Privacy Policy

Protecting and respecting your privacy

At Foundry Community Church, we’re committed to protecting and respecting your privacy. 

This Policy explains how we collect and use personal information about people who visit our website and the conditions under which it may be disclosed and how we keep it secure. 

From time to time we will update this Policy so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy. 

This Policy was last updated November 2019

If you have any questions regarding this Policy and our privacy practices you can contact us via email at [email protected] or by writing to us at Foundry Community Church, 65 Lugsdale Road, Widnes, WA8 6DA. Alternatively, you can telephone 0151 420 8837.

Who are we?

Foundry Community Church is a Church based in Widnes, Cheshire.

Foundry Community Church is a registered charity (no. 1174210) and company (no. 10866897). The registered address is Foundry Community Church, 65 Lugsdale Road, Widnes, WA8 6DA.

How do we collect information from you?

We obtain information about you when you use our website in the following ways:

Website Forms

All data submitted via our “We’ll save you a seat…”, “Share Your Story”, “Server Team Sign Up”, “Room Hire” and “Contact Us” forms is sent via email to [email protected] which is only accessible by authorised staff members. We may then use this information to response to you or carry out a requested action on your behalf.

Cookies

Cookies are text files stored on your computer, and are accessible by the websites which create them.

Our website may from time to time use cookies for to understand user behaviour, to administer the site, to tailor the information presented to a user based on their preferences, and to improve user experience.

Most web browsers automatically accept cookies, however you may delete, or disable cookies but please note that you may not be able to take full advantage of our website if you disable cookies.

Google Analytics

Our website uses Google Analytics which is an analytics service provided by Google. Google Analytics creates cookies containing information about your use of our website (including your IP address). This information is stored by Google and allows us to see how visitors are interacting with our website and helps us to make improvements to it. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google Further information about Google’s privacy policy may be obtained from http://www.google.com/privacy.html.

What type of information is collected from you?

The personal information we collect might include the following: 

  • Your name
  • Address
  • Email address
  • Phone numbers
  • IP address including information regarding what pages are accessed and when.
  • Photographs or videos of Church services or other church-related activities.

How is your information used?

The information we collect helps us to understand your needs and provide you with a better service. In particular we use information for the following reasons: 

  • To maintain internal record keeping.
  • To improve our services.
  • To send promotional emails about new services and events or other information about us which we think you may find helpful.
  • To customise our website according to your interests.
  • To create visual content for use during our Church services or other church-related activities or for use on social media.

 We may also use information for other purposes, which we would describe to you at the point when we collect the information. 

We are legally required to hold some types of information to fulfil our statutory obligations. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant agreement you hold with us.

Who has access to your information?

Your information is only accessed by authorised members of our staff. 

We will never sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

How can you access and update your information?

You have the right to request details about any personal information that we stored about yourself and how it is used.

The accuracy of the information we store about you is important to us as it enable us to provide you with the best service we can. You have the right to ask us to change information we hold about you that you believe is inaccurate or out of date.

To request a copy of your personal information or request a change to the personal information we store about you, please contact us via email at [email protected] or by writing to us at Foundry Community Church, 65 Lugsdale Road, Widnes, WA8 6DA. Alternatively, you can telephone 0151 420 8837.

We will provide and update your personal information free of charge and within 30 days, this can be extended up to 2 months in more complex cases, however in such cases you will be notified of the extended response period. 

As a security measure, you may be asked to verify that you are the person who you are requesting personal information about, or that you have their permission to do so in cases where you are responsible for someone else.

How long do we keep your information?

We comply with our legal obligations for the retention and deletion of personal information. We shall not keep personal information for longer than is necessary by law for the purpose for which it was originally collected.

Your ‘Right to be Forgotten’

You have the right to request that we erase all personal information we store about you unless we are required by law to keep it. To request erasure of your personal information please contact us via email at [email protected] or by writing to us at Foundry Community Church, 65 Lugsdale Road, Widnes, WA8 6DA. Alternatively, you can telephone 0151 420 8837. This request will be actioned within 30 days. 

