Privacy Notice

How St Andrew the Great Church (“we”) use your information

Your privacy is important to us.  We are committed to safeguarding the privacy of your information. 

Data controller

St Andrew the Great Church is the data controller and responsible for your personal data. (This is the operating name of The Parochial Church Council of The Ecclesiastical Parish of Holy Sepulchre Cambridge, Charity number: 1133975, address: St Andrew’s Street, Cambridge CB2 3AX, 

For further information, please contact The Senior Administrator ( 

If you have a concern about the way we are collecting or using your personal data, we would ask that you raise your concern with us in the first instance, or you may raise your concern directly to the Information Commissioner’s Office at 

Why are we collecting your data?

We collect personal data to provide appropriate pastoral care, to monitor and assess the quality of our services, to fulfil our charitable purposes as a church and to comply with the law regarding data sharing. In legal terms this is called ‘legitimate interests’. When it is required, we also ask you for your consent to process your data. We do not share your information with others except as described in this notice. 

We will normally process your data on one or more of the following bases: 

  • because it is necessary for our legitimate interests; 
  • it is necessary for compliance with a legal obligation; 
  • where we have your consent; or 
  • if it is necessary for the performance of a contract (e.g. an employment contract or a contract to hire premises), or to take steps to enter into a contract. 

Legitimate Interest means the interest of our church in conducting and managing our charitable activities to enable us to give you a high quality and secure experience of our church community, events, products and services. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). 

Where we are collecting special category data, we do so under the condition of legitimate activity as a not-for-profit organisation, and we will not disclose this information to third parties though we will use duly appointed external data processors as described below. 

We may use your information for the following purposes: 

  • to provide you with pastoral care and/or support; 
  • to communicate with you in relation to rotas and/or groups that you may join or be interested in (including Bible study groups); 
  • to organise and/or perform services for you such as baptisms, confirmations, reading banns, weddings and funerals; 
  • to include you on a church management system used by the church (e.g. ChurchSuite) as part of providing services to you; 
  • where you wish to help out with one of our children’s or youth ministries, or you wish to help with another ministry or event which requires safer recruitment checks, to carry out comprehensive safeguarding procedures in accordance with best safeguarding practice and legal requirements with the aim of ensuring that all children and adults-at-risk are provided with safe environments; 
  • to enable you to register or book yourself or your child onto one of our events or courses; 
  • to enable you to place your child in one of our crèches or activities for children and young people; 
  • to enable you to sign your child up for a children’s or youth group or club; 
  • to facilitate prayer for ministry you’re involved in (e.g. through the production of the church prayer diary); 
  • to respond to your enquiries in relation to our church; 
  • so that we can tell you about other information or events that we think may be of interest to you, though we strive to provide you with choices around marketing and advertising, and offer options to opt out of receiving such communications; 
  • to notify you of changes to any services and/or events; 
  • to enable you to register on any of our websites to access information; 
  • to seek your views or comments; 
  • to handle any complaint you may have; 
  • where it is necessary for the preparation or performance of a contract with you; 
  • to manage, maintain and publish our electoral roll (where you choose to join) in accordance with Church Representation Rules 
  • where it is necessary in connection with a professional or legal obligation; 
  • to remember your preferences e.g. if you ask not to receive fundraising materials; 
  • to discuss volunteer opportunities with you; 
  • if you apply for a job to consider you for employment; 
  • to customise our websites and content to your particular preferences; 
  • to notify you of any changes to our websites or to our services that may affect you; 
  • to detect and prevent fraud/crime; 
  • to transmit and record livestream services, events or meetings (e.g. via YouTube or Zoom) to enable the participation of those who would otherwise be unable to attend; 
  • to monitor and assess the quality of our services; 
  • for other everyday charity and church purposes, such as internal record keeping, payment processing and financial account management, claiming gift aid on donations, contract management, website administration, analytics, corporate governance, reporting and legal compliance; 

We will normally only use your information for the purpose it was collected (or for other compatible purposes). Your personal data will not be used for an unrelated purpose, save where this continues to be in accordance with the GDPR, in which circumstances we will normally notify you in advance. 

Any time you supply us with your personal data, we will use it in line with this notice, which is always available on our website. Our websites and online services may include links to third-party websites, plug-ins and applications. Clicking on those links or permitting those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

The categories of information that we may collect, hold and share include:

  1. Personal information, such as name, telephone number, address, age, email address, gender, nationality, language(s) spoken, financial details, electronic devices, and other biographical information you may provide us; 
  2. Special categories of personal data, such as your religious beliefs, ethnicity, information concerning health e.g., in relation to pastoral care, children’s medical care, special diets, information concerning sexuality e.g., in relation to pastoral care.

