do we use cookies or other tracking technologies?

We do not track your personal activity on our website. Most websites use cookies to improve your experience and Eastgate’s website does this. Without cookies, some areas of the website wouldn’t work properly.

We also use Google Analytics to monitor and analyse the use of our website but we do this determine overall usage and trends and not to track individuals.

The payment processing companies we use also use cookies to facilitate transactions made from or through our website. Without them, we would not be able to process payments.

Our mailing list tool, MailChimp, tracks the emails it sends. It does this, not just to monitor the effectiveness of such emails, but to identify email addresses that are unused or no longer valid. This enables us to keep the list up to date and accurate, which we are required to do. We don’t use MailChimp to track an individual’s response to emails.

Do we use CCTV?

Eastgate operates a CCTV system in the ground floor public Coffee Shop area of the building. We do this to prevent crime and anti-social behaviour and to provide a level of protection for users of that area.

CCTV footage is stored on Eastgate’s own secure server to which only specific members of Eastgate staff have access. Captured footage would only be viewed if an incident occured where CCTV footage would assist in dealing with it. If an incident required the involvement of external organisations such as police or insurance companies, then relevant footage may be shared with them. Apart from that, footage is not shared with anyone else.

Captured footage is stored for no more than 14 days. If required for the investigation of a specific incident, relevant portions of footage may be extracted and kept for longer, but would be deleted once the matter has been dealt with.

Eastgate’s Centre Manager and IT Manager have responsibility for the CCTV system and the footage captured. Please ask to speak with them if you have any questions or concerns related to the CCTV system.

What we ask of you

We aim to give you control over what personal data you provide and how it is used. Where possible, we give you access to these controls. For example, if you wish to update your email address or amend your mailing list preferences you can do so by following the links in the footer of mailing list emails. Giving you access to, and responsibility for, your own data is by far the best way of keeping everything accurate and up to date. So please don’t be offended if we ask you to manage your own data wherever this is possible; it’s in your best interests.

Likewise, if you contact us regarding your personal data we will need to verify your identity before we do anything. Depending on your request, we may simply need to ask you to provide some information over the phone or, in some situations, we may need you to provide certain documents. Again, please don’t be offended; we do this to protect your data.