Security

We take the security and protection of any personal information that you entrust to us very seriously.

 We have security precautions in place to protect the loss, misuse or alteration of your information. When you provide us with personal information, we take steps to ensure that it’s treated securely and is used as explained to you at the point of collection.

Any information that we share with a third party at your request is transmitted normally over the Internet which can never be guaranteed to be 100% secure. While we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Website Links

Our website may contain links to other websites run by other organisations. This privacy policy only applies to our website. Please note we cannot be responsible for the privacy policies and practices of other sites.

In addition, if you visited our website via a link from a third party site, we cannot be responsible for the privacy policies and practices of that third party site. We encourage you check the privacy policy of that third party site.

18 or Under

If you are aged 18 or under‚ please get permission from a parent or guardian beforehand whenever you provide us with personal information.

Consent from a parent or guardian will be requested before any photographs or videos are taken of anyone 18 or under.

Consent

By giving us any personal information you are agreeing to our use of that information as outlined in this Privacy Policy.

CCTV Policy

Purpose:
To protect people, property and to detect and prevent crime at Foundry Community Church & Foundry Community Housing.

Scope:
This policy applies to all video devices and footage operated by Foundry Community Church & Foundry Community Housing at 65 Lugsdale Road including the Ring doorbell, Ring indoor camera, AI 360 and AI Pro cameras listed below.

Device list & locations:

  • Ring Doorbell — Staff Corridor door facing black box.
  • Ring Indoor Camera — Main Hall pillar facing money box.
  • AI 360 — Front porch facing car park.
  • AI Pro x6 — Facing car park entrances, walkways around FCH site and back gate to main road.

Audio: Disabled on all devices.

Lawful basis: Legitimate interests — to protect people and property and prevent/detect crime. The balancing test and DPIA are documented in the DPIA section.

Retention: Default retention is 30 days. Footage is deleted automatically after this period unless preserved for an investigation or legal requirement.

Access & roles: Access is restricted to the Lead Team and the Site Caretaker. All footage access must be logged (who accessed, reason, date/time). The Data Protection Officer is Sean Smith — route SARs and queries via [email protected].

Requests for footage/disclosure:

  • Police: disclose only on receipt of a written request or lawful basis; log the request and any disclosure.
  • Third parties: only disclose where there is a lawful basis (subject request, legal obligation, or with explicit consent) and record the disclosure.

Prohibitions & sensitive areas: Cameras must not cover private areas where people have a reasonable expectation of privacy (e.g., toilets, changing rooms). If any camera position changes in future, reassess and update the DPIA.

Security measures: Devices and accounts will use strong passwords and multi-factor authentication where available. Network segmentation (separate IoT VLAN) is recommended. Firmware will be kept up to date. End-to-end encryption enabled where available.

Staff monitoring: There has been no formal staff/union consultation to date. If monitoring of staff becomes a performance management or disciplinary tool, separate consultation is required and the DPIA must be updated.

Review: This policy and the DPIA will be reviewed at least annually or when changes occur (new cameras, retention changes, or different processing).

Access & Retention Procedure — Foundry Community Church & Foundry Community Housing

Purpose & scope
This procedure sets out how Foundry Community Church (FCC) and Foundry Community Housing (FCH) handle access to, retention of, preservation and secure deletion of CCTV and doorbell camera footage recorded by Ring and AI cameras on site.

1. Retention — default

  • Default retention for all footage: 30 days from the recording timestamp.
  • After 30 days footage is deleted automatically unless preserved under an authorised incident hold.

2. Preservation for incidents / legal hold

  • Footage may be preserved beyond 30 days for investigations, insurance or legal proceedings only.
  • Preservation must be approved in writing by a Lead Team member or the DPO (Sean Smith) and recorded in the Retention Extension Log.
  • Preservation record must include:
    • Camera name / Footage ID and timecodes.
    • Reason for preservation.
    • Approving person (name & role).
    • Preservation start date and end date (max end date).
  • All extensions must be reviewed before expiry and re-authorised if still necessary.