How we obtain information about you

1. Information which you provide us

You may provide us with personal data in many situations, such as when/if you: 

  • fill in one of our feedback/help/enquiry forms on one of our websites; 
  • leave a comment on one of our social media pages; 
  • attend one of our events, prayer meetings or Sunday services; 
  • complete a welcome card;  
  • complete the “I’m new” form on our website; 
  • apply for a Disclosure & Barring Service (“DBS”) check; 
  • place your child in one of our crèches or activities for children and young people; 
  • sign up for a course or event (e.g. a marriage course / Christianity Explored Course); 
  • sign your child up to attend a children’s/youth club or event (e.g. a children’s holiday club); 
  • join a Bible study group, a ministry team or group and/or join a serving rota; 
  • attend a group run by our church; 
  • email us or phone us or meet us in person (including for the purposes of pastoral care, encouragement, training and/or prayer) 
  • make a donation or pay for activities such as a weekend away; 
  • complete a giving/fundraising and/or gift aid form; 
  • request our involvement with a baptism, confirmation, wedding or funeral; 
  • volunteer with us; 
  • apply to hold an external event on our property; 
  • complete a reference request for someone volunteering/applying for employment with us; 
  • apply for a role with us (including completing any safer recruitment checks); 
  • renew any safeguarding clearances with us; 
  • are employed on the staff team; 
  • are appointed as a trustee; 
  • apply to join the electoral roll; 
  • sit in seats within our building which are on our livestream services or events; 
  • update your details or upload a photo via one of our church management systems (e.g. ChurchSuite). 

2. Information we collect about you

We collect information about you when you engage with us online or by email e.g. when you visit one of our websites, download articles/information from one of our websites, open or forward an email sent by us or engage with us on social media networks. Information may be collected via cookies and similar technologies, as detailed below. We may collect information about you as part of attendance at a church event, either on our premises or elsewhere.  

3. Information we receive from other sources

We may also collect information about you from reputable third parties (e.g. external services that we use, such as ChurchSuite, Microsoft 365; also service providers such as Funeral Directors, the diocese) that operate in accordance with UK data protection legislation or other public sources, if this is permitted by law. 

If you give us information on behalf of someone else, you confirm that the other person has agreed for you to act on their behalf in this regard. If you are unsure of this, please do not provide their personal information (instead, for example, booking in ‘friend of xx’ for an event’). 

An adult may supply information and give consent on behalf of a child for whom they have responsibility. We will continue to hold data for those who turn 18, but will endeavour to inform them and seek their continued consent for this where needed. 

Storing your data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.  

We hold your data for varying lengths of time depending on the type of information in question but in doing so we always comply with Data Protection legislation. Details of retention periods are available in our retention policy which you can request by contacting us. 

Where you have provided contact details, we will contact you annually to check that the information and communication preferences which we hold for you within our church database system (e.g. ChurchSuite) are accurate. 

Security of your data

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those staff members (whether paid or voluntary), trustees and congregational volunteers who need to know. 

Where we use external service providers to provide elements of our service and/or to process data on our behalf they are bound by law or contract to protect your personal data and only use it in accordance with our instructions. We only allow them to handle your personal data on the understanding that they will keep the information confidential. 

All our staff who have access to personal and/or confidential information are subject to confidentiality obligations and may be subject to discipline including dismissal if they fail to meet these obligations. Church volunteers who process personal information on our behalf are also required to comply with our Data Protection Policy and Confidentiality Policy. 

While we will use all reasonable efforts to safeguard your personal data you acknowledge that the use of the internet is not entirely secure and understand that we cannot guarantee the security or integrity of any personal data that is transferred from you or to you via the internet. If you want detailed information on how to protect your information and your computers and devices against fraud, identity theft, viruses and other online problems you can visit, which is supported by HM Government and leading businesses. 

We have put in place procedures to deal with any suspected personal data breach and will notify you and the ICO where we are legally required to do so. 

Who do we share your information with?

We recognise that your information is valuable and will take all reasonable measures to protect your information while it is in our care. Generally, we will not share your personal data with others outside of the church. In most cases, only our employees, workers and volunteers approved by us, will see your data. However, there are situations where some of your data might be made visible to others, for example, you can choose whether or not to make your contact details available to other members via ChurchSuite. This is because it is in the legitimate interests of the church family to be able to contact one another and provide care, support and encouragement to one another. 

