Privacy Notice & Cookie Policy

We are committed to protecting your privacy and your personal data. We take our legal obligations seriously and this Notice informs you how we look after your personal data, tells you about your privacy rights and how the law protects you. Grace Church Shrewsbury is the data controller, which means that we decide how your personal data is processed and for what purposes.

We will keep this privacy notice under regular review to ensure it represents an accurate reflection of the way we use your personal information.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.  Our website address is:

Our contact details

Name:  Grace Church Shrewsbury CIO (Charity Number: 1194775)

Registered Address:  3, Sharpstones Lane, Bayston Hill, Shrewsbury, SY3 0AN

Phone Number:  07712 628336


The type of personal information we collect

We currently collect and process the following information:

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you as follows:

Identity Data including first name, maiden name, last name, username, nickname (or similar identifier), marital status, title, date of birth, gender, photograph, video footage and any other biographical information you may provide us.

Contact Data including home address, email address and telephone numbers.

Financial Data including bank account and payment card details.

Marketing and Communications Data including your preferences in receiving marketing from us and your communication preferences.

Technical Data including your internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

We collect data about services and events you attend and this may include reference to your gender, marital status and age, which is sensitive personal data.

How we get your personal information and why we collect it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You may give us your Identity Data, Contact Data and Financial Data by filling in forms or by corresponding with us by post, telephone, email, WhatsApp or otherwise. This includes personal data you provide when you:
  1. are involved in the life of the church through one of our services, groups or activities;
  2. are photographed or filmed during our services or events;
  3. volunteer with us;
  4. undertake a DBS check before volunteering with us;
  5. request assistance from us;
  6. donate online, by text message or by completing a gifting envelope;
  7. register with us for an event or course;
  8. subscribe to our services or publications;
  9. request marketing to be sent to you;
  10. respond to a survey; or
  11. give us some feedback.


  • If you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookie policy below for further details.

Third parties or publicly available sources. We may receive personal data about you from third parties and public sources as set out below:

  • Technical Data from analytics providers, such as Google based outside the EU, and
  • Identity and Contact Data from publicly availably sources such as Companies House within the United Kingdom.

If you ask us to delete or withdraw your details

If you request that your personal data be withdrawn from us, we will be unable to let you know what is happening in the life of the church, to process donations and connect you with any volunteering groups with which you have served or wish to serve.

How we use your personal data

We hold records of the people in our congregation, volunteers, guests and service users and use this information to coordinate church activities and to keep you informed of things happening in the life of the church.

We also collect and use information about our suppliers and contractors, in order to manage and administer the church and to carry out our charitable purposes. We will only use your personal data when the law allows us to. Most commonly, we will use your personal data where:

  • we need to perform the contract we are about to enter into or have entered into with you
  • it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.

We plan to use your personal data so that we can:

  • Manage, administer and promote the life of the church
  • Administer financial transactions and donations
  • Administer our courses or events
  • Manage our websites and social media accounts
  • Manage our volunteers and HR function
  • Prevent and detect crime
  • Where we need to comply with a legal or regulatory obligation

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.

Disclosure of your personal data

We may have to share your personal data with the parties set out below for the purposes above.

  • Service providers acting as processors based in the UK who provide website, social media, media and IT and system administration services.
  • Professional advisers including payroll providers, lawyers, bankers, auditors, pension advisors and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance and accounting services.
  • HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Sharing your data

Except for the circumstances outlined above, we will not share your data with any third party. Your personal data will be treated as strictly confidential.

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

  • your consent, which you are able to withdraw at any time by contacting us using the contact details provided;
  • we have a contractual obligation;
  • we have a legal obligation;
  • we have a legitimate interest.


Our legitimate interest as a church and charity is in conducting and managing its charitable activities to enable us to give you the best church community, events, products and services and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).


How we store your personal information

Your information is securely stored electronically using Liberty Accounts, an accounting and payroll software for charities and churches.

Your data protection rights

You are under no statutory or contractual requirement or obligation to provide us with your personal data.

We keep your personal data for no longer than reasonably necessary.  In most cases, we will keep your personal data for the period of time that you are part of the church community so that we can keep you connected to what is going on in the life of the church. We would only retain your data beyond this time if there is an ongoing complaint, legal claim or safeguarding investigation.

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us using the contact details above if you wish to make a request.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to Grace Church Shrewsbury CIO Address:

Phone Number: 07712 628336


You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane





Helpline number: 0303 123 1113

ICO website:

Use of Cookies

This website uses cookies to better the users experience while visiting the website.

Cookies are small files saved to the user’s computers hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.

This website uses tracking software to monitor its visitors to better understand how they use it. This software is provided by Google Analytics which uses cookies to track visitor usage. The software will save a cookie to your computers hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information. You can read Google’s privacy policy here for further information [].

Other cookies may be stored to your computers hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.