Last Updated: Saturday, 10 March 2018

Privacy & Data Protection


1. Your personal data

At St Leonard’s Church we store contact details and other information about people who are connected with the church. This helps us to communicate well with you about church activities with which you are involved and new events that are coming up. It also helps the staff team with their oversight of what is happening in the church and who is involved. We may also record attendance information, for instance in children’s groups, to help us manage these groups effectively and for child protection requirements. 

2. Storage of personal data

We use a computer system to keep all this data safe and to help us comply with data protection regulations. If you opt in to allowing your data to be shared with other church members on this system they will have access to read parts of your contact details at your discretion.

3. Use of personal data

The information that we keep usually consists of your name, adult/child, gender and family connections. If you have provided them to us then we will also keep your address, telephone, email addresses, mobile number, occupation, website, company, allergies and date of birth. 

If the church is involved in any pastoral care of you then information relating to this may be stored. We will also store information regarding membership of groups or committees within the church, such as being an attendee of a congregation or small group. We may also process and store information on any invitations we have sent to you for activities or events, your attendance at any activities or events, details of any church-related subscriptions and all information we may have requested for the purposes of DBS checks. It will also be necessary to store information about ministries you are involved with and the dates and times of any duties associated with those

We may “profile” the information we collect about you and use automatic processing particularly for the purposes of choosing how relevant a church activity is to you based on group membership, age, gender or address. 

If you are involved with a ministry at the church we may email or text you about this ministry, for instance with rota updates or information about what’s coming up. If you opt in to receiving emails about new ministries, events or products then we can keep you advised of those things that may interest you.

4. Processing your data

The General Data Protection Regulations provide several acceptable reasons for processing your information. If you are a regular attendee at the church or a recent new contact then we use the “Legitimate Interest” reason because keeping your contact details is important to running the church. If you are not a regular attendee then we use the “Consent” reason which requires us to obtain your opt-in consent allowing us to process your data. 

5. How long we keep your data

If you are a previous church attendee who has now left the church, we may keep your name on record, for historical or statistical purposes for a limited period of 3 years. We may keep more details and for longer periods if you have been involved in ministries that have legal record-keeping obligations such as child protection, employment or accident reporting. We retain electoral roll data while it is still current, gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate, and parish registers (baptisms, marriages, funerals) permanently. Details of retention policies for many different scenarios are published by the Church of England and could be more than 50 years.

6. Your rights and your personal data

You have various rights under the General Data Protection Regulations:

  • The right to request a copy of your personal data which we hold about you; however, if your request is manifestly unfounded or excessive then we can charge a reasonable fee for responding or we can refuse to respond.
  • The right to request that we correct any personal data if it is found to be inaccurate or out of date.
  • The right to request that your personal data is erased where it is no longer necessary for us to retain that data (i.e. where there is no legal requirement on us to retain it, and where it is not required for running the church).
  • The right to withdraw your consent to processing at any time, where the processing is of a kind which requires consent.
  • The right to request that we transmit your data directly to another church or organisation, where possible.
  • The right to request a restriction on further processing of your data, for example if you have lodged a formal complaint and are awaiting the outcome.
  • The right to lodge a complaint with the Information Commissioner’s Office (ICO) if you think we have been mishandling your data.

The full detail of your rights can be found on the ICO’s website at

 7. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use, and we will seek your prior consent to the new processing wherever necessary. 

8. Contact details

Requests regarding data protection should be sent to the Church Office, St Leonard’s Church, Topsham Road, Exeter, EX2 4NG or via email to or by telephoning the church office on 01392 286990.

You can contact the Information Commissioner’s Office on 0303 123 1113 or via email at or by post at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

The PCC of St Leonard’s Church, Exeter is a registered charity, number 1128060.

Download a PDF version of this information