3. Who may access footage

  • Authorised roles: Lead Team members and the Site Caretaker only.
  • Approvers for preservation/disclosure: Lead Team member or Sean Smith (DPO).
  • Admin accounts: Held by named admin(s) only; emergency admin use is restricted and logged.

4. Access request & approval workflow

  1. Submit request: Email [email protected] or use internal form. Include requester name, organisation, contact, camera(s), date/time required and reason.
  2. Validate: DPO or nominated Lead Team approver verifies identity and lawfulness.
  3. Authorise: If lawful, approver records authorisation in the Access Log with timecodes and export method.
  4. Provide: Export the minimal clip required and deliver via secure means (encrypted email or secure file transfer).
  5. Record: Log all steps (request, validation, authorisation, export, delivery).

5. Access Log — required fields

  • Unique request ID
  • Date/time of request
  • Requester name & contact details
  • Requester organisation / relationship to subject
  • Camera(s) & footage timecodes requested
  • Purpose / reason for request
  • Approving person & date/time
  • Export reference (filename / hash)
  • Delivery method
  • Retention decision (if preserved beyond 30 days)

6. Exporting & sharing

  • Export only the smallest necessary clip.
  • Use secure export methods: encrypted container or secure file-transfer service.
  • Do not publish footage publicly or on social media.
  • For third-party disclosures ensure a lawful basis exists (consent, legal obligation, or legitimate interest) and record the legal basis in the Access Log.

7. Subject Access Requests (SARs)

  • Forward SARs immediately to the DPO: [email protected].
  • Verify requester identity before disclosure (ID check).
  • Locate and provide relevant footage or timecodes unless an exemption applies.
  • Comply with statutory timescales (respond without undue delay and within one month unless an extension is justified).
  • Log SAR steps and disclosures in the SAR Log.

8. Police & law-enforcement requests

  • Prefer written requests from officers (name, collar number, crime reference).
  • In emergencies where immediate access is needed: record officer details, provide access if necessary, and obtain subsequent written confirmation.
  • Log all police requests and disclosures in the Access Log.

9. Third-party requests (insurance, solicitors)

  • Require formal written request and verify lawful basis.
  • Where appropriate, obtain written consent from the data subject.
  • Log all disclosures and reasons.

10. Retention extension & disposal

  • Any extension beyond 30 days requires written authorisation and an entry in the Retention Extension Log with a fixed end date.
  • At preservation end, delete the footage and record deletion (date/time, who performed deletion) in the Deletion Log.
  • Quarterly: verify automatic deletion routines are functioning and that any footage retained >30 days is authorised.

11. Secure deletion & proof

  • Ensure deletion is complete (not only logical unlinking).
  • Maintain a Deletion Log recording footage ID, deletion date/time and deleting officer.

12. Storage, backups & encryption

  • Confirm Ring/cloud account settings for encryption and retention.
  • Any local or cloud backups must be encrypted and access controlled.
  • Do not retain copies outside approved storage without documented approval.

13. Breach management

  • Report any unauthorised access or disclosure immediately to the DPO.
  • Follow incident response: contain, assess impact, record actions, notify ICO and affected subjects where required under UK GDPR.

14. Audit & review

  • Monthly: review Access Log for anomalies.
  • Quarterly: review retention settings and preserved footage.
  • Annually: full audit of CCTV use, access controls and DPIA review.

15. Training & responsibilities

  • Staff with access complete data-protection training covering this procedure, SAR handling and secure export.
  • Lead Team: approve access requests, retention extensions and oversee audits.
  • Site Caretaker: operational access for routine checks and authorised evidence extraction.

16. Version control

  • Procedure owner: Sean Smith (DPO).
  • Next review date: 12 months from approval or earlier if system/policy changes occur.

This website uses cookies to ensure you get the best experience on our website. More Info