In line with the purposes above, some of your personal data may be shared with: 

  • the diocese and central institutions of the Church of England in accordance with our obligations under ecclesiastical law and in relation to safeguarding; 
  • staff and volunteers within the church where relevant to their roles; 
  • those participating in our events or receiving our emails when you ask us to announce a birth, wedding, birthday, funeral or other significant piece of news; 
  • recipients of the church prayer diary; 
  • another organisation requesting a reference for you which you have authorised us to supply; 
  • someone who might benefit from professional services you offer, e.g., if you are a counsellor; 
  • other charities with whom we work, including the Jesus Lane Trust, Matthew Ministry, Gospel Ministry Support Trust; 
  • property landlords and their agents, when providing accommodation; 
  • duly appointed external IT service providers (including Microsoft, ChurchSuite) who store/process information on our behalf; 
  • providers of Disclosure and Barring Service checks; 
  • third party companies or individuals for the purpose of facilitating events on our behalf (for example, group weekends away); 
  • specified mission partners, where you have asked to receive their prayer updates; 
  • the Home Office and associated bodies, and travel companies, where it is necessary to arrange visa applications, accommodation or travel; 
  • payment processors e.g. banks or card payment intermediaries; 
  • validation service providers to confirm your address and ensure any direct debit instructions are set up correctly; 
  • mailing or printing agents, contractors and advisers that provide a service to us or act as our agents; 
  • professional advisers including lawyers, bankers, auditors, pension advisors and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance and accounting services; 
  • financial services providers (e.g., Xero, Infoodle, CashPlus, Stripe, iZettle, Paya); 
  • our payroll processors so that we can properly pay our employees and our auditors so that they can fulfil their regulatory duties; and 
  • insurance companies, law enforcement, regulatory, or other government/statutory bodies (e.g. HMRC or the Charity Commission) for the purposes of fraud prevention and/or to comply with any legal and regulatory issues and disclosures. 

We do not sell, rent, distribute or otherwise make personal data commercially available to any third party except as described in this notice or with your prior permission. 


We are deeply committed to providing pastoral care in a way that preserves your dignity and privacy. That means we will never share gratuitously what you tell us and will do all we can to keep such things private. Our commitment to serving you well means that no pastoral conversation can be promised absolute confidentiality as, for instance, concerns for your safety or the safety of others, especially those subject to safeguarding provisions (children and adults-at-risk), may mean that it needs to be shared in a limited way. 

Requesting access to your personal data

Under Data Protection legislation, you have the right to request access to information about you that we hold. To make a request for your personal information contact The Senior Administrator, ( 

You also have the right to: 

  • object to processing of personal data, where our legitimate interests do not align with yours; 
  • prevent processing for the purpose of direct marketing; 
  • object to decisions being taken by automated means; 
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and 
  • claim compensation for damages caused by a breach of the Data Protection regulations.  

You have the right to opt out from receiving marketing materials (including fundraising materials) from us. You can do this by updating your correspondence settings within your profile on ChurchSuite, by contacting us or by replying to the correspondence and requesting an update to your correspondence settings. 

Changes to our Privacy Notice

This notice is subject to change from time to time. Changes may be made when our practices change or when data privacy laws are updated. We will endeavour to notify you when it is updated, but you should also check this notice regularly to ensure that you are aware of any changes. 


We use cookies on our websites and online services. A cookie is a small piece of data which is stored on your computer. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. 

There are two main kinds of cookies: “session” cookies and “persistent” cookies. Session cookies only last for the duration of users using the website and are deleted from your computer when you close your browser, whereas persistent cookies outlast user sessions and remain stored on your computer until deleted, or until they reach their expiry date. 

Cookies on our websites

We use both Session Cookie and Persistent Cookies on our websites and online services. 

Generally, we use cookies to help us administer this website, to improve the website’s usability and for marketing purposes. We may also use cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our websites in order to tailor it to user needs. We only use this information for statistical analysis purposes and then the data is removed from the system. 

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. 

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. 

Third-party cookies

We also use third-party cookies to analyse the use of this website and improve its performance. 

For this purpose we use Google Analytics. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our websites is used to create reports about the use of the website. Google will store and use this information. Read Google’s privacy policy. Find out more about Google Analytics opt out. 

Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third-party cookies.